agones.dev/agones@v1.53.0/install/yaml/install.yaml (about) 1 --- 2 # Source: agones/templates/priority-class.yaml 3 apiVersion: scheduling.k8s.io/v1 4 kind: PriorityClass 5 metadata: 6 name: agones-system 7 value: 1000000 8 globalDefault: false 9 description: "This priority class should be used for Agones service pods only." 10 --- 11 # Source: agones/templates/controller.yaml 12 apiVersion: policy/v1 13 kind: PodDisruptionBudget 14 metadata: 15 name: agones-controller-pdb 16 spec: 17 minAvailable: 1 18 maxUnavailable: 19 selector: 20 matchLabels: 21 agones.dev/role: controller 22 app: agones 23 release: agones-manual 24 heritage: Helm 25 --- 26 # Source: agones/templates/extensions-deployment.yaml 27 apiVersion: policy/v1 28 kind: PodDisruptionBudget 29 metadata: 30 name: agones-extensions-pdb 31 spec: 32 minAvailable: 1 33 maxUnavailable: 34 selector: 35 matchLabels: 36 agones.dev/role: extensions 37 app: agones 38 release: agones-manual 39 heritage: Helm 40 --- 41 # Source: agones/templates/pdb.yaml 42 apiVersion: policy/v1 43 kind: PodDisruptionBudget 44 metadata: 45 name: agones-gameserver-safe-to-evict-false 46 namespace: default 47 spec: 48 maxUnavailable: 0% 49 selector: 50 matchLabels: 51 agones.dev/safe-to-evict: "false" 52 --- 53 # Source: agones/templates/service/allocation.yaml 54 # Create a ServiceAccount that will be bound to the above role 55 apiVersion: v1 56 kind: ServiceAccount 57 metadata: 58 name: agones-allocator 59 namespace: agones-system 60 labels: 61 app: agones 62 chart: agones-1.53.0 63 release: agones-manual 64 heritage: Helm 65 --- 66 # Source: agones/templates/serviceaccounts/controller.yaml 67 # Copyright 2018 Google LLC All Rights Reserved. 68 # 69 # Licensed under the Apache License, Version 2.0 (the "License"); 70 # you may not use this file except in compliance with the License. 71 # You may obtain a copy of the License at 72 # 73 # http://www.apache.org/licenses/LICENSE-2.0 74 # 75 # Unless required by applicable law or agreed to in writing, software 76 # distributed under the License is distributed on an "AS IS" BASIS, 77 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 78 # See the License for the specific language governing permissions and 79 # limitations under the License. 80 apiVersion: v1 81 kind: ServiceAccount 82 metadata: 83 name: agones-controller 84 namespace: agones-system 85 labels: 86 app: agones 87 chart: agones-1.53.0 88 release: agones-manual 89 heritage: Helm 90 --- 91 # Source: agones/templates/serviceaccounts/sdk.yaml 92 # Copyright 2018 Google LLC All Rights Reserved. 93 # 94 # Licensed under the Apache License, Version 2.0 (the "License"); 95 # you may not use this file except in compliance with the License. 96 # You may obtain a copy of the License at 97 # 98 # http://www.apache.org/licenses/LICENSE-2.0 99 # 100 # Unless required by applicable law or agreed to in writing, software 101 # distributed under the License is distributed on an "AS IS" BASIS, 102 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 103 # See the License for the specific language governing permissions and 104 # limitations under the License. 105 apiVersion: v1 106 kind: ServiceAccount 107 metadata: 108 name: agones-sdk 109 namespace: default 110 labels: 111 app: agones 112 chart: agones-1.53.0 113 release: agones-manual 114 heritage: Helm 115 --- 116 # Source: agones/templates/extensions.yaml 117 apiVersion: v1 118 kind: Secret 119 metadata: 120 name: agones-manual-cert 121 namespace: agones-system 122 labels: 123 app: agones 124 chart: "agones-1.53.0" 125 release: "agones-manual" 126 heritage: "Helm" 127 type: Opaque 128 data: 129 server.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVRm5DOUsxT1kzRnFNaWhqN3RWbXh5R3hwUVdzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dhb3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1ROHdEUVlEVlFRSwpEQVpCWjI5dVpYTXhEekFOQmdOVkJBc01Ca0ZuYjI1bGN6RTBNRElHQTFVRUF3d3JZV2R2Ym1WekxXTnZiblJ5CmIyeHNaWEl0YzJWeWRtbGpaUzVoWjI5dVpYTXRjM2x6ZEdWdExuTjJZekV1TUN3R0NTcUdTSWIzRFFFSkFSWWYKWVdkdmJtVnpMV1JwYzJOMWMzTkFaMjl2WjJ4bFozSnZkWEJ6TG1OdmJUQWVGdzB5TVRBMk16QXhPVFUyTWpGYQpGdzB6TVRBMk1qZ3hPVFUyTWpGYU1JR3FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1UyOXRaUzFUCmRHRjBaVEVQTUEwR0ExVUVDZ3dHUVdkdmJtVnpNUTh3RFFZRFZRUUxEQVpCWjI5dVpYTXhOREF5QmdOVkJBTU0KSzJGbmIyNWxjeTFqYjI1MGNtOXNiR1Z5TFhObGNuWnBZMlV1WVdkdmJtVnpMWE41YzNSbGJTNXpkbU14TGpBcwpCZ2txaGtpRzl3MEJDUUVXSDJGbmIyNWxjeTFrYVhOamRYTnpRR2R2YjJkc1pXZHliM1Z3Y3k1amIyMHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dka0xPS0NINThLSkJpdEJqeVlyTDArRTkKdEl0TFhGVGdxQU9TMGdBQitSVXNZMGhicmVWRHd0SExKYXBnMG55Ni9UYTcvMEc1Wm9kaGR4RlFtS2JWMUxmWQpmZGR0Qm4vOGd4Wi9JQ2dRblU3N3RqY1pLV3JxaW4vZ3h3ZUJua3hjWEtrT3Z1MldoRHdZZVFLN3ZHNEljOGhzClZHb1hTZWo4US94d2M4a0FCRG04YVRSU1RUYmsyWi9kem9mUmswU2xrc1BrVWV5b0NwRGVGbERqY0tTcDAzWnUKV2dBUTNpVy83c1AxVFV5WEtnblZ5M2ZpWm1RQUZreEtOQkxVV0gvVEJJeWtMdUVCMmRYYUd0L0VpZzQ4SWpVOQpMYUxyM3JWSW1Dcmt6dlB5V3VEZTd6MmVKdDE3WEhoTFVHcnE4YTFUSFp3d1NSWUZRc29tQ09ORVNBSTdBZ01CCkFBR2pnWXd3Z1lrd0hRWURWUjBPQkJZRUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQjhHQTFVZEl3UVkKTUJhQUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUgpCQzh3TFlJcllXZHZibVZ6TFdOdmJuUnliMnhzWlhJdGMyVnlkbWxqWlM1aFoyOXVaWE10YzNsemRHVnRMbk4yCll6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWQTUxU3dNcEhZY20zUnRuc2I5MkgwUTZYT1ZndEJzSWRaY1QKbFBuSmFBSGdybEt2SnhiMU0rdTdQYllDZkZOTWlUTStyWGZ5cWtJRXY3VU1aN0dWeS9CYm9zTk1sb2M0UHJjaAo3RnVlai9zVnArcW1GT1c0VzlPVTFwcytqWm5vcHJ4Z3R1OVgzbmpBZjZiWWVqQWMzaVo0Q0xpem8vMDd2Qk94CnA5L3J4R0FjSVVjQW04Y3hXa01kaEduNnZOYkNFcXJoVTRJdnZSYlMwVnlrckhPY3RGM25raC9GbnRHQU80RDEKUEgrUThSQXBNK2xBeGtXcFIvNXlHTXdLM05WcS9kc2JaclQ5RHhId0hUU2tqL3JXZVRrWmxIN042MHpZL3JqbwpNUjBJNEtOWHl3WElTcGdNbE93dkxPdGY2aUNYeHJDNyt1RjdyQmxCei9tSUNxYnR0dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 130 server.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBb0haQ3ppZ2grZkNpUVlyUVk4bUt5OVBoUGJTTFMxeFU0S2dEa3RJQUFma1ZMR05JClc2M2xROExSeXlXcVlOSjh1djAydS85QnVXYUhZWGNSVUppbTFkUzMySDNYYlFaLy9JTVdmeUFvRUoxTys3WTMKR1NscTZvcC80TWNIZ1o1TVhGeXBEcjd0bG9ROEdIa0N1N3h1Q0hQSWJGUnFGMG5vL0VQOGNIUEpBQVE1dkdrMApVazAyNU5tZjNjNkgwWk5FcFpMRDVGSHNxQXFRM2haUTQzQ2txZE4yYmxvQUVONGx2KzdEOVUxTWx5b0oxY3QzCjRtWmtBQlpNU2pRUzFGaC8wd1NNcEM3aEFkblYyaHJmeElvT1BDSTFQUzJpNjk2MVNKZ3E1TTd6OGxyZzN1ODkKbmliZGUxeDRTMUJxNnZHdFV4MmNNRWtXQlVMS0pnampSRWdDT3dJREFRQUJBb0lCQUdNYXg0WUdtWDJDVnVSKwpOTmo4MklHdFdsYy9GQzAyV0tIc2cxQ0I3VWxLcXY0Z1Q4ZDM3cnJjTDdEMWtYWjlhbFlmSUZnYWZtQmc1OHFWCnZKYjN3VXNlTjNJNXZ2enlYOGY0dXNOSGZCZE80VUpydHpvT0w1K3ViTzdLWG1ONi9wU3BFaTB1VlJWNmxKZFUKM2hCUGYvSXVlS0lYdlBLblRvUElCYmo2ZWpGTWNIQ1BibTJ6WmtTcXBrdmE5UXFkc002am5WQW5ibGJqcHdwegpzRlBBZ1ZaTHRvcWJNd2dQVGlQZ1B6UExidmlmc2E3ZHpScVlsY0wvaTZPdjhEMlRHa0h4YktEb0R4SzNWZnh1CllCajZLaUk4MkdyNkZXcTVvQmlsT3d6Mmhoa2RUemZneWZZeEhMcTNIMEE1UHBHNFVCVnA0cGkzeUgxaVg3U1EKVkc5OE40RUNnWUVBek9GdXRWRFlyL21HRlRQNU5kK0MrbHpzRjhDakQyU2FCM3ZWMXRIaTdVYnR0UkZnU1FJUgpsUndRTnNISDhnTFZoMlVLMnJpVW1YTmhEd2lwRWhOc1h1RHFjbURmZUZ4ck8rTDJncGJUNkdjR2U4Wk9OT2doCmFHYnQ2anN5SjF3eXBLNTdFNU1QeWx0U3NQNmRabU1iQzBuYk02QzRCNFIraUlFVGpseTE5Y0VDZ1lFQXlIK2cKaVEzNm03b0llQmo2MXBHQWJCc0YyNDVrbXJPWDZmYzkzMXc0L2VHZmJWSDFyUXRiTzgwU1Q3bmdVbDBKVThzSgovZXVyZVlKVmJqYVBVclhvdThQS0FTYjZZWm9nbndvSUFlNSs1VU1rdWYyTGtkVDRDMHpidUJOaGtiQWl6bmdpCjhldEx4eVlwVE9rVmd2MmxxQnBwYi9hTUgwWlVFR3VwNnRsUGp2c0NnWUFuaGpuWVNyOXl1MTF0aTdoQTkxeUsKTmhEcHlDVHMzRWlHdHhJYXZpVGNCM25tRzNNS3dwWm53S0UwSHhBV2xRdGljbEMwdnpVVG9WbVJEK2VsOEE5UgpBbXpZSWU0YWh5Rzh6TjBuZGpkdE55cmVCL1NnYWtPL28xTzBnelQ2dU9PZ04zVFE0dWNCNzdvMUlQbDJmaG9DCmhINEFLTG8zNFF5VUF1cWw1U2JKUVFLQmdRQ0liN2tacXNhUDlCOVJRb1puUHVvcUpwVnMyOUFBS2hoRllUYmMKYVJCclMzN0cwSkFpNm1oeUlGSEdxUkZLV3Y4KzR4cndqTS9LUnZQRnBTRVF3ck1XR3R5NnZnQ0NMSFRvWk5ZZwpJbUI5dUp3a2FMSHlVZjlkQ1RjM1l4RHhKKy8zbW04Rk92MzlEaTNxcFc0N0Rrb05RN1BlT2VNT1lUaFJXRUp2Cml1T0Z3d0tCZ0Q3SlpIY1RaTlNreHN5THlXTTN2cTBSZ3Y5RFJHODA2Uk91ZTRSMTJqUXlKYVdleUxWK0svK08KNmJKcTJiZkl0YVBxWnpWTHJhZlJqdGViSVNLZzRidmhCR2NKTnUvOUZrWThtbVFnMVhqOUJMWVBEdm4zUXU4bwp3dDhKT2tJSmpyWnN1cXlLeitMR3F6Y2xGUGlKVm1UcmRtd1FrSGhuYmNZQkl2RXV6dXJ2Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== 131 --- 132 # Source: agones/templates/service/allocation.yaml 133 # Allocation CA 134 apiVersion: v1 135 kind: Secret 136 metadata: 137 name: allocator-client-ca 138 namespace: agones-system 139 labels: 140 app: agones 141 chart: "agones-1.53.0" 142 release: "agones-manual" 143 heritage: "Helm" 144 data: 145 ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0akNDQWNxZ0F3SUJBZ0lSQU9lTWcwK1JKaFBJbks5ekFpMnpoUjR3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQXhNTllXeHNiMk5oZEdsdmJpMWpZVEFlRncweE9UQTJNVGt4T0RRek5UVmFGdzB5T1RBMgpNVFl4T0RRek5UVmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRDZMSm5DCmk5RmZnc0Z4MVQremNScm5FNEZRNUNQVUVQOEdrUHNxSE1ic21EelArMEIrVWtFK3k1cGpWbGcrdThxbHNkQ24KenRRVlU1OC9sejJTUDdBZnNIMTNISUpzaTZ4azc3M1hSRVE0NlhxSnBvblg3NjRSajJ5Zjd4T25KMDRidGxUSgp0M3E4U0IvUFk3c2tXdHlRTjJQRDN4QVN0REVXbnUvdzNHMUxNNzYyWGJ3a1o3VlJUY1hFdEpUaTY3dWlwdy96CmhVaU9NcFplT1YxV09neit4cjJQZTZmK0NObTNYUzNVblhjUzhKYmlxajhXQmM4bzdaS2VyRnJlNGFMRElldFkKK3g5M1lYWDZYNjNCZDNvZ3JlR3BmeFdRU3hBYTBHUEtLa1dvaHNESWZRREYwZ0pKcjZSc0prOVVOWEZyaHJqMApUSTRzTGRMbCthdlJMSjFQQWdNQkFBR2pQekE5TUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVCkJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFKZ1ErVzZlYTdKZjhldmp0cWNmRC9EZUVMYzRLcFFwdk9NR0ZGVDkzQTM4bWFzeFNxVXluOGk4RgppaEplNDZFZnFkREQvcWRWSDh4TkJId2NIcjgyVDVLcFkzTWc1amJPWG1iMEoxZEdSTFRHSmdGd0ZpUXdsM3J3CmZ4dWhlYnZvaTJkcVhQbGc3L2ZZZmVqN2RkbTAxMTdhRCtwUExCN0NNUGVLdk5QSHF2N0VBRlowOU8rRjM3cjkKNTBPZEMrSk1VK0FNczRVMzVVeEZGZjRVRHVIbWM4U0l0bTJra1U3Vk1TcDFaV1VuRVZFUExaU09SZ3dZdWFNcQo3WTgzOVpXVmtyRGZMUEJrS09Ec1BVMDI3NGdmbXBpTmNyVElYREhPY2hhcFByWG53eDhxLzcrZERYYlhoUk84ClFDK2lZWVY0MVlTSGt1djNiYUtrYXlYamV0czc3Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 146 --- 147 # Source: agones/templates/service/allocation.yaml 148 # Allocation TLS certs 149 apiVersion: v1 150 kind: Secret 151 type: kubernetes.io/tls 152 metadata: 153 name: allocator-tls 154 namespace: agones-system 155 labels: 156 app: agones 157 chart: "agones-1.53.0" 158 release: "agones-manual" 159 heritage: "Helm" 160 data: 161 tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0akNDQWNxZ0F3SUJBZ0lSQU9lTWcwK1JKaFBJbks5ekFpMnpoUjR3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQXhNTllXeHNiMk5oZEdsdmJpMWpZVEFlRncweE9UQTJNVGt4T0RRek5UVmFGdzB5T1RBMgpNVFl4T0RRek5UVmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRDZMSm5DCmk5RmZnc0Z4MVQremNScm5FNEZRNUNQVUVQOEdrUHNxSE1ic21EelArMEIrVWtFK3k1cGpWbGcrdThxbHNkQ24KenRRVlU1OC9sejJTUDdBZnNIMTNISUpzaTZ4azc3M1hSRVE0NlhxSnBvblg3NjRSajJ5Zjd4T25KMDRidGxUSgp0M3E4U0IvUFk3c2tXdHlRTjJQRDN4QVN0REVXbnUvdzNHMUxNNzYyWGJ3a1o3VlJUY1hFdEpUaTY3dWlwdy96CmhVaU9NcFplT1YxV09neit4cjJQZTZmK0NObTNYUzNVblhjUzhKYmlxajhXQmM4bzdaS2VyRnJlNGFMRElldFkKK3g5M1lYWDZYNjNCZDNvZ3JlR3BmeFdRU3hBYTBHUEtLa1dvaHNESWZRREYwZ0pKcjZSc0prOVVOWEZyaHJqMApUSTRzTGRMbCthdlJMSjFQQWdNQkFBR2pQekE5TUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVCkJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFKZ1ErVzZlYTdKZjhldmp0cWNmRC9EZUVMYzRLcFFwdk9NR0ZGVDkzQTM4bWFzeFNxVXluOGk4RgppaEplNDZFZnFkREQvcWRWSDh4TkJId2NIcjgyVDVLcFkzTWc1amJPWG1iMEoxZEdSTFRHSmdGd0ZpUXdsM3J3CmZ4dWhlYnZvaTJkcVhQbGc3L2ZZZmVqN2RkbTAxMTdhRCtwUExCN0NNUGVLdk5QSHF2N0VBRlowOU8rRjM3cjkKNTBPZEMrSk1VK0FNczRVMzVVeEZGZjRVRHVIbWM4U0l0bTJra1U3Vk1TcDFaV1VuRVZFUExaU09SZ3dZdWFNcQo3WTgzOVpXVmtyRGZMUEJrS09Ec1BVMDI3NGdmbXBpTmNyVElYREhPY2hhcFByWG53eDhxLzcrZERYYlhoUk84ClFDK2lZWVY0MVlTSGt1djNiYUtrYXlYamV0czc3Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 162 tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBK2l5WndvdlJYNExCY2RVL3MzRWE1eE9CVU9RajFCRC9CcEQ3S2h6RzdKZzh6L3RBCmZsSkJQc3VhWTFaWVBydktwYkhRcDg3VUZWT2ZQNWM5a2ord0g3QjlkeHlDYkl1c1pPKzkxMFJFT09sNmlhYUoKMSsrdUVZOXNuKzhUcHlkT0c3WlV5YmQ2dkVnZnoyTzdKRnJja0Rkanc5OFFFclF4RnA3djhOeHRTek8rdGwyOApKR2UxVVUzRnhMU1U0dXU3b3FjUDg0VklqaktXWGpsZFZqb00vc2E5ajN1bi9nalp0MTB0MUoxM0V2Q1c0cW8vCkZnWFBLTzJTbnF4YTN1R2l3eUhyV1BzZmQyRjErbCt0d1hkNklLM2hxWDhWa0VzUUd0Qmp5aXBGcUliQXlIMEEKeGRJQ1NhK2tiQ1pQVkRWeGE0YTQ5RXlPTEMzUzVmbXIwU3lkVHdJREFRQUJBb0lCQVFDK1JQV2NsU0prZGRvUwpiWkhKTkJpMTdvdkhyZnZoNmh0TUx6QVhVMU9uMWhGS1RWazd1ZXVOaXVTYzhLcWs2OGF3UnBEZlQ5clZiWWdNCm9VWmUyTGxuSUtBTDIwOEdweVF5a0hQZUtUbUozMmtuRDlaK3VQZTJ1MUp1UVRLOVNwT0pXQjhjVzhPcE4yR2EKSmN2TFZwK3h2NjdNNWZZZmc1UmlFL2VCUk9TSzhBc0ZFMUlTNmpSRzRVaC84U1dSUUdEYzlReU1Lc3lNbFNVZwphajB4ZWtsWUZDWXl0WUtCMnBaSGw0N1lUK1kzalR6cXN1ekhxK1hIM1hkT043bDk3eHZYZWJPTEJZRWorMGI1Cml4NEJ1bEJIQS9WRk93eXU2LzRKalptRHB1dVRpNnpNbVMyYXV0OW1EY3VoOUZjem1qQ0ZMcnAyWmJiMC9acDQKRkttZXRJR0JBb0dCQVAwSzk4V3kyN2xyVklrQ2JVTnpoNkdzeUhGSXZZYXY0cTJsSzJZVGdKRld2a0tGemFKagpmYWRZMHRmUHV6V3dPUU9nWkl3aW94TElOVFNSa0llbCtrQnFVMkNIblZOc3F4M05nSWk0S0g3K1ltS2ZFMFJtCkRaamV0YTlpTW52a0IyQXVSRUhDSEplVThYd2JNR2JnaXJNSmhlZmIwREJlY2xmZmwrbk8wSlFSQW9HQkFQMFoKRFBoU2RsQnBRMDFQcDVSNmpwaW1KaEIrNXNaejhsZXNiRlpSMDc2VHI5STJXQm1vY2t2dmZYWi8vWkRxSllaYgpoWkxEN09NdjFELy9MMDFvK1ZTaGRwNVovL05samw3NG5nV3VoY01GYmVLMjdhVmEyQTRmak1VMGE2a3NCZXM3CmkxZTRIOTJLOHpHVk9vOTV3dXhub3RtVEY1SHpncE9CUFhLY0NmdGZBb0dCQUlId3ZlZWh2ejlxSkZEdkZCak4KSE5zakZSTkhYVHZxMmlaOWFOblVMZk4wYmVOUFBwZWpLNFZpRVhPTlV2OXc3UFkxeVN4RkpTU2g5dUIxMTVndwozVjl5dWpvWnFlcUxKUnY2eVlScnZTL3BoYkJMSytPMTNFbWlJLzVhR0w2U0RFK1JzcTlwOUxES1pXOXJydUZGCmNUUWJNYzRzaks0cDhlRzZDaEtnaDI5aEFvR0JBTkdUK01WM296a2FzUHhIeFVDUjY1cERtcWwySzZxUlFFK1IKRzNTdTlXT043NzFsK3JYa1lpQzNBM0Vvc3ROWTBCSGRuMUhVbzBmTXh6am5Ha2hEY0pLLzBQVjNHUlozTmRrMgpqY091ckZ5OUZpenh4UDl6cGd5cjIybEE2eFYrdXJmNjZudU1uL1pYcE9HZDdJdjZDNHF1bG84TDJpeWxNNjdwCkNmVHBlT3FKQW9HQUF4cit6Qm1wSkNMbjJZcXJQRVRSUTE2K2Vna1ovMElIQWh4KzhTVlZnN2hjc2Z0MmJLSEoKWUJ2bVBlRnNaNjFTdmRHbXRtT2pqMkUremtFekZvQzhHWXpOU0hsbjFLYTh3UnNlVmI1UlJkWiswSnB5ZUFCWQpOVVlISDVjcWgxamdnQlg4eXExSmdPcDN1REZLQVFJelpCWnZXZ01YRFUwY2thS1pHQkxsQUYwPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= 163 --- 164 # Source: agones/templates/service/allocation.yaml 165 # Allocation TLS CA 166 apiVersion: v1 167 kind: Secret 168 metadata: 169 name: allocator-tls-ca 170 namespace: agones-system 171 labels: 172 app: agones 173 chart: "agones-1.53.0" 174 release: "agones-manual" 175 heritage: "Helm" 176 data: 177 tls-ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0akNDQWNxZ0F3SUJBZ0lSQU9lTWcwK1JKaFBJbks5ekFpMnpoUjR3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQXhNTllXeHNiMk5oZEdsdmJpMWpZVEFlRncweE9UQTJNVGt4T0RRek5UVmFGdzB5T1RBMgpNVFl4T0RRek5UVmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRDZMSm5DCmk5RmZnc0Z4MVQremNScm5FNEZRNUNQVUVQOEdrUHNxSE1ic21EelArMEIrVWtFK3k1cGpWbGcrdThxbHNkQ24KenRRVlU1OC9sejJTUDdBZnNIMTNISUpzaTZ4azc3M1hSRVE0NlhxSnBvblg3NjRSajJ5Zjd4T25KMDRidGxUSgp0M3E4U0IvUFk3c2tXdHlRTjJQRDN4QVN0REVXbnUvdzNHMUxNNzYyWGJ3a1o3VlJUY1hFdEpUaTY3dWlwdy96CmhVaU9NcFplT1YxV09neit4cjJQZTZmK0NObTNYUzNVblhjUzhKYmlxajhXQmM4bzdaS2VyRnJlNGFMRElldFkKK3g5M1lYWDZYNjNCZDNvZ3JlR3BmeFdRU3hBYTBHUEtLa1dvaHNESWZRREYwZ0pKcjZSc0prOVVOWEZyaHJqMApUSTRzTGRMbCthdlJMSjFQQWdNQkFBR2pQekE5TUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVCkJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFKZ1ErVzZlYTdKZjhldmp0cWNmRC9EZUVMYzRLcFFwdk9NR0ZGVDkzQTM4bWFzeFNxVXluOGk4RgppaEplNDZFZnFkREQvcWRWSDh4TkJId2NIcjgyVDVLcFkzTWc1amJPWG1iMEoxZEdSTFRHSmdGd0ZpUXdsM3J3CmZ4dWhlYnZvaTJkcVhQbGc3L2ZZZmVqN2RkbTAxMTdhRCtwUExCN0NNUGVLdk5QSHF2N0VBRlowOU8rRjM3cjkKNTBPZEMrSk1VK0FNczRVMzVVeEZGZjRVRHVIbWM4U0l0bTJra1U3Vk1TcDFaV1VuRVZFUExaU09SZ3dZdWFNcQo3WTgzOVpXVmtyRGZMUEJrS09Ec1BVMDI3NGdmbXBpTmNyVElYREhPY2hhcFByWG53eDhxLzcrZERYYlhoUk84ClFDK2lZWVY0MVlTSGt1djNiYUtrYXlYamV0czc3Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 178 179 # Default allocation client secret 180 --- 181 # Source: agones/templates/crds/fleet.yaml 182 # Copyright 2018 Google LLC All Rights Reserved. 183 # 184 # Licensed under the Apache License, Version 2.0 (the "License"); 185 # you may not use this file except in compliance with the License. 186 # You may obtain a copy of the License at 187 # 188 # http://www.apache.org/licenses/LICENSE-2.0 189 # 190 # Unless required by applicable law or agreed to in writing, software 191 # distributed under the License is distributed on an "AS IS" BASIS, 192 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 193 # See the License for the specific language governing permissions and 194 # limitations under the License. 195 196 apiVersion: apiextensions.k8s.io/v1 197 kind: CustomResourceDefinition 198 metadata: 199 name: fleets.agones.dev 200 labels: 201 component: crd 202 app: agones 203 chart: agones-1.53.0 204 release: agones-manual 205 heritage: Helm 206 spec: 207 group: agones.dev 208 names: 209 kind: Fleet 210 plural: fleets 211 shortNames: 212 - flt 213 singular: fleet 214 scope: Namespaced 215 versions: 216 - name: v1 217 served: true 218 storage: true 219 additionalPrinterColumns: 220 - jsonPath: .spec.scheduling 221 name: Scheduling 222 type: string 223 - jsonPath: .spec.replicas 224 name: Desired 225 type: integer 226 - jsonPath: .status.replicas 227 name: Current 228 type: integer 229 - jsonPath: .status.allocatedReplicas 230 name: Allocated 231 type: integer 232 - jsonPath: .status.readyReplicas 233 name: Ready 234 type: integer 235 - jsonPath: .metadata.creationTimestamp 236 name: Age 237 type: date 238 schema: 239 openAPIV3Schema: 240 description: 'Fleet is the data structure for a Fleet resource' 241 type: object 242 properties: 243 spec: 244 description: 'FleetSpec is the spec for a Fleet. More info: 245 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.Fleet' 246 type: object 247 required: 248 - template 249 properties: 250 replicas: 251 type: integer 252 minimum: 0 253 allocationOverflow: 254 type: object 255 nullable: true 256 properties: 257 labels: 258 type: object 259 additionalProperties: 260 type: string 261 annotations: 262 type: object 263 additionalProperties: 264 type: string 265 scheduling: 266 type: string 267 enum: 268 - Packed 269 - Distributed 270 strategy: 271 type: object 272 properties: 273 type: 274 type: string 275 enum: 276 - Recreate 277 - RollingUpdate 278 rollingUpdate: 279 type: object 280 nullable: true 281 properties: 282 maxSurge: 283 x-kubernetes-int-or-string: true 284 anyOf: 285 - type: integer 286 - type: string 287 maxUnavailable: 288 x-kubernetes-int-or-string: true 289 anyOf: 290 - type: integer 291 - type: string 292 priorities: 293 type: array 294 description: Configuration of Counters and Lists scale down logic -- which gameservers in the Fleet are most important to keep around. 295 nullable: true 296 items: 297 type: object 298 properties: 299 type: 300 type: string 301 description: Whether a Counter or a List. 302 enum: 303 - Counter 304 - List 305 key: 306 type: string 307 description: The name of the Counter or List. If not found on the GameServer, those GameServer with the key will have priority over those that do not. 308 order: 309 type: string 310 description: Ascending or Descending sort order. Default is "Ascending" so remove smaller available capacity first. "Descending" would remove larger available capacity first. 311 default: Ascending 312 enum: 313 - Ascending 314 - Descending 315 template: 316 description: 'GameServer is the data structure for a GameServer resource.' 317 type: object 318 required: 319 - spec 320 properties: 321 metadata: 322 description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. 323 properties: 324 annotations: 325 additionalProperties: 326 type: string 327 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 328 type: object 329 creationTimestamp: 330 description: |- 331 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 332 333 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 334 format: date-time 335 nullable: true 336 type: string 337 deletionGracePeriodSeconds: 338 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 339 format: int64 340 type: integer 341 deletionTimestamp: 342 description: |- 343 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 344 345 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 346 format: date-time 347 type: string 348 finalizers: 349 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 350 items: 351 type: string 352 type: array 353 generateName: 354 description: |- 355 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 356 357 If this field is specified and the generated name exists, the server will return a 409. 358 359 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 360 type: string 361 generation: 362 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 363 format: int64 364 type: integer 365 labels: 366 additionalProperties: 367 type: string 368 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 369 type: object 370 managedFields: 371 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 372 items: 373 properties: 374 apiVersion: 375 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 376 type: string 377 fieldsType: 378 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 379 type: string 380 fieldsV1: 381 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 382 type: object 383 manager: 384 description: Manager is an identifier of the workflow managing these fields. 385 type: string 386 operation: 387 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 388 type: string 389 subresource: 390 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 391 type: string 392 time: 393 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 394 format: date-time 395 type: string 396 type: object 397 type: array 398 name: 399 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 400 type: string 401 namespace: 402 description: |- 403 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 404 405 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 406 type: string 407 ownerReferences: 408 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 409 items: 410 properties: 411 apiVersion: 412 description: API version of the referent. 413 type: string 414 blockOwnerDeletion: 415 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 416 type: boolean 417 controller: 418 description: If true, this reference points to the managing controller. 419 type: boolean 420 kind: 421 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 422 type: string 423 name: 424 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 425 type: string 426 uid: 427 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 428 type: string 429 required: 430 - apiVersion 431 - kind 432 - name 433 - uid 434 type: object 435 x-kubernetes-map-type: atomic 436 type: array 437 resourceVersion: 438 description: |- 439 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 440 441 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 442 type: string 443 selfLink: 444 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 445 type: string 446 uid: 447 description: |- 448 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 449 450 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 451 type: string 452 type: object 453 spec: 454 description: 'GameServerSpec is the spec for a GameServer resource. More info: 455 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServer' 456 type: object 457 required: 458 - template 459 properties: 460 template: 461 description: PodTemplateSpec describes the data a pod should have when created from a template 462 properties: 463 metadata: 464 description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" 465 properties: 466 annotations: 467 additionalProperties: 468 type: string 469 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 470 type: object 471 creationTimestamp: 472 description: |- 473 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 474 475 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 476 format: date-time 477 nullable: true 478 type: string 479 deletionGracePeriodSeconds: 480 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 481 format: int64 482 type: integer 483 deletionTimestamp: 484 description: |- 485 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 486 487 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 488 format: date-time 489 type: string 490 finalizers: 491 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 492 items: 493 type: string 494 type: array 495 generateName: 496 description: |- 497 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 498 499 If this field is specified and the generated name exists, the server will return a 409. 500 501 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 502 type: string 503 generation: 504 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 505 format: int64 506 type: integer 507 labels: 508 additionalProperties: 509 type: string 510 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 511 type: object 512 managedFields: 513 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 514 items: 515 properties: 516 apiVersion: 517 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 518 type: string 519 fieldsType: 520 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 521 type: string 522 fieldsV1: 523 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 524 type: object 525 manager: 526 description: Manager is an identifier of the workflow managing these fields. 527 type: string 528 operation: 529 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 530 type: string 531 subresource: 532 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 533 type: string 534 time: 535 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 536 format: date-time 537 type: string 538 type: object 539 type: array 540 name: 541 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 542 type: string 543 namespace: 544 description: |- 545 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 546 547 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 548 type: string 549 ownerReferences: 550 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 551 items: 552 properties: 553 apiVersion: 554 description: API version of the referent. 555 type: string 556 blockOwnerDeletion: 557 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 558 type: boolean 559 controller: 560 description: If true, this reference points to the managing controller. 561 type: boolean 562 kind: 563 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 564 type: string 565 name: 566 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 567 type: string 568 uid: 569 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 570 type: string 571 required: 572 - apiVersion 573 - kind 574 - name 575 - uid 576 type: object 577 x-kubernetes-map-type: atomic 578 type: array 579 resourceVersion: 580 description: |- 581 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 582 583 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 584 type: string 585 selfLink: 586 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 587 type: string 588 uid: 589 description: |- 590 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 591 592 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 593 type: string 594 type: object 595 spec: 596 description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" 597 properties: 598 activeDeadlineSeconds: 599 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. 600 format: int64 601 type: integer 602 affinity: 603 description: If specified, the pod's scheduling constraints 604 properties: 605 nodeAffinity: 606 description: Describes node affinity scheduling rules for the pod. 607 properties: 608 preferredDuringSchedulingIgnoredDuringExecution: 609 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 610 items: 611 properties: 612 preference: 613 description: A node selector term, associated with the corresponding weight. 614 properties: 615 matchExpressions: 616 description: A list of node selector requirements by node's labels. 617 items: 618 properties: 619 key: 620 description: The label key that the selector applies to. 621 type: string 622 operator: 623 description: |- 624 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 625 626 Possible enum values: 627 - `"DoesNotExist"` 628 - `"Exists"` 629 - `"Gt"` 630 - `"In"` 631 - `"Lt"` 632 - `"NotIn"` 633 enum: 634 - DoesNotExist 635 - Exists 636 - Gt 637 - In 638 - Lt 639 - NotIn 640 type: string 641 values: 642 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 643 items: 644 type: string 645 type: array 646 required: 647 - key 648 - operator 649 type: object 650 type: array 651 matchFields: 652 description: A list of node selector requirements by node's fields. 653 items: 654 properties: 655 key: 656 description: The label key that the selector applies to. 657 type: string 658 operator: 659 description: |- 660 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 661 662 Possible enum values: 663 - `"DoesNotExist"` 664 - `"Exists"` 665 - `"Gt"` 666 - `"In"` 667 - `"Lt"` 668 - `"NotIn"` 669 enum: 670 - DoesNotExist 671 - Exists 672 - Gt 673 - In 674 - Lt 675 - NotIn 676 type: string 677 values: 678 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 679 items: 680 type: string 681 type: array 682 required: 683 - key 684 - operator 685 type: object 686 type: array 687 type: object 688 x-kubernetes-map-type: atomic 689 weight: 690 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 691 format: int32 692 type: integer 693 required: 694 - weight 695 - preference 696 type: object 697 type: array 698 requiredDuringSchedulingIgnoredDuringExecution: 699 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 700 properties: 701 nodeSelectorTerms: 702 description: Required. A list of node selector terms. The terms are ORed. 703 items: 704 properties: 705 matchExpressions: 706 description: A list of node selector requirements by node's labels. 707 items: 708 properties: 709 key: 710 description: The label key that the selector applies to. 711 type: string 712 operator: 713 description: |- 714 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 715 716 Possible enum values: 717 - `"DoesNotExist"` 718 - `"Exists"` 719 - `"Gt"` 720 - `"In"` 721 - `"Lt"` 722 - `"NotIn"` 723 enum: 724 - DoesNotExist 725 - Exists 726 - Gt 727 - In 728 - Lt 729 - NotIn 730 type: string 731 values: 732 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 733 items: 734 type: string 735 type: array 736 required: 737 - key 738 - operator 739 type: object 740 type: array 741 matchFields: 742 description: A list of node selector requirements by node's fields. 743 items: 744 properties: 745 key: 746 description: The label key that the selector applies to. 747 type: string 748 operator: 749 description: |- 750 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 751 752 Possible enum values: 753 - `"DoesNotExist"` 754 - `"Exists"` 755 - `"Gt"` 756 - `"In"` 757 - `"Lt"` 758 - `"NotIn"` 759 enum: 760 - DoesNotExist 761 - Exists 762 - Gt 763 - In 764 - Lt 765 - NotIn 766 type: string 767 values: 768 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 769 items: 770 type: string 771 type: array 772 required: 773 - key 774 - operator 775 type: object 776 type: array 777 type: object 778 x-kubernetes-map-type: atomic 779 type: array 780 required: 781 - nodeSelectorTerms 782 type: object 783 x-kubernetes-map-type: atomic 784 type: object 785 podAffinity: 786 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 787 properties: 788 preferredDuringSchedulingIgnoredDuringExecution: 789 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 790 items: 791 properties: 792 podAffinityTerm: 793 description: Required. A pod affinity term, associated with the corresponding weight. 794 properties: 795 labelSelector: 796 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 797 properties: 798 matchExpressions: 799 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 800 items: 801 properties: 802 key: 803 description: key is the label key that the selector applies to. 804 type: string 805 operator: 806 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 807 type: string 808 values: 809 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 810 items: 811 type: string 812 type: array 813 required: 814 - key 815 - operator 816 type: object 817 type: array 818 matchLabels: 819 additionalProperties: 820 type: string 821 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 822 type: object 823 type: object 824 x-kubernetes-map-type: atomic 825 matchLabelKeys: 826 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 827 items: 828 type: string 829 type: array 830 mismatchLabelKeys: 831 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 832 items: 833 type: string 834 type: array 835 namespaceSelector: 836 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 837 properties: 838 matchExpressions: 839 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 840 items: 841 properties: 842 key: 843 description: key is the label key that the selector applies to. 844 type: string 845 operator: 846 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 847 type: string 848 values: 849 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 850 items: 851 type: string 852 type: array 853 required: 854 - key 855 - operator 856 type: object 857 type: array 858 matchLabels: 859 additionalProperties: 860 type: string 861 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 862 type: object 863 type: object 864 x-kubernetes-map-type: atomic 865 namespaces: 866 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 867 items: 868 type: string 869 type: array 870 topologyKey: 871 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 872 type: string 873 required: 874 - topologyKey 875 type: object 876 weight: 877 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 878 format: int32 879 type: integer 880 required: 881 - weight 882 - podAffinityTerm 883 type: object 884 type: array 885 requiredDuringSchedulingIgnoredDuringExecution: 886 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 887 items: 888 properties: 889 labelSelector: 890 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 891 properties: 892 matchExpressions: 893 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 894 items: 895 properties: 896 key: 897 description: key is the label key that the selector applies to. 898 type: string 899 operator: 900 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 901 type: string 902 values: 903 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 904 items: 905 type: string 906 type: array 907 required: 908 - key 909 - operator 910 type: object 911 type: array 912 matchLabels: 913 additionalProperties: 914 type: string 915 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 916 type: object 917 type: object 918 x-kubernetes-map-type: atomic 919 matchLabelKeys: 920 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 921 items: 922 type: string 923 type: array 924 mismatchLabelKeys: 925 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 926 items: 927 type: string 928 type: array 929 namespaceSelector: 930 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 931 properties: 932 matchExpressions: 933 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 934 items: 935 properties: 936 key: 937 description: key is the label key that the selector applies to. 938 type: string 939 operator: 940 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 941 type: string 942 values: 943 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 944 items: 945 type: string 946 type: array 947 required: 948 - key 949 - operator 950 type: object 951 type: array 952 matchLabels: 953 additionalProperties: 954 type: string 955 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 956 type: object 957 type: object 958 x-kubernetes-map-type: atomic 959 namespaces: 960 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 961 items: 962 type: string 963 type: array 964 topologyKey: 965 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 966 type: string 967 required: 968 - topologyKey 969 type: object 970 type: array 971 type: object 972 podAntiAffinity: 973 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 974 properties: 975 preferredDuringSchedulingIgnoredDuringExecution: 976 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 977 items: 978 properties: 979 podAffinityTerm: 980 description: Required. A pod affinity term, associated with the corresponding weight. 981 properties: 982 labelSelector: 983 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 984 properties: 985 matchExpressions: 986 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 987 items: 988 properties: 989 key: 990 description: key is the label key that the selector applies to. 991 type: string 992 operator: 993 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 994 type: string 995 values: 996 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 997 items: 998 type: string 999 type: array 1000 required: 1001 - key 1002 - operator 1003 type: object 1004 type: array 1005 matchLabels: 1006 additionalProperties: 1007 type: string 1008 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1009 type: object 1010 type: object 1011 x-kubernetes-map-type: atomic 1012 matchLabelKeys: 1013 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1014 items: 1015 type: string 1016 type: array 1017 mismatchLabelKeys: 1018 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1019 items: 1020 type: string 1021 type: array 1022 namespaceSelector: 1023 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 1024 properties: 1025 matchExpressions: 1026 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1027 items: 1028 properties: 1029 key: 1030 description: key is the label key that the selector applies to. 1031 type: string 1032 operator: 1033 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1034 type: string 1035 values: 1036 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1037 items: 1038 type: string 1039 type: array 1040 required: 1041 - key 1042 - operator 1043 type: object 1044 type: array 1045 matchLabels: 1046 additionalProperties: 1047 type: string 1048 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1049 type: object 1050 type: object 1051 x-kubernetes-map-type: atomic 1052 namespaces: 1053 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1054 items: 1055 type: string 1056 type: array 1057 topologyKey: 1058 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 1059 type: string 1060 required: 1061 - topologyKey 1062 type: object 1063 weight: 1064 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 1065 format: int32 1066 type: integer 1067 required: 1068 - weight 1069 - podAffinityTerm 1070 type: object 1071 type: array 1072 requiredDuringSchedulingIgnoredDuringExecution: 1073 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 1074 items: 1075 properties: 1076 labelSelector: 1077 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 1078 properties: 1079 matchExpressions: 1080 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1081 items: 1082 properties: 1083 key: 1084 description: key is the label key that the selector applies to. 1085 type: string 1086 operator: 1087 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1088 type: string 1089 values: 1090 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1091 items: 1092 type: string 1093 type: array 1094 required: 1095 - key 1096 - operator 1097 type: object 1098 type: array 1099 matchLabels: 1100 additionalProperties: 1101 type: string 1102 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1103 type: object 1104 type: object 1105 x-kubernetes-map-type: atomic 1106 matchLabelKeys: 1107 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1108 items: 1109 type: string 1110 type: array 1111 mismatchLabelKeys: 1112 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1113 items: 1114 type: string 1115 type: array 1116 namespaceSelector: 1117 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 1118 properties: 1119 matchExpressions: 1120 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1121 items: 1122 properties: 1123 key: 1124 description: key is the label key that the selector applies to. 1125 type: string 1126 operator: 1127 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1128 type: string 1129 values: 1130 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1131 items: 1132 type: string 1133 type: array 1134 required: 1135 - key 1136 - operator 1137 type: object 1138 type: array 1139 matchLabels: 1140 additionalProperties: 1141 type: string 1142 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1143 type: object 1144 type: object 1145 x-kubernetes-map-type: atomic 1146 namespaces: 1147 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1148 items: 1149 type: string 1150 type: array 1151 topologyKey: 1152 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 1153 type: string 1154 required: 1155 - topologyKey 1156 type: object 1157 type: array 1158 type: object 1159 type: object 1160 automountServiceAccountToken: 1161 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 1162 type: boolean 1163 containers: 1164 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. 1165 items: 1166 properties: 1167 args: 1168 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 1169 items: 1170 type: string 1171 type: array 1172 command: 1173 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 1174 items: 1175 type: string 1176 type: array 1177 env: 1178 description: List of environment variables to set in the container. Cannot be updated. 1179 items: 1180 properties: 1181 name: 1182 description: Name of the environment variable. Must be a C_IDENTIFIER. 1183 type: string 1184 value: 1185 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 1186 type: string 1187 valueFrom: 1188 description: Source for the environment variable's value. Cannot be used if value is not empty. 1189 properties: 1190 configMapKeyRef: 1191 description: Selects a key of a ConfigMap. 1192 properties: 1193 key: 1194 description: The key to select. 1195 type: string 1196 name: 1197 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1198 type: string 1199 optional: 1200 description: Specify whether the ConfigMap or its key must be defined 1201 type: boolean 1202 required: 1203 - key 1204 type: object 1205 x-kubernetes-map-type: atomic 1206 fieldRef: 1207 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 1208 properties: 1209 apiVersion: 1210 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 1211 type: string 1212 fieldPath: 1213 description: Path of the field to select in the specified API version. 1214 type: string 1215 required: 1216 - fieldPath 1217 type: object 1218 x-kubernetes-map-type: atomic 1219 resourceFieldRef: 1220 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 1221 properties: 1222 containerName: 1223 description: "Container name: required for volumes, optional for env vars" 1224 type: string 1225 divisor: 1226 description: Specifies the output format of the exposed resources, defaults to "1" 1227 type: string 1228 resource: 1229 description: "Required: resource to select" 1230 type: string 1231 required: 1232 - resource 1233 type: object 1234 x-kubernetes-map-type: atomic 1235 secretKeyRef: 1236 description: Selects a key of a secret in the pod's namespace 1237 properties: 1238 key: 1239 description: The key of the secret to select from. Must be a valid secret key. 1240 type: string 1241 name: 1242 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1243 type: string 1244 optional: 1245 description: Specify whether the Secret or its key must be defined 1246 type: boolean 1247 required: 1248 - key 1249 type: object 1250 x-kubernetes-map-type: atomic 1251 type: object 1252 required: 1253 - name 1254 type: object 1255 type: array 1256 envFrom: 1257 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 1258 items: 1259 properties: 1260 configMapRef: 1261 description: The ConfigMap to select from 1262 properties: 1263 name: 1264 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1265 type: string 1266 optional: 1267 description: Specify whether the ConfigMap must be defined 1268 type: boolean 1269 type: object 1270 prefix: 1271 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 1272 type: string 1273 secretRef: 1274 description: The Secret to select from 1275 properties: 1276 name: 1277 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1278 type: string 1279 optional: 1280 description: Specify whether the Secret must be defined 1281 type: boolean 1282 type: object 1283 type: object 1284 type: array 1285 image: 1286 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 1287 type: string 1288 imagePullPolicy: 1289 description: |- 1290 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 1291 1292 Possible enum values: 1293 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 1294 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 1295 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 1296 enum: 1297 - Always 1298 - IfNotPresent 1299 - Never 1300 type: string 1301 lifecycle: 1302 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 1303 properties: 1304 postStart: 1305 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 1306 properties: 1307 exec: 1308 description: Exec specifies a command to execute in the container. 1309 properties: 1310 command: 1311 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1312 items: 1313 type: string 1314 type: array 1315 type: object 1316 httpGet: 1317 description: HTTPGet specifies an HTTP GET request to perform. 1318 properties: 1319 host: 1320 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1321 type: string 1322 httpHeaders: 1323 description: Custom headers to set in the request. HTTP allows repeated headers. 1324 items: 1325 properties: 1326 name: 1327 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1328 type: string 1329 value: 1330 description: The header field value 1331 type: string 1332 required: 1333 - name 1334 - value 1335 type: object 1336 type: array 1337 path: 1338 description: Path to access on the HTTP server. 1339 type: string 1340 port: 1341 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1342 format: int-or-string 1343 x-kubernetes-int-or-string: true 1344 scheme: 1345 description: |- 1346 Scheme to use for connecting to the host. Defaults to HTTP. 1347 1348 Possible enum values: 1349 - `"HTTP"` means that the scheme used will be http:// 1350 - `"HTTPS"` means that the scheme used will be https:// 1351 enum: 1352 - HTTP 1353 - HTTPS 1354 type: string 1355 required: 1356 - port 1357 type: object 1358 sleep: 1359 description: Sleep represents a duration that the container should sleep. 1360 properties: 1361 seconds: 1362 description: Seconds is the number of seconds to sleep. 1363 format: int64 1364 type: integer 1365 required: 1366 - seconds 1367 type: object 1368 tcpSocket: 1369 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 1370 properties: 1371 host: 1372 description: "Optional: Host name to connect to, defaults to the pod IP." 1373 type: string 1374 port: 1375 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1376 format: int-or-string 1377 x-kubernetes-int-or-string: true 1378 required: 1379 - port 1380 type: object 1381 type: object 1382 preStop: 1383 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 1384 properties: 1385 exec: 1386 description: Exec specifies a command to execute in the container. 1387 properties: 1388 command: 1389 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1390 items: 1391 type: string 1392 type: array 1393 type: object 1394 httpGet: 1395 description: HTTPGet specifies an HTTP GET request to perform. 1396 properties: 1397 host: 1398 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1399 type: string 1400 httpHeaders: 1401 description: Custom headers to set in the request. HTTP allows repeated headers. 1402 items: 1403 properties: 1404 name: 1405 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1406 type: string 1407 value: 1408 description: The header field value 1409 type: string 1410 required: 1411 - name 1412 - value 1413 type: object 1414 type: array 1415 path: 1416 description: Path to access on the HTTP server. 1417 type: string 1418 port: 1419 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1420 format: int-or-string 1421 x-kubernetes-int-or-string: true 1422 scheme: 1423 description: |- 1424 Scheme to use for connecting to the host. Defaults to HTTP. 1425 1426 Possible enum values: 1427 - `"HTTP"` means that the scheme used will be http:// 1428 - `"HTTPS"` means that the scheme used will be https:// 1429 enum: 1430 - HTTP 1431 - HTTPS 1432 type: string 1433 required: 1434 - port 1435 type: object 1436 sleep: 1437 description: Sleep represents a duration that the container should sleep. 1438 properties: 1439 seconds: 1440 description: Seconds is the number of seconds to sleep. 1441 format: int64 1442 type: integer 1443 required: 1444 - seconds 1445 type: object 1446 tcpSocket: 1447 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 1448 properties: 1449 host: 1450 description: "Optional: Host name to connect to, defaults to the pod IP." 1451 type: string 1452 port: 1453 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1454 format: int-or-string 1455 x-kubernetes-int-or-string: true 1456 required: 1457 - port 1458 type: object 1459 type: object 1460 type: object 1461 livenessProbe: 1462 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1463 properties: 1464 exec: 1465 description: Exec specifies a command to execute in the container. 1466 properties: 1467 command: 1468 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1469 items: 1470 type: string 1471 type: array 1472 type: object 1473 failureThreshold: 1474 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1475 format: int32 1476 type: integer 1477 grpc: 1478 description: GRPC specifies a GRPC HealthCheckRequest. 1479 properties: 1480 port: 1481 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1482 format: int32 1483 type: integer 1484 service: 1485 description: |- 1486 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1487 1488 If this is not specified, the default behavior is defined by gRPC. 1489 type: string 1490 required: 1491 - port 1492 type: object 1493 httpGet: 1494 description: HTTPGet specifies an HTTP GET request to perform. 1495 properties: 1496 host: 1497 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1498 type: string 1499 httpHeaders: 1500 description: Custom headers to set in the request. HTTP allows repeated headers. 1501 items: 1502 properties: 1503 name: 1504 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1505 type: string 1506 value: 1507 description: The header field value 1508 type: string 1509 required: 1510 - name 1511 - value 1512 type: object 1513 type: array 1514 path: 1515 description: Path to access on the HTTP server. 1516 type: string 1517 port: 1518 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1519 format: int-or-string 1520 x-kubernetes-int-or-string: true 1521 scheme: 1522 description: |- 1523 Scheme to use for connecting to the host. Defaults to HTTP. 1524 1525 Possible enum values: 1526 - `"HTTP"` means that the scheme used will be http:// 1527 - `"HTTPS"` means that the scheme used will be https:// 1528 enum: 1529 - HTTP 1530 - HTTPS 1531 type: string 1532 required: 1533 - port 1534 type: object 1535 initialDelaySeconds: 1536 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1537 format: int32 1538 type: integer 1539 periodSeconds: 1540 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1541 format: int32 1542 type: integer 1543 successThreshold: 1544 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1545 format: int32 1546 type: integer 1547 tcpSocket: 1548 description: TCPSocket specifies a connection to a TCP port. 1549 properties: 1550 host: 1551 description: "Optional: Host name to connect to, defaults to the pod IP." 1552 type: string 1553 port: 1554 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1555 format: int-or-string 1556 x-kubernetes-int-or-string: true 1557 required: 1558 - port 1559 type: object 1560 terminationGracePeriodSeconds: 1561 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1562 format: int64 1563 type: integer 1564 timeoutSeconds: 1565 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1566 format: int32 1567 type: integer 1568 type: object 1569 name: 1570 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 1571 type: string 1572 ports: 1573 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 1574 items: 1575 properties: 1576 containerPort: 1577 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 1578 format: int32 1579 type: integer 1580 hostIP: 1581 description: What host IP to bind the external port to. 1582 type: string 1583 hostPort: 1584 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 1585 format: int32 1586 type: integer 1587 name: 1588 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 1589 type: string 1590 protocol: 1591 description: |- 1592 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 1593 1594 Possible enum values: 1595 - `"SCTP"` is the SCTP protocol. 1596 - `"TCP"` is the TCP protocol. 1597 - `"UDP"` is the UDP protocol. 1598 enum: 1599 - SCTP 1600 - TCP 1601 - UDP 1602 type: string 1603 required: 1604 - containerPort 1605 type: object 1606 type: array 1607 readinessProbe: 1608 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1609 properties: 1610 exec: 1611 description: Exec specifies a command to execute in the container. 1612 properties: 1613 command: 1614 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1615 items: 1616 type: string 1617 type: array 1618 type: object 1619 failureThreshold: 1620 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1621 format: int32 1622 type: integer 1623 grpc: 1624 description: GRPC specifies a GRPC HealthCheckRequest. 1625 properties: 1626 port: 1627 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1628 format: int32 1629 type: integer 1630 service: 1631 description: |- 1632 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1633 1634 If this is not specified, the default behavior is defined by gRPC. 1635 type: string 1636 required: 1637 - port 1638 type: object 1639 httpGet: 1640 description: HTTPGet specifies an HTTP GET request to perform. 1641 properties: 1642 host: 1643 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1644 type: string 1645 httpHeaders: 1646 description: Custom headers to set in the request. HTTP allows repeated headers. 1647 items: 1648 properties: 1649 name: 1650 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1651 type: string 1652 value: 1653 description: The header field value 1654 type: string 1655 required: 1656 - name 1657 - value 1658 type: object 1659 type: array 1660 path: 1661 description: Path to access on the HTTP server. 1662 type: string 1663 port: 1664 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1665 format: int-or-string 1666 x-kubernetes-int-or-string: true 1667 scheme: 1668 description: |- 1669 Scheme to use for connecting to the host. Defaults to HTTP. 1670 1671 Possible enum values: 1672 - `"HTTP"` means that the scheme used will be http:// 1673 - `"HTTPS"` means that the scheme used will be https:// 1674 enum: 1675 - HTTP 1676 - HTTPS 1677 type: string 1678 required: 1679 - port 1680 type: object 1681 initialDelaySeconds: 1682 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1683 format: int32 1684 type: integer 1685 periodSeconds: 1686 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1687 format: int32 1688 type: integer 1689 successThreshold: 1690 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1691 format: int32 1692 type: integer 1693 tcpSocket: 1694 description: TCPSocket specifies a connection to a TCP port. 1695 properties: 1696 host: 1697 description: "Optional: Host name to connect to, defaults to the pod IP." 1698 type: string 1699 port: 1700 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1701 format: int-or-string 1702 x-kubernetes-int-or-string: true 1703 required: 1704 - port 1705 type: object 1706 terminationGracePeriodSeconds: 1707 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1708 format: int64 1709 type: integer 1710 timeoutSeconds: 1711 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1712 format: int32 1713 type: integer 1714 type: object 1715 resizePolicy: 1716 description: Resources resize policy for the container. 1717 items: 1718 properties: 1719 resourceName: 1720 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 1721 type: string 1722 restartPolicy: 1723 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 1724 type: string 1725 required: 1726 - resourceName 1727 - restartPolicy 1728 type: object 1729 type: array 1730 resources: 1731 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1732 properties: 1733 claims: 1734 description: |- 1735 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 1736 1737 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 1738 1739 This field is immutable. It can only be set for containers. 1740 items: 1741 properties: 1742 name: 1743 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1744 type: string 1745 request: 1746 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 1747 type: string 1748 required: 1749 - name 1750 type: object 1751 type: array 1752 limits: 1753 additionalProperties: 1754 type: string 1755 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1756 type: object 1757 requests: 1758 additionalProperties: 1759 type: string 1760 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1761 type: object 1762 type: object 1763 restartPolicy: 1764 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 1765 type: string 1766 securityContext: 1767 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 1768 properties: 1769 allowPrivilegeEscalation: 1770 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 1771 type: boolean 1772 appArmorProfile: 1773 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 1774 properties: 1775 localhostProfile: 1776 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 1777 type: string 1778 type: 1779 description: |- 1780 type indicates which kind of AppArmor profile will be applied. Valid options are: 1781 Localhost - a profile pre-loaded on the node. 1782 RuntimeDefault - the container runtime's default profile. 1783 Unconfined - no AppArmor enforcement. 1784 1785 Possible enum values: 1786 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 1787 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 1788 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 1789 enum: 1790 - Localhost 1791 - RuntimeDefault 1792 - Unconfined 1793 type: string 1794 required: 1795 - type 1796 type: object 1797 capabilities: 1798 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 1799 properties: 1800 add: 1801 description: Added capabilities 1802 items: 1803 type: string 1804 type: array 1805 drop: 1806 description: Removed capabilities 1807 items: 1808 type: string 1809 type: array 1810 type: object 1811 privileged: 1812 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 1813 type: boolean 1814 procMount: 1815 description: |- 1816 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 1817 1818 Possible enum values: 1819 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 1820 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 1821 enum: 1822 - Default 1823 - Unmasked 1824 type: string 1825 readOnlyRootFilesystem: 1826 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 1827 type: boolean 1828 runAsGroup: 1829 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1830 format: int64 1831 type: integer 1832 runAsNonRoot: 1833 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1834 type: boolean 1835 runAsUser: 1836 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1837 format: int64 1838 type: integer 1839 seLinuxOptions: 1840 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1841 properties: 1842 level: 1843 description: Level is SELinux level label that applies to the container. 1844 type: string 1845 role: 1846 description: Role is a SELinux role label that applies to the container. 1847 type: string 1848 type: 1849 description: Type is a SELinux type label that applies to the container. 1850 type: string 1851 user: 1852 description: User is a SELinux user label that applies to the container. 1853 type: string 1854 type: object 1855 seccompProfile: 1856 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 1857 properties: 1858 localhostProfile: 1859 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 1860 type: string 1861 type: 1862 description: |- 1863 type indicates which kind of seccomp profile will be applied. Valid options are: 1864 1865 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 1866 1867 Possible enum values: 1868 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 1869 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 1870 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 1871 enum: 1872 - Localhost 1873 - RuntimeDefault 1874 - Unconfined 1875 type: string 1876 required: 1877 - type 1878 type: object 1879 windowsOptions: 1880 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 1881 properties: 1882 gmsaCredentialSpec: 1883 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 1884 type: string 1885 gmsaCredentialSpecName: 1886 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 1887 type: string 1888 hostProcess: 1889 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 1890 type: boolean 1891 runAsUserName: 1892 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1893 type: string 1894 type: object 1895 type: object 1896 startupProbe: 1897 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1898 properties: 1899 exec: 1900 description: Exec specifies a command to execute in the container. 1901 properties: 1902 command: 1903 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1904 items: 1905 type: string 1906 type: array 1907 type: object 1908 failureThreshold: 1909 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1910 format: int32 1911 type: integer 1912 grpc: 1913 description: GRPC specifies a GRPC HealthCheckRequest. 1914 properties: 1915 port: 1916 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1917 format: int32 1918 type: integer 1919 service: 1920 description: |- 1921 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1922 1923 If this is not specified, the default behavior is defined by gRPC. 1924 type: string 1925 required: 1926 - port 1927 type: object 1928 httpGet: 1929 description: HTTPGet specifies an HTTP GET request to perform. 1930 properties: 1931 host: 1932 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1933 type: string 1934 httpHeaders: 1935 description: Custom headers to set in the request. HTTP allows repeated headers. 1936 items: 1937 properties: 1938 name: 1939 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1940 type: string 1941 value: 1942 description: The header field value 1943 type: string 1944 required: 1945 - name 1946 - value 1947 type: object 1948 type: array 1949 path: 1950 description: Path to access on the HTTP server. 1951 type: string 1952 port: 1953 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1954 format: int-or-string 1955 x-kubernetes-int-or-string: true 1956 scheme: 1957 description: |- 1958 Scheme to use for connecting to the host. Defaults to HTTP. 1959 1960 Possible enum values: 1961 - `"HTTP"` means that the scheme used will be http:// 1962 - `"HTTPS"` means that the scheme used will be https:// 1963 enum: 1964 - HTTP 1965 - HTTPS 1966 type: string 1967 required: 1968 - port 1969 type: object 1970 initialDelaySeconds: 1971 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1972 format: int32 1973 type: integer 1974 periodSeconds: 1975 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1976 format: int32 1977 type: integer 1978 successThreshold: 1979 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1980 format: int32 1981 type: integer 1982 tcpSocket: 1983 description: TCPSocket specifies a connection to a TCP port. 1984 properties: 1985 host: 1986 description: "Optional: Host name to connect to, defaults to the pod IP." 1987 type: string 1988 port: 1989 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1990 format: int-or-string 1991 x-kubernetes-int-or-string: true 1992 required: 1993 - port 1994 type: object 1995 terminationGracePeriodSeconds: 1996 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1997 format: int64 1998 type: integer 1999 timeoutSeconds: 2000 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2001 format: int32 2002 type: integer 2003 type: object 2004 stdin: 2005 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 2006 type: boolean 2007 stdinOnce: 2008 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 2009 type: boolean 2010 terminationMessagePath: 2011 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 2012 type: string 2013 terminationMessagePolicy: 2014 description: |- 2015 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 2016 2017 Possible enum values: 2018 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 2019 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 2020 enum: 2021 - FallbackToLogsOnError 2022 - File 2023 type: string 2024 tty: 2025 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 2026 type: boolean 2027 volumeDevices: 2028 description: volumeDevices is the list of block devices to be used by the container. 2029 items: 2030 properties: 2031 devicePath: 2032 description: devicePath is the path inside of the container that the device will be mapped to. 2033 type: string 2034 name: 2035 description: name must match the name of a persistentVolumeClaim in the pod 2036 type: string 2037 required: 2038 - name 2039 - devicePath 2040 type: object 2041 type: array 2042 volumeMounts: 2043 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 2044 items: 2045 properties: 2046 mountPath: 2047 description: Path within the container at which the volume should be mounted. Must not contain ':'. 2048 type: string 2049 mountPropagation: 2050 description: |- 2051 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 2052 2053 Possible enum values: 2054 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 2055 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 2056 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 2057 enum: 2058 - Bidirectional 2059 - HostToContainer 2060 - None 2061 type: string 2062 name: 2063 description: This must match the Name of a Volume. 2064 type: string 2065 readOnly: 2066 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 2067 type: boolean 2068 recursiveReadOnly: 2069 description: |- 2070 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 2071 2072 If ReadOnly is false, this field has no meaning and must be unspecified. 2073 2074 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 2075 2076 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 2077 2078 If this field is not specified, it is treated as an equivalent of Disabled. 2079 type: string 2080 subPath: 2081 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 2082 type: string 2083 subPathExpr: 2084 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 2085 type: string 2086 required: 2087 - name 2088 - mountPath 2089 type: object 2090 type: array 2091 workingDir: 2092 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 2093 type: string 2094 required: 2095 - name 2096 type: object 2097 type: array 2098 dnsConfig: 2099 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. 2100 properties: 2101 nameservers: 2102 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. 2103 items: 2104 type: string 2105 type: array 2106 options: 2107 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. 2108 items: 2109 properties: 2110 name: 2111 description: Name is this DNS resolver option's name. Required. 2112 type: string 2113 value: 2114 description: Value is this DNS resolver option's value. 2115 type: string 2116 type: object 2117 type: array 2118 searches: 2119 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. 2120 items: 2121 type: string 2122 type: array 2123 type: object 2124 dnsPolicy: 2125 description: |- 2126 Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 2127 2128 Possible enum values: 2129 - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 2130 - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 2131 - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings. 2132 - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig. 2133 enum: 2134 - ClusterFirst 2135 - ClusterFirstWithHostNet 2136 - Default 2137 - None 2138 type: string 2139 enableServiceLinks: 2140 description: "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true." 2141 type: boolean 2142 ephemeralContainers: 2143 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 2144 items: 2145 properties: 2146 args: 2147 description: "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 2148 items: 2149 type: string 2150 type: array 2151 command: 2152 description: "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 2153 items: 2154 type: string 2155 type: array 2156 env: 2157 description: List of environment variables to set in the container. Cannot be updated. 2158 items: 2159 properties: 2160 name: 2161 description: Name of the environment variable. Must be a C_IDENTIFIER. 2162 type: string 2163 value: 2164 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 2165 type: string 2166 valueFrom: 2167 description: Source for the environment variable's value. Cannot be used if value is not empty. 2168 properties: 2169 configMapKeyRef: 2170 description: Selects a key of a ConfigMap. 2171 properties: 2172 key: 2173 description: The key to select. 2174 type: string 2175 name: 2176 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2177 type: string 2178 optional: 2179 description: Specify whether the ConfigMap or its key must be defined 2180 type: boolean 2181 required: 2182 - key 2183 type: object 2184 x-kubernetes-map-type: atomic 2185 fieldRef: 2186 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 2187 properties: 2188 apiVersion: 2189 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 2190 type: string 2191 fieldPath: 2192 description: Path of the field to select in the specified API version. 2193 type: string 2194 required: 2195 - fieldPath 2196 type: object 2197 x-kubernetes-map-type: atomic 2198 resourceFieldRef: 2199 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 2200 properties: 2201 containerName: 2202 description: "Container name: required for volumes, optional for env vars" 2203 type: string 2204 divisor: 2205 description: Specifies the output format of the exposed resources, defaults to "1" 2206 type: string 2207 resource: 2208 description: "Required: resource to select" 2209 type: string 2210 required: 2211 - resource 2212 type: object 2213 x-kubernetes-map-type: atomic 2214 secretKeyRef: 2215 description: Selects a key of a secret in the pod's namespace 2216 properties: 2217 key: 2218 description: The key of the secret to select from. Must be a valid secret key. 2219 type: string 2220 name: 2221 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2222 type: string 2223 optional: 2224 description: Specify whether the Secret or its key must be defined 2225 type: boolean 2226 required: 2227 - key 2228 type: object 2229 x-kubernetes-map-type: atomic 2230 type: object 2231 required: 2232 - name 2233 type: object 2234 type: array 2235 envFrom: 2236 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 2237 items: 2238 properties: 2239 configMapRef: 2240 description: The ConfigMap to select from 2241 properties: 2242 name: 2243 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2244 type: string 2245 optional: 2246 description: Specify whether the ConfigMap must be defined 2247 type: boolean 2248 type: object 2249 prefix: 2250 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 2251 type: string 2252 secretRef: 2253 description: The Secret to select from 2254 properties: 2255 name: 2256 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2257 type: string 2258 optional: 2259 description: Specify whether the Secret must be defined 2260 type: boolean 2261 type: object 2262 type: object 2263 type: array 2264 image: 2265 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images" 2266 type: string 2267 imagePullPolicy: 2268 description: |- 2269 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 2270 2271 Possible enum values: 2272 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 2273 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 2274 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 2275 enum: 2276 - Always 2277 - IfNotPresent 2278 - Never 2279 type: string 2280 lifecycle: 2281 description: Lifecycle is not allowed for ephemeral containers. 2282 properties: 2283 postStart: 2284 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 2285 properties: 2286 exec: 2287 description: Exec specifies a command to execute in the container. 2288 properties: 2289 command: 2290 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2291 items: 2292 type: string 2293 type: array 2294 type: object 2295 httpGet: 2296 description: HTTPGet specifies an HTTP GET request to perform. 2297 properties: 2298 host: 2299 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2300 type: string 2301 httpHeaders: 2302 description: Custom headers to set in the request. HTTP allows repeated headers. 2303 items: 2304 properties: 2305 name: 2306 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2307 type: string 2308 value: 2309 description: The header field value 2310 type: string 2311 required: 2312 - name 2313 - value 2314 type: object 2315 type: array 2316 path: 2317 description: Path to access on the HTTP server. 2318 type: string 2319 port: 2320 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2321 format: int-or-string 2322 x-kubernetes-int-or-string: true 2323 scheme: 2324 description: |- 2325 Scheme to use for connecting to the host. Defaults to HTTP. 2326 2327 Possible enum values: 2328 - `"HTTP"` means that the scheme used will be http:// 2329 - `"HTTPS"` means that the scheme used will be https:// 2330 enum: 2331 - HTTP 2332 - HTTPS 2333 type: string 2334 required: 2335 - port 2336 type: object 2337 sleep: 2338 description: Sleep represents a duration that the container should sleep. 2339 properties: 2340 seconds: 2341 description: Seconds is the number of seconds to sleep. 2342 format: int64 2343 type: integer 2344 required: 2345 - seconds 2346 type: object 2347 tcpSocket: 2348 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 2349 properties: 2350 host: 2351 description: "Optional: Host name to connect to, defaults to the pod IP." 2352 type: string 2353 port: 2354 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2355 format: int-or-string 2356 x-kubernetes-int-or-string: true 2357 required: 2358 - port 2359 type: object 2360 type: object 2361 preStop: 2362 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 2363 properties: 2364 exec: 2365 description: Exec specifies a command to execute in the container. 2366 properties: 2367 command: 2368 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2369 items: 2370 type: string 2371 type: array 2372 type: object 2373 httpGet: 2374 description: HTTPGet specifies an HTTP GET request to perform. 2375 properties: 2376 host: 2377 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2378 type: string 2379 httpHeaders: 2380 description: Custom headers to set in the request. HTTP allows repeated headers. 2381 items: 2382 properties: 2383 name: 2384 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2385 type: string 2386 value: 2387 description: The header field value 2388 type: string 2389 required: 2390 - name 2391 - value 2392 type: object 2393 type: array 2394 path: 2395 description: Path to access on the HTTP server. 2396 type: string 2397 port: 2398 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2399 format: int-or-string 2400 x-kubernetes-int-or-string: true 2401 scheme: 2402 description: |- 2403 Scheme to use for connecting to the host. Defaults to HTTP. 2404 2405 Possible enum values: 2406 - `"HTTP"` means that the scheme used will be http:// 2407 - `"HTTPS"` means that the scheme used will be https:// 2408 enum: 2409 - HTTP 2410 - HTTPS 2411 type: string 2412 required: 2413 - port 2414 type: object 2415 sleep: 2416 description: Sleep represents a duration that the container should sleep. 2417 properties: 2418 seconds: 2419 description: Seconds is the number of seconds to sleep. 2420 format: int64 2421 type: integer 2422 required: 2423 - seconds 2424 type: object 2425 tcpSocket: 2426 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 2427 properties: 2428 host: 2429 description: "Optional: Host name to connect to, defaults to the pod IP." 2430 type: string 2431 port: 2432 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2433 format: int-or-string 2434 x-kubernetes-int-or-string: true 2435 required: 2436 - port 2437 type: object 2438 type: object 2439 type: object 2440 livenessProbe: 2441 description: Probes are not allowed for ephemeral containers. 2442 properties: 2443 exec: 2444 description: Exec specifies a command to execute in the container. 2445 properties: 2446 command: 2447 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2448 items: 2449 type: string 2450 type: array 2451 type: object 2452 failureThreshold: 2453 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2454 format: int32 2455 type: integer 2456 grpc: 2457 description: GRPC specifies a GRPC HealthCheckRequest. 2458 properties: 2459 port: 2460 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2461 format: int32 2462 type: integer 2463 service: 2464 description: |- 2465 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2466 2467 If this is not specified, the default behavior is defined by gRPC. 2468 type: string 2469 required: 2470 - port 2471 type: object 2472 httpGet: 2473 description: HTTPGet specifies an HTTP GET request to perform. 2474 properties: 2475 host: 2476 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2477 type: string 2478 httpHeaders: 2479 description: Custom headers to set in the request. HTTP allows repeated headers. 2480 items: 2481 properties: 2482 name: 2483 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2484 type: string 2485 value: 2486 description: The header field value 2487 type: string 2488 required: 2489 - name 2490 - value 2491 type: object 2492 type: array 2493 path: 2494 description: Path to access on the HTTP server. 2495 type: string 2496 port: 2497 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2498 format: int-or-string 2499 x-kubernetes-int-or-string: true 2500 scheme: 2501 description: |- 2502 Scheme to use for connecting to the host. Defaults to HTTP. 2503 2504 Possible enum values: 2505 - `"HTTP"` means that the scheme used will be http:// 2506 - `"HTTPS"` means that the scheme used will be https:// 2507 enum: 2508 - HTTP 2509 - HTTPS 2510 type: string 2511 required: 2512 - port 2513 type: object 2514 initialDelaySeconds: 2515 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2516 format: int32 2517 type: integer 2518 periodSeconds: 2519 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2520 format: int32 2521 type: integer 2522 successThreshold: 2523 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2524 format: int32 2525 type: integer 2526 tcpSocket: 2527 description: TCPSocket specifies a connection to a TCP port. 2528 properties: 2529 host: 2530 description: "Optional: Host name to connect to, defaults to the pod IP." 2531 type: string 2532 port: 2533 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2534 format: int-or-string 2535 x-kubernetes-int-or-string: true 2536 required: 2537 - port 2538 type: object 2539 terminationGracePeriodSeconds: 2540 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2541 format: int64 2542 type: integer 2543 timeoutSeconds: 2544 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2545 format: int32 2546 type: integer 2547 type: object 2548 name: 2549 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. 2550 type: string 2551 ports: 2552 description: Ports are not allowed for ephemeral containers. 2553 items: 2554 properties: 2555 containerPort: 2556 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 2557 format: int32 2558 type: integer 2559 hostIP: 2560 description: What host IP to bind the external port to. 2561 type: string 2562 hostPort: 2563 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 2564 format: int32 2565 type: integer 2566 name: 2567 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 2568 type: string 2569 protocol: 2570 description: |- 2571 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 2572 2573 Possible enum values: 2574 - `"SCTP"` is the SCTP protocol. 2575 - `"TCP"` is the TCP protocol. 2576 - `"UDP"` is the UDP protocol. 2577 enum: 2578 - SCTP 2579 - TCP 2580 - UDP 2581 type: string 2582 required: 2583 - containerPort 2584 type: object 2585 type: array 2586 readinessProbe: 2587 description: Probes are not allowed for ephemeral containers. 2588 properties: 2589 exec: 2590 description: Exec specifies a command to execute in the container. 2591 properties: 2592 command: 2593 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2594 items: 2595 type: string 2596 type: array 2597 type: object 2598 failureThreshold: 2599 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2600 format: int32 2601 type: integer 2602 grpc: 2603 description: GRPC specifies a GRPC HealthCheckRequest. 2604 properties: 2605 port: 2606 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2607 format: int32 2608 type: integer 2609 service: 2610 description: |- 2611 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2612 2613 If this is not specified, the default behavior is defined by gRPC. 2614 type: string 2615 required: 2616 - port 2617 type: object 2618 httpGet: 2619 description: HTTPGet specifies an HTTP GET request to perform. 2620 properties: 2621 host: 2622 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2623 type: string 2624 httpHeaders: 2625 description: Custom headers to set in the request. HTTP allows repeated headers. 2626 items: 2627 properties: 2628 name: 2629 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2630 type: string 2631 value: 2632 description: The header field value 2633 type: string 2634 required: 2635 - name 2636 - value 2637 type: object 2638 type: array 2639 path: 2640 description: Path to access on the HTTP server. 2641 type: string 2642 port: 2643 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2644 format: int-or-string 2645 x-kubernetes-int-or-string: true 2646 scheme: 2647 description: |- 2648 Scheme to use for connecting to the host. Defaults to HTTP. 2649 2650 Possible enum values: 2651 - `"HTTP"` means that the scheme used will be http:// 2652 - `"HTTPS"` means that the scheme used will be https:// 2653 enum: 2654 - HTTP 2655 - HTTPS 2656 type: string 2657 required: 2658 - port 2659 type: object 2660 initialDelaySeconds: 2661 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2662 format: int32 2663 type: integer 2664 periodSeconds: 2665 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2666 format: int32 2667 type: integer 2668 successThreshold: 2669 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2670 format: int32 2671 type: integer 2672 tcpSocket: 2673 description: TCPSocket specifies a connection to a TCP port. 2674 properties: 2675 host: 2676 description: "Optional: Host name to connect to, defaults to the pod IP." 2677 type: string 2678 port: 2679 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2680 format: int-or-string 2681 x-kubernetes-int-or-string: true 2682 required: 2683 - port 2684 type: object 2685 terminationGracePeriodSeconds: 2686 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2687 format: int64 2688 type: integer 2689 timeoutSeconds: 2690 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2691 format: int32 2692 type: integer 2693 type: object 2694 resizePolicy: 2695 description: Resources resize policy for the container. 2696 items: 2697 properties: 2698 resourceName: 2699 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 2700 type: string 2701 restartPolicy: 2702 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 2703 type: string 2704 required: 2705 - resourceName 2706 - restartPolicy 2707 type: object 2708 type: array 2709 resources: 2710 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. 2711 properties: 2712 claims: 2713 description: |- 2714 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 2715 2716 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 2717 2718 This field is immutable. It can only be set for containers. 2719 items: 2720 properties: 2721 name: 2722 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 2723 type: string 2724 request: 2725 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 2726 type: string 2727 required: 2728 - name 2729 type: object 2730 type: array 2731 limits: 2732 additionalProperties: 2733 type: string 2734 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 2735 type: object 2736 requests: 2737 additionalProperties: 2738 type: string 2739 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 2740 type: object 2741 type: object 2742 restartPolicy: 2743 description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. 2744 type: string 2745 securityContext: 2746 description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." 2747 properties: 2748 allowPrivilegeEscalation: 2749 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 2750 type: boolean 2751 appArmorProfile: 2752 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 2753 properties: 2754 localhostProfile: 2755 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 2756 type: string 2757 type: 2758 description: |- 2759 type indicates which kind of AppArmor profile will be applied. Valid options are: 2760 Localhost - a profile pre-loaded on the node. 2761 RuntimeDefault - the container runtime's default profile. 2762 Unconfined - no AppArmor enforcement. 2763 2764 Possible enum values: 2765 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 2766 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 2767 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 2768 enum: 2769 - Localhost 2770 - RuntimeDefault 2771 - Unconfined 2772 type: string 2773 required: 2774 - type 2775 type: object 2776 capabilities: 2777 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 2778 properties: 2779 add: 2780 description: Added capabilities 2781 items: 2782 type: string 2783 type: array 2784 drop: 2785 description: Removed capabilities 2786 items: 2787 type: string 2788 type: array 2789 type: object 2790 privileged: 2791 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 2792 type: boolean 2793 procMount: 2794 description: |- 2795 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 2796 2797 Possible enum values: 2798 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 2799 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 2800 enum: 2801 - Default 2802 - Unmasked 2803 type: string 2804 readOnlyRootFilesystem: 2805 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 2806 type: boolean 2807 runAsGroup: 2808 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 2809 format: int64 2810 type: integer 2811 runAsNonRoot: 2812 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2813 type: boolean 2814 runAsUser: 2815 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 2816 format: int64 2817 type: integer 2818 seLinuxOptions: 2819 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 2820 properties: 2821 level: 2822 description: Level is SELinux level label that applies to the container. 2823 type: string 2824 role: 2825 description: Role is a SELinux role label that applies to the container. 2826 type: string 2827 type: 2828 description: Type is a SELinux type label that applies to the container. 2829 type: string 2830 user: 2831 description: User is a SELinux user label that applies to the container. 2832 type: string 2833 type: object 2834 seccompProfile: 2835 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 2836 properties: 2837 localhostProfile: 2838 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 2839 type: string 2840 type: 2841 description: |- 2842 type indicates which kind of seccomp profile will be applied. Valid options are: 2843 2844 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 2845 2846 Possible enum values: 2847 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 2848 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 2849 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 2850 enum: 2851 - Localhost 2852 - RuntimeDefault 2853 - Unconfined 2854 type: string 2855 required: 2856 - type 2857 type: object 2858 windowsOptions: 2859 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 2860 properties: 2861 gmsaCredentialSpec: 2862 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 2863 type: string 2864 gmsaCredentialSpecName: 2865 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 2866 type: string 2867 hostProcess: 2868 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 2869 type: boolean 2870 runAsUserName: 2871 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2872 type: string 2873 type: object 2874 type: object 2875 startupProbe: 2876 description: Probes are not allowed for ephemeral containers. 2877 properties: 2878 exec: 2879 description: Exec specifies a command to execute in the container. 2880 properties: 2881 command: 2882 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2883 items: 2884 type: string 2885 type: array 2886 type: object 2887 failureThreshold: 2888 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2889 format: int32 2890 type: integer 2891 grpc: 2892 description: GRPC specifies a GRPC HealthCheckRequest. 2893 properties: 2894 port: 2895 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2896 format: int32 2897 type: integer 2898 service: 2899 description: |- 2900 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2901 2902 If this is not specified, the default behavior is defined by gRPC. 2903 type: string 2904 required: 2905 - port 2906 type: object 2907 httpGet: 2908 description: HTTPGet specifies an HTTP GET request to perform. 2909 properties: 2910 host: 2911 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2912 type: string 2913 httpHeaders: 2914 description: Custom headers to set in the request. HTTP allows repeated headers. 2915 items: 2916 properties: 2917 name: 2918 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2919 type: string 2920 value: 2921 description: The header field value 2922 type: string 2923 required: 2924 - name 2925 - value 2926 type: object 2927 type: array 2928 path: 2929 description: Path to access on the HTTP server. 2930 type: string 2931 port: 2932 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2933 format: int-or-string 2934 x-kubernetes-int-or-string: true 2935 scheme: 2936 description: |- 2937 Scheme to use for connecting to the host. Defaults to HTTP. 2938 2939 Possible enum values: 2940 - `"HTTP"` means that the scheme used will be http:// 2941 - `"HTTPS"` means that the scheme used will be https:// 2942 enum: 2943 - HTTP 2944 - HTTPS 2945 type: string 2946 required: 2947 - port 2948 type: object 2949 initialDelaySeconds: 2950 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2951 format: int32 2952 type: integer 2953 periodSeconds: 2954 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2955 format: int32 2956 type: integer 2957 successThreshold: 2958 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2959 format: int32 2960 type: integer 2961 tcpSocket: 2962 description: TCPSocket specifies a connection to a TCP port. 2963 properties: 2964 host: 2965 description: "Optional: Host name to connect to, defaults to the pod IP." 2966 type: string 2967 port: 2968 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2969 format: int-or-string 2970 x-kubernetes-int-or-string: true 2971 required: 2972 - port 2973 type: object 2974 terminationGracePeriodSeconds: 2975 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2976 format: int64 2977 type: integer 2978 timeoutSeconds: 2979 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2980 format: int32 2981 type: integer 2982 type: object 2983 stdin: 2984 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 2985 type: boolean 2986 stdinOnce: 2987 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 2988 type: boolean 2989 targetContainerName: 2990 description: |- 2991 If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. 2992 2993 The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined. 2994 type: string 2995 terminationMessagePath: 2996 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 2997 type: string 2998 terminationMessagePolicy: 2999 description: |- 3000 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 3001 3002 Possible enum values: 3003 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 3004 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 3005 enum: 3006 - FallbackToLogsOnError 3007 - File 3008 type: string 3009 tty: 3010 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 3011 type: boolean 3012 volumeDevices: 3013 description: volumeDevices is the list of block devices to be used by the container. 3014 items: 3015 properties: 3016 devicePath: 3017 description: devicePath is the path inside of the container that the device will be mapped to. 3018 type: string 3019 name: 3020 description: name must match the name of a persistentVolumeClaim in the pod 3021 type: string 3022 required: 3023 - name 3024 - devicePath 3025 type: object 3026 type: array 3027 volumeMounts: 3028 description: Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. 3029 items: 3030 properties: 3031 mountPath: 3032 description: Path within the container at which the volume should be mounted. Must not contain ':'. 3033 type: string 3034 mountPropagation: 3035 description: |- 3036 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 3037 3038 Possible enum values: 3039 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 3040 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 3041 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 3042 enum: 3043 - Bidirectional 3044 - HostToContainer 3045 - None 3046 type: string 3047 name: 3048 description: This must match the Name of a Volume. 3049 type: string 3050 readOnly: 3051 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 3052 type: boolean 3053 recursiveReadOnly: 3054 description: |- 3055 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 3056 3057 If ReadOnly is false, this field has no meaning and must be unspecified. 3058 3059 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 3060 3061 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 3062 3063 If this field is not specified, it is treated as an equivalent of Disabled. 3064 type: string 3065 subPath: 3066 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 3067 type: string 3068 subPathExpr: 3069 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 3070 type: string 3071 required: 3072 - name 3073 - mountPath 3074 type: object 3075 type: array 3076 workingDir: 3077 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 3078 type: string 3079 required: 3080 - name 3081 type: object 3082 type: array 3083 hostAliases: 3084 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. 3085 items: 3086 properties: 3087 hostnames: 3088 description: Hostnames for the above IP address. 3089 items: 3090 type: string 3091 type: array 3092 ip: 3093 description: IP address of the host file entry. 3094 type: string 3095 required: 3096 - ip 3097 type: object 3098 type: array 3099 hostIPC: 3100 description: "Use the host's ipc namespace. Optional: Default to false." 3101 type: boolean 3102 hostNetwork: 3103 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. 3104 type: boolean 3105 hostPID: 3106 description: "Use the host's pid namespace. Optional: Default to false." 3107 type: boolean 3108 hostUsers: 3109 description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." 3110 type: boolean 3111 hostname: 3112 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. 3113 type: string 3114 imagePullSecrets: 3115 description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" 3116 items: 3117 properties: 3118 name: 3119 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3120 type: string 3121 type: object 3122 x-kubernetes-map-type: atomic 3123 type: array 3124 initContainers: 3125 description: "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" 3126 items: 3127 properties: 3128 args: 3129 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 3130 items: 3131 type: string 3132 type: array 3133 command: 3134 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 3135 items: 3136 type: string 3137 type: array 3138 env: 3139 description: List of environment variables to set in the container. Cannot be updated. 3140 items: 3141 properties: 3142 name: 3143 description: Name of the environment variable. Must be a C_IDENTIFIER. 3144 type: string 3145 value: 3146 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 3147 type: string 3148 valueFrom: 3149 description: Source for the environment variable's value. Cannot be used if value is not empty. 3150 properties: 3151 configMapKeyRef: 3152 description: Selects a key of a ConfigMap. 3153 properties: 3154 key: 3155 description: The key to select. 3156 type: string 3157 name: 3158 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3159 type: string 3160 optional: 3161 description: Specify whether the ConfigMap or its key must be defined 3162 type: boolean 3163 required: 3164 - key 3165 type: object 3166 x-kubernetes-map-type: atomic 3167 fieldRef: 3168 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 3169 properties: 3170 apiVersion: 3171 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 3172 type: string 3173 fieldPath: 3174 description: Path of the field to select in the specified API version. 3175 type: string 3176 required: 3177 - fieldPath 3178 type: object 3179 x-kubernetes-map-type: atomic 3180 resourceFieldRef: 3181 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 3182 properties: 3183 containerName: 3184 description: "Container name: required for volumes, optional for env vars" 3185 type: string 3186 divisor: 3187 description: Specifies the output format of the exposed resources, defaults to "1" 3188 type: string 3189 resource: 3190 description: "Required: resource to select" 3191 type: string 3192 required: 3193 - resource 3194 type: object 3195 x-kubernetes-map-type: atomic 3196 secretKeyRef: 3197 description: Selects a key of a secret in the pod's namespace 3198 properties: 3199 key: 3200 description: The key of the secret to select from. Must be a valid secret key. 3201 type: string 3202 name: 3203 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3204 type: string 3205 optional: 3206 description: Specify whether the Secret or its key must be defined 3207 type: boolean 3208 required: 3209 - key 3210 type: object 3211 x-kubernetes-map-type: atomic 3212 type: object 3213 required: 3214 - name 3215 type: object 3216 type: array 3217 envFrom: 3218 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 3219 items: 3220 properties: 3221 configMapRef: 3222 description: The ConfigMap to select from 3223 properties: 3224 name: 3225 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3226 type: string 3227 optional: 3228 description: Specify whether the ConfigMap must be defined 3229 type: boolean 3230 type: object 3231 prefix: 3232 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 3233 type: string 3234 secretRef: 3235 description: The Secret to select from 3236 properties: 3237 name: 3238 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3239 type: string 3240 optional: 3241 description: Specify whether the Secret must be defined 3242 type: boolean 3243 type: object 3244 type: object 3245 type: array 3246 image: 3247 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 3248 type: string 3249 imagePullPolicy: 3250 description: |- 3251 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 3252 3253 Possible enum values: 3254 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 3255 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 3256 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 3257 enum: 3258 - Always 3259 - IfNotPresent 3260 - Never 3261 type: string 3262 lifecycle: 3263 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 3264 properties: 3265 postStart: 3266 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 3267 properties: 3268 exec: 3269 description: Exec specifies a command to execute in the container. 3270 properties: 3271 command: 3272 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3273 items: 3274 type: string 3275 type: array 3276 type: object 3277 httpGet: 3278 description: HTTPGet specifies an HTTP GET request to perform. 3279 properties: 3280 host: 3281 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3282 type: string 3283 httpHeaders: 3284 description: Custom headers to set in the request. HTTP allows repeated headers. 3285 items: 3286 properties: 3287 name: 3288 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3289 type: string 3290 value: 3291 description: The header field value 3292 type: string 3293 required: 3294 - name 3295 - value 3296 type: object 3297 type: array 3298 path: 3299 description: Path to access on the HTTP server. 3300 type: string 3301 port: 3302 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3303 format: int-or-string 3304 x-kubernetes-int-or-string: true 3305 scheme: 3306 description: |- 3307 Scheme to use for connecting to the host. Defaults to HTTP. 3308 3309 Possible enum values: 3310 - `"HTTP"` means that the scheme used will be http:// 3311 - `"HTTPS"` means that the scheme used will be https:// 3312 enum: 3313 - HTTP 3314 - HTTPS 3315 type: string 3316 required: 3317 - port 3318 type: object 3319 sleep: 3320 description: Sleep represents a duration that the container should sleep. 3321 properties: 3322 seconds: 3323 description: Seconds is the number of seconds to sleep. 3324 format: int64 3325 type: integer 3326 required: 3327 - seconds 3328 type: object 3329 tcpSocket: 3330 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 3331 properties: 3332 host: 3333 description: "Optional: Host name to connect to, defaults to the pod IP." 3334 type: string 3335 port: 3336 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3337 format: int-or-string 3338 x-kubernetes-int-or-string: true 3339 required: 3340 - port 3341 type: object 3342 type: object 3343 preStop: 3344 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 3345 properties: 3346 exec: 3347 description: Exec specifies a command to execute in the container. 3348 properties: 3349 command: 3350 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3351 items: 3352 type: string 3353 type: array 3354 type: object 3355 httpGet: 3356 description: HTTPGet specifies an HTTP GET request to perform. 3357 properties: 3358 host: 3359 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3360 type: string 3361 httpHeaders: 3362 description: Custom headers to set in the request. HTTP allows repeated headers. 3363 items: 3364 properties: 3365 name: 3366 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3367 type: string 3368 value: 3369 description: The header field value 3370 type: string 3371 required: 3372 - name 3373 - value 3374 type: object 3375 type: array 3376 path: 3377 description: Path to access on the HTTP server. 3378 type: string 3379 port: 3380 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3381 format: int-or-string 3382 x-kubernetes-int-or-string: true 3383 scheme: 3384 description: |- 3385 Scheme to use for connecting to the host. Defaults to HTTP. 3386 3387 Possible enum values: 3388 - `"HTTP"` means that the scheme used will be http:// 3389 - `"HTTPS"` means that the scheme used will be https:// 3390 enum: 3391 - HTTP 3392 - HTTPS 3393 type: string 3394 required: 3395 - port 3396 type: object 3397 sleep: 3398 description: Sleep represents a duration that the container should sleep. 3399 properties: 3400 seconds: 3401 description: Seconds is the number of seconds to sleep. 3402 format: int64 3403 type: integer 3404 required: 3405 - seconds 3406 type: object 3407 tcpSocket: 3408 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 3409 properties: 3410 host: 3411 description: "Optional: Host name to connect to, defaults to the pod IP." 3412 type: string 3413 port: 3414 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3415 format: int-or-string 3416 x-kubernetes-int-or-string: true 3417 required: 3418 - port 3419 type: object 3420 type: object 3421 type: object 3422 livenessProbe: 3423 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3424 properties: 3425 exec: 3426 description: Exec specifies a command to execute in the container. 3427 properties: 3428 command: 3429 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3430 items: 3431 type: string 3432 type: array 3433 type: object 3434 failureThreshold: 3435 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3436 format: int32 3437 type: integer 3438 grpc: 3439 description: GRPC specifies a GRPC HealthCheckRequest. 3440 properties: 3441 port: 3442 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3443 format: int32 3444 type: integer 3445 service: 3446 description: |- 3447 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3448 3449 If this is not specified, the default behavior is defined by gRPC. 3450 type: string 3451 required: 3452 - port 3453 type: object 3454 httpGet: 3455 description: HTTPGet specifies an HTTP GET request to perform. 3456 properties: 3457 host: 3458 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3459 type: string 3460 httpHeaders: 3461 description: Custom headers to set in the request. HTTP allows repeated headers. 3462 items: 3463 properties: 3464 name: 3465 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3466 type: string 3467 value: 3468 description: The header field value 3469 type: string 3470 required: 3471 - name 3472 - value 3473 type: object 3474 type: array 3475 path: 3476 description: Path to access on the HTTP server. 3477 type: string 3478 port: 3479 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3480 format: int-or-string 3481 x-kubernetes-int-or-string: true 3482 scheme: 3483 description: |- 3484 Scheme to use for connecting to the host. Defaults to HTTP. 3485 3486 Possible enum values: 3487 - `"HTTP"` means that the scheme used will be http:// 3488 - `"HTTPS"` means that the scheme used will be https:// 3489 enum: 3490 - HTTP 3491 - HTTPS 3492 type: string 3493 required: 3494 - port 3495 type: object 3496 initialDelaySeconds: 3497 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3498 format: int32 3499 type: integer 3500 periodSeconds: 3501 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3502 format: int32 3503 type: integer 3504 successThreshold: 3505 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3506 format: int32 3507 type: integer 3508 tcpSocket: 3509 description: TCPSocket specifies a connection to a TCP port. 3510 properties: 3511 host: 3512 description: "Optional: Host name to connect to, defaults to the pod IP." 3513 type: string 3514 port: 3515 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3516 format: int-or-string 3517 x-kubernetes-int-or-string: true 3518 required: 3519 - port 3520 type: object 3521 terminationGracePeriodSeconds: 3522 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3523 format: int64 3524 type: integer 3525 timeoutSeconds: 3526 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3527 format: int32 3528 type: integer 3529 type: object 3530 name: 3531 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 3532 type: string 3533 ports: 3534 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 3535 items: 3536 properties: 3537 containerPort: 3538 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 3539 format: int32 3540 type: integer 3541 hostIP: 3542 description: What host IP to bind the external port to. 3543 type: string 3544 hostPort: 3545 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 3546 format: int32 3547 type: integer 3548 name: 3549 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 3550 type: string 3551 protocol: 3552 description: |- 3553 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 3554 3555 Possible enum values: 3556 - `"SCTP"` is the SCTP protocol. 3557 - `"TCP"` is the TCP protocol. 3558 - `"UDP"` is the UDP protocol. 3559 enum: 3560 - SCTP 3561 - TCP 3562 - UDP 3563 type: string 3564 required: 3565 - containerPort 3566 type: object 3567 type: array 3568 readinessProbe: 3569 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3570 properties: 3571 exec: 3572 description: Exec specifies a command to execute in the container. 3573 properties: 3574 command: 3575 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3576 items: 3577 type: string 3578 type: array 3579 type: object 3580 failureThreshold: 3581 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3582 format: int32 3583 type: integer 3584 grpc: 3585 description: GRPC specifies a GRPC HealthCheckRequest. 3586 properties: 3587 port: 3588 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3589 format: int32 3590 type: integer 3591 service: 3592 description: |- 3593 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3594 3595 If this is not specified, the default behavior is defined by gRPC. 3596 type: string 3597 required: 3598 - port 3599 type: object 3600 httpGet: 3601 description: HTTPGet specifies an HTTP GET request to perform. 3602 properties: 3603 host: 3604 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3605 type: string 3606 httpHeaders: 3607 description: Custom headers to set in the request. HTTP allows repeated headers. 3608 items: 3609 properties: 3610 name: 3611 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3612 type: string 3613 value: 3614 description: The header field value 3615 type: string 3616 required: 3617 - name 3618 - value 3619 type: object 3620 type: array 3621 path: 3622 description: Path to access on the HTTP server. 3623 type: string 3624 port: 3625 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3626 format: int-or-string 3627 x-kubernetes-int-or-string: true 3628 scheme: 3629 description: |- 3630 Scheme to use for connecting to the host. Defaults to HTTP. 3631 3632 Possible enum values: 3633 - `"HTTP"` means that the scheme used will be http:// 3634 - `"HTTPS"` means that the scheme used will be https:// 3635 enum: 3636 - HTTP 3637 - HTTPS 3638 type: string 3639 required: 3640 - port 3641 type: object 3642 initialDelaySeconds: 3643 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3644 format: int32 3645 type: integer 3646 periodSeconds: 3647 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3648 format: int32 3649 type: integer 3650 successThreshold: 3651 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3652 format: int32 3653 type: integer 3654 tcpSocket: 3655 description: TCPSocket specifies a connection to a TCP port. 3656 properties: 3657 host: 3658 description: "Optional: Host name to connect to, defaults to the pod IP." 3659 type: string 3660 port: 3661 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3662 format: int-or-string 3663 x-kubernetes-int-or-string: true 3664 required: 3665 - port 3666 type: object 3667 terminationGracePeriodSeconds: 3668 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3669 format: int64 3670 type: integer 3671 timeoutSeconds: 3672 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3673 format: int32 3674 type: integer 3675 type: object 3676 resizePolicy: 3677 description: Resources resize policy for the container. 3678 items: 3679 properties: 3680 resourceName: 3681 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 3682 type: string 3683 restartPolicy: 3684 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 3685 type: string 3686 required: 3687 - resourceName 3688 - restartPolicy 3689 type: object 3690 type: array 3691 resources: 3692 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3693 properties: 3694 claims: 3695 description: |- 3696 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 3697 3698 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 3699 3700 This field is immutable. It can only be set for containers. 3701 items: 3702 properties: 3703 name: 3704 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 3705 type: string 3706 request: 3707 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 3708 type: string 3709 required: 3710 - name 3711 type: object 3712 type: array 3713 limits: 3714 additionalProperties: 3715 type: string 3716 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3717 type: object 3718 requests: 3719 additionalProperties: 3720 type: string 3721 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3722 type: object 3723 type: object 3724 restartPolicy: 3725 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 3726 type: string 3727 securityContext: 3728 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 3729 properties: 3730 allowPrivilegeEscalation: 3731 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 3732 type: boolean 3733 appArmorProfile: 3734 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 3735 properties: 3736 localhostProfile: 3737 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 3738 type: string 3739 type: 3740 description: |- 3741 type indicates which kind of AppArmor profile will be applied. Valid options are: 3742 Localhost - a profile pre-loaded on the node. 3743 RuntimeDefault - the container runtime's default profile. 3744 Unconfined - no AppArmor enforcement. 3745 3746 Possible enum values: 3747 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 3748 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 3749 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 3750 enum: 3751 - Localhost 3752 - RuntimeDefault 3753 - Unconfined 3754 type: string 3755 required: 3756 - type 3757 type: object 3758 capabilities: 3759 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 3760 properties: 3761 add: 3762 description: Added capabilities 3763 items: 3764 type: string 3765 type: array 3766 drop: 3767 description: Removed capabilities 3768 items: 3769 type: string 3770 type: array 3771 type: object 3772 privileged: 3773 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 3774 type: boolean 3775 procMount: 3776 description: |- 3777 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 3778 3779 Possible enum values: 3780 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 3781 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 3782 enum: 3783 - Default 3784 - Unmasked 3785 type: string 3786 readOnlyRootFilesystem: 3787 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 3788 type: boolean 3789 runAsGroup: 3790 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3791 format: int64 3792 type: integer 3793 runAsNonRoot: 3794 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3795 type: boolean 3796 runAsUser: 3797 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3798 format: int64 3799 type: integer 3800 seLinuxOptions: 3801 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3802 properties: 3803 level: 3804 description: Level is SELinux level label that applies to the container. 3805 type: string 3806 role: 3807 description: Role is a SELinux role label that applies to the container. 3808 type: string 3809 type: 3810 description: Type is a SELinux type label that applies to the container. 3811 type: string 3812 user: 3813 description: User is a SELinux user label that applies to the container. 3814 type: string 3815 type: object 3816 seccompProfile: 3817 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 3818 properties: 3819 localhostProfile: 3820 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 3821 type: string 3822 type: 3823 description: |- 3824 type indicates which kind of seccomp profile will be applied. Valid options are: 3825 3826 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 3827 3828 Possible enum values: 3829 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 3830 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 3831 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 3832 enum: 3833 - Localhost 3834 - RuntimeDefault 3835 - Unconfined 3836 type: string 3837 required: 3838 - type 3839 type: object 3840 windowsOptions: 3841 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 3842 properties: 3843 gmsaCredentialSpec: 3844 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 3845 type: string 3846 gmsaCredentialSpecName: 3847 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 3848 type: string 3849 hostProcess: 3850 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 3851 type: boolean 3852 runAsUserName: 3853 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3854 type: string 3855 type: object 3856 type: object 3857 startupProbe: 3858 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3859 properties: 3860 exec: 3861 description: Exec specifies a command to execute in the container. 3862 properties: 3863 command: 3864 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3865 items: 3866 type: string 3867 type: array 3868 type: object 3869 failureThreshold: 3870 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3871 format: int32 3872 type: integer 3873 grpc: 3874 description: GRPC specifies a GRPC HealthCheckRequest. 3875 properties: 3876 port: 3877 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3878 format: int32 3879 type: integer 3880 service: 3881 description: |- 3882 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3883 3884 If this is not specified, the default behavior is defined by gRPC. 3885 type: string 3886 required: 3887 - port 3888 type: object 3889 httpGet: 3890 description: HTTPGet specifies an HTTP GET request to perform. 3891 properties: 3892 host: 3893 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3894 type: string 3895 httpHeaders: 3896 description: Custom headers to set in the request. HTTP allows repeated headers. 3897 items: 3898 properties: 3899 name: 3900 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3901 type: string 3902 value: 3903 description: The header field value 3904 type: string 3905 required: 3906 - name 3907 - value 3908 type: object 3909 type: array 3910 path: 3911 description: Path to access on the HTTP server. 3912 type: string 3913 port: 3914 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3915 format: int-or-string 3916 x-kubernetes-int-or-string: true 3917 scheme: 3918 description: |- 3919 Scheme to use for connecting to the host. Defaults to HTTP. 3920 3921 Possible enum values: 3922 - `"HTTP"` means that the scheme used will be http:// 3923 - `"HTTPS"` means that the scheme used will be https:// 3924 enum: 3925 - HTTP 3926 - HTTPS 3927 type: string 3928 required: 3929 - port 3930 type: object 3931 initialDelaySeconds: 3932 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3933 format: int32 3934 type: integer 3935 periodSeconds: 3936 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3937 format: int32 3938 type: integer 3939 successThreshold: 3940 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3941 format: int32 3942 type: integer 3943 tcpSocket: 3944 description: TCPSocket specifies a connection to a TCP port. 3945 properties: 3946 host: 3947 description: "Optional: Host name to connect to, defaults to the pod IP." 3948 type: string 3949 port: 3950 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3951 format: int-or-string 3952 x-kubernetes-int-or-string: true 3953 required: 3954 - port 3955 type: object 3956 terminationGracePeriodSeconds: 3957 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3958 format: int64 3959 type: integer 3960 timeoutSeconds: 3961 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3962 format: int32 3963 type: integer 3964 type: object 3965 stdin: 3966 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 3967 type: boolean 3968 stdinOnce: 3969 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 3970 type: boolean 3971 terminationMessagePath: 3972 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 3973 type: string 3974 terminationMessagePolicy: 3975 description: |- 3976 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 3977 3978 Possible enum values: 3979 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 3980 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 3981 enum: 3982 - FallbackToLogsOnError 3983 - File 3984 type: string 3985 tty: 3986 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 3987 type: boolean 3988 volumeDevices: 3989 description: volumeDevices is the list of block devices to be used by the container. 3990 items: 3991 properties: 3992 devicePath: 3993 description: devicePath is the path inside of the container that the device will be mapped to. 3994 type: string 3995 name: 3996 description: name must match the name of a persistentVolumeClaim in the pod 3997 type: string 3998 required: 3999 - name 4000 - devicePath 4001 type: object 4002 type: array 4003 volumeMounts: 4004 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 4005 items: 4006 properties: 4007 mountPath: 4008 description: Path within the container at which the volume should be mounted. Must not contain ':'. 4009 type: string 4010 mountPropagation: 4011 description: |- 4012 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 4013 4014 Possible enum values: 4015 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 4016 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 4017 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 4018 enum: 4019 - Bidirectional 4020 - HostToContainer 4021 - None 4022 type: string 4023 name: 4024 description: This must match the Name of a Volume. 4025 type: string 4026 readOnly: 4027 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 4028 type: boolean 4029 recursiveReadOnly: 4030 description: |- 4031 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 4032 4033 If ReadOnly is false, this field has no meaning and must be unspecified. 4034 4035 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 4036 4037 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 4038 4039 If this field is not specified, it is treated as an equivalent of Disabled. 4040 type: string 4041 subPath: 4042 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 4043 type: string 4044 subPathExpr: 4045 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 4046 type: string 4047 required: 4048 - name 4049 - mountPath 4050 type: object 4051 type: array 4052 workingDir: 4053 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 4054 type: string 4055 required: 4056 - name 4057 type: object 4058 type: array 4059 nodeName: 4060 description: NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename 4061 type: string 4062 nodeSelector: 4063 additionalProperties: 4064 type: string 4065 description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" 4066 type: object 4067 x-kubernetes-map-type: atomic 4068 os: 4069 description: |- 4070 Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. 4071 4072 If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions 4073 4074 If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup 4075 properties: 4076 name: 4077 description: "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null" 4078 type: string 4079 required: 4080 - name 4081 type: object 4082 overhead: 4083 additionalProperties: 4084 type: string 4085 description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" 4086 type: object 4087 preemptionPolicy: 4088 description: |- 4089 PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. 4090 4091 Possible enum values: 4092 - `"Never"` means that pod never preempts other pods with lower priority. 4093 - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority. 4094 enum: 4095 - Never 4096 - PreemptLowerPriority 4097 type: string 4098 priority: 4099 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. 4100 format: int32 4101 type: integer 4102 priorityClassName: 4103 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. 4104 type: string 4105 readinessGates: 4106 description: "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" 4107 items: 4108 properties: 4109 conditionType: 4110 description: ConditionType refers to a condition in the pod's condition list with matching type. 4111 type: string 4112 required: 4113 - conditionType 4114 type: object 4115 type: array 4116 resourceClaims: 4117 description: |- 4118 ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. 4119 4120 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 4121 4122 This field is immutable. 4123 items: 4124 properties: 4125 name: 4126 description: Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. 4127 type: string 4128 resourceClaimName: 4129 description: |- 4130 ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. 4131 4132 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 4133 type: string 4134 resourceClaimTemplateName: 4135 description: |- 4136 ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. 4137 4138 The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 4139 4140 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. 4141 4142 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 4143 type: string 4144 required: 4145 - name 4146 type: object 4147 type: array 4148 resources: 4149 description: |- 4150 Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for "cpu" and "memory" resource names only. ResourceClaims are not supported. 4151 4152 This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. 4153 4154 This is an alpha field and requires enabling the PodLevelResources feature gate. 4155 properties: 4156 claims: 4157 description: |- 4158 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 4159 4160 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 4161 4162 This field is immutable. It can only be set for containers. 4163 items: 4164 properties: 4165 name: 4166 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 4167 type: string 4168 request: 4169 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 4170 type: string 4171 required: 4172 - name 4173 type: object 4174 type: array 4175 limits: 4176 additionalProperties: 4177 type: string 4178 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4179 type: object 4180 requests: 4181 additionalProperties: 4182 type: string 4183 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4184 type: object 4185 type: object 4186 restartPolicy: 4187 description: |- 4188 Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 4189 4190 Possible enum values: 4191 - `"Always"` 4192 - `"Never"` 4193 - `"OnFailure"` 4194 enum: 4195 - Always 4196 - Never 4197 - OnFailure 4198 type: string 4199 runtimeClassName: 4200 description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" 4201 type: string 4202 schedulerName: 4203 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. 4204 type: string 4205 schedulingGates: 4206 description: |- 4207 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. 4208 4209 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 4210 items: 4211 properties: 4212 name: 4213 description: Name of the scheduling gate. Each scheduling gate must have a unique name field. 4214 type: string 4215 required: 4216 - name 4217 type: object 4218 type: array 4219 securityContext: 4220 description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." 4221 properties: 4222 appArmorProfile: 4223 description: appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 4224 properties: 4225 localhostProfile: 4226 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 4227 type: string 4228 type: 4229 description: |- 4230 type indicates which kind of AppArmor profile will be applied. Valid options are: 4231 Localhost - a profile pre-loaded on the node. 4232 RuntimeDefault - the container runtime's default profile. 4233 Unconfined - no AppArmor enforcement. 4234 4235 Possible enum values: 4236 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 4237 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 4238 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 4239 enum: 4240 - Localhost 4241 - RuntimeDefault 4242 - Unconfined 4243 type: string 4244 required: 4245 - type 4246 type: object 4247 fsGroup: 4248 description: |- 4249 A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 4250 4251 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- 4252 4253 If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. 4254 format: int64 4255 type: integer 4256 fsGroupChangePolicy: 4257 description: |- 4258 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. 4259 4260 Possible enum values: 4261 - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior. 4262 - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume. 4263 enum: 4264 - Always 4265 - OnRootMismatch 4266 type: string 4267 runAsGroup: 4268 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 4269 format: int64 4270 type: integer 4271 runAsNonRoot: 4272 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 4273 type: boolean 4274 runAsUser: 4275 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 4276 format: int64 4277 type: integer 4278 seLinuxChangePolicy: 4279 description: |- 4280 seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". 4281 4282 "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. 4283 4284 "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. 4285 4286 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. 4287 4288 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. 4289 4290 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows. 4291 type: string 4292 seLinuxOptions: 4293 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 4294 properties: 4295 level: 4296 description: Level is SELinux level label that applies to the container. 4297 type: string 4298 role: 4299 description: Role is a SELinux role label that applies to the container. 4300 type: string 4301 type: 4302 description: Type is a SELinux type label that applies to the container. 4303 type: string 4304 user: 4305 description: User is a SELinux user label that applies to the container. 4306 type: string 4307 type: object 4308 seccompProfile: 4309 description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 4310 properties: 4311 localhostProfile: 4312 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 4313 type: string 4314 type: 4315 description: |- 4316 type indicates which kind of seccomp profile will be applied. Valid options are: 4317 4318 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 4319 4320 Possible enum values: 4321 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 4322 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 4323 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 4324 enum: 4325 - Localhost 4326 - RuntimeDefault 4327 - Unconfined 4328 type: string 4329 required: 4330 - type 4331 type: object 4332 supplementalGroups: 4333 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. 4334 items: 4335 format: int64 4336 type: integer 4337 type: array 4338 supplementalGroupsPolicy: 4339 description: |- 4340 Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows. 4341 4342 Possible enum values: 4343 - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group). 4344 - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image. 4345 enum: 4346 - Merge 4347 - Strict 4348 type: string 4349 sysctls: 4350 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. 4351 items: 4352 properties: 4353 name: 4354 description: Name of a property to set 4355 type: string 4356 value: 4357 description: Value of a property to set 4358 type: string 4359 required: 4360 - name 4361 - value 4362 type: object 4363 type: array 4364 windowsOptions: 4365 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 4366 properties: 4367 gmsaCredentialSpec: 4368 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 4369 type: string 4370 gmsaCredentialSpecName: 4371 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 4372 type: string 4373 hostProcess: 4374 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 4375 type: boolean 4376 runAsUserName: 4377 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 4378 type: string 4379 type: object 4380 type: object 4381 serviceAccount: 4382 description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead." 4383 type: string 4384 serviceAccountName: 4385 description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" 4386 type: string 4387 setHostnameAsFQDN: 4388 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. 4389 type: boolean 4390 shareProcessNamespace: 4391 description: "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false." 4392 type: boolean 4393 subdomain: 4394 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all. 4395 type: string 4396 terminationGracePeriodSeconds: 4397 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. 4398 format: int64 4399 type: integer 4400 tolerations: 4401 description: If specified, the pod's tolerations. 4402 items: 4403 properties: 4404 effect: 4405 description: |- 4406 Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 4407 4408 Possible enum values: 4409 - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController. 4410 - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler. 4411 - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler. 4412 enum: 4413 - NoExecute 4414 - NoSchedule 4415 - PreferNoSchedule 4416 type: string 4417 key: 4418 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 4419 type: string 4420 operator: 4421 description: |- 4422 Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 4423 4424 Possible enum values: 4425 - `"Equal"` 4426 - `"Exists"` 4427 enum: 4428 - Equal 4429 - Exists 4430 type: string 4431 tolerationSeconds: 4432 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 4433 format: int64 4434 type: integer 4435 value: 4436 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 4437 type: string 4438 type: object 4439 type: array 4440 topologySpreadConstraints: 4441 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. 4442 items: 4443 properties: 4444 labelSelector: 4445 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 4446 properties: 4447 matchExpressions: 4448 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4449 items: 4450 properties: 4451 key: 4452 description: key is the label key that the selector applies to. 4453 type: string 4454 operator: 4455 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4456 type: string 4457 values: 4458 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4459 items: 4460 type: string 4461 type: array 4462 required: 4463 - key 4464 - operator 4465 type: object 4466 type: array 4467 matchLabels: 4468 additionalProperties: 4469 type: string 4470 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4471 type: object 4472 type: object 4473 x-kubernetes-map-type: atomic 4474 matchLabelKeys: 4475 description: |- 4476 MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 4477 4478 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 4479 items: 4480 type: string 4481 type: array 4482 maxSkew: 4483 description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." 4484 format: int32 4485 type: integer 4486 minDomains: 4487 description: |- 4488 MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 4489 4490 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. 4491 format: int32 4492 type: integer 4493 nodeAffinityPolicy: 4494 description: |- 4495 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 4496 4497 If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 4498 4499 Possible enum values: 4500 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 4501 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 4502 enum: 4503 - Honor 4504 - Ignore 4505 type: string 4506 nodeTaintsPolicy: 4507 description: |- 4508 NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 4509 4510 If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 4511 4512 Possible enum values: 4513 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 4514 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 4515 enum: 4516 - Honor 4517 - Ignore 4518 type: string 4519 topologyKey: 4520 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. 4521 type: string 4522 whenUnsatisfiable: 4523 description: |- 4524 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, 4525 but giving higher precedence to topologies that would help reduce the 4526 skew. 4527 A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. 4528 4529 Possible enum values: 4530 - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied. 4531 - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied. 4532 enum: 4533 - DoNotSchedule 4534 - ScheduleAnyway 4535 type: string 4536 required: 4537 - maxSkew 4538 - topologyKey 4539 - whenUnsatisfiable 4540 type: object 4541 type: array 4542 volumes: 4543 description: "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" 4544 items: 4545 properties: 4546 awsElasticBlockStore: 4547 description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4548 properties: 4549 fsType: 4550 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4551 type: string 4552 partition: 4553 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." 4554 format: int32 4555 type: integer 4556 readOnly: 4557 description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4558 type: boolean 4559 volumeID: 4560 description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4561 type: string 4562 required: 4563 - volumeID 4564 type: object 4565 azureDisk: 4566 description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver." 4567 properties: 4568 cachingMode: 4569 description: |- 4570 cachingMode is the Host Caching mode: None, Read Only, Read Write. 4571 4572 Possible enum values: 4573 - `"None"` 4574 - `"ReadOnly"` 4575 - `"ReadWrite"` 4576 enum: 4577 - None 4578 - ReadOnly 4579 - ReadWrite 4580 type: string 4581 diskName: 4582 description: diskName is the Name of the data disk in the blob storage 4583 type: string 4584 diskURI: 4585 description: diskURI is the URI of data disk in the blob storage 4586 type: string 4587 fsType: 4588 description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4589 type: string 4590 kind: 4591 description: |- 4592 kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared 4593 4594 Possible enum values: 4595 - `"Dedicated"` 4596 - `"Managed"` 4597 - `"Shared"` 4598 enum: 4599 - Dedicated 4600 - Managed 4601 - Shared 4602 type: string 4603 readOnly: 4604 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4605 type: boolean 4606 required: 4607 - diskName 4608 - diskURI 4609 type: object 4610 azureFile: 4611 description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver." 4612 properties: 4613 readOnly: 4614 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4615 type: boolean 4616 secretName: 4617 description: secretName is the name of secret that contains Azure Storage Account Name and Key 4618 type: string 4619 shareName: 4620 description: shareName is the azure share Name 4621 type: string 4622 required: 4623 - secretName 4624 - shareName 4625 type: object 4626 cephfs: 4627 description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported." 4628 properties: 4629 monitors: 4630 description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4631 items: 4632 type: string 4633 type: array 4634 path: 4635 description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" 4636 type: string 4637 readOnly: 4638 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4639 type: boolean 4640 secretFile: 4641 description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4642 type: string 4643 secretRef: 4644 description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4645 properties: 4646 name: 4647 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4648 type: string 4649 type: object 4650 x-kubernetes-map-type: atomic 4651 user: 4652 description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4653 type: string 4654 required: 4655 - monitors 4656 type: object 4657 cinder: 4658 description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4659 properties: 4660 fsType: 4661 description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4662 type: string 4663 readOnly: 4664 description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4665 type: boolean 4666 secretRef: 4667 description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." 4668 properties: 4669 name: 4670 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4671 type: string 4672 type: object 4673 x-kubernetes-map-type: atomic 4674 volumeID: 4675 description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4676 type: string 4677 required: 4678 - volumeID 4679 type: object 4680 configMap: 4681 description: configMap represents a configMap that should populate this volume 4682 properties: 4683 defaultMode: 4684 description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4685 format: int32 4686 type: integer 4687 items: 4688 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 4689 items: 4690 properties: 4691 key: 4692 description: key is the key to project. 4693 type: string 4694 mode: 4695 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4696 format: int32 4697 type: integer 4698 path: 4699 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 4700 type: string 4701 required: 4702 - key 4703 - path 4704 type: object 4705 type: array 4706 name: 4707 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4708 type: string 4709 optional: 4710 description: optional specify whether the ConfigMap or its keys must be defined 4711 type: boolean 4712 type: object 4713 csi: 4714 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. 4715 properties: 4716 driver: 4717 description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 4718 type: string 4719 fsType: 4720 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 4721 type: string 4722 nodePublishSecretRef: 4723 description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 4724 properties: 4725 name: 4726 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4727 type: string 4728 type: object 4729 x-kubernetes-map-type: atomic 4730 readOnly: 4731 description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). 4732 type: boolean 4733 volumeAttributes: 4734 additionalProperties: 4735 type: string 4736 description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 4737 type: object 4738 required: 4739 - driver 4740 type: object 4741 downwardAPI: 4742 description: downwardAPI represents downward API about the pod that should populate this volume 4743 properties: 4744 defaultMode: 4745 description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4746 format: int32 4747 type: integer 4748 items: 4749 description: Items is a list of downward API volume file 4750 items: 4751 properties: 4752 fieldRef: 4753 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 4754 properties: 4755 apiVersion: 4756 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 4757 type: string 4758 fieldPath: 4759 description: Path of the field to select in the specified API version. 4760 type: string 4761 required: 4762 - fieldPath 4763 type: object 4764 x-kubernetes-map-type: atomic 4765 mode: 4766 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4767 format: int32 4768 type: integer 4769 path: 4770 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 4771 type: string 4772 resourceFieldRef: 4773 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 4774 properties: 4775 containerName: 4776 description: "Container name: required for volumes, optional for env vars" 4777 type: string 4778 divisor: 4779 description: Specifies the output format of the exposed resources, defaults to "1" 4780 type: string 4781 resource: 4782 description: "Required: resource to select" 4783 type: string 4784 required: 4785 - resource 4786 type: object 4787 x-kubernetes-map-type: atomic 4788 required: 4789 - path 4790 type: object 4791 type: array 4792 type: object 4793 emptyDir: 4794 description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 4795 properties: 4796 medium: 4797 description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 4798 type: string 4799 sizeLimit: 4800 description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 4801 type: string 4802 type: object 4803 ephemeral: 4804 description: |- 4805 ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. 4806 4807 Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity 4808 tracking are needed, 4809 c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through 4810 a PersistentVolumeClaim (see EphemeralVolumeSource for more 4811 information on the connection between this volume type 4812 and PersistentVolumeClaim). 4813 4814 Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. 4815 4816 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. 4817 4818 A pod can use both types of ephemeral volumes and persistent volumes at the same time. 4819 properties: 4820 volumeClaimTemplate: 4821 description: |- 4822 Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). 4823 4824 An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. 4825 4826 This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. 4827 4828 Required, must not be nil. 4829 properties: 4830 metadata: 4831 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 4832 properties: 4833 annotations: 4834 additionalProperties: 4835 type: string 4836 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 4837 type: object 4838 creationTimestamp: 4839 description: |- 4840 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 4841 4842 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 4843 format: date-time 4844 nullable: true 4845 type: string 4846 deletionGracePeriodSeconds: 4847 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 4848 format: int64 4849 type: integer 4850 deletionTimestamp: 4851 description: |- 4852 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 4853 4854 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 4855 format: date-time 4856 type: string 4857 finalizers: 4858 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 4859 items: 4860 type: string 4861 type: array 4862 generateName: 4863 description: |- 4864 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 4865 4866 If this field is specified and the generated name exists, the server will return a 409. 4867 4868 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 4869 type: string 4870 generation: 4871 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 4872 format: int64 4873 type: integer 4874 labels: 4875 additionalProperties: 4876 type: string 4877 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 4878 type: object 4879 managedFields: 4880 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 4881 items: 4882 properties: 4883 apiVersion: 4884 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 4885 type: string 4886 fieldsType: 4887 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 4888 type: string 4889 fieldsV1: 4890 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 4891 type: object 4892 manager: 4893 description: Manager is an identifier of the workflow managing these fields. 4894 type: string 4895 operation: 4896 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 4897 type: string 4898 subresource: 4899 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 4900 type: string 4901 time: 4902 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 4903 format: date-time 4904 type: string 4905 type: object 4906 type: array 4907 name: 4908 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 4909 type: string 4910 namespace: 4911 description: |- 4912 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 4913 4914 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 4915 type: string 4916 ownerReferences: 4917 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 4918 items: 4919 properties: 4920 apiVersion: 4921 description: API version of the referent. 4922 type: string 4923 blockOwnerDeletion: 4924 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 4925 type: boolean 4926 controller: 4927 description: If true, this reference points to the managing controller. 4928 type: boolean 4929 kind: 4930 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 4931 type: string 4932 name: 4933 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 4934 type: string 4935 uid: 4936 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 4937 type: string 4938 required: 4939 - apiVersion 4940 - kind 4941 - name 4942 - uid 4943 type: object 4944 x-kubernetes-map-type: atomic 4945 type: array 4946 resourceVersion: 4947 description: |- 4948 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 4949 4950 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 4951 type: string 4952 selfLink: 4953 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 4954 type: string 4955 uid: 4956 description: |- 4957 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 4958 4959 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 4960 type: string 4961 type: object 4962 spec: 4963 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 4964 properties: 4965 accessModes: 4966 description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" 4967 items: 4968 enum: 4969 - ReadOnlyMany 4970 - ReadWriteMany 4971 - ReadWriteOnce 4972 - ReadWriteOncePod 4973 type: string 4974 type: array 4975 dataSource: 4976 description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." 4977 properties: 4978 apiGroup: 4979 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 4980 type: string 4981 kind: 4982 description: Kind is the type of resource being referenced 4983 type: string 4984 name: 4985 description: Name is the name of resource being referenced 4986 type: string 4987 required: 4988 - kind 4989 - name 4990 type: object 4991 x-kubernetes-map-type: atomic 4992 dataSourceRef: 4993 description: |- 4994 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef 4995 allows any non-core object, as well as PersistentVolumeClaim objects. 4996 * While dataSource ignores disallowed values (dropping them), dataSourceRef 4997 preserves all values, and generates an error if a disallowed value is 4998 specified. 4999 * While dataSource only allows local objects, dataSourceRef allows objects 5000 in any namespaces. 5001 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 5002 properties: 5003 apiGroup: 5004 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 5005 type: string 5006 kind: 5007 description: Kind is the type of resource being referenced 5008 type: string 5009 name: 5010 description: Name is the name of resource being referenced 5011 type: string 5012 namespace: 5013 description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 5014 type: string 5015 required: 5016 - kind 5017 - name 5018 type: object 5019 resources: 5020 description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" 5021 properties: 5022 limits: 5023 additionalProperties: 5024 type: string 5025 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 5026 type: object 5027 requests: 5028 additionalProperties: 5029 type: string 5030 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 5031 type: object 5032 type: object 5033 selector: 5034 description: selector is a label query over volumes to consider for binding. 5035 properties: 5036 matchExpressions: 5037 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 5038 items: 5039 properties: 5040 key: 5041 description: key is the label key that the selector applies to. 5042 type: string 5043 operator: 5044 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 5045 type: string 5046 values: 5047 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 5048 items: 5049 type: string 5050 type: array 5051 required: 5052 - key 5053 - operator 5054 type: object 5055 type: array 5056 matchLabels: 5057 additionalProperties: 5058 type: string 5059 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 5060 type: object 5061 type: object 5062 x-kubernetes-map-type: atomic 5063 storageClassName: 5064 description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" 5065 type: string 5066 volumeAttributesClassName: 5067 description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." 5068 type: string 5069 volumeMode: 5070 description: |- 5071 volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 5072 5073 Possible enum values: 5074 - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device. 5075 - `"Filesystem"` means the volume will be or is formatted with a filesystem. 5076 enum: 5077 - Block 5078 - Filesystem 5079 type: string 5080 volumeName: 5081 description: volumeName is the binding reference to the PersistentVolume backing this claim. 5082 type: string 5083 type: object 5084 required: 5085 - spec 5086 type: object 5087 type: object 5088 fc: 5089 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 5090 properties: 5091 fsType: 5092 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5093 type: string 5094 lun: 5095 description: "lun is Optional: FC target lun number" 5096 format: int32 5097 type: integer 5098 readOnly: 5099 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 5100 type: boolean 5101 targetWWNs: 5102 description: "targetWWNs is Optional: FC target worldwide names (WWNs)" 5103 items: 5104 type: string 5105 type: array 5106 wwids: 5107 description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." 5108 items: 5109 type: string 5110 type: array 5111 type: object 5112 flexVolume: 5113 description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead." 5114 properties: 5115 driver: 5116 description: driver is the name of the driver to use for this volume. 5117 type: string 5118 fsType: 5119 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 5120 type: string 5121 options: 5122 additionalProperties: 5123 type: string 5124 description: "options is Optional: this field holds extra command options if any." 5125 type: object 5126 readOnly: 5127 description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 5128 type: boolean 5129 secretRef: 5130 description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." 5131 properties: 5132 name: 5133 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5134 type: string 5135 type: object 5136 x-kubernetes-map-type: atomic 5137 required: 5138 - driver 5139 type: object 5140 flocker: 5141 description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported." 5142 properties: 5143 datasetName: 5144 description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 5145 type: string 5146 datasetUUID: 5147 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset 5148 type: string 5149 type: object 5150 gcePersistentDisk: 5151 description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5152 properties: 5153 fsType: 5154 description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5155 type: string 5156 partition: 5157 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5158 format: int32 5159 type: integer 5160 pdName: 5161 description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5162 type: string 5163 readOnly: 5164 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5165 type: boolean 5166 required: 5167 - pdName 5168 type: object 5169 gitRepo: 5170 description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." 5171 properties: 5172 directory: 5173 description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 5174 type: string 5175 repository: 5176 description: repository is the URL 5177 type: string 5178 revision: 5179 description: revision is the commit hash for the specified revision. 5180 type: string 5181 required: 5182 - repository 5183 type: object 5184 glusterfs: 5185 description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md" 5186 properties: 5187 endpoints: 5188 description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 5189 type: string 5190 path: 5191 description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 5192 type: string 5193 readOnly: 5194 description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 5195 type: boolean 5196 required: 5197 - endpoints 5198 - path 5199 type: object 5200 hostPath: 5201 description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 5202 properties: 5203 path: 5204 description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 5205 type: string 5206 type: 5207 description: |- 5208 type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 5209 5210 Possible enum values: 5211 - `""` For backwards compatible, leave it empty if unset 5212 - `"BlockDevice"` A block device must exist at the given path 5213 - `"CharDevice"` A character device must exist at the given path 5214 - `"Directory"` A directory must exist at the given path 5215 - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet. 5216 - `"File"` A file must exist at the given path 5217 - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet. 5218 - `"Socket"` A UNIX socket must exist at the given path 5219 enum: 5220 - "" 5221 - BlockDevice 5222 - CharDevice 5223 - Directory 5224 - DirectoryOrCreate 5225 - File 5226 - FileOrCreate 5227 - Socket 5228 type: string 5229 required: 5230 - path 5231 type: object 5232 image: 5233 description: |- 5234 image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: 5235 5236 - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. 5237 5238 The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. 5239 properties: 5240 pullPolicy: 5241 description: |- 5242 Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 5243 5244 Possible enum values: 5245 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 5246 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 5247 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 5248 enum: 5249 - Always 5250 - IfNotPresent 5251 - Never 5252 type: string 5253 reference: 5254 description: "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 5255 type: string 5256 type: object 5257 iscsi: 5258 description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" 5259 properties: 5260 chapAuthDiscovery: 5261 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication 5262 type: boolean 5263 chapAuthSession: 5264 description: chapAuthSession defines whether support iSCSI Session CHAP authentication 5265 type: boolean 5266 fsType: 5267 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" 5268 type: string 5269 initiatorName: 5270 description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 5271 type: string 5272 iqn: 5273 description: iqn is the target iSCSI Qualified Name. 5274 type: string 5275 iscsiInterface: 5276 description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 5277 type: string 5278 lun: 5279 description: lun represents iSCSI Target Lun number. 5280 format: int32 5281 type: integer 5282 portals: 5283 description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 5284 items: 5285 type: string 5286 type: array 5287 readOnly: 5288 description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 5289 type: boolean 5290 secretRef: 5291 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication 5292 properties: 5293 name: 5294 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5295 type: string 5296 type: object 5297 x-kubernetes-map-type: atomic 5298 targetPortal: 5299 description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 5300 type: string 5301 required: 5302 - targetPortal 5303 - iqn 5304 - lun 5305 type: object 5306 name: 5307 description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5308 type: string 5309 nfs: 5310 description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5311 properties: 5312 path: 5313 description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5314 type: string 5315 readOnly: 5316 description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5317 type: boolean 5318 server: 5319 description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5320 type: string 5321 required: 5322 - server 5323 - path 5324 type: object 5325 persistentVolumeClaim: 5326 description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 5327 properties: 5328 claimName: 5329 description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 5330 type: string 5331 readOnly: 5332 description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. 5333 type: boolean 5334 required: 5335 - claimName 5336 type: object 5337 photonPersistentDisk: 5338 description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported." 5339 properties: 5340 fsType: 5341 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5342 type: string 5343 pdID: 5344 description: pdID is the ID that identifies Photon Controller persistent disk 5345 type: string 5346 required: 5347 - pdID 5348 type: object 5349 portworxVolume: 5350 description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on." 5351 properties: 5352 fsType: 5353 description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 5354 type: string 5355 readOnly: 5356 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5357 type: boolean 5358 volumeID: 5359 description: volumeID uniquely identifies a Portworx volume 5360 type: string 5361 required: 5362 - volumeID 5363 type: object 5364 projected: 5365 description: projected items for all in one resources secrets, configmaps, and downward API 5366 properties: 5367 defaultMode: 5368 description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 5369 format: int32 5370 type: integer 5371 sources: 5372 description: sources is the list of volume projections. Each entry in this list handles one source. 5373 items: 5374 properties: 5375 clusterTrustBundle: 5376 description: |- 5377 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. 5378 5379 Alpha, gated by the ClusterTrustBundleProjection feature gate. 5380 5381 ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. 5382 5383 Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. 5384 properties: 5385 labelSelector: 5386 description: Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". 5387 properties: 5388 matchExpressions: 5389 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 5390 items: 5391 properties: 5392 key: 5393 description: key is the label key that the selector applies to. 5394 type: string 5395 operator: 5396 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 5397 type: string 5398 values: 5399 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 5400 items: 5401 type: string 5402 type: array 5403 required: 5404 - key 5405 - operator 5406 type: object 5407 type: array 5408 matchLabels: 5409 additionalProperties: 5410 type: string 5411 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 5412 type: object 5413 type: object 5414 x-kubernetes-map-type: atomic 5415 name: 5416 description: Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. 5417 type: string 5418 optional: 5419 description: If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. 5420 type: boolean 5421 path: 5422 description: Relative path from the volume root to write the bundle. 5423 type: string 5424 signerName: 5425 description: Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. 5426 type: string 5427 required: 5428 - path 5429 type: object 5430 configMap: 5431 description: configMap information about the configMap data to project 5432 properties: 5433 items: 5434 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5435 items: 5436 properties: 5437 key: 5438 description: key is the key to project. 5439 type: string 5440 mode: 5441 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5442 format: int32 5443 type: integer 5444 path: 5445 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5446 type: string 5447 required: 5448 - key 5449 - path 5450 type: object 5451 type: array 5452 name: 5453 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5454 type: string 5455 optional: 5456 description: optional specify whether the ConfigMap or its keys must be defined 5457 type: boolean 5458 type: object 5459 downwardAPI: 5460 description: downwardAPI information about the downwardAPI data to project 5461 properties: 5462 items: 5463 description: Items is a list of DownwardAPIVolume file 5464 items: 5465 properties: 5466 fieldRef: 5467 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 5468 properties: 5469 apiVersion: 5470 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 5471 type: string 5472 fieldPath: 5473 description: Path of the field to select in the specified API version. 5474 type: string 5475 required: 5476 - fieldPath 5477 type: object 5478 x-kubernetes-map-type: atomic 5479 mode: 5480 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5481 format: int32 5482 type: integer 5483 path: 5484 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 5485 type: string 5486 resourceFieldRef: 5487 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 5488 properties: 5489 containerName: 5490 description: "Container name: required for volumes, optional for env vars" 5491 type: string 5492 divisor: 5493 description: Specifies the output format of the exposed resources, defaults to "1" 5494 type: string 5495 resource: 5496 description: "Required: resource to select" 5497 type: string 5498 required: 5499 - resource 5500 type: object 5501 x-kubernetes-map-type: atomic 5502 required: 5503 - path 5504 type: object 5505 type: array 5506 type: object 5507 secret: 5508 description: secret information about the secret data to project 5509 properties: 5510 items: 5511 description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5512 items: 5513 properties: 5514 key: 5515 description: key is the key to project. 5516 type: string 5517 mode: 5518 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5519 format: int32 5520 type: integer 5521 path: 5522 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5523 type: string 5524 required: 5525 - key 5526 - path 5527 type: object 5528 type: array 5529 name: 5530 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5531 type: string 5532 optional: 5533 description: optional field specify whether the Secret or its key must be defined 5534 type: boolean 5535 type: object 5536 serviceAccountToken: 5537 description: serviceAccountToken is information about the serviceAccountToken data to project 5538 properties: 5539 audience: 5540 description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 5541 type: string 5542 expirationSeconds: 5543 description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 5544 format: int64 5545 type: integer 5546 path: 5547 description: path is the path relative to the mount point of the file to project the token into. 5548 type: string 5549 required: 5550 - path 5551 type: object 5552 type: object 5553 type: array 5554 type: object 5555 quobyte: 5556 description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported." 5557 properties: 5558 group: 5559 description: group to map volume access to Default is no group 5560 type: string 5561 readOnly: 5562 description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 5563 type: boolean 5564 registry: 5565 description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 5566 type: string 5567 tenant: 5568 description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 5569 type: string 5570 user: 5571 description: user to map volume access to Defaults to serivceaccount user 5572 type: string 5573 volume: 5574 description: volume is a string that references an already created Quobyte volume by name. 5575 type: string 5576 required: 5577 - registry 5578 - volume 5579 type: object 5580 rbd: 5581 description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md" 5582 properties: 5583 fsType: 5584 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" 5585 type: string 5586 image: 5587 description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5588 type: string 5589 keyring: 5590 description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5591 type: string 5592 monitors: 5593 description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5594 items: 5595 type: string 5596 type: array 5597 pool: 5598 description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5599 type: string 5600 readOnly: 5601 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5602 type: boolean 5603 secretRef: 5604 description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5605 properties: 5606 name: 5607 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5608 type: string 5609 type: object 5610 x-kubernetes-map-type: atomic 5611 user: 5612 description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5613 type: string 5614 required: 5615 - monitors 5616 - image 5617 type: object 5618 scaleIO: 5619 description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported." 5620 properties: 5621 fsType: 5622 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 5623 type: string 5624 gateway: 5625 description: gateway is the host address of the ScaleIO API Gateway. 5626 type: string 5627 protectionDomain: 5628 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. 5629 type: string 5630 readOnly: 5631 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5632 type: boolean 5633 secretRef: 5634 description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 5635 properties: 5636 name: 5637 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5638 type: string 5639 type: object 5640 x-kubernetes-map-type: atomic 5641 sslEnabled: 5642 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false 5643 type: boolean 5644 storageMode: 5645 description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 5646 type: string 5647 storagePool: 5648 description: storagePool is the ScaleIO Storage Pool associated with the protection domain. 5649 type: string 5650 system: 5651 description: system is the name of the storage system as configured in ScaleIO. 5652 type: string 5653 volumeName: 5654 description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. 5655 type: string 5656 required: 5657 - gateway 5658 - system 5659 - secretRef 5660 type: object 5661 secret: 5662 description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 5663 properties: 5664 defaultMode: 5665 description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5666 format: int32 5667 type: integer 5668 items: 5669 description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5670 items: 5671 properties: 5672 key: 5673 description: key is the key to project. 5674 type: string 5675 mode: 5676 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5677 format: int32 5678 type: integer 5679 path: 5680 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5681 type: string 5682 required: 5683 - key 5684 - path 5685 type: object 5686 type: array 5687 optional: 5688 description: optional field specify whether the Secret or its keys must be defined 5689 type: boolean 5690 secretName: 5691 description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 5692 type: string 5693 type: object 5694 storageos: 5695 description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported." 5696 properties: 5697 fsType: 5698 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5699 type: string 5700 readOnly: 5701 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5702 type: boolean 5703 secretRef: 5704 description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 5705 properties: 5706 name: 5707 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5708 type: string 5709 type: object 5710 x-kubernetes-map-type: atomic 5711 volumeName: 5712 description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 5713 type: string 5714 volumeNamespace: 5715 description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 5716 type: string 5717 type: object 5718 vsphereVolume: 5719 description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver." 5720 properties: 5721 fsType: 5722 description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5723 type: string 5724 storagePolicyID: 5725 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 5726 type: string 5727 storagePolicyName: 5728 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. 5729 type: string 5730 volumePath: 5731 description: volumePath is the path that identifies vSphere volume vmdk 5732 type: string 5733 required: 5734 - volumePath 5735 type: object 5736 required: 5737 - name 5738 type: object 5739 type: array 5740 required: 5741 - containers 5742 type: object 5743 type: object 5744 container: 5745 title: The container name running the gameserver 5746 description: if there is more than one container, specify which one is the game server 5747 type: string 5748 minLength: 0 5749 maxLength: 63 5750 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" 5751 ports: 5752 title: array of ports to expose on the game server container 5753 type: array 5754 nullable: true 5755 items: 5756 type: object 5757 properties: 5758 name: 5759 title: Name is the descriptive name of the port 5760 type: string 5761 range: 5762 title: the port range name from which to select a port when using a 'Dynamic' or 'Passthrough' port policy. Defaults to 'default'. 5763 type: string 5764 portPolicy: 5765 title: the port policy that will be applied to the game server 5766 description: | 5767 portPolicy has four options: 5768 - "Dynamic" (default) the system allocates a random free hostPort for the gameserver, for game clients to connect to 5769 - "Static", user defines the hostPort that the game client will connect to. Then onus is on the user to ensure that the 5770 port is available. When static is the policy specified, `hostPort` is required to be populated 5771 - "Passthrough" dynamically sets the `containerPort` to the same value as the dynamically selected hostPort. 5772 This will mean that users will need to lookup what port has been opened through the server side SDK. 5773 - "None" means the `hostPort` is ignored and if defined, the `containerPort` (optional) is used to set the port on the GameServer instance. 5774 type: string 5775 enum: 5776 - Dynamic 5777 - Static 5778 - Passthrough 5779 - None 5780 protocol: 5781 title: Protocol being used. Defaults to UDP. TCP and TCPUDP are other options. 5782 type: string 5783 enum: 5784 - UDP 5785 - TCP 5786 - TCPUDP 5787 container: 5788 title: | 5789 Container is the name of the container on which to open the port. Defaults to the game server container. 5790 type: string 5791 containerPort: 5792 title: The port that is being opened on the game server process 5793 type: integer 5794 minimum: 1 5795 maximum: 65535 5796 hostPort: 5797 title: The port exposed on the host 5798 description: Only required when `portPolicy` is "Static". Overwritten when portPolicy is "Dynamic" or "Passthrough". 5799 type: integer 5800 minimum: 1 5801 maximum: 65535 5802 sdkServer: 5803 type: object 5804 title: Parameters for the SDK Server (sidecar) 5805 properties: 5806 logLevel: 5807 type: string 5808 description: | 5809 sdkServer log level parameter has three options: 5810 - "Info" (default) The SDK server will output all messages except for debug messages 5811 - "Debug" The SDK server will output all messages including debug messages 5812 - "Error" The SDK server will only output error messages 5813 - "Trace" The SDK server will output all messages, including detailed tracing information 5814 enum: 5815 - Error 5816 - Info 5817 - Debug 5818 - Trace 5819 grpcPort: 5820 title: The port on which the SDK server binds the gRPC server to accept incoming connections 5821 description: | 5822 Starting with Agones 1.2 the default gRPC port is 9357. In earlier releases, the default was 59357. 5823 type: integer 5824 minimum: 1 5825 maximum: 65535 5826 httpPort: 5827 title: The port on which the SDK server binds the HTTP gRPC gateway server to accept incoming connections 5828 description: | 5829 Starting with Agones 1.2 the default HTTP port is 9358. In earlier releases, the default was 59358. 5830 type: integer 5831 minimum: 1 5832 maximum: 65535 5833 scheduling: 5834 type: string 5835 enum: 5836 - Packed 5837 - Distributed 5838 health: 5839 type: object 5840 title: Health checking for the running game server 5841 properties: 5842 disabled: 5843 title: Disable health checking. defaults to false, but can be set to true 5844 type: boolean 5845 initialDelaySeconds: 5846 title: Number of seconds after the container has started before health check is initiated. Defaults to 5 seconds 5847 type: integer 5848 minimum: 0 5849 maximum: 2147483648 5850 periodSeconds: 5851 title: How long before the server is considered not healthy 5852 type: integer 5853 minimum: 0 5854 maximum: 2147483648 5855 failureThreshold: 5856 title: Minimum consecutive failures for the health probe to be considered failed after having succeeded. 5857 type: integer 5858 minimum: 1 5859 maximum: 2147483648 5860 players: 5861 type: object 5862 title: Configuration of player capacity 5863 nullable: true 5864 properties: 5865 initialCapacity: 5866 type: integer 5867 title: The initial player capacity of this Game Server 5868 minimum: 0 5869 counters: 5870 type: object 5871 title: Map of player, room, session, etc. counters 5872 nullable: true 5873 maxProperties: 1000 5874 additionalProperties: 5875 type: object 5876 properties: 5877 count: 5878 title: Initial count value 5879 type: integer 5880 default: 0 5881 minimum: 0 5882 capacity: 5883 title: Max capacity of the counter 5884 type: integer 5885 default: 1000 5886 minimum: 0 5887 lists: 5888 type: object 5889 title: Map of player, room, session, etc. lists 5890 nullable: true 5891 maxProperties: 1000 5892 additionalProperties: 5893 type: object 5894 properties: 5895 capacity: 5896 type: integer 5897 title: Max capacity of the array (can be less than or equal to value of maxItems) 5898 minimum: 0 5899 default: 1000 5900 maximum: 1000 # must be equal to values.maxItems 5901 values: 5902 title: set of all the items in the list 5903 type: array 5904 x-kubernetes-list-type: set # Requires items in the array to be unique 5905 maxItems: 1000 # max possible size of the value array (cannot be updated) 5906 items: # name of the item (player1, session1, room1, etc.) 5907 type: string 5908 default: [] 5909 eviction: 5910 type: object 5911 title: Eviction tolerance of the game server 5912 properties: 5913 safe: 5914 type: string 5915 title: Game server supports termination via SIGTERM 5916 description: | 5917 - Never: The game server should run to completion. Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"` and label `agones.dev/safe-to-evict: "false"`, which matches a restrictive PodDisruptionBudget. 5918 - OnUpgrade: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"`, which blocks evictions by Cluster Autoscaler. Evictions from node upgrades proceed normally. 5919 - Always: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated, typically within 10m; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "true"`, which allows evictions by Cluster Autoscaler. 5920 enum: 5921 - Always 5922 - OnUpgrade 5923 - Never 5924 immutableReplicas: 5925 type: integer 5926 title: Immutable count of Pods to a GameServer. Always 1. (Implementation detail of implementing the Scale subresource.) 5927 default: 1 5928 minimum: 1 5929 maximum: 1 5930 status: 5931 description: 'FleetStatus is the status of a Fleet. More info: 5932 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.Fleet' 5933 type: object 5934 properties: 5935 replicas: 5936 type: integer 5937 minimum: 0 5938 readyReplicas: 5939 type: integer 5940 minimum: 0 5941 reservedReplicas: 5942 type: integer 5943 minimum: 0 5944 allocatedReplicas: 5945 type: integer 5946 minimum: 0 5947 players: 5948 type: object 5949 nullable: true 5950 properties: 5951 count: 5952 type: integer 5953 minimum: 0 5954 capacity: 5955 type: integer 5956 minimum: 0 5957 counters: 5958 type: object 5959 title: Map of player, room, session, etc. counters 5960 nullable: true 5961 maxProperties: 1000 5962 additionalProperties: 5963 type: object 5964 properties: 5965 allocatedCount: # Aggregated count of the Counter across allocated GameServers in the Fleet 5966 type: integer 5967 minimum: 0 5968 allocatedCapacity: # Aggregated maximum capacity of the Counter across allocated GameServers in the Fleet 5969 type: integer 5970 minimum: 0 5971 count: # Aggregated count of the Counter across the Fleet 5972 type: integer 5973 default: 0 5974 minimum: 0 5975 capacity: # Aggregated maximum capacity of the Counter across the Fleet 5976 type: integer 5977 minimum: 0 5978 lists: 5979 type: object 5980 title: Map of player, room, session, etc. lists 5981 nullable: true 5982 maxProperties: 1000 5983 additionalProperties: 5984 type: object 5985 properties: 5986 allocatedCount: # Aggregated number of items in the List across allocated GameServers in the Fleet 5987 type: integer 5988 minimum: 0 5989 allocatedCapacity: # Aggregated maximum capacity of the List across allocated GameServers in the Fleet 5990 type: integer 5991 minimum: 0 5992 count: # Aggregated number of items in the List across the Fleet 5993 type: integer 5994 default: 0 5995 minimum: 0 5996 capacity: # Aggregated maximum capacity of the List across the Fleet 5997 type: integer 5998 minimum: 0 5999 subresources: 6000 # status enables the status subresource. 6001 status: { } 6002 # scale enables the scale subresource. 6003 scale: 6004 # specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas. 6005 specReplicasPath: .spec.replicas 6006 # statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas. 6007 statusReplicasPath: .status.replicas 6008 # labelSelectorPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Selector. 6009 labelSelectorPath: .status.labelSelector 6010 --- 6011 # Source: agones/templates/crds/fleetautoscaler.yaml 6012 # Copyright 2018 Google LLC All Rights Reserved. 6013 # 6014 # Licensed under the Apache License, Version 2.0 (the "License"); 6015 # you may not use this file except in compliance with the License. 6016 # You may obtain a copy of the License at 6017 # 6018 # http://www.apache.org/licenses/LICENSE-2.0 6019 # 6020 # Unless required by applicable law or agreed to in writing, software 6021 # distributed under the License is distributed on an "AS IS" BASIS, 6022 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 6023 # See the License for the specific language governing permissions and 6024 # limitations under the License. 6025 6026 apiVersion: apiextensions.k8s.io/v1 6027 kind: CustomResourceDefinition 6028 metadata: 6029 name: fleetautoscalers.autoscaling.agones.dev 6030 labels: 6031 component: crd 6032 app: agones 6033 chart: agones-1.53.0 6034 release: agones-manual 6035 heritage: Helm 6036 spec: 6037 group: autoscaling.agones.dev 6038 names: 6039 kind: FleetAutoscaler 6040 plural: fleetautoscalers 6041 shortNames: 6042 - fas 6043 singular: fleetautoscaler 6044 scope: Namespaced 6045 versions: 6046 - name: v1 6047 served: true 6048 storage: true 6049 schema: 6050 openAPIV3Schema: 6051 description: 'FleetAutoscaler is the data structure for a FleetAutoscaler resource.' 6052 type: object 6053 properties: 6054 spec: 6055 description: 'FleetAutoscalerSpec is the spec for a Fleet Scaler. More info: 6056 https://agones.dev/site/docs/reference/agones_crd_api_reference/#autoscaling.agones.dev/v1.FleetAutoscaler' 6057 type: object 6058 required: 6059 - fleetName 6060 - policy 6061 properties: 6062 fleetName: 6063 type: string 6064 minLength: 1 6065 maxLength: 63 6066 pattern: "^[a-z0-9]([-\\.a-z0-9]*[a-z0-9])?$" 6067 policy: 6068 type: object 6069 required: 6070 - type 6071 properties: 6072 type: 6073 type: string 6074 enum: 6075 - Buffer 6076 - Webhook 6077 - Counter 6078 - List 6079 - Wasm 6080 - Schedule 6081 - Chain 6082 buffer: 6083 type: object 6084 nullable: true 6085 required: 6086 - maxReplicas 6087 properties: 6088 minReplicas: 6089 type: integer 6090 minimum: 0 6091 maxReplicas: 6092 type: integer 6093 minimum: 1 6094 bufferSize: 6095 x-kubernetes-int-or-string: true 6096 anyOf: 6097 - type: integer 6098 - type: string 6099 webhook: 6100 type: object 6101 nullable: true 6102 properties: 6103 url: 6104 type: string 6105 service: 6106 type: object 6107 required: 6108 - namespace 6109 - name 6110 properties: 6111 namespace: 6112 type: string 6113 name: 6114 type: string 6115 path: 6116 type: string 6117 port: 6118 type: integer 6119 caBundle: 6120 type: string 6121 format: byte 6122 counter: 6123 type: object 6124 nullable: true 6125 required: 6126 - key 6127 - bufferSize 6128 - maxCapacity 6129 properties: 6130 key: # The name of the Counter. 6131 type: string 6132 minCapacity: # Minimum aggregate counter capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6133 type: integer 6134 minimum: 0 6135 maxCapacity: # Maximum aggregate counter capacity that can be provided by this FleetAutoscaler. Required. 6136 type: integer 6137 minimum: 1 6138 bufferSize: # Size of a buffer of counted items that are available in the Fleet (available capacity). It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6139 x-kubernetes-int-or-string: true 6140 anyOf: 6141 - type: integer 6142 - type: string 6143 list: 6144 type: object 6145 nullable: true 6146 required: 6147 - key 6148 - bufferSize 6149 - maxCapacity 6150 properties: 6151 key: # The name of the List. 6152 type: string 6153 minCapacity: # Minimum aggregate list capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6154 type: integer 6155 minimum: 0 6156 maxCapacity: # Maximum aggregate list capacity that can be provided by this FleetAutoscaler. Required. 6157 type: integer 6158 minimum: 1 6159 bufferSize: # Size of a buffer based on the list capacity that is available over the current aggregate list length in the Fleet. It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6160 x-kubernetes-int-or-string: true 6161 anyOf: 6162 - type: integer 6163 - type: string 6164 schedule: # Defines when the policy is applied. 6165 type: object 6166 nullable: true 6167 required: 6168 - policy 6169 properties: 6170 between: 6171 type: object 6172 nullable: true 6173 properties: 6174 start: # Defines when to start evaluating the active period, must conform to RFC3339. 6175 type: string 6176 end: # Defines when to stop evaluating the active period, must conform to RFC3339. 6177 type: string 6178 activePeriod: 6179 type: object 6180 nullable: true 6181 properties: 6182 timezone: # Timezone to be used for the startCron field, must conform with the IANA Time Zone database (e.g. America/New_York). 6183 type: string 6184 startCron: # Cron expression defining when to start applying the policy. All TZ/CRON_TZ specification within startCron will be rejected, please use the timezone field above to specify a timezone. Must conform with UNIX CRON syntax. 6185 type: string 6186 duration: # The length of time the policy should be applied for (e.g. 2h45m). 6187 type: string 6188 policy: 6189 type: object 6190 required: 6191 - type 6192 properties: 6193 type: 6194 type: string 6195 enum: 6196 - Buffer 6197 - Webhook 6198 - Counter 6199 - List 6200 - Wasm 6201 buffer: 6202 type: object 6203 nullable: true 6204 required: 6205 - maxReplicas 6206 properties: 6207 minReplicas: 6208 type: integer 6209 minimum: 0 6210 maxReplicas: 6211 type: integer 6212 minimum: 1 6213 bufferSize: 6214 x-kubernetes-int-or-string: true 6215 anyOf: 6216 - type: integer 6217 - type: string 6218 webhook: 6219 type: object 6220 nullable: true 6221 properties: 6222 url: 6223 type: string 6224 service: 6225 type: object 6226 required: 6227 - namespace 6228 - name 6229 properties: 6230 namespace: 6231 type: string 6232 name: 6233 type: string 6234 path: 6235 type: string 6236 port: 6237 type: integer 6238 caBundle: 6239 type: string 6240 format: byte 6241 counter: 6242 type: object 6243 nullable: true 6244 required: 6245 - key 6246 - bufferSize 6247 - maxCapacity 6248 properties: 6249 key: # The name of the Counter. 6250 type: string 6251 minCapacity: # Minimum aggregate counter capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6252 type: integer 6253 minimum: 0 6254 maxCapacity: # Maximum aggregate counter capacity that can be provided by this FleetAutoscaler. Required. 6255 type: integer 6256 minimum: 1 6257 bufferSize: # Size of a buffer of counted items that are available in the Fleet (available capacity). It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6258 x-kubernetes-int-or-string: true 6259 anyOf: 6260 - type: integer 6261 - type: string 6262 list: 6263 type: object 6264 nullable: true 6265 required: 6266 - key 6267 - bufferSize 6268 - maxCapacity 6269 properties: 6270 key: # The name of the List. 6271 type: string 6272 minCapacity: # Minimum aggregate list capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6273 type: integer 6274 minimum: 0 6275 maxCapacity: # Maximum aggregate list capacity that can be provided by this FleetAutoscaler. Required. 6276 type: integer 6277 minimum: 1 6278 bufferSize: # Size of a buffer based on the list capacity that is available over the current aggregate list length in the Fleet. It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6279 x-kubernetes-int-or-string: true 6280 anyOf: 6281 - type: integer 6282 - type: string 6283 wasm: 6284 type: object 6285 nullable: true 6286 required: 6287 - from 6288 properties: 6289 function: # The exported function to call in the wasm module, defaults to 'scale' 6290 type: string 6291 default: "scale" 6292 config: # Config values to pass to the wasm program on startup 6293 type: object 6294 additionalProperties: 6295 type: string 6296 from: 6297 type: object 6298 required: 6299 - url 6300 properties: 6301 url: 6302 type: object 6303 nullable: true 6304 properties: 6305 url: 6306 type: string 6307 service: 6308 type: object 6309 required: 6310 - namespace 6311 - name 6312 properties: 6313 namespace: 6314 type: string 6315 name: 6316 type: string 6317 path: 6318 type: string 6319 port: 6320 type: integer 6321 caBundle: 6322 type: string 6323 format: byte 6324 hash: # optional sha256 hash to match against wasm file (it's optional, but recommended) 6325 type: string 6326 pattern: "^[a-fA-F0-9]{64}$" 6327 chain: 6328 type: array 6329 nullable: true 6330 items: 6331 type: object 6332 nullable: true 6333 required: 6334 - type 6335 properties: 6336 id: # The Id of a chain entry. 6337 type: string 6338 type: 6339 type: string 6340 enum: 6341 - Buffer 6342 - Webhook 6343 - Counter 6344 - List 6345 - Wasm 6346 - Schedule 6347 buffer: 6348 type: object 6349 nullable: true 6350 required: 6351 - maxReplicas 6352 properties: 6353 minReplicas: 6354 type: integer 6355 minimum: 0 6356 maxReplicas: 6357 type: integer 6358 minimum: 1 6359 bufferSize: 6360 x-kubernetes-int-or-string: true 6361 anyOf: 6362 - type: integer 6363 - type: string 6364 webhook: 6365 type: object 6366 nullable: true 6367 properties: 6368 url: 6369 type: string 6370 service: 6371 type: object 6372 required: 6373 - namespace 6374 - name 6375 properties: 6376 namespace: 6377 type: string 6378 name: 6379 type: string 6380 path: 6381 type: string 6382 port: 6383 type: integer 6384 caBundle: 6385 type: string 6386 format: byte 6387 counter: 6388 type: object 6389 nullable: true 6390 required: 6391 - key 6392 - bufferSize 6393 - maxCapacity 6394 properties: 6395 key: # The name of the Counter. 6396 type: string 6397 minCapacity: # Minimum aggregate counter capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6398 type: integer 6399 minimum: 0 6400 maxCapacity: # Maximum aggregate counter capacity that can be provided by this FleetAutoscaler. Required. 6401 type: integer 6402 minimum: 1 6403 bufferSize: # Size of a buffer of counted items that are available in the Fleet (available capacity). It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6404 x-kubernetes-int-or-string: true 6405 anyOf: 6406 - type: integer 6407 - type: string 6408 list: 6409 type: object 6410 nullable: true 6411 required: 6412 - key 6413 - bufferSize 6414 - maxCapacity 6415 properties: 6416 key: # The name of the List. 6417 type: string 6418 minCapacity: # Minimum aggregate list capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6419 type: integer 6420 minimum: 0 6421 maxCapacity: # Maximum aggregate list capacity that can be provided by this FleetAutoscaler. Required. 6422 type: integer 6423 minimum: 1 6424 bufferSize: # Size of a buffer based on the list capacity that is available over the current aggregate list length in the Fleet. It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6425 x-kubernetes-int-or-string: true 6426 anyOf: 6427 - type: integer 6428 - type: string 6429 schedule: # Defines when the policy is applied. 6430 type: object 6431 nullable: true 6432 required: 6433 - policy 6434 properties: 6435 between: 6436 type: object 6437 nullable: true 6438 properties: 6439 start: # Defines when to start evaluating the active period, must conform to RFC3339. 6440 type: string 6441 end: # Defines when to stop evaluating the active period, must conform to RFC3339. 6442 type: string 6443 activePeriod: 6444 type: object 6445 nullable: true 6446 properties: 6447 timezone: # Timezone to be used for the startCron field, must conform with the IANA Time Zone database (e.g. America/New_York). 6448 type: string 6449 startCron: # Cron expression defining when to start applying the policy. All TZ/CRON_TZ specification within startCron will be rejected, please use the timezone field above to specify a timezone. Must conform with UNIX CRON syntax. 6450 type: string 6451 duration: # The length of time the policy should be applied for (e.g. 2h45m). 6452 type: string 6453 policy: 6454 type: object 6455 required: 6456 - type 6457 properties: 6458 type: 6459 type: string 6460 enum: 6461 - Buffer 6462 - Webhook 6463 - Counter 6464 - List 6465 - Wasm 6466 buffer: 6467 type: object 6468 nullable: true 6469 required: 6470 - maxReplicas 6471 properties: 6472 minReplicas: 6473 type: integer 6474 minimum: 0 6475 maxReplicas: 6476 type: integer 6477 minimum: 1 6478 bufferSize: 6479 x-kubernetes-int-or-string: true 6480 anyOf: 6481 - type: integer 6482 - type: string 6483 webhook: 6484 type: object 6485 nullable: true 6486 properties: 6487 url: 6488 type: string 6489 service: 6490 type: object 6491 required: 6492 - namespace 6493 - name 6494 properties: 6495 namespace: 6496 type: string 6497 name: 6498 type: string 6499 path: 6500 type: string 6501 port: 6502 type: integer 6503 caBundle: 6504 type: string 6505 format: byte 6506 counter: 6507 type: object 6508 nullable: true 6509 required: 6510 - key 6511 - bufferSize 6512 - maxCapacity 6513 properties: 6514 key: # The name of the Counter. 6515 type: string 6516 minCapacity: # Minimum aggregate counter capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6517 type: integer 6518 minimum: 0 6519 maxCapacity: # Maximum aggregate counter capacity that can be provided by this FleetAutoscaler. Required. 6520 type: integer 6521 minimum: 1 6522 bufferSize: # Size of a buffer of counted items that are available in the Fleet (available capacity). It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6523 x-kubernetes-int-or-string: true 6524 anyOf: 6525 - type: integer 6526 - type: string 6527 list: 6528 type: object 6529 nullable: true 6530 required: 6531 - key 6532 - bufferSize 6533 - maxCapacity 6534 properties: 6535 key: # The name of the List. 6536 type: string 6537 minCapacity: # Minimum aggregate list capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6538 type: integer 6539 minimum: 0 6540 maxCapacity: # Maximum aggregate list capacity that can be provided by this FleetAutoscaler. Required. 6541 type: integer 6542 minimum: 1 6543 bufferSize: # Size of a buffer based on the list capacity that is available over the current aggregate list length in the Fleet. It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6544 x-kubernetes-int-or-string: true 6545 anyOf: 6546 - type: integer 6547 - type: string 6548 wasm: 6549 type: object 6550 nullable: true 6551 required: 6552 - from 6553 properties: 6554 function: # The exported function to call in the wasm module, defaults to 'scale' 6555 type: string 6556 default: "scale" 6557 config: # Config values to pass to the wasm program on startup 6558 type: object 6559 additionalProperties: 6560 type: string 6561 from: 6562 type: object 6563 required: 6564 - url 6565 properties: 6566 url: 6567 type: object 6568 nullable: true 6569 properties: 6570 url: 6571 type: string 6572 service: 6573 type: object 6574 required: 6575 - namespace 6576 - name 6577 properties: 6578 namespace: 6579 type: string 6580 name: 6581 type: string 6582 path: 6583 type: string 6584 port: 6585 type: integer 6586 caBundle: 6587 type: string 6588 format: byte 6589 hash: # optional sha256 hash to match against wasm file (it's optional, but recommended) 6590 type: string 6591 pattern: "^[a-fA-F0-9]{64}$" 6592 wasm: 6593 type: object 6594 nullable: true 6595 required: 6596 - from 6597 properties: 6598 function: # The exported function to call in the wasm module, defaults to 'scale' 6599 type: string 6600 default: "scale" 6601 config: # Config values to pass to the wasm program on startup 6602 type: object 6603 additionalProperties: 6604 type: string 6605 from: 6606 type: object 6607 required: 6608 - url 6609 properties: 6610 url: 6611 type: object 6612 nullable: true 6613 properties: 6614 url: 6615 type: string 6616 service: 6617 type: object 6618 required: 6619 - namespace 6620 - name 6621 properties: 6622 namespace: 6623 type: string 6624 name: 6625 type: string 6626 path: 6627 type: string 6628 port: 6629 type: integer 6630 caBundle: 6631 type: string 6632 format: byte 6633 hash: # optional sha256 hash to match against wasm file (it's optional, but recommended) 6634 type: string 6635 pattern: "^[a-fA-F0-9]{64}$" # Defines which policy to apply during the active period. Required. 6636 wasm: 6637 type: object 6638 nullable: true 6639 required: 6640 - from 6641 properties: 6642 function: # The exported function to call in the wasm module, defaults to 'scale' 6643 type: string 6644 default: "scale" 6645 config: # Config values to pass to the wasm program on startup 6646 type: object 6647 additionalProperties: 6648 type: string 6649 from: 6650 type: object 6651 required: 6652 - url 6653 properties: 6654 url: 6655 type: object 6656 nullable: true 6657 properties: 6658 url: 6659 type: string 6660 service: 6661 type: object 6662 required: 6663 - namespace 6664 - name 6665 properties: 6666 namespace: 6667 type: string 6668 name: 6669 type: string 6670 path: 6671 type: string 6672 port: 6673 type: integer 6674 caBundle: 6675 type: string 6676 format: byte 6677 hash: # optional sha256 hash to match against wasm file (it's optional, but recommended) 6678 type: string 6679 pattern: "^[a-fA-F0-9]{64}$" 6680 sync: 6681 type: object 6682 required: 6683 - type 6684 properties: 6685 type: 6686 type: string 6687 enum: 6688 - FixedInterval 6689 fixedInterval: 6690 type: object 6691 nullable: true 6692 required: 6693 - seconds 6694 properties: 6695 seconds: 6696 type: integer 6697 minimum: 0 6698 exclusiveMinimum: true 6699 status: 6700 description: 'FleetAutoscalerStatus defines the current status of a FleetAutoscaler. More info: 6701 https://agones.dev/site/docs/reference/agones_crd_api_reference/#autoscaling.agones.dev/v1.FleetAutoscaler' 6702 type: object 6703 properties: 6704 currentReplicas: 6705 type: integer 6706 desiredReplicas: 6707 type: integer 6708 lastScaleTime: 6709 type: string 6710 format: date-time 6711 nullable: true 6712 ableToScale: 6713 type: boolean 6714 scalingLimited: 6715 type: boolean 6716 lastAppliedPolicy: 6717 type: string 6718 default: "" 6719 subresources: 6720 # status enables the status subresource. 6721 status: {} 6722 --- 6723 # Source: agones/templates/crds/gameserver.yaml 6724 # Copyright 2018 Google LLC All Rights Reserved. 6725 # 6726 # Licensed under the Apache License, Version 2.0 (the "License"); 6727 # you may not use this file except in compliance with the License. 6728 # You may obtain a copy of the License at 6729 # 6730 # http://www.apache.org/licenses/LICENSE-2.0 6731 # 6732 # Unless required by applicable law or agreed to in writing, software 6733 # distributed under the License is distributed on an "AS IS" BASIS, 6734 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 6735 # See the License for the specific language governing permissions and 6736 # limitations under the License. 6737 6738 apiVersion: apiextensions.k8s.io/v1 6739 kind: CustomResourceDefinition 6740 metadata: 6741 name: gameservers.agones.dev 6742 labels: 6743 component: crd 6744 app: agones 6745 chart: agones-1.53.0 6746 release: agones-manual 6747 heritage: Helm 6748 spec: 6749 group: agones.dev 6750 names: 6751 kind: GameServer 6752 plural: gameservers 6753 shortNames: 6754 - gs 6755 singular: gameserver 6756 scope: Namespaced 6757 versions: 6758 - name: v1 6759 served: true 6760 storage: true 6761 additionalPrinterColumns: 6762 - jsonPath: .status.state 6763 name: State 6764 type: string 6765 - jsonPath: .status.address 6766 name: Address 6767 type: string 6768 - jsonPath: .status.ports[0].port 6769 name: Port 6770 type: string 6771 - jsonPath: .status.nodeName 6772 name: Node 6773 type: string 6774 - jsonPath: .metadata.creationTimestamp 6775 name: Age 6776 type: date 6777 schema: 6778 openAPIV3Schema: 6779 description: 'GameServer is the data structure for a GameServer resource.' 6780 type: object 6781 required: 6782 - spec 6783 properties: 6784 spec: 6785 description: 'GameServerSpec is the spec for a GameServer resource. More info: 6786 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServer' 6787 type: object 6788 required: 6789 - template 6790 properties: 6791 template: 6792 description: PodTemplateSpec describes the data a pod should have when created from a template 6793 properties: 6794 metadata: 6795 description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" 6796 properties: 6797 annotations: 6798 additionalProperties: 6799 type: string 6800 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 6801 type: object 6802 creationTimestamp: 6803 description: |- 6804 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 6805 6806 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 6807 format: date-time 6808 nullable: true 6809 type: string 6810 deletionGracePeriodSeconds: 6811 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 6812 format: int64 6813 type: integer 6814 deletionTimestamp: 6815 description: |- 6816 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 6817 6818 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 6819 format: date-time 6820 type: string 6821 finalizers: 6822 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 6823 items: 6824 type: string 6825 type: array 6826 generateName: 6827 description: |- 6828 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 6829 6830 If this field is specified and the generated name exists, the server will return a 409. 6831 6832 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 6833 type: string 6834 generation: 6835 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 6836 format: int64 6837 type: integer 6838 labels: 6839 additionalProperties: 6840 type: string 6841 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 6842 type: object 6843 managedFields: 6844 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 6845 items: 6846 properties: 6847 apiVersion: 6848 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 6849 type: string 6850 fieldsType: 6851 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 6852 type: string 6853 fieldsV1: 6854 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 6855 type: object 6856 manager: 6857 description: Manager is an identifier of the workflow managing these fields. 6858 type: string 6859 operation: 6860 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 6861 type: string 6862 subresource: 6863 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 6864 type: string 6865 time: 6866 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 6867 format: date-time 6868 type: string 6869 type: object 6870 type: array 6871 name: 6872 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 6873 type: string 6874 namespace: 6875 description: |- 6876 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 6877 6878 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 6879 type: string 6880 ownerReferences: 6881 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 6882 items: 6883 properties: 6884 apiVersion: 6885 description: API version of the referent. 6886 type: string 6887 blockOwnerDeletion: 6888 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 6889 type: boolean 6890 controller: 6891 description: If true, this reference points to the managing controller. 6892 type: boolean 6893 kind: 6894 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 6895 type: string 6896 name: 6897 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 6898 type: string 6899 uid: 6900 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 6901 type: string 6902 required: 6903 - apiVersion 6904 - kind 6905 - name 6906 - uid 6907 type: object 6908 x-kubernetes-map-type: atomic 6909 type: array 6910 resourceVersion: 6911 description: |- 6912 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 6913 6914 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 6915 type: string 6916 selfLink: 6917 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 6918 type: string 6919 uid: 6920 description: |- 6921 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 6922 6923 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 6924 type: string 6925 type: object 6926 spec: 6927 description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" 6928 properties: 6929 activeDeadlineSeconds: 6930 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. 6931 format: int64 6932 type: integer 6933 affinity: 6934 description: If specified, the pod's scheduling constraints 6935 properties: 6936 nodeAffinity: 6937 description: Describes node affinity scheduling rules for the pod. 6938 properties: 6939 preferredDuringSchedulingIgnoredDuringExecution: 6940 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 6941 items: 6942 properties: 6943 preference: 6944 description: A node selector term, associated with the corresponding weight. 6945 properties: 6946 matchExpressions: 6947 description: A list of node selector requirements by node's labels. 6948 items: 6949 properties: 6950 key: 6951 description: The label key that the selector applies to. 6952 type: string 6953 operator: 6954 description: |- 6955 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 6956 6957 Possible enum values: 6958 - `"DoesNotExist"` 6959 - `"Exists"` 6960 - `"Gt"` 6961 - `"In"` 6962 - `"Lt"` 6963 - `"NotIn"` 6964 enum: 6965 - DoesNotExist 6966 - Exists 6967 - Gt 6968 - In 6969 - Lt 6970 - NotIn 6971 type: string 6972 values: 6973 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 6974 items: 6975 type: string 6976 type: array 6977 required: 6978 - key 6979 - operator 6980 type: object 6981 type: array 6982 matchFields: 6983 description: A list of node selector requirements by node's fields. 6984 items: 6985 properties: 6986 key: 6987 description: The label key that the selector applies to. 6988 type: string 6989 operator: 6990 description: |- 6991 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 6992 6993 Possible enum values: 6994 - `"DoesNotExist"` 6995 - `"Exists"` 6996 - `"Gt"` 6997 - `"In"` 6998 - `"Lt"` 6999 - `"NotIn"` 7000 enum: 7001 - DoesNotExist 7002 - Exists 7003 - Gt 7004 - In 7005 - Lt 7006 - NotIn 7007 type: string 7008 values: 7009 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 7010 items: 7011 type: string 7012 type: array 7013 required: 7014 - key 7015 - operator 7016 type: object 7017 type: array 7018 type: object 7019 x-kubernetes-map-type: atomic 7020 weight: 7021 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 7022 format: int32 7023 type: integer 7024 required: 7025 - weight 7026 - preference 7027 type: object 7028 type: array 7029 requiredDuringSchedulingIgnoredDuringExecution: 7030 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 7031 properties: 7032 nodeSelectorTerms: 7033 description: Required. A list of node selector terms. The terms are ORed. 7034 items: 7035 properties: 7036 matchExpressions: 7037 description: A list of node selector requirements by node's labels. 7038 items: 7039 properties: 7040 key: 7041 description: The label key that the selector applies to. 7042 type: string 7043 operator: 7044 description: |- 7045 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 7046 7047 Possible enum values: 7048 - `"DoesNotExist"` 7049 - `"Exists"` 7050 - `"Gt"` 7051 - `"In"` 7052 - `"Lt"` 7053 - `"NotIn"` 7054 enum: 7055 - DoesNotExist 7056 - Exists 7057 - Gt 7058 - In 7059 - Lt 7060 - NotIn 7061 type: string 7062 values: 7063 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 7064 items: 7065 type: string 7066 type: array 7067 required: 7068 - key 7069 - operator 7070 type: object 7071 type: array 7072 matchFields: 7073 description: A list of node selector requirements by node's fields. 7074 items: 7075 properties: 7076 key: 7077 description: The label key that the selector applies to. 7078 type: string 7079 operator: 7080 description: |- 7081 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 7082 7083 Possible enum values: 7084 - `"DoesNotExist"` 7085 - `"Exists"` 7086 - `"Gt"` 7087 - `"In"` 7088 - `"Lt"` 7089 - `"NotIn"` 7090 enum: 7091 - DoesNotExist 7092 - Exists 7093 - Gt 7094 - In 7095 - Lt 7096 - NotIn 7097 type: string 7098 values: 7099 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 7100 items: 7101 type: string 7102 type: array 7103 required: 7104 - key 7105 - operator 7106 type: object 7107 type: array 7108 type: object 7109 x-kubernetes-map-type: atomic 7110 type: array 7111 required: 7112 - nodeSelectorTerms 7113 type: object 7114 x-kubernetes-map-type: atomic 7115 type: object 7116 podAffinity: 7117 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 7118 properties: 7119 preferredDuringSchedulingIgnoredDuringExecution: 7120 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 7121 items: 7122 properties: 7123 podAffinityTerm: 7124 description: Required. A pod affinity term, associated with the corresponding weight. 7125 properties: 7126 labelSelector: 7127 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 7128 properties: 7129 matchExpressions: 7130 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7131 items: 7132 properties: 7133 key: 7134 description: key is the label key that the selector applies to. 7135 type: string 7136 operator: 7137 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7138 type: string 7139 values: 7140 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7141 items: 7142 type: string 7143 type: array 7144 required: 7145 - key 7146 - operator 7147 type: object 7148 type: array 7149 matchLabels: 7150 additionalProperties: 7151 type: string 7152 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7153 type: object 7154 type: object 7155 x-kubernetes-map-type: atomic 7156 matchLabelKeys: 7157 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 7158 items: 7159 type: string 7160 type: array 7161 mismatchLabelKeys: 7162 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 7163 items: 7164 type: string 7165 type: array 7166 namespaceSelector: 7167 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 7168 properties: 7169 matchExpressions: 7170 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7171 items: 7172 properties: 7173 key: 7174 description: key is the label key that the selector applies to. 7175 type: string 7176 operator: 7177 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7178 type: string 7179 values: 7180 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7181 items: 7182 type: string 7183 type: array 7184 required: 7185 - key 7186 - operator 7187 type: object 7188 type: array 7189 matchLabels: 7190 additionalProperties: 7191 type: string 7192 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7193 type: object 7194 type: object 7195 x-kubernetes-map-type: atomic 7196 namespaces: 7197 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 7198 items: 7199 type: string 7200 type: array 7201 topologyKey: 7202 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 7203 type: string 7204 required: 7205 - topologyKey 7206 type: object 7207 weight: 7208 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 7209 format: int32 7210 type: integer 7211 required: 7212 - weight 7213 - podAffinityTerm 7214 type: object 7215 type: array 7216 requiredDuringSchedulingIgnoredDuringExecution: 7217 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 7218 items: 7219 properties: 7220 labelSelector: 7221 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 7222 properties: 7223 matchExpressions: 7224 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7225 items: 7226 properties: 7227 key: 7228 description: key is the label key that the selector applies to. 7229 type: string 7230 operator: 7231 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7232 type: string 7233 values: 7234 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7235 items: 7236 type: string 7237 type: array 7238 required: 7239 - key 7240 - operator 7241 type: object 7242 type: array 7243 matchLabels: 7244 additionalProperties: 7245 type: string 7246 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7247 type: object 7248 type: object 7249 x-kubernetes-map-type: atomic 7250 matchLabelKeys: 7251 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 7252 items: 7253 type: string 7254 type: array 7255 mismatchLabelKeys: 7256 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 7257 items: 7258 type: string 7259 type: array 7260 namespaceSelector: 7261 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 7262 properties: 7263 matchExpressions: 7264 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7265 items: 7266 properties: 7267 key: 7268 description: key is the label key that the selector applies to. 7269 type: string 7270 operator: 7271 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7272 type: string 7273 values: 7274 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7275 items: 7276 type: string 7277 type: array 7278 required: 7279 - key 7280 - operator 7281 type: object 7282 type: array 7283 matchLabels: 7284 additionalProperties: 7285 type: string 7286 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7287 type: object 7288 type: object 7289 x-kubernetes-map-type: atomic 7290 namespaces: 7291 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 7292 items: 7293 type: string 7294 type: array 7295 topologyKey: 7296 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 7297 type: string 7298 required: 7299 - topologyKey 7300 type: object 7301 type: array 7302 type: object 7303 podAntiAffinity: 7304 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 7305 properties: 7306 preferredDuringSchedulingIgnoredDuringExecution: 7307 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 7308 items: 7309 properties: 7310 podAffinityTerm: 7311 description: Required. A pod affinity term, associated with the corresponding weight. 7312 properties: 7313 labelSelector: 7314 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 7315 properties: 7316 matchExpressions: 7317 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7318 items: 7319 properties: 7320 key: 7321 description: key is the label key that the selector applies to. 7322 type: string 7323 operator: 7324 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7325 type: string 7326 values: 7327 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7328 items: 7329 type: string 7330 type: array 7331 required: 7332 - key 7333 - operator 7334 type: object 7335 type: array 7336 matchLabels: 7337 additionalProperties: 7338 type: string 7339 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7340 type: object 7341 type: object 7342 x-kubernetes-map-type: atomic 7343 matchLabelKeys: 7344 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 7345 items: 7346 type: string 7347 type: array 7348 mismatchLabelKeys: 7349 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 7350 items: 7351 type: string 7352 type: array 7353 namespaceSelector: 7354 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 7355 properties: 7356 matchExpressions: 7357 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7358 items: 7359 properties: 7360 key: 7361 description: key is the label key that the selector applies to. 7362 type: string 7363 operator: 7364 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7365 type: string 7366 values: 7367 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7368 items: 7369 type: string 7370 type: array 7371 required: 7372 - key 7373 - operator 7374 type: object 7375 type: array 7376 matchLabels: 7377 additionalProperties: 7378 type: string 7379 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7380 type: object 7381 type: object 7382 x-kubernetes-map-type: atomic 7383 namespaces: 7384 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 7385 items: 7386 type: string 7387 type: array 7388 topologyKey: 7389 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 7390 type: string 7391 required: 7392 - topologyKey 7393 type: object 7394 weight: 7395 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 7396 format: int32 7397 type: integer 7398 required: 7399 - weight 7400 - podAffinityTerm 7401 type: object 7402 type: array 7403 requiredDuringSchedulingIgnoredDuringExecution: 7404 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 7405 items: 7406 properties: 7407 labelSelector: 7408 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 7409 properties: 7410 matchExpressions: 7411 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7412 items: 7413 properties: 7414 key: 7415 description: key is the label key that the selector applies to. 7416 type: string 7417 operator: 7418 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7419 type: string 7420 values: 7421 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7422 items: 7423 type: string 7424 type: array 7425 required: 7426 - key 7427 - operator 7428 type: object 7429 type: array 7430 matchLabels: 7431 additionalProperties: 7432 type: string 7433 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7434 type: object 7435 type: object 7436 x-kubernetes-map-type: atomic 7437 matchLabelKeys: 7438 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 7439 items: 7440 type: string 7441 type: array 7442 mismatchLabelKeys: 7443 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 7444 items: 7445 type: string 7446 type: array 7447 namespaceSelector: 7448 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 7449 properties: 7450 matchExpressions: 7451 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7452 items: 7453 properties: 7454 key: 7455 description: key is the label key that the selector applies to. 7456 type: string 7457 operator: 7458 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7459 type: string 7460 values: 7461 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7462 items: 7463 type: string 7464 type: array 7465 required: 7466 - key 7467 - operator 7468 type: object 7469 type: array 7470 matchLabels: 7471 additionalProperties: 7472 type: string 7473 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7474 type: object 7475 type: object 7476 x-kubernetes-map-type: atomic 7477 namespaces: 7478 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 7479 items: 7480 type: string 7481 type: array 7482 topologyKey: 7483 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 7484 type: string 7485 required: 7486 - topologyKey 7487 type: object 7488 type: array 7489 type: object 7490 type: object 7491 automountServiceAccountToken: 7492 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 7493 type: boolean 7494 containers: 7495 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. 7496 items: 7497 properties: 7498 args: 7499 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 7500 items: 7501 type: string 7502 type: array 7503 command: 7504 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 7505 items: 7506 type: string 7507 type: array 7508 env: 7509 description: List of environment variables to set in the container. Cannot be updated. 7510 items: 7511 properties: 7512 name: 7513 description: Name of the environment variable. Must be a C_IDENTIFIER. 7514 type: string 7515 value: 7516 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 7517 type: string 7518 valueFrom: 7519 description: Source for the environment variable's value. Cannot be used if value is not empty. 7520 properties: 7521 configMapKeyRef: 7522 description: Selects a key of a ConfigMap. 7523 properties: 7524 key: 7525 description: The key to select. 7526 type: string 7527 name: 7528 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 7529 type: string 7530 optional: 7531 description: Specify whether the ConfigMap or its key must be defined 7532 type: boolean 7533 required: 7534 - key 7535 type: object 7536 x-kubernetes-map-type: atomic 7537 fieldRef: 7538 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 7539 properties: 7540 apiVersion: 7541 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 7542 type: string 7543 fieldPath: 7544 description: Path of the field to select in the specified API version. 7545 type: string 7546 required: 7547 - fieldPath 7548 type: object 7549 x-kubernetes-map-type: atomic 7550 resourceFieldRef: 7551 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 7552 properties: 7553 containerName: 7554 description: "Container name: required for volumes, optional for env vars" 7555 type: string 7556 divisor: 7557 description: Specifies the output format of the exposed resources, defaults to "1" 7558 type: string 7559 resource: 7560 description: "Required: resource to select" 7561 type: string 7562 required: 7563 - resource 7564 type: object 7565 x-kubernetes-map-type: atomic 7566 secretKeyRef: 7567 description: Selects a key of a secret in the pod's namespace 7568 properties: 7569 key: 7570 description: The key of the secret to select from. Must be a valid secret key. 7571 type: string 7572 name: 7573 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 7574 type: string 7575 optional: 7576 description: Specify whether the Secret or its key must be defined 7577 type: boolean 7578 required: 7579 - key 7580 type: object 7581 x-kubernetes-map-type: atomic 7582 type: object 7583 required: 7584 - name 7585 type: object 7586 type: array 7587 envFrom: 7588 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 7589 items: 7590 properties: 7591 configMapRef: 7592 description: The ConfigMap to select from 7593 properties: 7594 name: 7595 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 7596 type: string 7597 optional: 7598 description: Specify whether the ConfigMap must be defined 7599 type: boolean 7600 type: object 7601 prefix: 7602 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 7603 type: string 7604 secretRef: 7605 description: The Secret to select from 7606 properties: 7607 name: 7608 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 7609 type: string 7610 optional: 7611 description: Specify whether the Secret must be defined 7612 type: boolean 7613 type: object 7614 type: object 7615 type: array 7616 image: 7617 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 7618 type: string 7619 imagePullPolicy: 7620 description: |- 7621 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 7622 7623 Possible enum values: 7624 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 7625 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 7626 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 7627 enum: 7628 - Always 7629 - IfNotPresent 7630 - Never 7631 type: string 7632 lifecycle: 7633 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 7634 properties: 7635 postStart: 7636 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 7637 properties: 7638 exec: 7639 description: Exec specifies a command to execute in the container. 7640 properties: 7641 command: 7642 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 7643 items: 7644 type: string 7645 type: array 7646 type: object 7647 httpGet: 7648 description: HTTPGet specifies an HTTP GET request to perform. 7649 properties: 7650 host: 7651 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 7652 type: string 7653 httpHeaders: 7654 description: Custom headers to set in the request. HTTP allows repeated headers. 7655 items: 7656 properties: 7657 name: 7658 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 7659 type: string 7660 value: 7661 description: The header field value 7662 type: string 7663 required: 7664 - name 7665 - value 7666 type: object 7667 type: array 7668 path: 7669 description: Path to access on the HTTP server. 7670 type: string 7671 port: 7672 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 7673 format: int-or-string 7674 x-kubernetes-int-or-string: true 7675 scheme: 7676 description: |- 7677 Scheme to use for connecting to the host. Defaults to HTTP. 7678 7679 Possible enum values: 7680 - `"HTTP"` means that the scheme used will be http:// 7681 - `"HTTPS"` means that the scheme used will be https:// 7682 enum: 7683 - HTTP 7684 - HTTPS 7685 type: string 7686 required: 7687 - port 7688 type: object 7689 sleep: 7690 description: Sleep represents a duration that the container should sleep. 7691 properties: 7692 seconds: 7693 description: Seconds is the number of seconds to sleep. 7694 format: int64 7695 type: integer 7696 required: 7697 - seconds 7698 type: object 7699 tcpSocket: 7700 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 7701 properties: 7702 host: 7703 description: "Optional: Host name to connect to, defaults to the pod IP." 7704 type: string 7705 port: 7706 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 7707 format: int-or-string 7708 x-kubernetes-int-or-string: true 7709 required: 7710 - port 7711 type: object 7712 type: object 7713 preStop: 7714 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 7715 properties: 7716 exec: 7717 description: Exec specifies a command to execute in the container. 7718 properties: 7719 command: 7720 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 7721 items: 7722 type: string 7723 type: array 7724 type: object 7725 httpGet: 7726 description: HTTPGet specifies an HTTP GET request to perform. 7727 properties: 7728 host: 7729 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 7730 type: string 7731 httpHeaders: 7732 description: Custom headers to set in the request. HTTP allows repeated headers. 7733 items: 7734 properties: 7735 name: 7736 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 7737 type: string 7738 value: 7739 description: The header field value 7740 type: string 7741 required: 7742 - name 7743 - value 7744 type: object 7745 type: array 7746 path: 7747 description: Path to access on the HTTP server. 7748 type: string 7749 port: 7750 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 7751 format: int-or-string 7752 x-kubernetes-int-or-string: true 7753 scheme: 7754 description: |- 7755 Scheme to use for connecting to the host. Defaults to HTTP. 7756 7757 Possible enum values: 7758 - `"HTTP"` means that the scheme used will be http:// 7759 - `"HTTPS"` means that the scheme used will be https:// 7760 enum: 7761 - HTTP 7762 - HTTPS 7763 type: string 7764 required: 7765 - port 7766 type: object 7767 sleep: 7768 description: Sleep represents a duration that the container should sleep. 7769 properties: 7770 seconds: 7771 description: Seconds is the number of seconds to sleep. 7772 format: int64 7773 type: integer 7774 required: 7775 - seconds 7776 type: object 7777 tcpSocket: 7778 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 7779 properties: 7780 host: 7781 description: "Optional: Host name to connect to, defaults to the pod IP." 7782 type: string 7783 port: 7784 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 7785 format: int-or-string 7786 x-kubernetes-int-or-string: true 7787 required: 7788 - port 7789 type: object 7790 type: object 7791 type: object 7792 livenessProbe: 7793 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 7794 properties: 7795 exec: 7796 description: Exec specifies a command to execute in the container. 7797 properties: 7798 command: 7799 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 7800 items: 7801 type: string 7802 type: array 7803 type: object 7804 failureThreshold: 7805 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 7806 format: int32 7807 type: integer 7808 grpc: 7809 description: GRPC specifies a GRPC HealthCheckRequest. 7810 properties: 7811 port: 7812 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 7813 format: int32 7814 type: integer 7815 service: 7816 description: |- 7817 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 7818 7819 If this is not specified, the default behavior is defined by gRPC. 7820 type: string 7821 required: 7822 - port 7823 type: object 7824 httpGet: 7825 description: HTTPGet specifies an HTTP GET request to perform. 7826 properties: 7827 host: 7828 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 7829 type: string 7830 httpHeaders: 7831 description: Custom headers to set in the request. HTTP allows repeated headers. 7832 items: 7833 properties: 7834 name: 7835 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 7836 type: string 7837 value: 7838 description: The header field value 7839 type: string 7840 required: 7841 - name 7842 - value 7843 type: object 7844 type: array 7845 path: 7846 description: Path to access on the HTTP server. 7847 type: string 7848 port: 7849 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 7850 format: int-or-string 7851 x-kubernetes-int-or-string: true 7852 scheme: 7853 description: |- 7854 Scheme to use for connecting to the host. Defaults to HTTP. 7855 7856 Possible enum values: 7857 - `"HTTP"` means that the scheme used will be http:// 7858 - `"HTTPS"` means that the scheme used will be https:// 7859 enum: 7860 - HTTP 7861 - HTTPS 7862 type: string 7863 required: 7864 - port 7865 type: object 7866 initialDelaySeconds: 7867 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 7868 format: int32 7869 type: integer 7870 periodSeconds: 7871 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 7872 format: int32 7873 type: integer 7874 successThreshold: 7875 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 7876 format: int32 7877 type: integer 7878 tcpSocket: 7879 description: TCPSocket specifies a connection to a TCP port. 7880 properties: 7881 host: 7882 description: "Optional: Host name to connect to, defaults to the pod IP." 7883 type: string 7884 port: 7885 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 7886 format: int-or-string 7887 x-kubernetes-int-or-string: true 7888 required: 7889 - port 7890 type: object 7891 terminationGracePeriodSeconds: 7892 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 7893 format: int64 7894 type: integer 7895 timeoutSeconds: 7896 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 7897 format: int32 7898 type: integer 7899 type: object 7900 name: 7901 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 7902 type: string 7903 ports: 7904 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 7905 items: 7906 properties: 7907 containerPort: 7908 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 7909 format: int32 7910 type: integer 7911 hostIP: 7912 description: What host IP to bind the external port to. 7913 type: string 7914 hostPort: 7915 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 7916 format: int32 7917 type: integer 7918 name: 7919 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 7920 type: string 7921 protocol: 7922 description: |- 7923 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 7924 7925 Possible enum values: 7926 - `"SCTP"` is the SCTP protocol. 7927 - `"TCP"` is the TCP protocol. 7928 - `"UDP"` is the UDP protocol. 7929 enum: 7930 - SCTP 7931 - TCP 7932 - UDP 7933 type: string 7934 required: 7935 - containerPort 7936 type: object 7937 type: array 7938 readinessProbe: 7939 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 7940 properties: 7941 exec: 7942 description: Exec specifies a command to execute in the container. 7943 properties: 7944 command: 7945 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 7946 items: 7947 type: string 7948 type: array 7949 type: object 7950 failureThreshold: 7951 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 7952 format: int32 7953 type: integer 7954 grpc: 7955 description: GRPC specifies a GRPC HealthCheckRequest. 7956 properties: 7957 port: 7958 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 7959 format: int32 7960 type: integer 7961 service: 7962 description: |- 7963 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 7964 7965 If this is not specified, the default behavior is defined by gRPC. 7966 type: string 7967 required: 7968 - port 7969 type: object 7970 httpGet: 7971 description: HTTPGet specifies an HTTP GET request to perform. 7972 properties: 7973 host: 7974 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 7975 type: string 7976 httpHeaders: 7977 description: Custom headers to set in the request. HTTP allows repeated headers. 7978 items: 7979 properties: 7980 name: 7981 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 7982 type: string 7983 value: 7984 description: The header field value 7985 type: string 7986 required: 7987 - name 7988 - value 7989 type: object 7990 type: array 7991 path: 7992 description: Path to access on the HTTP server. 7993 type: string 7994 port: 7995 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 7996 format: int-or-string 7997 x-kubernetes-int-or-string: true 7998 scheme: 7999 description: |- 8000 Scheme to use for connecting to the host. Defaults to HTTP. 8001 8002 Possible enum values: 8003 - `"HTTP"` means that the scheme used will be http:// 8004 - `"HTTPS"` means that the scheme used will be https:// 8005 enum: 8006 - HTTP 8007 - HTTPS 8008 type: string 8009 required: 8010 - port 8011 type: object 8012 initialDelaySeconds: 8013 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8014 format: int32 8015 type: integer 8016 periodSeconds: 8017 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 8018 format: int32 8019 type: integer 8020 successThreshold: 8021 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 8022 format: int32 8023 type: integer 8024 tcpSocket: 8025 description: TCPSocket specifies a connection to a TCP port. 8026 properties: 8027 host: 8028 description: "Optional: Host name to connect to, defaults to the pod IP." 8029 type: string 8030 port: 8031 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8032 format: int-or-string 8033 x-kubernetes-int-or-string: true 8034 required: 8035 - port 8036 type: object 8037 terminationGracePeriodSeconds: 8038 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 8039 format: int64 8040 type: integer 8041 timeoutSeconds: 8042 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8043 format: int32 8044 type: integer 8045 type: object 8046 resizePolicy: 8047 description: Resources resize policy for the container. 8048 items: 8049 properties: 8050 resourceName: 8051 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 8052 type: string 8053 restartPolicy: 8054 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 8055 type: string 8056 required: 8057 - resourceName 8058 - restartPolicy 8059 type: object 8060 type: array 8061 resources: 8062 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 8063 properties: 8064 claims: 8065 description: |- 8066 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 8067 8068 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 8069 8070 This field is immutable. It can only be set for containers. 8071 items: 8072 properties: 8073 name: 8074 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 8075 type: string 8076 request: 8077 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 8078 type: string 8079 required: 8080 - name 8081 type: object 8082 type: array 8083 limits: 8084 additionalProperties: 8085 type: string 8086 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 8087 type: object 8088 requests: 8089 additionalProperties: 8090 type: string 8091 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 8092 type: object 8093 type: object 8094 restartPolicy: 8095 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 8096 type: string 8097 securityContext: 8098 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 8099 properties: 8100 allowPrivilegeEscalation: 8101 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 8102 type: boolean 8103 appArmorProfile: 8104 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 8105 properties: 8106 localhostProfile: 8107 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 8108 type: string 8109 type: 8110 description: |- 8111 type indicates which kind of AppArmor profile will be applied. Valid options are: 8112 Localhost - a profile pre-loaded on the node. 8113 RuntimeDefault - the container runtime's default profile. 8114 Unconfined - no AppArmor enforcement. 8115 8116 Possible enum values: 8117 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 8118 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 8119 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 8120 enum: 8121 - Localhost 8122 - RuntimeDefault 8123 - Unconfined 8124 type: string 8125 required: 8126 - type 8127 type: object 8128 capabilities: 8129 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 8130 properties: 8131 add: 8132 description: Added capabilities 8133 items: 8134 type: string 8135 type: array 8136 drop: 8137 description: Removed capabilities 8138 items: 8139 type: string 8140 type: array 8141 type: object 8142 privileged: 8143 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 8144 type: boolean 8145 procMount: 8146 description: |- 8147 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 8148 8149 Possible enum values: 8150 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 8151 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 8152 enum: 8153 - Default 8154 - Unmasked 8155 type: string 8156 readOnlyRootFilesystem: 8157 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 8158 type: boolean 8159 runAsGroup: 8160 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 8161 format: int64 8162 type: integer 8163 runAsNonRoot: 8164 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 8165 type: boolean 8166 runAsUser: 8167 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 8168 format: int64 8169 type: integer 8170 seLinuxOptions: 8171 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 8172 properties: 8173 level: 8174 description: Level is SELinux level label that applies to the container. 8175 type: string 8176 role: 8177 description: Role is a SELinux role label that applies to the container. 8178 type: string 8179 type: 8180 description: Type is a SELinux type label that applies to the container. 8181 type: string 8182 user: 8183 description: User is a SELinux user label that applies to the container. 8184 type: string 8185 type: object 8186 seccompProfile: 8187 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 8188 properties: 8189 localhostProfile: 8190 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 8191 type: string 8192 type: 8193 description: |- 8194 type indicates which kind of seccomp profile will be applied. Valid options are: 8195 8196 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 8197 8198 Possible enum values: 8199 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 8200 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 8201 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 8202 enum: 8203 - Localhost 8204 - RuntimeDefault 8205 - Unconfined 8206 type: string 8207 required: 8208 - type 8209 type: object 8210 windowsOptions: 8211 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 8212 properties: 8213 gmsaCredentialSpec: 8214 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 8215 type: string 8216 gmsaCredentialSpecName: 8217 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 8218 type: string 8219 hostProcess: 8220 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 8221 type: boolean 8222 runAsUserName: 8223 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 8224 type: string 8225 type: object 8226 type: object 8227 startupProbe: 8228 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8229 properties: 8230 exec: 8231 description: Exec specifies a command to execute in the container. 8232 properties: 8233 command: 8234 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 8235 items: 8236 type: string 8237 type: array 8238 type: object 8239 failureThreshold: 8240 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 8241 format: int32 8242 type: integer 8243 grpc: 8244 description: GRPC specifies a GRPC HealthCheckRequest. 8245 properties: 8246 port: 8247 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 8248 format: int32 8249 type: integer 8250 service: 8251 description: |- 8252 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8253 8254 If this is not specified, the default behavior is defined by gRPC. 8255 type: string 8256 required: 8257 - port 8258 type: object 8259 httpGet: 8260 description: HTTPGet specifies an HTTP GET request to perform. 8261 properties: 8262 host: 8263 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 8264 type: string 8265 httpHeaders: 8266 description: Custom headers to set in the request. HTTP allows repeated headers. 8267 items: 8268 properties: 8269 name: 8270 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 8271 type: string 8272 value: 8273 description: The header field value 8274 type: string 8275 required: 8276 - name 8277 - value 8278 type: object 8279 type: array 8280 path: 8281 description: Path to access on the HTTP server. 8282 type: string 8283 port: 8284 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8285 format: int-or-string 8286 x-kubernetes-int-or-string: true 8287 scheme: 8288 description: |- 8289 Scheme to use for connecting to the host. Defaults to HTTP. 8290 8291 Possible enum values: 8292 - `"HTTP"` means that the scheme used will be http:// 8293 - `"HTTPS"` means that the scheme used will be https:// 8294 enum: 8295 - HTTP 8296 - HTTPS 8297 type: string 8298 required: 8299 - port 8300 type: object 8301 initialDelaySeconds: 8302 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8303 format: int32 8304 type: integer 8305 periodSeconds: 8306 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 8307 format: int32 8308 type: integer 8309 successThreshold: 8310 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 8311 format: int32 8312 type: integer 8313 tcpSocket: 8314 description: TCPSocket specifies a connection to a TCP port. 8315 properties: 8316 host: 8317 description: "Optional: Host name to connect to, defaults to the pod IP." 8318 type: string 8319 port: 8320 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8321 format: int-or-string 8322 x-kubernetes-int-or-string: true 8323 required: 8324 - port 8325 type: object 8326 terminationGracePeriodSeconds: 8327 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 8328 format: int64 8329 type: integer 8330 timeoutSeconds: 8331 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8332 format: int32 8333 type: integer 8334 type: object 8335 stdin: 8336 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 8337 type: boolean 8338 stdinOnce: 8339 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 8340 type: boolean 8341 terminationMessagePath: 8342 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 8343 type: string 8344 terminationMessagePolicy: 8345 description: |- 8346 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 8347 8348 Possible enum values: 8349 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 8350 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 8351 enum: 8352 - FallbackToLogsOnError 8353 - File 8354 type: string 8355 tty: 8356 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 8357 type: boolean 8358 volumeDevices: 8359 description: volumeDevices is the list of block devices to be used by the container. 8360 items: 8361 properties: 8362 devicePath: 8363 description: devicePath is the path inside of the container that the device will be mapped to. 8364 type: string 8365 name: 8366 description: name must match the name of a persistentVolumeClaim in the pod 8367 type: string 8368 required: 8369 - name 8370 - devicePath 8371 type: object 8372 type: array 8373 volumeMounts: 8374 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 8375 items: 8376 properties: 8377 mountPath: 8378 description: Path within the container at which the volume should be mounted. Must not contain ':'. 8379 type: string 8380 mountPropagation: 8381 description: |- 8382 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 8383 8384 Possible enum values: 8385 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 8386 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 8387 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 8388 enum: 8389 - Bidirectional 8390 - HostToContainer 8391 - None 8392 type: string 8393 name: 8394 description: This must match the Name of a Volume. 8395 type: string 8396 readOnly: 8397 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 8398 type: boolean 8399 recursiveReadOnly: 8400 description: |- 8401 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 8402 8403 If ReadOnly is false, this field has no meaning and must be unspecified. 8404 8405 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 8406 8407 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 8408 8409 If this field is not specified, it is treated as an equivalent of Disabled. 8410 type: string 8411 subPath: 8412 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 8413 type: string 8414 subPathExpr: 8415 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 8416 type: string 8417 required: 8418 - name 8419 - mountPath 8420 type: object 8421 type: array 8422 workingDir: 8423 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 8424 type: string 8425 required: 8426 - name 8427 type: object 8428 type: array 8429 dnsConfig: 8430 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. 8431 properties: 8432 nameservers: 8433 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. 8434 items: 8435 type: string 8436 type: array 8437 options: 8438 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. 8439 items: 8440 properties: 8441 name: 8442 description: Name is this DNS resolver option's name. Required. 8443 type: string 8444 value: 8445 description: Value is this DNS resolver option's value. 8446 type: string 8447 type: object 8448 type: array 8449 searches: 8450 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. 8451 items: 8452 type: string 8453 type: array 8454 type: object 8455 dnsPolicy: 8456 description: |- 8457 Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 8458 8459 Possible enum values: 8460 - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 8461 - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 8462 - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings. 8463 - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig. 8464 enum: 8465 - ClusterFirst 8466 - ClusterFirstWithHostNet 8467 - Default 8468 - None 8469 type: string 8470 enableServiceLinks: 8471 description: "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true." 8472 type: boolean 8473 ephemeralContainers: 8474 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 8475 items: 8476 properties: 8477 args: 8478 description: "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 8479 items: 8480 type: string 8481 type: array 8482 command: 8483 description: "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 8484 items: 8485 type: string 8486 type: array 8487 env: 8488 description: List of environment variables to set in the container. Cannot be updated. 8489 items: 8490 properties: 8491 name: 8492 description: Name of the environment variable. Must be a C_IDENTIFIER. 8493 type: string 8494 value: 8495 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 8496 type: string 8497 valueFrom: 8498 description: Source for the environment variable's value. Cannot be used if value is not empty. 8499 properties: 8500 configMapKeyRef: 8501 description: Selects a key of a ConfigMap. 8502 properties: 8503 key: 8504 description: The key to select. 8505 type: string 8506 name: 8507 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 8508 type: string 8509 optional: 8510 description: Specify whether the ConfigMap or its key must be defined 8511 type: boolean 8512 required: 8513 - key 8514 type: object 8515 x-kubernetes-map-type: atomic 8516 fieldRef: 8517 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 8518 properties: 8519 apiVersion: 8520 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 8521 type: string 8522 fieldPath: 8523 description: Path of the field to select in the specified API version. 8524 type: string 8525 required: 8526 - fieldPath 8527 type: object 8528 x-kubernetes-map-type: atomic 8529 resourceFieldRef: 8530 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 8531 properties: 8532 containerName: 8533 description: "Container name: required for volumes, optional for env vars" 8534 type: string 8535 divisor: 8536 description: Specifies the output format of the exposed resources, defaults to "1" 8537 type: string 8538 resource: 8539 description: "Required: resource to select" 8540 type: string 8541 required: 8542 - resource 8543 type: object 8544 x-kubernetes-map-type: atomic 8545 secretKeyRef: 8546 description: Selects a key of a secret in the pod's namespace 8547 properties: 8548 key: 8549 description: The key of the secret to select from. Must be a valid secret key. 8550 type: string 8551 name: 8552 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 8553 type: string 8554 optional: 8555 description: Specify whether the Secret or its key must be defined 8556 type: boolean 8557 required: 8558 - key 8559 type: object 8560 x-kubernetes-map-type: atomic 8561 type: object 8562 required: 8563 - name 8564 type: object 8565 type: array 8566 envFrom: 8567 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 8568 items: 8569 properties: 8570 configMapRef: 8571 description: The ConfigMap to select from 8572 properties: 8573 name: 8574 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 8575 type: string 8576 optional: 8577 description: Specify whether the ConfigMap must be defined 8578 type: boolean 8579 type: object 8580 prefix: 8581 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 8582 type: string 8583 secretRef: 8584 description: The Secret to select from 8585 properties: 8586 name: 8587 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 8588 type: string 8589 optional: 8590 description: Specify whether the Secret must be defined 8591 type: boolean 8592 type: object 8593 type: object 8594 type: array 8595 image: 8596 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images" 8597 type: string 8598 imagePullPolicy: 8599 description: |- 8600 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 8601 8602 Possible enum values: 8603 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 8604 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 8605 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 8606 enum: 8607 - Always 8608 - IfNotPresent 8609 - Never 8610 type: string 8611 lifecycle: 8612 description: Lifecycle is not allowed for ephemeral containers. 8613 properties: 8614 postStart: 8615 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 8616 properties: 8617 exec: 8618 description: Exec specifies a command to execute in the container. 8619 properties: 8620 command: 8621 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 8622 items: 8623 type: string 8624 type: array 8625 type: object 8626 httpGet: 8627 description: HTTPGet specifies an HTTP GET request to perform. 8628 properties: 8629 host: 8630 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 8631 type: string 8632 httpHeaders: 8633 description: Custom headers to set in the request. HTTP allows repeated headers. 8634 items: 8635 properties: 8636 name: 8637 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 8638 type: string 8639 value: 8640 description: The header field value 8641 type: string 8642 required: 8643 - name 8644 - value 8645 type: object 8646 type: array 8647 path: 8648 description: Path to access on the HTTP server. 8649 type: string 8650 port: 8651 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8652 format: int-or-string 8653 x-kubernetes-int-or-string: true 8654 scheme: 8655 description: |- 8656 Scheme to use for connecting to the host. Defaults to HTTP. 8657 8658 Possible enum values: 8659 - `"HTTP"` means that the scheme used will be http:// 8660 - `"HTTPS"` means that the scheme used will be https:// 8661 enum: 8662 - HTTP 8663 - HTTPS 8664 type: string 8665 required: 8666 - port 8667 type: object 8668 sleep: 8669 description: Sleep represents a duration that the container should sleep. 8670 properties: 8671 seconds: 8672 description: Seconds is the number of seconds to sleep. 8673 format: int64 8674 type: integer 8675 required: 8676 - seconds 8677 type: object 8678 tcpSocket: 8679 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 8680 properties: 8681 host: 8682 description: "Optional: Host name to connect to, defaults to the pod IP." 8683 type: string 8684 port: 8685 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8686 format: int-or-string 8687 x-kubernetes-int-or-string: true 8688 required: 8689 - port 8690 type: object 8691 type: object 8692 preStop: 8693 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 8694 properties: 8695 exec: 8696 description: Exec specifies a command to execute in the container. 8697 properties: 8698 command: 8699 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 8700 items: 8701 type: string 8702 type: array 8703 type: object 8704 httpGet: 8705 description: HTTPGet specifies an HTTP GET request to perform. 8706 properties: 8707 host: 8708 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 8709 type: string 8710 httpHeaders: 8711 description: Custom headers to set in the request. HTTP allows repeated headers. 8712 items: 8713 properties: 8714 name: 8715 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 8716 type: string 8717 value: 8718 description: The header field value 8719 type: string 8720 required: 8721 - name 8722 - value 8723 type: object 8724 type: array 8725 path: 8726 description: Path to access on the HTTP server. 8727 type: string 8728 port: 8729 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8730 format: int-or-string 8731 x-kubernetes-int-or-string: true 8732 scheme: 8733 description: |- 8734 Scheme to use for connecting to the host. Defaults to HTTP. 8735 8736 Possible enum values: 8737 - `"HTTP"` means that the scheme used will be http:// 8738 - `"HTTPS"` means that the scheme used will be https:// 8739 enum: 8740 - HTTP 8741 - HTTPS 8742 type: string 8743 required: 8744 - port 8745 type: object 8746 sleep: 8747 description: Sleep represents a duration that the container should sleep. 8748 properties: 8749 seconds: 8750 description: Seconds is the number of seconds to sleep. 8751 format: int64 8752 type: integer 8753 required: 8754 - seconds 8755 type: object 8756 tcpSocket: 8757 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 8758 properties: 8759 host: 8760 description: "Optional: Host name to connect to, defaults to the pod IP." 8761 type: string 8762 port: 8763 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8764 format: int-or-string 8765 x-kubernetes-int-or-string: true 8766 required: 8767 - port 8768 type: object 8769 type: object 8770 type: object 8771 livenessProbe: 8772 description: Probes are not allowed for ephemeral containers. 8773 properties: 8774 exec: 8775 description: Exec specifies a command to execute in the container. 8776 properties: 8777 command: 8778 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 8779 items: 8780 type: string 8781 type: array 8782 type: object 8783 failureThreshold: 8784 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 8785 format: int32 8786 type: integer 8787 grpc: 8788 description: GRPC specifies a GRPC HealthCheckRequest. 8789 properties: 8790 port: 8791 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 8792 format: int32 8793 type: integer 8794 service: 8795 description: |- 8796 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8797 8798 If this is not specified, the default behavior is defined by gRPC. 8799 type: string 8800 required: 8801 - port 8802 type: object 8803 httpGet: 8804 description: HTTPGet specifies an HTTP GET request to perform. 8805 properties: 8806 host: 8807 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 8808 type: string 8809 httpHeaders: 8810 description: Custom headers to set in the request. HTTP allows repeated headers. 8811 items: 8812 properties: 8813 name: 8814 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 8815 type: string 8816 value: 8817 description: The header field value 8818 type: string 8819 required: 8820 - name 8821 - value 8822 type: object 8823 type: array 8824 path: 8825 description: Path to access on the HTTP server. 8826 type: string 8827 port: 8828 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8829 format: int-or-string 8830 x-kubernetes-int-or-string: true 8831 scheme: 8832 description: |- 8833 Scheme to use for connecting to the host. Defaults to HTTP. 8834 8835 Possible enum values: 8836 - `"HTTP"` means that the scheme used will be http:// 8837 - `"HTTPS"` means that the scheme used will be https:// 8838 enum: 8839 - HTTP 8840 - HTTPS 8841 type: string 8842 required: 8843 - port 8844 type: object 8845 initialDelaySeconds: 8846 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8847 format: int32 8848 type: integer 8849 periodSeconds: 8850 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 8851 format: int32 8852 type: integer 8853 successThreshold: 8854 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 8855 format: int32 8856 type: integer 8857 tcpSocket: 8858 description: TCPSocket specifies a connection to a TCP port. 8859 properties: 8860 host: 8861 description: "Optional: Host name to connect to, defaults to the pod IP." 8862 type: string 8863 port: 8864 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8865 format: int-or-string 8866 x-kubernetes-int-or-string: true 8867 required: 8868 - port 8869 type: object 8870 terminationGracePeriodSeconds: 8871 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 8872 format: int64 8873 type: integer 8874 timeoutSeconds: 8875 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8876 format: int32 8877 type: integer 8878 type: object 8879 name: 8880 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. 8881 type: string 8882 ports: 8883 description: Ports are not allowed for ephemeral containers. 8884 items: 8885 properties: 8886 containerPort: 8887 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 8888 format: int32 8889 type: integer 8890 hostIP: 8891 description: What host IP to bind the external port to. 8892 type: string 8893 hostPort: 8894 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 8895 format: int32 8896 type: integer 8897 name: 8898 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 8899 type: string 8900 protocol: 8901 description: |- 8902 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 8903 8904 Possible enum values: 8905 - `"SCTP"` is the SCTP protocol. 8906 - `"TCP"` is the TCP protocol. 8907 - `"UDP"` is the UDP protocol. 8908 enum: 8909 - SCTP 8910 - TCP 8911 - UDP 8912 type: string 8913 required: 8914 - containerPort 8915 type: object 8916 type: array 8917 readinessProbe: 8918 description: Probes are not allowed for ephemeral containers. 8919 properties: 8920 exec: 8921 description: Exec specifies a command to execute in the container. 8922 properties: 8923 command: 8924 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 8925 items: 8926 type: string 8927 type: array 8928 type: object 8929 failureThreshold: 8930 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 8931 format: int32 8932 type: integer 8933 grpc: 8934 description: GRPC specifies a GRPC HealthCheckRequest. 8935 properties: 8936 port: 8937 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 8938 format: int32 8939 type: integer 8940 service: 8941 description: |- 8942 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8943 8944 If this is not specified, the default behavior is defined by gRPC. 8945 type: string 8946 required: 8947 - port 8948 type: object 8949 httpGet: 8950 description: HTTPGet specifies an HTTP GET request to perform. 8951 properties: 8952 host: 8953 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 8954 type: string 8955 httpHeaders: 8956 description: Custom headers to set in the request. HTTP allows repeated headers. 8957 items: 8958 properties: 8959 name: 8960 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 8961 type: string 8962 value: 8963 description: The header field value 8964 type: string 8965 required: 8966 - name 8967 - value 8968 type: object 8969 type: array 8970 path: 8971 description: Path to access on the HTTP server. 8972 type: string 8973 port: 8974 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8975 format: int-or-string 8976 x-kubernetes-int-or-string: true 8977 scheme: 8978 description: |- 8979 Scheme to use for connecting to the host. Defaults to HTTP. 8980 8981 Possible enum values: 8982 - `"HTTP"` means that the scheme used will be http:// 8983 - `"HTTPS"` means that the scheme used will be https:// 8984 enum: 8985 - HTTP 8986 - HTTPS 8987 type: string 8988 required: 8989 - port 8990 type: object 8991 initialDelaySeconds: 8992 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8993 format: int32 8994 type: integer 8995 periodSeconds: 8996 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 8997 format: int32 8998 type: integer 8999 successThreshold: 9000 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 9001 format: int32 9002 type: integer 9003 tcpSocket: 9004 description: TCPSocket specifies a connection to a TCP port. 9005 properties: 9006 host: 9007 description: "Optional: Host name to connect to, defaults to the pod IP." 9008 type: string 9009 port: 9010 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9011 format: int-or-string 9012 x-kubernetes-int-or-string: true 9013 required: 9014 - port 9015 type: object 9016 terminationGracePeriodSeconds: 9017 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 9018 format: int64 9019 type: integer 9020 timeoutSeconds: 9021 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9022 format: int32 9023 type: integer 9024 type: object 9025 resizePolicy: 9026 description: Resources resize policy for the container. 9027 items: 9028 properties: 9029 resourceName: 9030 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 9031 type: string 9032 restartPolicy: 9033 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 9034 type: string 9035 required: 9036 - resourceName 9037 - restartPolicy 9038 type: object 9039 type: array 9040 resources: 9041 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. 9042 properties: 9043 claims: 9044 description: |- 9045 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 9046 9047 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 9048 9049 This field is immutable. It can only be set for containers. 9050 items: 9051 properties: 9052 name: 9053 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 9054 type: string 9055 request: 9056 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 9057 type: string 9058 required: 9059 - name 9060 type: object 9061 type: array 9062 limits: 9063 additionalProperties: 9064 type: string 9065 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 9066 type: object 9067 requests: 9068 additionalProperties: 9069 type: string 9070 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 9071 type: object 9072 type: object 9073 restartPolicy: 9074 description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. 9075 type: string 9076 securityContext: 9077 description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." 9078 properties: 9079 allowPrivilegeEscalation: 9080 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 9081 type: boolean 9082 appArmorProfile: 9083 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 9084 properties: 9085 localhostProfile: 9086 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 9087 type: string 9088 type: 9089 description: |- 9090 type indicates which kind of AppArmor profile will be applied. Valid options are: 9091 Localhost - a profile pre-loaded on the node. 9092 RuntimeDefault - the container runtime's default profile. 9093 Unconfined - no AppArmor enforcement. 9094 9095 Possible enum values: 9096 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 9097 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 9098 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 9099 enum: 9100 - Localhost 9101 - RuntimeDefault 9102 - Unconfined 9103 type: string 9104 required: 9105 - type 9106 type: object 9107 capabilities: 9108 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 9109 properties: 9110 add: 9111 description: Added capabilities 9112 items: 9113 type: string 9114 type: array 9115 drop: 9116 description: Removed capabilities 9117 items: 9118 type: string 9119 type: array 9120 type: object 9121 privileged: 9122 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 9123 type: boolean 9124 procMount: 9125 description: |- 9126 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 9127 9128 Possible enum values: 9129 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 9130 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 9131 enum: 9132 - Default 9133 - Unmasked 9134 type: string 9135 readOnlyRootFilesystem: 9136 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 9137 type: boolean 9138 runAsGroup: 9139 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 9140 format: int64 9141 type: integer 9142 runAsNonRoot: 9143 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 9144 type: boolean 9145 runAsUser: 9146 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 9147 format: int64 9148 type: integer 9149 seLinuxOptions: 9150 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 9151 properties: 9152 level: 9153 description: Level is SELinux level label that applies to the container. 9154 type: string 9155 role: 9156 description: Role is a SELinux role label that applies to the container. 9157 type: string 9158 type: 9159 description: Type is a SELinux type label that applies to the container. 9160 type: string 9161 user: 9162 description: User is a SELinux user label that applies to the container. 9163 type: string 9164 type: object 9165 seccompProfile: 9166 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 9167 properties: 9168 localhostProfile: 9169 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 9170 type: string 9171 type: 9172 description: |- 9173 type indicates which kind of seccomp profile will be applied. Valid options are: 9174 9175 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 9176 9177 Possible enum values: 9178 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 9179 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 9180 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 9181 enum: 9182 - Localhost 9183 - RuntimeDefault 9184 - Unconfined 9185 type: string 9186 required: 9187 - type 9188 type: object 9189 windowsOptions: 9190 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 9191 properties: 9192 gmsaCredentialSpec: 9193 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 9194 type: string 9195 gmsaCredentialSpecName: 9196 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 9197 type: string 9198 hostProcess: 9199 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 9200 type: boolean 9201 runAsUserName: 9202 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 9203 type: string 9204 type: object 9205 type: object 9206 startupProbe: 9207 description: Probes are not allowed for ephemeral containers. 9208 properties: 9209 exec: 9210 description: Exec specifies a command to execute in the container. 9211 properties: 9212 command: 9213 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 9214 items: 9215 type: string 9216 type: array 9217 type: object 9218 failureThreshold: 9219 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 9220 format: int32 9221 type: integer 9222 grpc: 9223 description: GRPC specifies a GRPC HealthCheckRequest. 9224 properties: 9225 port: 9226 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 9227 format: int32 9228 type: integer 9229 service: 9230 description: |- 9231 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9232 9233 If this is not specified, the default behavior is defined by gRPC. 9234 type: string 9235 required: 9236 - port 9237 type: object 9238 httpGet: 9239 description: HTTPGet specifies an HTTP GET request to perform. 9240 properties: 9241 host: 9242 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 9243 type: string 9244 httpHeaders: 9245 description: Custom headers to set in the request. HTTP allows repeated headers. 9246 items: 9247 properties: 9248 name: 9249 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 9250 type: string 9251 value: 9252 description: The header field value 9253 type: string 9254 required: 9255 - name 9256 - value 9257 type: object 9258 type: array 9259 path: 9260 description: Path to access on the HTTP server. 9261 type: string 9262 port: 9263 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9264 format: int-or-string 9265 x-kubernetes-int-or-string: true 9266 scheme: 9267 description: |- 9268 Scheme to use for connecting to the host. Defaults to HTTP. 9269 9270 Possible enum values: 9271 - `"HTTP"` means that the scheme used will be http:// 9272 - `"HTTPS"` means that the scheme used will be https:// 9273 enum: 9274 - HTTP 9275 - HTTPS 9276 type: string 9277 required: 9278 - port 9279 type: object 9280 initialDelaySeconds: 9281 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9282 format: int32 9283 type: integer 9284 periodSeconds: 9285 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 9286 format: int32 9287 type: integer 9288 successThreshold: 9289 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 9290 format: int32 9291 type: integer 9292 tcpSocket: 9293 description: TCPSocket specifies a connection to a TCP port. 9294 properties: 9295 host: 9296 description: "Optional: Host name to connect to, defaults to the pod IP." 9297 type: string 9298 port: 9299 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9300 format: int-or-string 9301 x-kubernetes-int-or-string: true 9302 required: 9303 - port 9304 type: object 9305 terminationGracePeriodSeconds: 9306 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 9307 format: int64 9308 type: integer 9309 timeoutSeconds: 9310 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9311 format: int32 9312 type: integer 9313 type: object 9314 stdin: 9315 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 9316 type: boolean 9317 stdinOnce: 9318 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 9319 type: boolean 9320 targetContainerName: 9321 description: |- 9322 If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. 9323 9324 The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined. 9325 type: string 9326 terminationMessagePath: 9327 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 9328 type: string 9329 terminationMessagePolicy: 9330 description: |- 9331 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 9332 9333 Possible enum values: 9334 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 9335 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 9336 enum: 9337 - FallbackToLogsOnError 9338 - File 9339 type: string 9340 tty: 9341 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 9342 type: boolean 9343 volumeDevices: 9344 description: volumeDevices is the list of block devices to be used by the container. 9345 items: 9346 properties: 9347 devicePath: 9348 description: devicePath is the path inside of the container that the device will be mapped to. 9349 type: string 9350 name: 9351 description: name must match the name of a persistentVolumeClaim in the pod 9352 type: string 9353 required: 9354 - name 9355 - devicePath 9356 type: object 9357 type: array 9358 volumeMounts: 9359 description: Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. 9360 items: 9361 properties: 9362 mountPath: 9363 description: Path within the container at which the volume should be mounted. Must not contain ':'. 9364 type: string 9365 mountPropagation: 9366 description: |- 9367 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 9368 9369 Possible enum values: 9370 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 9371 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 9372 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 9373 enum: 9374 - Bidirectional 9375 - HostToContainer 9376 - None 9377 type: string 9378 name: 9379 description: This must match the Name of a Volume. 9380 type: string 9381 readOnly: 9382 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 9383 type: boolean 9384 recursiveReadOnly: 9385 description: |- 9386 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 9387 9388 If ReadOnly is false, this field has no meaning and must be unspecified. 9389 9390 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 9391 9392 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 9393 9394 If this field is not specified, it is treated as an equivalent of Disabled. 9395 type: string 9396 subPath: 9397 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 9398 type: string 9399 subPathExpr: 9400 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 9401 type: string 9402 required: 9403 - name 9404 - mountPath 9405 type: object 9406 type: array 9407 workingDir: 9408 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 9409 type: string 9410 required: 9411 - name 9412 type: object 9413 type: array 9414 hostAliases: 9415 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. 9416 items: 9417 properties: 9418 hostnames: 9419 description: Hostnames for the above IP address. 9420 items: 9421 type: string 9422 type: array 9423 ip: 9424 description: IP address of the host file entry. 9425 type: string 9426 required: 9427 - ip 9428 type: object 9429 type: array 9430 hostIPC: 9431 description: "Use the host's ipc namespace. Optional: Default to false." 9432 type: boolean 9433 hostNetwork: 9434 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. 9435 type: boolean 9436 hostPID: 9437 description: "Use the host's pid namespace. Optional: Default to false." 9438 type: boolean 9439 hostUsers: 9440 description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." 9441 type: boolean 9442 hostname: 9443 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. 9444 type: string 9445 imagePullSecrets: 9446 description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" 9447 items: 9448 properties: 9449 name: 9450 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 9451 type: string 9452 type: object 9453 x-kubernetes-map-type: atomic 9454 type: array 9455 initContainers: 9456 description: "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" 9457 items: 9458 properties: 9459 args: 9460 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 9461 items: 9462 type: string 9463 type: array 9464 command: 9465 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 9466 items: 9467 type: string 9468 type: array 9469 env: 9470 description: List of environment variables to set in the container. Cannot be updated. 9471 items: 9472 properties: 9473 name: 9474 description: Name of the environment variable. Must be a C_IDENTIFIER. 9475 type: string 9476 value: 9477 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 9478 type: string 9479 valueFrom: 9480 description: Source for the environment variable's value. Cannot be used if value is not empty. 9481 properties: 9482 configMapKeyRef: 9483 description: Selects a key of a ConfigMap. 9484 properties: 9485 key: 9486 description: The key to select. 9487 type: string 9488 name: 9489 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 9490 type: string 9491 optional: 9492 description: Specify whether the ConfigMap or its key must be defined 9493 type: boolean 9494 required: 9495 - key 9496 type: object 9497 x-kubernetes-map-type: atomic 9498 fieldRef: 9499 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 9500 properties: 9501 apiVersion: 9502 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 9503 type: string 9504 fieldPath: 9505 description: Path of the field to select in the specified API version. 9506 type: string 9507 required: 9508 - fieldPath 9509 type: object 9510 x-kubernetes-map-type: atomic 9511 resourceFieldRef: 9512 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 9513 properties: 9514 containerName: 9515 description: "Container name: required for volumes, optional for env vars" 9516 type: string 9517 divisor: 9518 description: Specifies the output format of the exposed resources, defaults to "1" 9519 type: string 9520 resource: 9521 description: "Required: resource to select" 9522 type: string 9523 required: 9524 - resource 9525 type: object 9526 x-kubernetes-map-type: atomic 9527 secretKeyRef: 9528 description: Selects a key of a secret in the pod's namespace 9529 properties: 9530 key: 9531 description: The key of the secret to select from. Must be a valid secret key. 9532 type: string 9533 name: 9534 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 9535 type: string 9536 optional: 9537 description: Specify whether the Secret or its key must be defined 9538 type: boolean 9539 required: 9540 - key 9541 type: object 9542 x-kubernetes-map-type: atomic 9543 type: object 9544 required: 9545 - name 9546 type: object 9547 type: array 9548 envFrom: 9549 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 9550 items: 9551 properties: 9552 configMapRef: 9553 description: The ConfigMap to select from 9554 properties: 9555 name: 9556 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 9557 type: string 9558 optional: 9559 description: Specify whether the ConfigMap must be defined 9560 type: boolean 9561 type: object 9562 prefix: 9563 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 9564 type: string 9565 secretRef: 9566 description: The Secret to select from 9567 properties: 9568 name: 9569 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 9570 type: string 9571 optional: 9572 description: Specify whether the Secret must be defined 9573 type: boolean 9574 type: object 9575 type: object 9576 type: array 9577 image: 9578 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 9579 type: string 9580 imagePullPolicy: 9581 description: |- 9582 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 9583 9584 Possible enum values: 9585 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 9586 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 9587 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 9588 enum: 9589 - Always 9590 - IfNotPresent 9591 - Never 9592 type: string 9593 lifecycle: 9594 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 9595 properties: 9596 postStart: 9597 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 9598 properties: 9599 exec: 9600 description: Exec specifies a command to execute in the container. 9601 properties: 9602 command: 9603 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 9604 items: 9605 type: string 9606 type: array 9607 type: object 9608 httpGet: 9609 description: HTTPGet specifies an HTTP GET request to perform. 9610 properties: 9611 host: 9612 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 9613 type: string 9614 httpHeaders: 9615 description: Custom headers to set in the request. HTTP allows repeated headers. 9616 items: 9617 properties: 9618 name: 9619 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 9620 type: string 9621 value: 9622 description: The header field value 9623 type: string 9624 required: 9625 - name 9626 - value 9627 type: object 9628 type: array 9629 path: 9630 description: Path to access on the HTTP server. 9631 type: string 9632 port: 9633 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9634 format: int-or-string 9635 x-kubernetes-int-or-string: true 9636 scheme: 9637 description: |- 9638 Scheme to use for connecting to the host. Defaults to HTTP. 9639 9640 Possible enum values: 9641 - `"HTTP"` means that the scheme used will be http:// 9642 - `"HTTPS"` means that the scheme used will be https:// 9643 enum: 9644 - HTTP 9645 - HTTPS 9646 type: string 9647 required: 9648 - port 9649 type: object 9650 sleep: 9651 description: Sleep represents a duration that the container should sleep. 9652 properties: 9653 seconds: 9654 description: Seconds is the number of seconds to sleep. 9655 format: int64 9656 type: integer 9657 required: 9658 - seconds 9659 type: object 9660 tcpSocket: 9661 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 9662 properties: 9663 host: 9664 description: "Optional: Host name to connect to, defaults to the pod IP." 9665 type: string 9666 port: 9667 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9668 format: int-or-string 9669 x-kubernetes-int-or-string: true 9670 required: 9671 - port 9672 type: object 9673 type: object 9674 preStop: 9675 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 9676 properties: 9677 exec: 9678 description: Exec specifies a command to execute in the container. 9679 properties: 9680 command: 9681 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 9682 items: 9683 type: string 9684 type: array 9685 type: object 9686 httpGet: 9687 description: HTTPGet specifies an HTTP GET request to perform. 9688 properties: 9689 host: 9690 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 9691 type: string 9692 httpHeaders: 9693 description: Custom headers to set in the request. HTTP allows repeated headers. 9694 items: 9695 properties: 9696 name: 9697 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 9698 type: string 9699 value: 9700 description: The header field value 9701 type: string 9702 required: 9703 - name 9704 - value 9705 type: object 9706 type: array 9707 path: 9708 description: Path to access on the HTTP server. 9709 type: string 9710 port: 9711 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9712 format: int-or-string 9713 x-kubernetes-int-or-string: true 9714 scheme: 9715 description: |- 9716 Scheme to use for connecting to the host. Defaults to HTTP. 9717 9718 Possible enum values: 9719 - `"HTTP"` means that the scheme used will be http:// 9720 - `"HTTPS"` means that the scheme used will be https:// 9721 enum: 9722 - HTTP 9723 - HTTPS 9724 type: string 9725 required: 9726 - port 9727 type: object 9728 sleep: 9729 description: Sleep represents a duration that the container should sleep. 9730 properties: 9731 seconds: 9732 description: Seconds is the number of seconds to sleep. 9733 format: int64 9734 type: integer 9735 required: 9736 - seconds 9737 type: object 9738 tcpSocket: 9739 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 9740 properties: 9741 host: 9742 description: "Optional: Host name to connect to, defaults to the pod IP." 9743 type: string 9744 port: 9745 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9746 format: int-or-string 9747 x-kubernetes-int-or-string: true 9748 required: 9749 - port 9750 type: object 9751 type: object 9752 type: object 9753 livenessProbe: 9754 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9755 properties: 9756 exec: 9757 description: Exec specifies a command to execute in the container. 9758 properties: 9759 command: 9760 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 9761 items: 9762 type: string 9763 type: array 9764 type: object 9765 failureThreshold: 9766 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 9767 format: int32 9768 type: integer 9769 grpc: 9770 description: GRPC specifies a GRPC HealthCheckRequest. 9771 properties: 9772 port: 9773 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 9774 format: int32 9775 type: integer 9776 service: 9777 description: |- 9778 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9779 9780 If this is not specified, the default behavior is defined by gRPC. 9781 type: string 9782 required: 9783 - port 9784 type: object 9785 httpGet: 9786 description: HTTPGet specifies an HTTP GET request to perform. 9787 properties: 9788 host: 9789 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 9790 type: string 9791 httpHeaders: 9792 description: Custom headers to set in the request. HTTP allows repeated headers. 9793 items: 9794 properties: 9795 name: 9796 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 9797 type: string 9798 value: 9799 description: The header field value 9800 type: string 9801 required: 9802 - name 9803 - value 9804 type: object 9805 type: array 9806 path: 9807 description: Path to access on the HTTP server. 9808 type: string 9809 port: 9810 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9811 format: int-or-string 9812 x-kubernetes-int-or-string: true 9813 scheme: 9814 description: |- 9815 Scheme to use for connecting to the host. Defaults to HTTP. 9816 9817 Possible enum values: 9818 - `"HTTP"` means that the scheme used will be http:// 9819 - `"HTTPS"` means that the scheme used will be https:// 9820 enum: 9821 - HTTP 9822 - HTTPS 9823 type: string 9824 required: 9825 - port 9826 type: object 9827 initialDelaySeconds: 9828 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9829 format: int32 9830 type: integer 9831 periodSeconds: 9832 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 9833 format: int32 9834 type: integer 9835 successThreshold: 9836 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 9837 format: int32 9838 type: integer 9839 tcpSocket: 9840 description: TCPSocket specifies a connection to a TCP port. 9841 properties: 9842 host: 9843 description: "Optional: Host name to connect to, defaults to the pod IP." 9844 type: string 9845 port: 9846 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9847 format: int-or-string 9848 x-kubernetes-int-or-string: true 9849 required: 9850 - port 9851 type: object 9852 terminationGracePeriodSeconds: 9853 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 9854 format: int64 9855 type: integer 9856 timeoutSeconds: 9857 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9858 format: int32 9859 type: integer 9860 type: object 9861 name: 9862 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 9863 type: string 9864 ports: 9865 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 9866 items: 9867 properties: 9868 containerPort: 9869 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 9870 format: int32 9871 type: integer 9872 hostIP: 9873 description: What host IP to bind the external port to. 9874 type: string 9875 hostPort: 9876 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 9877 format: int32 9878 type: integer 9879 name: 9880 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 9881 type: string 9882 protocol: 9883 description: |- 9884 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 9885 9886 Possible enum values: 9887 - `"SCTP"` is the SCTP protocol. 9888 - `"TCP"` is the TCP protocol. 9889 - `"UDP"` is the UDP protocol. 9890 enum: 9891 - SCTP 9892 - TCP 9893 - UDP 9894 type: string 9895 required: 9896 - containerPort 9897 type: object 9898 type: array 9899 readinessProbe: 9900 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9901 properties: 9902 exec: 9903 description: Exec specifies a command to execute in the container. 9904 properties: 9905 command: 9906 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 9907 items: 9908 type: string 9909 type: array 9910 type: object 9911 failureThreshold: 9912 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 9913 format: int32 9914 type: integer 9915 grpc: 9916 description: GRPC specifies a GRPC HealthCheckRequest. 9917 properties: 9918 port: 9919 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 9920 format: int32 9921 type: integer 9922 service: 9923 description: |- 9924 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9925 9926 If this is not specified, the default behavior is defined by gRPC. 9927 type: string 9928 required: 9929 - port 9930 type: object 9931 httpGet: 9932 description: HTTPGet specifies an HTTP GET request to perform. 9933 properties: 9934 host: 9935 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 9936 type: string 9937 httpHeaders: 9938 description: Custom headers to set in the request. HTTP allows repeated headers. 9939 items: 9940 properties: 9941 name: 9942 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 9943 type: string 9944 value: 9945 description: The header field value 9946 type: string 9947 required: 9948 - name 9949 - value 9950 type: object 9951 type: array 9952 path: 9953 description: Path to access on the HTTP server. 9954 type: string 9955 port: 9956 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9957 format: int-or-string 9958 x-kubernetes-int-or-string: true 9959 scheme: 9960 description: |- 9961 Scheme to use for connecting to the host. Defaults to HTTP. 9962 9963 Possible enum values: 9964 - `"HTTP"` means that the scheme used will be http:// 9965 - `"HTTPS"` means that the scheme used will be https:// 9966 enum: 9967 - HTTP 9968 - HTTPS 9969 type: string 9970 required: 9971 - port 9972 type: object 9973 initialDelaySeconds: 9974 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9975 format: int32 9976 type: integer 9977 periodSeconds: 9978 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 9979 format: int32 9980 type: integer 9981 successThreshold: 9982 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 9983 format: int32 9984 type: integer 9985 tcpSocket: 9986 description: TCPSocket specifies a connection to a TCP port. 9987 properties: 9988 host: 9989 description: "Optional: Host name to connect to, defaults to the pod IP." 9990 type: string 9991 port: 9992 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9993 format: int-or-string 9994 x-kubernetes-int-or-string: true 9995 required: 9996 - port 9997 type: object 9998 terminationGracePeriodSeconds: 9999 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 10000 format: int64 10001 type: integer 10002 timeoutSeconds: 10003 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 10004 format: int32 10005 type: integer 10006 type: object 10007 resizePolicy: 10008 description: Resources resize policy for the container. 10009 items: 10010 properties: 10011 resourceName: 10012 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 10013 type: string 10014 restartPolicy: 10015 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 10016 type: string 10017 required: 10018 - resourceName 10019 - restartPolicy 10020 type: object 10021 type: array 10022 resources: 10023 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 10024 properties: 10025 claims: 10026 description: |- 10027 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 10028 10029 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 10030 10031 This field is immutable. It can only be set for containers. 10032 items: 10033 properties: 10034 name: 10035 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 10036 type: string 10037 request: 10038 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 10039 type: string 10040 required: 10041 - name 10042 type: object 10043 type: array 10044 limits: 10045 additionalProperties: 10046 type: string 10047 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 10048 type: object 10049 requests: 10050 additionalProperties: 10051 type: string 10052 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 10053 type: object 10054 type: object 10055 restartPolicy: 10056 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 10057 type: string 10058 securityContext: 10059 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 10060 properties: 10061 allowPrivilegeEscalation: 10062 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 10063 type: boolean 10064 appArmorProfile: 10065 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 10066 properties: 10067 localhostProfile: 10068 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 10069 type: string 10070 type: 10071 description: |- 10072 type indicates which kind of AppArmor profile will be applied. Valid options are: 10073 Localhost - a profile pre-loaded on the node. 10074 RuntimeDefault - the container runtime's default profile. 10075 Unconfined - no AppArmor enforcement. 10076 10077 Possible enum values: 10078 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 10079 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 10080 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 10081 enum: 10082 - Localhost 10083 - RuntimeDefault 10084 - Unconfined 10085 type: string 10086 required: 10087 - type 10088 type: object 10089 capabilities: 10090 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 10091 properties: 10092 add: 10093 description: Added capabilities 10094 items: 10095 type: string 10096 type: array 10097 drop: 10098 description: Removed capabilities 10099 items: 10100 type: string 10101 type: array 10102 type: object 10103 privileged: 10104 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 10105 type: boolean 10106 procMount: 10107 description: |- 10108 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 10109 10110 Possible enum values: 10111 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 10112 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 10113 enum: 10114 - Default 10115 - Unmasked 10116 type: string 10117 readOnlyRootFilesystem: 10118 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 10119 type: boolean 10120 runAsGroup: 10121 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 10122 format: int64 10123 type: integer 10124 runAsNonRoot: 10125 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 10126 type: boolean 10127 runAsUser: 10128 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 10129 format: int64 10130 type: integer 10131 seLinuxOptions: 10132 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 10133 properties: 10134 level: 10135 description: Level is SELinux level label that applies to the container. 10136 type: string 10137 role: 10138 description: Role is a SELinux role label that applies to the container. 10139 type: string 10140 type: 10141 description: Type is a SELinux type label that applies to the container. 10142 type: string 10143 user: 10144 description: User is a SELinux user label that applies to the container. 10145 type: string 10146 type: object 10147 seccompProfile: 10148 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 10149 properties: 10150 localhostProfile: 10151 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 10152 type: string 10153 type: 10154 description: |- 10155 type indicates which kind of seccomp profile will be applied. Valid options are: 10156 10157 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 10158 10159 Possible enum values: 10160 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 10161 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 10162 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 10163 enum: 10164 - Localhost 10165 - RuntimeDefault 10166 - Unconfined 10167 type: string 10168 required: 10169 - type 10170 type: object 10171 windowsOptions: 10172 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 10173 properties: 10174 gmsaCredentialSpec: 10175 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 10176 type: string 10177 gmsaCredentialSpecName: 10178 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 10179 type: string 10180 hostProcess: 10181 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 10182 type: boolean 10183 runAsUserName: 10184 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 10185 type: string 10186 type: object 10187 type: object 10188 startupProbe: 10189 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 10190 properties: 10191 exec: 10192 description: Exec specifies a command to execute in the container. 10193 properties: 10194 command: 10195 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 10196 items: 10197 type: string 10198 type: array 10199 type: object 10200 failureThreshold: 10201 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 10202 format: int32 10203 type: integer 10204 grpc: 10205 description: GRPC specifies a GRPC HealthCheckRequest. 10206 properties: 10207 port: 10208 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 10209 format: int32 10210 type: integer 10211 service: 10212 description: |- 10213 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 10214 10215 If this is not specified, the default behavior is defined by gRPC. 10216 type: string 10217 required: 10218 - port 10219 type: object 10220 httpGet: 10221 description: HTTPGet specifies an HTTP GET request to perform. 10222 properties: 10223 host: 10224 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 10225 type: string 10226 httpHeaders: 10227 description: Custom headers to set in the request. HTTP allows repeated headers. 10228 items: 10229 properties: 10230 name: 10231 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 10232 type: string 10233 value: 10234 description: The header field value 10235 type: string 10236 required: 10237 - name 10238 - value 10239 type: object 10240 type: array 10241 path: 10242 description: Path to access on the HTTP server. 10243 type: string 10244 port: 10245 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 10246 format: int-or-string 10247 x-kubernetes-int-or-string: true 10248 scheme: 10249 description: |- 10250 Scheme to use for connecting to the host. Defaults to HTTP. 10251 10252 Possible enum values: 10253 - `"HTTP"` means that the scheme used will be http:// 10254 - `"HTTPS"` means that the scheme used will be https:// 10255 enum: 10256 - HTTP 10257 - HTTPS 10258 type: string 10259 required: 10260 - port 10261 type: object 10262 initialDelaySeconds: 10263 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 10264 format: int32 10265 type: integer 10266 periodSeconds: 10267 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 10268 format: int32 10269 type: integer 10270 successThreshold: 10271 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 10272 format: int32 10273 type: integer 10274 tcpSocket: 10275 description: TCPSocket specifies a connection to a TCP port. 10276 properties: 10277 host: 10278 description: "Optional: Host name to connect to, defaults to the pod IP." 10279 type: string 10280 port: 10281 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 10282 format: int-or-string 10283 x-kubernetes-int-or-string: true 10284 required: 10285 - port 10286 type: object 10287 terminationGracePeriodSeconds: 10288 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 10289 format: int64 10290 type: integer 10291 timeoutSeconds: 10292 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 10293 format: int32 10294 type: integer 10295 type: object 10296 stdin: 10297 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 10298 type: boolean 10299 stdinOnce: 10300 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 10301 type: boolean 10302 terminationMessagePath: 10303 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 10304 type: string 10305 terminationMessagePolicy: 10306 description: |- 10307 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 10308 10309 Possible enum values: 10310 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 10311 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 10312 enum: 10313 - FallbackToLogsOnError 10314 - File 10315 type: string 10316 tty: 10317 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 10318 type: boolean 10319 volumeDevices: 10320 description: volumeDevices is the list of block devices to be used by the container. 10321 items: 10322 properties: 10323 devicePath: 10324 description: devicePath is the path inside of the container that the device will be mapped to. 10325 type: string 10326 name: 10327 description: name must match the name of a persistentVolumeClaim in the pod 10328 type: string 10329 required: 10330 - name 10331 - devicePath 10332 type: object 10333 type: array 10334 volumeMounts: 10335 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 10336 items: 10337 properties: 10338 mountPath: 10339 description: Path within the container at which the volume should be mounted. Must not contain ':'. 10340 type: string 10341 mountPropagation: 10342 description: |- 10343 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 10344 10345 Possible enum values: 10346 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 10347 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 10348 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 10349 enum: 10350 - Bidirectional 10351 - HostToContainer 10352 - None 10353 type: string 10354 name: 10355 description: This must match the Name of a Volume. 10356 type: string 10357 readOnly: 10358 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 10359 type: boolean 10360 recursiveReadOnly: 10361 description: |- 10362 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 10363 10364 If ReadOnly is false, this field has no meaning and must be unspecified. 10365 10366 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 10367 10368 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 10369 10370 If this field is not specified, it is treated as an equivalent of Disabled. 10371 type: string 10372 subPath: 10373 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 10374 type: string 10375 subPathExpr: 10376 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 10377 type: string 10378 required: 10379 - name 10380 - mountPath 10381 type: object 10382 type: array 10383 workingDir: 10384 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 10385 type: string 10386 required: 10387 - name 10388 type: object 10389 type: array 10390 nodeName: 10391 description: NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename 10392 type: string 10393 nodeSelector: 10394 additionalProperties: 10395 type: string 10396 description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" 10397 type: object 10398 x-kubernetes-map-type: atomic 10399 os: 10400 description: |- 10401 Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. 10402 10403 If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions 10404 10405 If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup 10406 properties: 10407 name: 10408 description: "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null" 10409 type: string 10410 required: 10411 - name 10412 type: object 10413 overhead: 10414 additionalProperties: 10415 type: string 10416 description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" 10417 type: object 10418 preemptionPolicy: 10419 description: |- 10420 PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. 10421 10422 Possible enum values: 10423 - `"Never"` means that pod never preempts other pods with lower priority. 10424 - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority. 10425 enum: 10426 - Never 10427 - PreemptLowerPriority 10428 type: string 10429 priority: 10430 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. 10431 format: int32 10432 type: integer 10433 priorityClassName: 10434 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. 10435 type: string 10436 readinessGates: 10437 description: "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" 10438 items: 10439 properties: 10440 conditionType: 10441 description: ConditionType refers to a condition in the pod's condition list with matching type. 10442 type: string 10443 required: 10444 - conditionType 10445 type: object 10446 type: array 10447 resourceClaims: 10448 description: |- 10449 ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. 10450 10451 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 10452 10453 This field is immutable. 10454 items: 10455 properties: 10456 name: 10457 description: Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. 10458 type: string 10459 resourceClaimName: 10460 description: |- 10461 ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. 10462 10463 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 10464 type: string 10465 resourceClaimTemplateName: 10466 description: |- 10467 ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. 10468 10469 The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 10470 10471 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. 10472 10473 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 10474 type: string 10475 required: 10476 - name 10477 type: object 10478 type: array 10479 resources: 10480 description: |- 10481 Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for "cpu" and "memory" resource names only. ResourceClaims are not supported. 10482 10483 This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. 10484 10485 This is an alpha field and requires enabling the PodLevelResources feature gate. 10486 properties: 10487 claims: 10488 description: |- 10489 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 10490 10491 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 10492 10493 This field is immutable. It can only be set for containers. 10494 items: 10495 properties: 10496 name: 10497 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 10498 type: string 10499 request: 10500 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 10501 type: string 10502 required: 10503 - name 10504 type: object 10505 type: array 10506 limits: 10507 additionalProperties: 10508 type: string 10509 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 10510 type: object 10511 requests: 10512 additionalProperties: 10513 type: string 10514 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 10515 type: object 10516 type: object 10517 restartPolicy: 10518 description: |- 10519 Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 10520 10521 Possible enum values: 10522 - `"Always"` 10523 - `"Never"` 10524 - `"OnFailure"` 10525 enum: 10526 - Always 10527 - Never 10528 - OnFailure 10529 type: string 10530 runtimeClassName: 10531 description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" 10532 type: string 10533 schedulerName: 10534 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. 10535 type: string 10536 schedulingGates: 10537 description: |- 10538 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. 10539 10540 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 10541 items: 10542 properties: 10543 name: 10544 description: Name of the scheduling gate. Each scheduling gate must have a unique name field. 10545 type: string 10546 required: 10547 - name 10548 type: object 10549 type: array 10550 securityContext: 10551 description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." 10552 properties: 10553 appArmorProfile: 10554 description: appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 10555 properties: 10556 localhostProfile: 10557 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 10558 type: string 10559 type: 10560 description: |- 10561 type indicates which kind of AppArmor profile will be applied. Valid options are: 10562 Localhost - a profile pre-loaded on the node. 10563 RuntimeDefault - the container runtime's default profile. 10564 Unconfined - no AppArmor enforcement. 10565 10566 Possible enum values: 10567 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 10568 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 10569 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 10570 enum: 10571 - Localhost 10572 - RuntimeDefault 10573 - Unconfined 10574 type: string 10575 required: 10576 - type 10577 type: object 10578 fsGroup: 10579 description: |- 10580 A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 10581 10582 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- 10583 10584 If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. 10585 format: int64 10586 type: integer 10587 fsGroupChangePolicy: 10588 description: |- 10589 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. 10590 10591 Possible enum values: 10592 - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior. 10593 - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume. 10594 enum: 10595 - Always 10596 - OnRootMismatch 10597 type: string 10598 runAsGroup: 10599 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 10600 format: int64 10601 type: integer 10602 runAsNonRoot: 10603 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 10604 type: boolean 10605 runAsUser: 10606 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 10607 format: int64 10608 type: integer 10609 seLinuxChangePolicy: 10610 description: |- 10611 seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". 10612 10613 "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. 10614 10615 "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. 10616 10617 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. 10618 10619 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. 10620 10621 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows. 10622 type: string 10623 seLinuxOptions: 10624 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 10625 properties: 10626 level: 10627 description: Level is SELinux level label that applies to the container. 10628 type: string 10629 role: 10630 description: Role is a SELinux role label that applies to the container. 10631 type: string 10632 type: 10633 description: Type is a SELinux type label that applies to the container. 10634 type: string 10635 user: 10636 description: User is a SELinux user label that applies to the container. 10637 type: string 10638 type: object 10639 seccompProfile: 10640 description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 10641 properties: 10642 localhostProfile: 10643 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 10644 type: string 10645 type: 10646 description: |- 10647 type indicates which kind of seccomp profile will be applied. Valid options are: 10648 10649 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 10650 10651 Possible enum values: 10652 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 10653 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 10654 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 10655 enum: 10656 - Localhost 10657 - RuntimeDefault 10658 - Unconfined 10659 type: string 10660 required: 10661 - type 10662 type: object 10663 supplementalGroups: 10664 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. 10665 items: 10666 format: int64 10667 type: integer 10668 type: array 10669 supplementalGroupsPolicy: 10670 description: |- 10671 Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows. 10672 10673 Possible enum values: 10674 - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group). 10675 - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image. 10676 enum: 10677 - Merge 10678 - Strict 10679 type: string 10680 sysctls: 10681 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. 10682 items: 10683 properties: 10684 name: 10685 description: Name of a property to set 10686 type: string 10687 value: 10688 description: Value of a property to set 10689 type: string 10690 required: 10691 - name 10692 - value 10693 type: object 10694 type: array 10695 windowsOptions: 10696 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 10697 properties: 10698 gmsaCredentialSpec: 10699 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 10700 type: string 10701 gmsaCredentialSpecName: 10702 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 10703 type: string 10704 hostProcess: 10705 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 10706 type: boolean 10707 runAsUserName: 10708 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 10709 type: string 10710 type: object 10711 type: object 10712 serviceAccount: 10713 description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead." 10714 type: string 10715 serviceAccountName: 10716 description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" 10717 type: string 10718 setHostnameAsFQDN: 10719 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. 10720 type: boolean 10721 shareProcessNamespace: 10722 description: "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false." 10723 type: boolean 10724 subdomain: 10725 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all. 10726 type: string 10727 terminationGracePeriodSeconds: 10728 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. 10729 format: int64 10730 type: integer 10731 tolerations: 10732 description: If specified, the pod's tolerations. 10733 items: 10734 properties: 10735 effect: 10736 description: |- 10737 Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 10738 10739 Possible enum values: 10740 - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController. 10741 - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler. 10742 - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler. 10743 enum: 10744 - NoExecute 10745 - NoSchedule 10746 - PreferNoSchedule 10747 type: string 10748 key: 10749 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 10750 type: string 10751 operator: 10752 description: |- 10753 Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 10754 10755 Possible enum values: 10756 - `"Equal"` 10757 - `"Exists"` 10758 enum: 10759 - Equal 10760 - Exists 10761 type: string 10762 tolerationSeconds: 10763 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 10764 format: int64 10765 type: integer 10766 value: 10767 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 10768 type: string 10769 type: object 10770 type: array 10771 topologySpreadConstraints: 10772 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. 10773 items: 10774 properties: 10775 labelSelector: 10776 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 10777 properties: 10778 matchExpressions: 10779 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 10780 items: 10781 properties: 10782 key: 10783 description: key is the label key that the selector applies to. 10784 type: string 10785 operator: 10786 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 10787 type: string 10788 values: 10789 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 10790 items: 10791 type: string 10792 type: array 10793 required: 10794 - key 10795 - operator 10796 type: object 10797 type: array 10798 matchLabels: 10799 additionalProperties: 10800 type: string 10801 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 10802 type: object 10803 type: object 10804 x-kubernetes-map-type: atomic 10805 matchLabelKeys: 10806 description: |- 10807 MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 10808 10809 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 10810 items: 10811 type: string 10812 type: array 10813 maxSkew: 10814 description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." 10815 format: int32 10816 type: integer 10817 minDomains: 10818 description: |- 10819 MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 10820 10821 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. 10822 format: int32 10823 type: integer 10824 nodeAffinityPolicy: 10825 description: |- 10826 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 10827 10828 If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 10829 10830 Possible enum values: 10831 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 10832 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 10833 enum: 10834 - Honor 10835 - Ignore 10836 type: string 10837 nodeTaintsPolicy: 10838 description: |- 10839 NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 10840 10841 If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 10842 10843 Possible enum values: 10844 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 10845 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 10846 enum: 10847 - Honor 10848 - Ignore 10849 type: string 10850 topologyKey: 10851 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. 10852 type: string 10853 whenUnsatisfiable: 10854 description: |- 10855 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, 10856 but giving higher precedence to topologies that would help reduce the 10857 skew. 10858 A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. 10859 10860 Possible enum values: 10861 - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied. 10862 - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied. 10863 enum: 10864 - DoNotSchedule 10865 - ScheduleAnyway 10866 type: string 10867 required: 10868 - maxSkew 10869 - topologyKey 10870 - whenUnsatisfiable 10871 type: object 10872 type: array 10873 volumes: 10874 description: "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" 10875 items: 10876 properties: 10877 awsElasticBlockStore: 10878 description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 10879 properties: 10880 fsType: 10881 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 10882 type: string 10883 partition: 10884 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." 10885 format: int32 10886 type: integer 10887 readOnly: 10888 description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 10889 type: boolean 10890 volumeID: 10891 description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 10892 type: string 10893 required: 10894 - volumeID 10895 type: object 10896 azureDisk: 10897 description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver." 10898 properties: 10899 cachingMode: 10900 description: |- 10901 cachingMode is the Host Caching mode: None, Read Only, Read Write. 10902 10903 Possible enum values: 10904 - `"None"` 10905 - `"ReadOnly"` 10906 - `"ReadWrite"` 10907 enum: 10908 - None 10909 - ReadOnly 10910 - ReadWrite 10911 type: string 10912 diskName: 10913 description: diskName is the Name of the data disk in the blob storage 10914 type: string 10915 diskURI: 10916 description: diskURI is the URI of data disk in the blob storage 10917 type: string 10918 fsType: 10919 description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 10920 type: string 10921 kind: 10922 description: |- 10923 kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared 10924 10925 Possible enum values: 10926 - `"Dedicated"` 10927 - `"Managed"` 10928 - `"Shared"` 10929 enum: 10930 - Dedicated 10931 - Managed 10932 - Shared 10933 type: string 10934 readOnly: 10935 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 10936 type: boolean 10937 required: 10938 - diskName 10939 - diskURI 10940 type: object 10941 azureFile: 10942 description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver." 10943 properties: 10944 readOnly: 10945 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 10946 type: boolean 10947 secretName: 10948 description: secretName is the name of secret that contains Azure Storage Account Name and Key 10949 type: string 10950 shareName: 10951 description: shareName is the azure share Name 10952 type: string 10953 required: 10954 - secretName 10955 - shareName 10956 type: object 10957 cephfs: 10958 description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported." 10959 properties: 10960 monitors: 10961 description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 10962 items: 10963 type: string 10964 type: array 10965 path: 10966 description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" 10967 type: string 10968 readOnly: 10969 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 10970 type: boolean 10971 secretFile: 10972 description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 10973 type: string 10974 secretRef: 10975 description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 10976 properties: 10977 name: 10978 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 10979 type: string 10980 type: object 10981 x-kubernetes-map-type: atomic 10982 user: 10983 description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 10984 type: string 10985 required: 10986 - monitors 10987 type: object 10988 cinder: 10989 description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 10990 properties: 10991 fsType: 10992 description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 10993 type: string 10994 readOnly: 10995 description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 10996 type: boolean 10997 secretRef: 10998 description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." 10999 properties: 11000 name: 11001 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11002 type: string 11003 type: object 11004 x-kubernetes-map-type: atomic 11005 volumeID: 11006 description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 11007 type: string 11008 required: 11009 - volumeID 11010 type: object 11011 configMap: 11012 description: configMap represents a configMap that should populate this volume 11013 properties: 11014 defaultMode: 11015 description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11016 format: int32 11017 type: integer 11018 items: 11019 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 11020 items: 11021 properties: 11022 key: 11023 description: key is the key to project. 11024 type: string 11025 mode: 11026 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11027 format: int32 11028 type: integer 11029 path: 11030 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 11031 type: string 11032 required: 11033 - key 11034 - path 11035 type: object 11036 type: array 11037 name: 11038 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11039 type: string 11040 optional: 11041 description: optional specify whether the ConfigMap or its keys must be defined 11042 type: boolean 11043 type: object 11044 csi: 11045 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. 11046 properties: 11047 driver: 11048 description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 11049 type: string 11050 fsType: 11051 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 11052 type: string 11053 nodePublishSecretRef: 11054 description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 11055 properties: 11056 name: 11057 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11058 type: string 11059 type: object 11060 x-kubernetes-map-type: atomic 11061 readOnly: 11062 description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). 11063 type: boolean 11064 volumeAttributes: 11065 additionalProperties: 11066 type: string 11067 description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 11068 type: object 11069 required: 11070 - driver 11071 type: object 11072 downwardAPI: 11073 description: downwardAPI represents downward API about the pod that should populate this volume 11074 properties: 11075 defaultMode: 11076 description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11077 format: int32 11078 type: integer 11079 items: 11080 description: Items is a list of downward API volume file 11081 items: 11082 properties: 11083 fieldRef: 11084 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 11085 properties: 11086 apiVersion: 11087 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 11088 type: string 11089 fieldPath: 11090 description: Path of the field to select in the specified API version. 11091 type: string 11092 required: 11093 - fieldPath 11094 type: object 11095 x-kubernetes-map-type: atomic 11096 mode: 11097 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11098 format: int32 11099 type: integer 11100 path: 11101 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 11102 type: string 11103 resourceFieldRef: 11104 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 11105 properties: 11106 containerName: 11107 description: "Container name: required for volumes, optional for env vars" 11108 type: string 11109 divisor: 11110 description: Specifies the output format of the exposed resources, defaults to "1" 11111 type: string 11112 resource: 11113 description: "Required: resource to select" 11114 type: string 11115 required: 11116 - resource 11117 type: object 11118 x-kubernetes-map-type: atomic 11119 required: 11120 - path 11121 type: object 11122 type: array 11123 type: object 11124 emptyDir: 11125 description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 11126 properties: 11127 medium: 11128 description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 11129 type: string 11130 sizeLimit: 11131 description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 11132 type: string 11133 type: object 11134 ephemeral: 11135 description: |- 11136 ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. 11137 11138 Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity 11139 tracking are needed, 11140 c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through 11141 a PersistentVolumeClaim (see EphemeralVolumeSource for more 11142 information on the connection between this volume type 11143 and PersistentVolumeClaim). 11144 11145 Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. 11146 11147 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. 11148 11149 A pod can use both types of ephemeral volumes and persistent volumes at the same time. 11150 properties: 11151 volumeClaimTemplate: 11152 description: |- 11153 Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). 11154 11155 An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. 11156 11157 This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. 11158 11159 Required, must not be nil. 11160 properties: 11161 metadata: 11162 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 11163 properties: 11164 annotations: 11165 additionalProperties: 11166 type: string 11167 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 11168 type: object 11169 creationTimestamp: 11170 description: |- 11171 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 11172 11173 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 11174 format: date-time 11175 nullable: true 11176 type: string 11177 deletionGracePeriodSeconds: 11178 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 11179 format: int64 11180 type: integer 11181 deletionTimestamp: 11182 description: |- 11183 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 11184 11185 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 11186 format: date-time 11187 type: string 11188 finalizers: 11189 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 11190 items: 11191 type: string 11192 type: array 11193 generateName: 11194 description: |- 11195 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 11196 11197 If this field is specified and the generated name exists, the server will return a 409. 11198 11199 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 11200 type: string 11201 generation: 11202 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 11203 format: int64 11204 type: integer 11205 labels: 11206 additionalProperties: 11207 type: string 11208 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 11209 type: object 11210 managedFields: 11211 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 11212 items: 11213 properties: 11214 apiVersion: 11215 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 11216 type: string 11217 fieldsType: 11218 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 11219 type: string 11220 fieldsV1: 11221 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 11222 type: object 11223 manager: 11224 description: Manager is an identifier of the workflow managing these fields. 11225 type: string 11226 operation: 11227 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 11228 type: string 11229 subresource: 11230 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 11231 type: string 11232 time: 11233 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 11234 format: date-time 11235 type: string 11236 type: object 11237 type: array 11238 name: 11239 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 11240 type: string 11241 namespace: 11242 description: |- 11243 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 11244 11245 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 11246 type: string 11247 ownerReferences: 11248 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 11249 items: 11250 properties: 11251 apiVersion: 11252 description: API version of the referent. 11253 type: string 11254 blockOwnerDeletion: 11255 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 11256 type: boolean 11257 controller: 11258 description: If true, this reference points to the managing controller. 11259 type: boolean 11260 kind: 11261 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 11262 type: string 11263 name: 11264 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 11265 type: string 11266 uid: 11267 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 11268 type: string 11269 required: 11270 - apiVersion 11271 - kind 11272 - name 11273 - uid 11274 type: object 11275 x-kubernetes-map-type: atomic 11276 type: array 11277 resourceVersion: 11278 description: |- 11279 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 11280 11281 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 11282 type: string 11283 selfLink: 11284 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 11285 type: string 11286 uid: 11287 description: |- 11288 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 11289 11290 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 11291 type: string 11292 type: object 11293 spec: 11294 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 11295 properties: 11296 accessModes: 11297 description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" 11298 items: 11299 enum: 11300 - ReadOnlyMany 11301 - ReadWriteMany 11302 - ReadWriteOnce 11303 - ReadWriteOncePod 11304 type: string 11305 type: array 11306 dataSource: 11307 description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." 11308 properties: 11309 apiGroup: 11310 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 11311 type: string 11312 kind: 11313 description: Kind is the type of resource being referenced 11314 type: string 11315 name: 11316 description: Name is the name of resource being referenced 11317 type: string 11318 required: 11319 - kind 11320 - name 11321 type: object 11322 x-kubernetes-map-type: atomic 11323 dataSourceRef: 11324 description: |- 11325 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef 11326 allows any non-core object, as well as PersistentVolumeClaim objects. 11327 * While dataSource ignores disallowed values (dropping them), dataSourceRef 11328 preserves all values, and generates an error if a disallowed value is 11329 specified. 11330 * While dataSource only allows local objects, dataSourceRef allows objects 11331 in any namespaces. 11332 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 11333 properties: 11334 apiGroup: 11335 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 11336 type: string 11337 kind: 11338 description: Kind is the type of resource being referenced 11339 type: string 11340 name: 11341 description: Name is the name of resource being referenced 11342 type: string 11343 namespace: 11344 description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 11345 type: string 11346 required: 11347 - kind 11348 - name 11349 type: object 11350 resources: 11351 description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" 11352 properties: 11353 limits: 11354 additionalProperties: 11355 type: string 11356 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 11357 type: object 11358 requests: 11359 additionalProperties: 11360 type: string 11361 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 11362 type: object 11363 type: object 11364 selector: 11365 description: selector is a label query over volumes to consider for binding. 11366 properties: 11367 matchExpressions: 11368 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 11369 items: 11370 properties: 11371 key: 11372 description: key is the label key that the selector applies to. 11373 type: string 11374 operator: 11375 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 11376 type: string 11377 values: 11378 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 11379 items: 11380 type: string 11381 type: array 11382 required: 11383 - key 11384 - operator 11385 type: object 11386 type: array 11387 matchLabels: 11388 additionalProperties: 11389 type: string 11390 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 11391 type: object 11392 type: object 11393 x-kubernetes-map-type: atomic 11394 storageClassName: 11395 description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" 11396 type: string 11397 volumeAttributesClassName: 11398 description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." 11399 type: string 11400 volumeMode: 11401 description: |- 11402 volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 11403 11404 Possible enum values: 11405 - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device. 11406 - `"Filesystem"` means the volume will be or is formatted with a filesystem. 11407 enum: 11408 - Block 11409 - Filesystem 11410 type: string 11411 volumeName: 11412 description: volumeName is the binding reference to the PersistentVolume backing this claim. 11413 type: string 11414 type: object 11415 required: 11416 - spec 11417 type: object 11418 type: object 11419 fc: 11420 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 11421 properties: 11422 fsType: 11423 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 11424 type: string 11425 lun: 11426 description: "lun is Optional: FC target lun number" 11427 format: int32 11428 type: integer 11429 readOnly: 11430 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 11431 type: boolean 11432 targetWWNs: 11433 description: "targetWWNs is Optional: FC target worldwide names (WWNs)" 11434 items: 11435 type: string 11436 type: array 11437 wwids: 11438 description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." 11439 items: 11440 type: string 11441 type: array 11442 type: object 11443 flexVolume: 11444 description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead." 11445 properties: 11446 driver: 11447 description: driver is the name of the driver to use for this volume. 11448 type: string 11449 fsType: 11450 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 11451 type: string 11452 options: 11453 additionalProperties: 11454 type: string 11455 description: "options is Optional: this field holds extra command options if any." 11456 type: object 11457 readOnly: 11458 description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 11459 type: boolean 11460 secretRef: 11461 description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." 11462 properties: 11463 name: 11464 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11465 type: string 11466 type: object 11467 x-kubernetes-map-type: atomic 11468 required: 11469 - driver 11470 type: object 11471 flocker: 11472 description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported." 11473 properties: 11474 datasetName: 11475 description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 11476 type: string 11477 datasetUUID: 11478 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset 11479 type: string 11480 type: object 11481 gcePersistentDisk: 11482 description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 11483 properties: 11484 fsType: 11485 description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 11486 type: string 11487 partition: 11488 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 11489 format: int32 11490 type: integer 11491 pdName: 11492 description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 11493 type: string 11494 readOnly: 11495 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 11496 type: boolean 11497 required: 11498 - pdName 11499 type: object 11500 gitRepo: 11501 description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." 11502 properties: 11503 directory: 11504 description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 11505 type: string 11506 repository: 11507 description: repository is the URL 11508 type: string 11509 revision: 11510 description: revision is the commit hash for the specified revision. 11511 type: string 11512 required: 11513 - repository 11514 type: object 11515 glusterfs: 11516 description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md" 11517 properties: 11518 endpoints: 11519 description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 11520 type: string 11521 path: 11522 description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 11523 type: string 11524 readOnly: 11525 description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 11526 type: boolean 11527 required: 11528 - endpoints 11529 - path 11530 type: object 11531 hostPath: 11532 description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 11533 properties: 11534 path: 11535 description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 11536 type: string 11537 type: 11538 description: |- 11539 type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 11540 11541 Possible enum values: 11542 - `""` For backwards compatible, leave it empty if unset 11543 - `"BlockDevice"` A block device must exist at the given path 11544 - `"CharDevice"` A character device must exist at the given path 11545 - `"Directory"` A directory must exist at the given path 11546 - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet. 11547 - `"File"` A file must exist at the given path 11548 - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet. 11549 - `"Socket"` A UNIX socket must exist at the given path 11550 enum: 11551 - "" 11552 - BlockDevice 11553 - CharDevice 11554 - Directory 11555 - DirectoryOrCreate 11556 - File 11557 - FileOrCreate 11558 - Socket 11559 type: string 11560 required: 11561 - path 11562 type: object 11563 image: 11564 description: |- 11565 image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: 11566 11567 - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. 11568 11569 The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. 11570 properties: 11571 pullPolicy: 11572 description: |- 11573 Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 11574 11575 Possible enum values: 11576 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 11577 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 11578 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 11579 enum: 11580 - Always 11581 - IfNotPresent 11582 - Never 11583 type: string 11584 reference: 11585 description: "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 11586 type: string 11587 type: object 11588 iscsi: 11589 description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" 11590 properties: 11591 chapAuthDiscovery: 11592 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication 11593 type: boolean 11594 chapAuthSession: 11595 description: chapAuthSession defines whether support iSCSI Session CHAP authentication 11596 type: boolean 11597 fsType: 11598 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" 11599 type: string 11600 initiatorName: 11601 description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 11602 type: string 11603 iqn: 11604 description: iqn is the target iSCSI Qualified Name. 11605 type: string 11606 iscsiInterface: 11607 description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 11608 type: string 11609 lun: 11610 description: lun represents iSCSI Target Lun number. 11611 format: int32 11612 type: integer 11613 portals: 11614 description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 11615 items: 11616 type: string 11617 type: array 11618 readOnly: 11619 description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 11620 type: boolean 11621 secretRef: 11622 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication 11623 properties: 11624 name: 11625 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11626 type: string 11627 type: object 11628 x-kubernetes-map-type: atomic 11629 targetPortal: 11630 description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 11631 type: string 11632 required: 11633 - targetPortal 11634 - iqn 11635 - lun 11636 type: object 11637 name: 11638 description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11639 type: string 11640 nfs: 11641 description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 11642 properties: 11643 path: 11644 description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 11645 type: string 11646 readOnly: 11647 description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 11648 type: boolean 11649 server: 11650 description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 11651 type: string 11652 required: 11653 - server 11654 - path 11655 type: object 11656 persistentVolumeClaim: 11657 description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 11658 properties: 11659 claimName: 11660 description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 11661 type: string 11662 readOnly: 11663 description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. 11664 type: boolean 11665 required: 11666 - claimName 11667 type: object 11668 photonPersistentDisk: 11669 description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported." 11670 properties: 11671 fsType: 11672 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 11673 type: string 11674 pdID: 11675 description: pdID is the ID that identifies Photon Controller persistent disk 11676 type: string 11677 required: 11678 - pdID 11679 type: object 11680 portworxVolume: 11681 description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on." 11682 properties: 11683 fsType: 11684 description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 11685 type: string 11686 readOnly: 11687 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 11688 type: boolean 11689 volumeID: 11690 description: volumeID uniquely identifies a Portworx volume 11691 type: string 11692 required: 11693 - volumeID 11694 type: object 11695 projected: 11696 description: projected items for all in one resources secrets, configmaps, and downward API 11697 properties: 11698 defaultMode: 11699 description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 11700 format: int32 11701 type: integer 11702 sources: 11703 description: sources is the list of volume projections. Each entry in this list handles one source. 11704 items: 11705 properties: 11706 clusterTrustBundle: 11707 description: |- 11708 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. 11709 11710 Alpha, gated by the ClusterTrustBundleProjection feature gate. 11711 11712 ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. 11713 11714 Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. 11715 properties: 11716 labelSelector: 11717 description: Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". 11718 properties: 11719 matchExpressions: 11720 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 11721 items: 11722 properties: 11723 key: 11724 description: key is the label key that the selector applies to. 11725 type: string 11726 operator: 11727 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 11728 type: string 11729 values: 11730 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 11731 items: 11732 type: string 11733 type: array 11734 required: 11735 - key 11736 - operator 11737 type: object 11738 type: array 11739 matchLabels: 11740 additionalProperties: 11741 type: string 11742 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 11743 type: object 11744 type: object 11745 x-kubernetes-map-type: atomic 11746 name: 11747 description: Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. 11748 type: string 11749 optional: 11750 description: If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. 11751 type: boolean 11752 path: 11753 description: Relative path from the volume root to write the bundle. 11754 type: string 11755 signerName: 11756 description: Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. 11757 type: string 11758 required: 11759 - path 11760 type: object 11761 configMap: 11762 description: configMap information about the configMap data to project 11763 properties: 11764 items: 11765 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 11766 items: 11767 properties: 11768 key: 11769 description: key is the key to project. 11770 type: string 11771 mode: 11772 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11773 format: int32 11774 type: integer 11775 path: 11776 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 11777 type: string 11778 required: 11779 - key 11780 - path 11781 type: object 11782 type: array 11783 name: 11784 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11785 type: string 11786 optional: 11787 description: optional specify whether the ConfigMap or its keys must be defined 11788 type: boolean 11789 type: object 11790 downwardAPI: 11791 description: downwardAPI information about the downwardAPI data to project 11792 properties: 11793 items: 11794 description: Items is a list of DownwardAPIVolume file 11795 items: 11796 properties: 11797 fieldRef: 11798 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 11799 properties: 11800 apiVersion: 11801 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 11802 type: string 11803 fieldPath: 11804 description: Path of the field to select in the specified API version. 11805 type: string 11806 required: 11807 - fieldPath 11808 type: object 11809 x-kubernetes-map-type: atomic 11810 mode: 11811 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11812 format: int32 11813 type: integer 11814 path: 11815 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 11816 type: string 11817 resourceFieldRef: 11818 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 11819 properties: 11820 containerName: 11821 description: "Container name: required for volumes, optional for env vars" 11822 type: string 11823 divisor: 11824 description: Specifies the output format of the exposed resources, defaults to "1" 11825 type: string 11826 resource: 11827 description: "Required: resource to select" 11828 type: string 11829 required: 11830 - resource 11831 type: object 11832 x-kubernetes-map-type: atomic 11833 required: 11834 - path 11835 type: object 11836 type: array 11837 type: object 11838 secret: 11839 description: secret information about the secret data to project 11840 properties: 11841 items: 11842 description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 11843 items: 11844 properties: 11845 key: 11846 description: key is the key to project. 11847 type: string 11848 mode: 11849 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11850 format: int32 11851 type: integer 11852 path: 11853 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 11854 type: string 11855 required: 11856 - key 11857 - path 11858 type: object 11859 type: array 11860 name: 11861 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11862 type: string 11863 optional: 11864 description: optional field specify whether the Secret or its key must be defined 11865 type: boolean 11866 type: object 11867 serviceAccountToken: 11868 description: serviceAccountToken is information about the serviceAccountToken data to project 11869 properties: 11870 audience: 11871 description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 11872 type: string 11873 expirationSeconds: 11874 description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 11875 format: int64 11876 type: integer 11877 path: 11878 description: path is the path relative to the mount point of the file to project the token into. 11879 type: string 11880 required: 11881 - path 11882 type: object 11883 type: object 11884 type: array 11885 type: object 11886 quobyte: 11887 description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported." 11888 properties: 11889 group: 11890 description: group to map volume access to Default is no group 11891 type: string 11892 readOnly: 11893 description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 11894 type: boolean 11895 registry: 11896 description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 11897 type: string 11898 tenant: 11899 description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 11900 type: string 11901 user: 11902 description: user to map volume access to Defaults to serivceaccount user 11903 type: string 11904 volume: 11905 description: volume is a string that references an already created Quobyte volume by name. 11906 type: string 11907 required: 11908 - registry 11909 - volume 11910 type: object 11911 rbd: 11912 description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md" 11913 properties: 11914 fsType: 11915 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" 11916 type: string 11917 image: 11918 description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 11919 type: string 11920 keyring: 11921 description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 11922 type: string 11923 monitors: 11924 description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 11925 items: 11926 type: string 11927 type: array 11928 pool: 11929 description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 11930 type: string 11931 readOnly: 11932 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 11933 type: boolean 11934 secretRef: 11935 description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 11936 properties: 11937 name: 11938 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11939 type: string 11940 type: object 11941 x-kubernetes-map-type: atomic 11942 user: 11943 description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 11944 type: string 11945 required: 11946 - monitors 11947 - image 11948 type: object 11949 scaleIO: 11950 description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported." 11951 properties: 11952 fsType: 11953 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 11954 type: string 11955 gateway: 11956 description: gateway is the host address of the ScaleIO API Gateway. 11957 type: string 11958 protectionDomain: 11959 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. 11960 type: string 11961 readOnly: 11962 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 11963 type: boolean 11964 secretRef: 11965 description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 11966 properties: 11967 name: 11968 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11969 type: string 11970 type: object 11971 x-kubernetes-map-type: atomic 11972 sslEnabled: 11973 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false 11974 type: boolean 11975 storageMode: 11976 description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 11977 type: string 11978 storagePool: 11979 description: storagePool is the ScaleIO Storage Pool associated with the protection domain. 11980 type: string 11981 system: 11982 description: system is the name of the storage system as configured in ScaleIO. 11983 type: string 11984 volumeName: 11985 description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. 11986 type: string 11987 required: 11988 - gateway 11989 - system 11990 - secretRef 11991 type: object 11992 secret: 11993 description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 11994 properties: 11995 defaultMode: 11996 description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11997 format: int32 11998 type: integer 11999 items: 12000 description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 12001 items: 12002 properties: 12003 key: 12004 description: key is the key to project. 12005 type: string 12006 mode: 12007 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 12008 format: int32 12009 type: integer 12010 path: 12011 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 12012 type: string 12013 required: 12014 - key 12015 - path 12016 type: object 12017 type: array 12018 optional: 12019 description: optional field specify whether the Secret or its keys must be defined 12020 type: boolean 12021 secretName: 12022 description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 12023 type: string 12024 type: object 12025 storageos: 12026 description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported." 12027 properties: 12028 fsType: 12029 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 12030 type: string 12031 readOnly: 12032 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 12033 type: boolean 12034 secretRef: 12035 description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 12036 properties: 12037 name: 12038 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 12039 type: string 12040 type: object 12041 x-kubernetes-map-type: atomic 12042 volumeName: 12043 description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 12044 type: string 12045 volumeNamespace: 12046 description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 12047 type: string 12048 type: object 12049 vsphereVolume: 12050 description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver." 12051 properties: 12052 fsType: 12053 description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 12054 type: string 12055 storagePolicyID: 12056 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 12057 type: string 12058 storagePolicyName: 12059 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. 12060 type: string 12061 volumePath: 12062 description: volumePath is the path that identifies vSphere volume vmdk 12063 type: string 12064 required: 12065 - volumePath 12066 type: object 12067 required: 12068 - name 12069 type: object 12070 type: array 12071 required: 12072 - containers 12073 type: object 12074 type: object 12075 container: 12076 title: The container name running the gameserver 12077 description: if there is more than one container, specify which one is the game server 12078 type: string 12079 minLength: 0 12080 maxLength: 63 12081 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" 12082 ports: 12083 title: array of ports to expose on the game server container 12084 type: array 12085 nullable: true 12086 items: 12087 type: object 12088 properties: 12089 name: 12090 title: Name is the descriptive name of the port 12091 type: string 12092 range: 12093 title: the port range name from which to select a port when using a 'Dynamic' or 'Passthrough' port policy. Defaults to 'default'. 12094 type: string 12095 portPolicy: 12096 title: the port policy that will be applied to the game server 12097 description: | 12098 portPolicy has four options: 12099 - "Dynamic" (default) the system allocates a random free hostPort for the gameserver, for game clients to connect to 12100 - "Static", user defines the hostPort that the game client will connect to. Then onus is on the user to ensure that the 12101 port is available. When static is the policy specified, `hostPort` is required to be populated 12102 - "Passthrough" dynamically sets the `containerPort` to the same value as the dynamically selected hostPort. 12103 This will mean that users will need to lookup what port has been opened through the server side SDK. 12104 - "None" means the `hostPort` is ignored and if defined, the `containerPort` (optional) is used to set the port on the GameServer instance. 12105 type: string 12106 enum: 12107 - Dynamic 12108 - Static 12109 - Passthrough 12110 - None 12111 protocol: 12112 title: Protocol being used. Defaults to UDP. TCP and TCPUDP are other options. 12113 type: string 12114 enum: 12115 - UDP 12116 - TCP 12117 - TCPUDP 12118 container: 12119 title: | 12120 Container is the name of the container on which to open the port. Defaults to the game server container. 12121 type: string 12122 containerPort: 12123 title: The port that is being opened on the game server process 12124 type: integer 12125 minimum: 1 12126 maximum: 65535 12127 hostPort: 12128 title: The port exposed on the host 12129 description: Only required when `portPolicy` is "Static". Overwritten when portPolicy is "Dynamic" or "Passthrough". 12130 type: integer 12131 minimum: 1 12132 maximum: 65535 12133 sdkServer: 12134 type: object 12135 title: Parameters for the SDK Server (sidecar) 12136 properties: 12137 logLevel: 12138 type: string 12139 description: | 12140 sdkServer log level parameter has three options: 12141 - "Info" (default) The SDK server will output all messages except for debug messages 12142 - "Debug" The SDK server will output all messages including debug messages 12143 - "Error" The SDK server will only output error messages 12144 - "Trace" The SDK server will output all messages, including detailed tracing information 12145 enum: 12146 - Error 12147 - Info 12148 - Debug 12149 - Trace 12150 grpcPort: 12151 title: The port on which the SDK server binds the gRPC server to accept incoming connections 12152 description: | 12153 Starting with Agones 1.2 the default gRPC port is 9357. In earlier releases, the default was 59357. 12154 type: integer 12155 minimum: 1 12156 maximum: 65535 12157 httpPort: 12158 title: The port on which the SDK server binds the HTTP gRPC gateway server to accept incoming connections 12159 description: | 12160 Starting with Agones 1.2 the default HTTP port is 9358. In earlier releases, the default was 59358. 12161 type: integer 12162 minimum: 1 12163 maximum: 65535 12164 scheduling: 12165 type: string 12166 enum: 12167 - Packed 12168 - Distributed 12169 health: 12170 type: object 12171 title: Health checking for the running game server 12172 properties: 12173 disabled: 12174 title: Disable health checking. defaults to false, but can be set to true 12175 type: boolean 12176 initialDelaySeconds: 12177 title: Number of seconds after the container has started before health check is initiated. Defaults to 5 seconds 12178 type: integer 12179 minimum: 0 12180 maximum: 2147483648 12181 periodSeconds: 12182 title: How long before the server is considered not healthy 12183 type: integer 12184 minimum: 0 12185 maximum: 2147483648 12186 failureThreshold: 12187 title: Minimum consecutive failures for the health probe to be considered failed after having succeeded. 12188 type: integer 12189 minimum: 1 12190 maximum: 2147483648 12191 players: 12192 type: object 12193 title: Configuration of player capacity 12194 nullable: true 12195 properties: 12196 initialCapacity: 12197 type: integer 12198 title: The initial player capacity of this Game Server 12199 minimum: 0 12200 counters: 12201 type: object 12202 title: Map of player, room, session, etc. counters 12203 nullable: true 12204 maxProperties: 1000 12205 additionalProperties: 12206 type: object 12207 properties: 12208 count: 12209 title: Initial count value 12210 type: integer 12211 default: 0 12212 minimum: 0 12213 capacity: 12214 title: Max capacity of the counter 12215 type: integer 12216 default: 1000 12217 minimum: 0 12218 lists: 12219 type: object 12220 title: Map of player, room, session, etc. lists 12221 nullable: true 12222 maxProperties: 1000 12223 additionalProperties: 12224 type: object 12225 properties: 12226 capacity: 12227 type: integer 12228 title: Max capacity of the array (can be less than or equal to value of maxItems) 12229 minimum: 0 12230 default: 1000 12231 maximum: 1000 # must be equal to values.maxItems 12232 values: 12233 title: set of all the items in the list 12234 type: array 12235 x-kubernetes-list-type: set # Requires items in the array to be unique 12236 maxItems: 1000 # max possible size of the value array (cannot be updated) 12237 items: # name of the item (player1, session1, room1, etc.) 12238 type: string 12239 default: [] 12240 eviction: 12241 type: object 12242 title: Eviction tolerance of the game server 12243 properties: 12244 safe: 12245 type: string 12246 title: Game server supports termination via SIGTERM 12247 description: | 12248 - Never: The game server should run to completion. Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"` and label `agones.dev/safe-to-evict: "false"`, which matches a restrictive PodDisruptionBudget. 12249 - OnUpgrade: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"`, which blocks evictions by Cluster Autoscaler. Evictions from node upgrades proceed normally. 12250 - Always: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated, typically within 10m; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "true"`, which allows evictions by Cluster Autoscaler. 12251 enum: 12252 - Always 12253 - OnUpgrade 12254 - Never 12255 immutableReplicas: 12256 type: integer 12257 title: Immutable count of Pods to a GameServer. Always 1. (Implementation detail of implementing the Scale subresource.) 12258 default: 1 12259 minimum: 1 12260 maximum: 1 12261 status: 12262 description: 'GameServerStatus is the status for a GameServer resource. More info: 12263 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServer' 12264 type: object 12265 title: The status values for the GameServer 12266 properties: 12267 state: 12268 type: string 12269 enum: 12270 - PortAllocation 12271 - Creating 12272 - Starting 12273 - Scheduled 12274 - RequestReady 12275 - Ready 12276 - Shutdown 12277 - Error 12278 - Unhealthy 12279 - Reserved 12280 - Allocated 12281 ports: 12282 type: array 12283 nullable: true 12284 items: 12285 type: object 12286 properties: 12287 name: 12288 type: string 12289 port: 12290 type: integer 12291 address: 12292 type: string 12293 addresses: 12294 type: array 12295 title: Array of addresses at which the GameServer can be reached; copy of Node.Status.addresses 12296 nullable: true 12297 items: 12298 type: object 12299 properties: 12300 address: 12301 type: string 12302 type: 12303 type: string 12304 nodeName: 12305 type: string 12306 reservedUntil: 12307 type: string 12308 nullable: true 12309 format: date-time 12310 players: 12311 type: object 12312 nullable: true 12313 properties: 12314 count: 12315 type: integer 12316 capacity: 12317 type: integer 12318 ids: 12319 type: array 12320 nullable: true 12321 items: 12322 type: string 12323 counters: 12324 type: object 12325 title: Map of player, room, session, etc. counters 12326 nullable: true 12327 maxProperties: 1000 12328 additionalProperties: 12329 type: object 12330 properties: 12331 count: 12332 title: The current count 12333 type: integer 12334 default: 0 12335 minimum: 0 12336 capacity: 12337 type: integer 12338 default: 1000 12339 minimum: 0 12340 lists: 12341 type: object 12342 title: Map of player, room, session, etc. lists 12343 nullable: true 12344 maxProperties: 1000 12345 additionalProperties: 12346 type: object 12347 properties: 12348 capacity: 12349 title: Max capacity of the array (can be less than or equal to value of values.maxItems) 12350 type: integer 12351 minimum: 0 12352 default: 1000 12353 maximum: 1000 # must be equal to values.maxItems 12354 values: 12355 title: Set of all the items in the list 12356 type: array 12357 x-kubernetes-list-type: set # Requires items in the array to be unique 12358 maxItems: 1000 # max possible size of the value array (cannot be updated) 12359 items: # name of the item (player1, session1, room1, etc.) 12360 type: string 12361 default: [] 12362 eviction: 12363 type: object 12364 properties: 12365 safe: 12366 type: string 12367 enum: 12368 - Always 12369 - OnUpgrade 12370 - Never 12371 immutableReplicas: 12372 type: integer 12373 title: Immutable count of Pods to a GameServer. Always 1. (Implementation detail of implementing the Scale subresource.) 12374 default: 1 12375 minimum: 1 12376 maximum: 1 12377 subresources: 12378 # scale enables the scale subresource. We can't actually scale GameServers, but this allows 12379 # for the use of PodDisruptionBudget (PDB) without having to use a PDB per Pod. 12380 scale: 12381 # specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas. 12382 specReplicasPath: .spec.immutableReplicas 12383 # statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas. 12384 statusReplicasPath: .status.immutableReplicas 12385 --- 12386 # Source: agones/templates/crds/gameserverallocationpolicy.yaml 12387 # Copyright 2019 Google LLC All Rights Reserved. 12388 # 12389 # Licensed under the Apache License, Version 2.0 (the "License"); 12390 # you may not use this file except in compliance with the License. 12391 # You may obtain a copy of the License at 12392 # 12393 # http://www.apache.org/licenses/LICENSE-2.0 12394 # 12395 # Unless required by applicable law or agreed to in writing, software 12396 # distributed under the License is distributed on an "AS IS" BASIS, 12397 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12398 # See the License for the specific language governing permissions and 12399 # limitations under the License. 12400 12401 apiVersion: apiextensions.k8s.io/v1 12402 kind: CustomResourceDefinition 12403 metadata: 12404 labels: 12405 component: crd 12406 app: agones 12407 chart: agones-1.53.0 12408 release: agones-manual 12409 heritage: Helm 12410 name: gameserverallocationpolicies.multicluster.agones.dev 12411 spec: 12412 group: multicluster.agones.dev 12413 names: 12414 kind: GameServerAllocationPolicy 12415 plural: gameserverallocationpolicies 12416 shortNames: 12417 - gsap 12418 scope: Namespaced 12419 versions: 12420 - name: v1 12421 served: true 12422 storage: true 12423 schema: 12424 openAPIV3Schema: 12425 description: 'GameServerAllocationPolicy is the Schema for the gameserverallocationpolicies API.' 12426 type: object 12427 properties: 12428 spec: 12429 description: 'GameServerAllocationPolicySpec defines the desired state of GameServerAllocationPolicy. More info: 12430 https://agones.dev/site/docs/reference/agones_crd_api_reference/#multicluster.agones.dev/v1.GameServerAllocationPolicy' 12431 type: object 12432 required: 12433 - priority 12434 - weight 12435 properties: 12436 priority: 12437 format: int32 12438 minimum: 0 12439 type: integer 12440 weight: 12441 format: int64 12442 minimum: 0 12443 type: integer 12444 connectionInfo: 12445 type: object 12446 required: 12447 - namespace 12448 properties: 12449 clusterName: 12450 type: string 12451 allocationEndpoints: 12452 items: 12453 type: string 12454 type: array 12455 minItems: 1 12456 secretName: 12457 type: string 12458 namespace: 12459 type: string 12460 serverCa: 12461 type: string 12462 format: byte 12463 --- 12464 # Source: agones/templates/crds/gameserverset.yaml 12465 # Copyright 2018 Google LLC All Rights Reserved. 12466 # 12467 # Licensed under the Apache License, Version 2.0 (the "License"); 12468 # you may not use this file except in compliance with the License. 12469 # You may obtain a copy of the License at 12470 # 12471 # http://www.apache.org/licenses/LICENSE-2.0 12472 # 12473 # Unless required by applicable law or agreed to in writing, software 12474 # distributed under the License is distributed on an "AS IS" BASIS, 12475 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12476 # See the License for the specific language governing permissions and 12477 # limitations under the License. 12478 12479 apiVersion: apiextensions.k8s.io/v1 12480 kind: CustomResourceDefinition 12481 metadata: 12482 name: gameserversets.agones.dev 12483 labels: 12484 component: crd 12485 app: agones 12486 chart: agones-1.53.0 12487 release: agones-manual 12488 heritage: Helm 12489 spec: 12490 group: agones.dev 12491 names: 12492 kind: GameServerSet 12493 plural: gameserversets 12494 shortNames: 12495 - gss 12496 - gsset 12497 singular: gameserverset 12498 scope: Namespaced 12499 versions: 12500 - name: v1 12501 served: true 12502 storage: true 12503 additionalPrinterColumns: 12504 - jsonPath: .spec.scheduling 12505 name: Scheduling 12506 type: string 12507 - jsonPath: .spec.replicas 12508 name: Desired 12509 type: integer 12510 - jsonPath: .status.replicas 12511 name: Current 12512 type: integer 12513 - jsonPath: .status.allocatedReplicas 12514 name: Allocated 12515 type: integer 12516 - jsonPath: .status.readyReplicas 12517 name: Ready 12518 type: integer 12519 - jsonPath: .metadata.creationTimestamp 12520 name: Age 12521 type: date 12522 schema: 12523 openAPIV3Schema: 12524 description: 'GameServerSet is the data structure for a set of GameServers.' 12525 type: object 12526 properties: 12527 spec: 12528 description: 'GameServerSetSpec the specification for GameServerSet. More info: 12529 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServerSet' 12530 type: object 12531 required: 12532 - replicas 12533 - template 12534 properties: 12535 replicas: 12536 type: integer 12537 minimum: 0 12538 allocationOverflow: 12539 type: object 12540 nullable: true 12541 properties: 12542 labels: 12543 type: object 12544 additionalProperties: 12545 type: string 12546 annotations: 12547 type: object 12548 additionalProperties: 12549 type: string 12550 scheduling: 12551 type: string 12552 enum: 12553 - Packed 12554 - Distributed 12555 priorities: 12556 type: array 12557 description: Configuration of Counters and Lists scale down logic. Priorities in the gameserverset.yaml file must be identical to the structure of priorities in fleet.yaml. 12558 nullable: true 12559 items: 12560 type: object 12561 properties: 12562 type: 12563 type: string 12564 description: Whether a Counter or a List. 12565 enum: 12566 - Counter 12567 - List 12568 key: 12569 type: string 12570 description: The name of the Counter or List 12571 order: 12572 type: string 12573 description: Ascending or Descending sort order 12574 enum: 12575 - Ascending 12576 - Descending 12577 template: 12578 description: 'GameServer is the data structure for a GameServer resource.' 12579 type: object 12580 required: 12581 - spec 12582 properties: 12583 metadata: 12584 description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. 12585 properties: 12586 annotations: 12587 additionalProperties: 12588 type: string 12589 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 12590 type: object 12591 creationTimestamp: 12592 description: |- 12593 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 12594 12595 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 12596 format: date-time 12597 nullable: true 12598 type: string 12599 deletionGracePeriodSeconds: 12600 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 12601 format: int64 12602 type: integer 12603 deletionTimestamp: 12604 description: |- 12605 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 12606 12607 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 12608 format: date-time 12609 type: string 12610 finalizers: 12611 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 12612 items: 12613 type: string 12614 type: array 12615 generateName: 12616 description: |- 12617 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 12618 12619 If this field is specified and the generated name exists, the server will return a 409. 12620 12621 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 12622 type: string 12623 generation: 12624 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 12625 format: int64 12626 type: integer 12627 labels: 12628 additionalProperties: 12629 type: string 12630 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 12631 type: object 12632 managedFields: 12633 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 12634 items: 12635 properties: 12636 apiVersion: 12637 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 12638 type: string 12639 fieldsType: 12640 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 12641 type: string 12642 fieldsV1: 12643 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 12644 type: object 12645 manager: 12646 description: Manager is an identifier of the workflow managing these fields. 12647 type: string 12648 operation: 12649 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 12650 type: string 12651 subresource: 12652 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 12653 type: string 12654 time: 12655 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 12656 format: date-time 12657 type: string 12658 type: object 12659 type: array 12660 name: 12661 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 12662 type: string 12663 namespace: 12664 description: |- 12665 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 12666 12667 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 12668 type: string 12669 ownerReferences: 12670 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 12671 items: 12672 properties: 12673 apiVersion: 12674 description: API version of the referent. 12675 type: string 12676 blockOwnerDeletion: 12677 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 12678 type: boolean 12679 controller: 12680 description: If true, this reference points to the managing controller. 12681 type: boolean 12682 kind: 12683 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 12684 type: string 12685 name: 12686 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 12687 type: string 12688 uid: 12689 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 12690 type: string 12691 required: 12692 - apiVersion 12693 - kind 12694 - name 12695 - uid 12696 type: object 12697 x-kubernetes-map-type: atomic 12698 type: array 12699 resourceVersion: 12700 description: |- 12701 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 12702 12703 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 12704 type: string 12705 selfLink: 12706 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 12707 type: string 12708 uid: 12709 description: |- 12710 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 12711 12712 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 12713 type: string 12714 type: object 12715 spec: 12716 description: 'GameServerSpec is the spec for a GameServer resource. More info: 12717 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServer' 12718 type: object 12719 required: 12720 - template 12721 properties: 12722 template: 12723 description: PodTemplateSpec describes the data a pod should have when created from a template 12724 properties: 12725 metadata: 12726 description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" 12727 properties: 12728 annotations: 12729 additionalProperties: 12730 type: string 12731 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 12732 type: object 12733 creationTimestamp: 12734 description: |- 12735 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 12736 12737 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 12738 format: date-time 12739 nullable: true 12740 type: string 12741 deletionGracePeriodSeconds: 12742 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 12743 format: int64 12744 type: integer 12745 deletionTimestamp: 12746 description: |- 12747 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 12748 12749 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 12750 format: date-time 12751 type: string 12752 finalizers: 12753 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 12754 items: 12755 type: string 12756 type: array 12757 generateName: 12758 description: |- 12759 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 12760 12761 If this field is specified and the generated name exists, the server will return a 409. 12762 12763 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 12764 type: string 12765 generation: 12766 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 12767 format: int64 12768 type: integer 12769 labels: 12770 additionalProperties: 12771 type: string 12772 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 12773 type: object 12774 managedFields: 12775 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 12776 items: 12777 properties: 12778 apiVersion: 12779 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 12780 type: string 12781 fieldsType: 12782 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 12783 type: string 12784 fieldsV1: 12785 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 12786 type: object 12787 manager: 12788 description: Manager is an identifier of the workflow managing these fields. 12789 type: string 12790 operation: 12791 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 12792 type: string 12793 subresource: 12794 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 12795 type: string 12796 time: 12797 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 12798 format: date-time 12799 type: string 12800 type: object 12801 type: array 12802 name: 12803 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 12804 type: string 12805 namespace: 12806 description: |- 12807 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 12808 12809 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 12810 type: string 12811 ownerReferences: 12812 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 12813 items: 12814 properties: 12815 apiVersion: 12816 description: API version of the referent. 12817 type: string 12818 blockOwnerDeletion: 12819 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 12820 type: boolean 12821 controller: 12822 description: If true, this reference points to the managing controller. 12823 type: boolean 12824 kind: 12825 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 12826 type: string 12827 name: 12828 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 12829 type: string 12830 uid: 12831 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 12832 type: string 12833 required: 12834 - apiVersion 12835 - kind 12836 - name 12837 - uid 12838 type: object 12839 x-kubernetes-map-type: atomic 12840 type: array 12841 resourceVersion: 12842 description: |- 12843 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 12844 12845 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 12846 type: string 12847 selfLink: 12848 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 12849 type: string 12850 uid: 12851 description: |- 12852 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 12853 12854 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 12855 type: string 12856 type: object 12857 spec: 12858 description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" 12859 properties: 12860 activeDeadlineSeconds: 12861 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. 12862 format: int64 12863 type: integer 12864 affinity: 12865 description: If specified, the pod's scheduling constraints 12866 properties: 12867 nodeAffinity: 12868 description: Describes node affinity scheduling rules for the pod. 12869 properties: 12870 preferredDuringSchedulingIgnoredDuringExecution: 12871 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 12872 items: 12873 properties: 12874 preference: 12875 description: A node selector term, associated with the corresponding weight. 12876 properties: 12877 matchExpressions: 12878 description: A list of node selector requirements by node's labels. 12879 items: 12880 properties: 12881 key: 12882 description: The label key that the selector applies to. 12883 type: string 12884 operator: 12885 description: |- 12886 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 12887 12888 Possible enum values: 12889 - `"DoesNotExist"` 12890 - `"Exists"` 12891 - `"Gt"` 12892 - `"In"` 12893 - `"Lt"` 12894 - `"NotIn"` 12895 enum: 12896 - DoesNotExist 12897 - Exists 12898 - Gt 12899 - In 12900 - Lt 12901 - NotIn 12902 type: string 12903 values: 12904 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 12905 items: 12906 type: string 12907 type: array 12908 required: 12909 - key 12910 - operator 12911 type: object 12912 type: array 12913 matchFields: 12914 description: A list of node selector requirements by node's fields. 12915 items: 12916 properties: 12917 key: 12918 description: The label key that the selector applies to. 12919 type: string 12920 operator: 12921 description: |- 12922 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 12923 12924 Possible enum values: 12925 - `"DoesNotExist"` 12926 - `"Exists"` 12927 - `"Gt"` 12928 - `"In"` 12929 - `"Lt"` 12930 - `"NotIn"` 12931 enum: 12932 - DoesNotExist 12933 - Exists 12934 - Gt 12935 - In 12936 - Lt 12937 - NotIn 12938 type: string 12939 values: 12940 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 12941 items: 12942 type: string 12943 type: array 12944 required: 12945 - key 12946 - operator 12947 type: object 12948 type: array 12949 type: object 12950 x-kubernetes-map-type: atomic 12951 weight: 12952 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 12953 format: int32 12954 type: integer 12955 required: 12956 - weight 12957 - preference 12958 type: object 12959 type: array 12960 requiredDuringSchedulingIgnoredDuringExecution: 12961 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 12962 properties: 12963 nodeSelectorTerms: 12964 description: Required. A list of node selector terms. The terms are ORed. 12965 items: 12966 properties: 12967 matchExpressions: 12968 description: A list of node selector requirements by node's labels. 12969 items: 12970 properties: 12971 key: 12972 description: The label key that the selector applies to. 12973 type: string 12974 operator: 12975 description: |- 12976 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 12977 12978 Possible enum values: 12979 - `"DoesNotExist"` 12980 - `"Exists"` 12981 - `"Gt"` 12982 - `"In"` 12983 - `"Lt"` 12984 - `"NotIn"` 12985 enum: 12986 - DoesNotExist 12987 - Exists 12988 - Gt 12989 - In 12990 - Lt 12991 - NotIn 12992 type: string 12993 values: 12994 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 12995 items: 12996 type: string 12997 type: array 12998 required: 12999 - key 13000 - operator 13001 type: object 13002 type: array 13003 matchFields: 13004 description: A list of node selector requirements by node's fields. 13005 items: 13006 properties: 13007 key: 13008 description: The label key that the selector applies to. 13009 type: string 13010 operator: 13011 description: |- 13012 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 13013 13014 Possible enum values: 13015 - `"DoesNotExist"` 13016 - `"Exists"` 13017 - `"Gt"` 13018 - `"In"` 13019 - `"Lt"` 13020 - `"NotIn"` 13021 enum: 13022 - DoesNotExist 13023 - Exists 13024 - Gt 13025 - In 13026 - Lt 13027 - NotIn 13028 type: string 13029 values: 13030 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 13031 items: 13032 type: string 13033 type: array 13034 required: 13035 - key 13036 - operator 13037 type: object 13038 type: array 13039 type: object 13040 x-kubernetes-map-type: atomic 13041 type: array 13042 required: 13043 - nodeSelectorTerms 13044 type: object 13045 x-kubernetes-map-type: atomic 13046 type: object 13047 podAffinity: 13048 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 13049 properties: 13050 preferredDuringSchedulingIgnoredDuringExecution: 13051 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 13052 items: 13053 properties: 13054 podAffinityTerm: 13055 description: Required. A pod affinity term, associated with the corresponding weight. 13056 properties: 13057 labelSelector: 13058 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 13059 properties: 13060 matchExpressions: 13061 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13062 items: 13063 properties: 13064 key: 13065 description: key is the label key that the selector applies to. 13066 type: string 13067 operator: 13068 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13069 type: string 13070 values: 13071 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13072 items: 13073 type: string 13074 type: array 13075 required: 13076 - key 13077 - operator 13078 type: object 13079 type: array 13080 matchLabels: 13081 additionalProperties: 13082 type: string 13083 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 13084 type: object 13085 type: object 13086 x-kubernetes-map-type: atomic 13087 matchLabelKeys: 13088 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 13089 items: 13090 type: string 13091 type: array 13092 mismatchLabelKeys: 13093 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 13094 items: 13095 type: string 13096 type: array 13097 namespaceSelector: 13098 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 13099 properties: 13100 matchExpressions: 13101 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13102 items: 13103 properties: 13104 key: 13105 description: key is the label key that the selector applies to. 13106 type: string 13107 operator: 13108 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13109 type: string 13110 values: 13111 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13112 items: 13113 type: string 13114 type: array 13115 required: 13116 - key 13117 - operator 13118 type: object 13119 type: array 13120 matchLabels: 13121 additionalProperties: 13122 type: string 13123 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 13124 type: object 13125 type: object 13126 x-kubernetes-map-type: atomic 13127 namespaces: 13128 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 13129 items: 13130 type: string 13131 type: array 13132 topologyKey: 13133 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 13134 type: string 13135 required: 13136 - topologyKey 13137 type: object 13138 weight: 13139 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 13140 format: int32 13141 type: integer 13142 required: 13143 - weight 13144 - podAffinityTerm 13145 type: object 13146 type: array 13147 requiredDuringSchedulingIgnoredDuringExecution: 13148 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 13149 items: 13150 properties: 13151 labelSelector: 13152 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 13153 properties: 13154 matchExpressions: 13155 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13156 items: 13157 properties: 13158 key: 13159 description: key is the label key that the selector applies to. 13160 type: string 13161 operator: 13162 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13163 type: string 13164 values: 13165 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13166 items: 13167 type: string 13168 type: array 13169 required: 13170 - key 13171 - operator 13172 type: object 13173 type: array 13174 matchLabels: 13175 additionalProperties: 13176 type: string 13177 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 13178 type: object 13179 type: object 13180 x-kubernetes-map-type: atomic 13181 matchLabelKeys: 13182 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 13183 items: 13184 type: string 13185 type: array 13186 mismatchLabelKeys: 13187 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 13188 items: 13189 type: string 13190 type: array 13191 namespaceSelector: 13192 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 13193 properties: 13194 matchExpressions: 13195 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13196 items: 13197 properties: 13198 key: 13199 description: key is the label key that the selector applies to. 13200 type: string 13201 operator: 13202 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13203 type: string 13204 values: 13205 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13206 items: 13207 type: string 13208 type: array 13209 required: 13210 - key 13211 - operator 13212 type: object 13213 type: array 13214 matchLabels: 13215 additionalProperties: 13216 type: string 13217 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 13218 type: object 13219 type: object 13220 x-kubernetes-map-type: atomic 13221 namespaces: 13222 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 13223 items: 13224 type: string 13225 type: array 13226 topologyKey: 13227 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 13228 type: string 13229 required: 13230 - topologyKey 13231 type: object 13232 type: array 13233 type: object 13234 podAntiAffinity: 13235 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 13236 properties: 13237 preferredDuringSchedulingIgnoredDuringExecution: 13238 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 13239 items: 13240 properties: 13241 podAffinityTerm: 13242 description: Required. A pod affinity term, associated with the corresponding weight. 13243 properties: 13244 labelSelector: 13245 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 13246 properties: 13247 matchExpressions: 13248 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13249 items: 13250 properties: 13251 key: 13252 description: key is the label key that the selector applies to. 13253 type: string 13254 operator: 13255 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13256 type: string 13257 values: 13258 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13259 items: 13260 type: string 13261 type: array 13262 required: 13263 - key 13264 - operator 13265 type: object 13266 type: array 13267 matchLabels: 13268 additionalProperties: 13269 type: string 13270 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 13271 type: object 13272 type: object 13273 x-kubernetes-map-type: atomic 13274 matchLabelKeys: 13275 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 13276 items: 13277 type: string 13278 type: array 13279 mismatchLabelKeys: 13280 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 13281 items: 13282 type: string 13283 type: array 13284 namespaceSelector: 13285 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 13286 properties: 13287 matchExpressions: 13288 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13289 items: 13290 properties: 13291 key: 13292 description: key is the label key that the selector applies to. 13293 type: string 13294 operator: 13295 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13296 type: string 13297 values: 13298 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13299 items: 13300 type: string 13301 type: array 13302 required: 13303 - key 13304 - operator 13305 type: object 13306 type: array 13307 matchLabels: 13308 additionalProperties: 13309 type: string 13310 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 13311 type: object 13312 type: object 13313 x-kubernetes-map-type: atomic 13314 namespaces: 13315 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 13316 items: 13317 type: string 13318 type: array 13319 topologyKey: 13320 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 13321 type: string 13322 required: 13323 - topologyKey 13324 type: object 13325 weight: 13326 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 13327 format: int32 13328 type: integer 13329 required: 13330 - weight 13331 - podAffinityTerm 13332 type: object 13333 type: array 13334 requiredDuringSchedulingIgnoredDuringExecution: 13335 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 13336 items: 13337 properties: 13338 labelSelector: 13339 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 13340 properties: 13341 matchExpressions: 13342 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13343 items: 13344 properties: 13345 key: 13346 description: key is the label key that the selector applies to. 13347 type: string 13348 operator: 13349 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13350 type: string 13351 values: 13352 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13353 items: 13354 type: string 13355 type: array 13356 required: 13357 - key 13358 - operator 13359 type: object 13360 type: array 13361 matchLabels: 13362 additionalProperties: 13363 type: string 13364 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 13365 type: object 13366 type: object 13367 x-kubernetes-map-type: atomic 13368 matchLabelKeys: 13369 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 13370 items: 13371 type: string 13372 type: array 13373 mismatchLabelKeys: 13374 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 13375 items: 13376 type: string 13377 type: array 13378 namespaceSelector: 13379 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 13380 properties: 13381 matchExpressions: 13382 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13383 items: 13384 properties: 13385 key: 13386 description: key is the label key that the selector applies to. 13387 type: string 13388 operator: 13389 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13390 type: string 13391 values: 13392 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13393 items: 13394 type: string 13395 type: array 13396 required: 13397 - key 13398 - operator 13399 type: object 13400 type: array 13401 matchLabels: 13402 additionalProperties: 13403 type: string 13404 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 13405 type: object 13406 type: object 13407 x-kubernetes-map-type: atomic 13408 namespaces: 13409 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 13410 items: 13411 type: string 13412 type: array 13413 topologyKey: 13414 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 13415 type: string 13416 required: 13417 - topologyKey 13418 type: object 13419 type: array 13420 type: object 13421 type: object 13422 automountServiceAccountToken: 13423 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 13424 type: boolean 13425 containers: 13426 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. 13427 items: 13428 properties: 13429 args: 13430 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 13431 items: 13432 type: string 13433 type: array 13434 command: 13435 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 13436 items: 13437 type: string 13438 type: array 13439 env: 13440 description: List of environment variables to set in the container. Cannot be updated. 13441 items: 13442 properties: 13443 name: 13444 description: Name of the environment variable. Must be a C_IDENTIFIER. 13445 type: string 13446 value: 13447 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 13448 type: string 13449 valueFrom: 13450 description: Source for the environment variable's value. Cannot be used if value is not empty. 13451 properties: 13452 configMapKeyRef: 13453 description: Selects a key of a ConfigMap. 13454 properties: 13455 key: 13456 description: The key to select. 13457 type: string 13458 name: 13459 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 13460 type: string 13461 optional: 13462 description: Specify whether the ConfigMap or its key must be defined 13463 type: boolean 13464 required: 13465 - key 13466 type: object 13467 x-kubernetes-map-type: atomic 13468 fieldRef: 13469 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 13470 properties: 13471 apiVersion: 13472 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 13473 type: string 13474 fieldPath: 13475 description: Path of the field to select in the specified API version. 13476 type: string 13477 required: 13478 - fieldPath 13479 type: object 13480 x-kubernetes-map-type: atomic 13481 resourceFieldRef: 13482 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 13483 properties: 13484 containerName: 13485 description: "Container name: required for volumes, optional for env vars" 13486 type: string 13487 divisor: 13488 description: Specifies the output format of the exposed resources, defaults to "1" 13489 type: string 13490 resource: 13491 description: "Required: resource to select" 13492 type: string 13493 required: 13494 - resource 13495 type: object 13496 x-kubernetes-map-type: atomic 13497 secretKeyRef: 13498 description: Selects a key of a secret in the pod's namespace 13499 properties: 13500 key: 13501 description: The key of the secret to select from. Must be a valid secret key. 13502 type: string 13503 name: 13504 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 13505 type: string 13506 optional: 13507 description: Specify whether the Secret or its key must be defined 13508 type: boolean 13509 required: 13510 - key 13511 type: object 13512 x-kubernetes-map-type: atomic 13513 type: object 13514 required: 13515 - name 13516 type: object 13517 type: array 13518 envFrom: 13519 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 13520 items: 13521 properties: 13522 configMapRef: 13523 description: The ConfigMap to select from 13524 properties: 13525 name: 13526 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 13527 type: string 13528 optional: 13529 description: Specify whether the ConfigMap must be defined 13530 type: boolean 13531 type: object 13532 prefix: 13533 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 13534 type: string 13535 secretRef: 13536 description: The Secret to select from 13537 properties: 13538 name: 13539 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 13540 type: string 13541 optional: 13542 description: Specify whether the Secret must be defined 13543 type: boolean 13544 type: object 13545 type: object 13546 type: array 13547 image: 13548 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 13549 type: string 13550 imagePullPolicy: 13551 description: |- 13552 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 13553 13554 Possible enum values: 13555 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 13556 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 13557 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 13558 enum: 13559 - Always 13560 - IfNotPresent 13561 - Never 13562 type: string 13563 lifecycle: 13564 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 13565 properties: 13566 postStart: 13567 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 13568 properties: 13569 exec: 13570 description: Exec specifies a command to execute in the container. 13571 properties: 13572 command: 13573 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 13574 items: 13575 type: string 13576 type: array 13577 type: object 13578 httpGet: 13579 description: HTTPGet specifies an HTTP GET request to perform. 13580 properties: 13581 host: 13582 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 13583 type: string 13584 httpHeaders: 13585 description: Custom headers to set in the request. HTTP allows repeated headers. 13586 items: 13587 properties: 13588 name: 13589 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 13590 type: string 13591 value: 13592 description: The header field value 13593 type: string 13594 required: 13595 - name 13596 - value 13597 type: object 13598 type: array 13599 path: 13600 description: Path to access on the HTTP server. 13601 type: string 13602 port: 13603 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 13604 format: int-or-string 13605 x-kubernetes-int-or-string: true 13606 scheme: 13607 description: |- 13608 Scheme to use for connecting to the host. Defaults to HTTP. 13609 13610 Possible enum values: 13611 - `"HTTP"` means that the scheme used will be http:// 13612 - `"HTTPS"` means that the scheme used will be https:// 13613 enum: 13614 - HTTP 13615 - HTTPS 13616 type: string 13617 required: 13618 - port 13619 type: object 13620 sleep: 13621 description: Sleep represents a duration that the container should sleep. 13622 properties: 13623 seconds: 13624 description: Seconds is the number of seconds to sleep. 13625 format: int64 13626 type: integer 13627 required: 13628 - seconds 13629 type: object 13630 tcpSocket: 13631 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 13632 properties: 13633 host: 13634 description: "Optional: Host name to connect to, defaults to the pod IP." 13635 type: string 13636 port: 13637 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 13638 format: int-or-string 13639 x-kubernetes-int-or-string: true 13640 required: 13641 - port 13642 type: object 13643 type: object 13644 preStop: 13645 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 13646 properties: 13647 exec: 13648 description: Exec specifies a command to execute in the container. 13649 properties: 13650 command: 13651 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 13652 items: 13653 type: string 13654 type: array 13655 type: object 13656 httpGet: 13657 description: HTTPGet specifies an HTTP GET request to perform. 13658 properties: 13659 host: 13660 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 13661 type: string 13662 httpHeaders: 13663 description: Custom headers to set in the request. HTTP allows repeated headers. 13664 items: 13665 properties: 13666 name: 13667 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 13668 type: string 13669 value: 13670 description: The header field value 13671 type: string 13672 required: 13673 - name 13674 - value 13675 type: object 13676 type: array 13677 path: 13678 description: Path to access on the HTTP server. 13679 type: string 13680 port: 13681 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 13682 format: int-or-string 13683 x-kubernetes-int-or-string: true 13684 scheme: 13685 description: |- 13686 Scheme to use for connecting to the host. Defaults to HTTP. 13687 13688 Possible enum values: 13689 - `"HTTP"` means that the scheme used will be http:// 13690 - `"HTTPS"` means that the scheme used will be https:// 13691 enum: 13692 - HTTP 13693 - HTTPS 13694 type: string 13695 required: 13696 - port 13697 type: object 13698 sleep: 13699 description: Sleep represents a duration that the container should sleep. 13700 properties: 13701 seconds: 13702 description: Seconds is the number of seconds to sleep. 13703 format: int64 13704 type: integer 13705 required: 13706 - seconds 13707 type: object 13708 tcpSocket: 13709 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 13710 properties: 13711 host: 13712 description: "Optional: Host name to connect to, defaults to the pod IP." 13713 type: string 13714 port: 13715 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 13716 format: int-or-string 13717 x-kubernetes-int-or-string: true 13718 required: 13719 - port 13720 type: object 13721 type: object 13722 type: object 13723 livenessProbe: 13724 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 13725 properties: 13726 exec: 13727 description: Exec specifies a command to execute in the container. 13728 properties: 13729 command: 13730 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 13731 items: 13732 type: string 13733 type: array 13734 type: object 13735 failureThreshold: 13736 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 13737 format: int32 13738 type: integer 13739 grpc: 13740 description: GRPC specifies a GRPC HealthCheckRequest. 13741 properties: 13742 port: 13743 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 13744 format: int32 13745 type: integer 13746 service: 13747 description: |- 13748 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 13749 13750 If this is not specified, the default behavior is defined by gRPC. 13751 type: string 13752 required: 13753 - port 13754 type: object 13755 httpGet: 13756 description: HTTPGet specifies an HTTP GET request to perform. 13757 properties: 13758 host: 13759 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 13760 type: string 13761 httpHeaders: 13762 description: Custom headers to set in the request. HTTP allows repeated headers. 13763 items: 13764 properties: 13765 name: 13766 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 13767 type: string 13768 value: 13769 description: The header field value 13770 type: string 13771 required: 13772 - name 13773 - value 13774 type: object 13775 type: array 13776 path: 13777 description: Path to access on the HTTP server. 13778 type: string 13779 port: 13780 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 13781 format: int-or-string 13782 x-kubernetes-int-or-string: true 13783 scheme: 13784 description: |- 13785 Scheme to use for connecting to the host. Defaults to HTTP. 13786 13787 Possible enum values: 13788 - `"HTTP"` means that the scheme used will be http:// 13789 - `"HTTPS"` means that the scheme used will be https:// 13790 enum: 13791 - HTTP 13792 - HTTPS 13793 type: string 13794 required: 13795 - port 13796 type: object 13797 initialDelaySeconds: 13798 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 13799 format: int32 13800 type: integer 13801 periodSeconds: 13802 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 13803 format: int32 13804 type: integer 13805 successThreshold: 13806 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 13807 format: int32 13808 type: integer 13809 tcpSocket: 13810 description: TCPSocket specifies a connection to a TCP port. 13811 properties: 13812 host: 13813 description: "Optional: Host name to connect to, defaults to the pod IP." 13814 type: string 13815 port: 13816 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 13817 format: int-or-string 13818 x-kubernetes-int-or-string: true 13819 required: 13820 - port 13821 type: object 13822 terminationGracePeriodSeconds: 13823 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 13824 format: int64 13825 type: integer 13826 timeoutSeconds: 13827 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 13828 format: int32 13829 type: integer 13830 type: object 13831 name: 13832 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 13833 type: string 13834 ports: 13835 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 13836 items: 13837 properties: 13838 containerPort: 13839 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 13840 format: int32 13841 type: integer 13842 hostIP: 13843 description: What host IP to bind the external port to. 13844 type: string 13845 hostPort: 13846 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 13847 format: int32 13848 type: integer 13849 name: 13850 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 13851 type: string 13852 protocol: 13853 description: |- 13854 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 13855 13856 Possible enum values: 13857 - `"SCTP"` is the SCTP protocol. 13858 - `"TCP"` is the TCP protocol. 13859 - `"UDP"` is the UDP protocol. 13860 enum: 13861 - SCTP 13862 - TCP 13863 - UDP 13864 type: string 13865 required: 13866 - containerPort 13867 type: object 13868 type: array 13869 readinessProbe: 13870 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 13871 properties: 13872 exec: 13873 description: Exec specifies a command to execute in the container. 13874 properties: 13875 command: 13876 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 13877 items: 13878 type: string 13879 type: array 13880 type: object 13881 failureThreshold: 13882 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 13883 format: int32 13884 type: integer 13885 grpc: 13886 description: GRPC specifies a GRPC HealthCheckRequest. 13887 properties: 13888 port: 13889 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 13890 format: int32 13891 type: integer 13892 service: 13893 description: |- 13894 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 13895 13896 If this is not specified, the default behavior is defined by gRPC. 13897 type: string 13898 required: 13899 - port 13900 type: object 13901 httpGet: 13902 description: HTTPGet specifies an HTTP GET request to perform. 13903 properties: 13904 host: 13905 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 13906 type: string 13907 httpHeaders: 13908 description: Custom headers to set in the request. HTTP allows repeated headers. 13909 items: 13910 properties: 13911 name: 13912 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 13913 type: string 13914 value: 13915 description: The header field value 13916 type: string 13917 required: 13918 - name 13919 - value 13920 type: object 13921 type: array 13922 path: 13923 description: Path to access on the HTTP server. 13924 type: string 13925 port: 13926 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 13927 format: int-or-string 13928 x-kubernetes-int-or-string: true 13929 scheme: 13930 description: |- 13931 Scheme to use for connecting to the host. Defaults to HTTP. 13932 13933 Possible enum values: 13934 - `"HTTP"` means that the scheme used will be http:// 13935 - `"HTTPS"` means that the scheme used will be https:// 13936 enum: 13937 - HTTP 13938 - HTTPS 13939 type: string 13940 required: 13941 - port 13942 type: object 13943 initialDelaySeconds: 13944 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 13945 format: int32 13946 type: integer 13947 periodSeconds: 13948 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 13949 format: int32 13950 type: integer 13951 successThreshold: 13952 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 13953 format: int32 13954 type: integer 13955 tcpSocket: 13956 description: TCPSocket specifies a connection to a TCP port. 13957 properties: 13958 host: 13959 description: "Optional: Host name to connect to, defaults to the pod IP." 13960 type: string 13961 port: 13962 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 13963 format: int-or-string 13964 x-kubernetes-int-or-string: true 13965 required: 13966 - port 13967 type: object 13968 terminationGracePeriodSeconds: 13969 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 13970 format: int64 13971 type: integer 13972 timeoutSeconds: 13973 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 13974 format: int32 13975 type: integer 13976 type: object 13977 resizePolicy: 13978 description: Resources resize policy for the container. 13979 items: 13980 properties: 13981 resourceName: 13982 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 13983 type: string 13984 restartPolicy: 13985 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 13986 type: string 13987 required: 13988 - resourceName 13989 - restartPolicy 13990 type: object 13991 type: array 13992 resources: 13993 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 13994 properties: 13995 claims: 13996 description: |- 13997 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 13998 13999 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 14000 14001 This field is immutable. It can only be set for containers. 14002 items: 14003 properties: 14004 name: 14005 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 14006 type: string 14007 request: 14008 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 14009 type: string 14010 required: 14011 - name 14012 type: object 14013 type: array 14014 limits: 14015 additionalProperties: 14016 type: string 14017 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 14018 type: object 14019 requests: 14020 additionalProperties: 14021 type: string 14022 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 14023 type: object 14024 type: object 14025 restartPolicy: 14026 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 14027 type: string 14028 securityContext: 14029 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 14030 properties: 14031 allowPrivilegeEscalation: 14032 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 14033 type: boolean 14034 appArmorProfile: 14035 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 14036 properties: 14037 localhostProfile: 14038 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 14039 type: string 14040 type: 14041 description: |- 14042 type indicates which kind of AppArmor profile will be applied. Valid options are: 14043 Localhost - a profile pre-loaded on the node. 14044 RuntimeDefault - the container runtime's default profile. 14045 Unconfined - no AppArmor enforcement. 14046 14047 Possible enum values: 14048 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 14049 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 14050 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 14051 enum: 14052 - Localhost 14053 - RuntimeDefault 14054 - Unconfined 14055 type: string 14056 required: 14057 - type 14058 type: object 14059 capabilities: 14060 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 14061 properties: 14062 add: 14063 description: Added capabilities 14064 items: 14065 type: string 14066 type: array 14067 drop: 14068 description: Removed capabilities 14069 items: 14070 type: string 14071 type: array 14072 type: object 14073 privileged: 14074 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 14075 type: boolean 14076 procMount: 14077 description: |- 14078 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 14079 14080 Possible enum values: 14081 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 14082 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 14083 enum: 14084 - Default 14085 - Unmasked 14086 type: string 14087 readOnlyRootFilesystem: 14088 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 14089 type: boolean 14090 runAsGroup: 14091 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 14092 format: int64 14093 type: integer 14094 runAsNonRoot: 14095 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 14096 type: boolean 14097 runAsUser: 14098 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 14099 format: int64 14100 type: integer 14101 seLinuxOptions: 14102 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 14103 properties: 14104 level: 14105 description: Level is SELinux level label that applies to the container. 14106 type: string 14107 role: 14108 description: Role is a SELinux role label that applies to the container. 14109 type: string 14110 type: 14111 description: Type is a SELinux type label that applies to the container. 14112 type: string 14113 user: 14114 description: User is a SELinux user label that applies to the container. 14115 type: string 14116 type: object 14117 seccompProfile: 14118 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 14119 properties: 14120 localhostProfile: 14121 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 14122 type: string 14123 type: 14124 description: |- 14125 type indicates which kind of seccomp profile will be applied. Valid options are: 14126 14127 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 14128 14129 Possible enum values: 14130 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 14131 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 14132 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 14133 enum: 14134 - Localhost 14135 - RuntimeDefault 14136 - Unconfined 14137 type: string 14138 required: 14139 - type 14140 type: object 14141 windowsOptions: 14142 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 14143 properties: 14144 gmsaCredentialSpec: 14145 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 14146 type: string 14147 gmsaCredentialSpecName: 14148 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 14149 type: string 14150 hostProcess: 14151 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 14152 type: boolean 14153 runAsUserName: 14154 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 14155 type: string 14156 type: object 14157 type: object 14158 startupProbe: 14159 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14160 properties: 14161 exec: 14162 description: Exec specifies a command to execute in the container. 14163 properties: 14164 command: 14165 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 14166 items: 14167 type: string 14168 type: array 14169 type: object 14170 failureThreshold: 14171 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 14172 format: int32 14173 type: integer 14174 grpc: 14175 description: GRPC specifies a GRPC HealthCheckRequest. 14176 properties: 14177 port: 14178 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 14179 format: int32 14180 type: integer 14181 service: 14182 description: |- 14183 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 14184 14185 If this is not specified, the default behavior is defined by gRPC. 14186 type: string 14187 required: 14188 - port 14189 type: object 14190 httpGet: 14191 description: HTTPGet specifies an HTTP GET request to perform. 14192 properties: 14193 host: 14194 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 14195 type: string 14196 httpHeaders: 14197 description: Custom headers to set in the request. HTTP allows repeated headers. 14198 items: 14199 properties: 14200 name: 14201 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 14202 type: string 14203 value: 14204 description: The header field value 14205 type: string 14206 required: 14207 - name 14208 - value 14209 type: object 14210 type: array 14211 path: 14212 description: Path to access on the HTTP server. 14213 type: string 14214 port: 14215 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14216 format: int-or-string 14217 x-kubernetes-int-or-string: true 14218 scheme: 14219 description: |- 14220 Scheme to use for connecting to the host. Defaults to HTTP. 14221 14222 Possible enum values: 14223 - `"HTTP"` means that the scheme used will be http:// 14224 - `"HTTPS"` means that the scheme used will be https:// 14225 enum: 14226 - HTTP 14227 - HTTPS 14228 type: string 14229 required: 14230 - port 14231 type: object 14232 initialDelaySeconds: 14233 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14234 format: int32 14235 type: integer 14236 periodSeconds: 14237 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 14238 format: int32 14239 type: integer 14240 successThreshold: 14241 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 14242 format: int32 14243 type: integer 14244 tcpSocket: 14245 description: TCPSocket specifies a connection to a TCP port. 14246 properties: 14247 host: 14248 description: "Optional: Host name to connect to, defaults to the pod IP." 14249 type: string 14250 port: 14251 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14252 format: int-or-string 14253 x-kubernetes-int-or-string: true 14254 required: 14255 - port 14256 type: object 14257 terminationGracePeriodSeconds: 14258 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 14259 format: int64 14260 type: integer 14261 timeoutSeconds: 14262 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14263 format: int32 14264 type: integer 14265 type: object 14266 stdin: 14267 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 14268 type: boolean 14269 stdinOnce: 14270 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 14271 type: boolean 14272 terminationMessagePath: 14273 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 14274 type: string 14275 terminationMessagePolicy: 14276 description: |- 14277 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 14278 14279 Possible enum values: 14280 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 14281 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 14282 enum: 14283 - FallbackToLogsOnError 14284 - File 14285 type: string 14286 tty: 14287 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 14288 type: boolean 14289 volumeDevices: 14290 description: volumeDevices is the list of block devices to be used by the container. 14291 items: 14292 properties: 14293 devicePath: 14294 description: devicePath is the path inside of the container that the device will be mapped to. 14295 type: string 14296 name: 14297 description: name must match the name of a persistentVolumeClaim in the pod 14298 type: string 14299 required: 14300 - name 14301 - devicePath 14302 type: object 14303 type: array 14304 volumeMounts: 14305 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 14306 items: 14307 properties: 14308 mountPath: 14309 description: Path within the container at which the volume should be mounted. Must not contain ':'. 14310 type: string 14311 mountPropagation: 14312 description: |- 14313 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 14314 14315 Possible enum values: 14316 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 14317 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 14318 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 14319 enum: 14320 - Bidirectional 14321 - HostToContainer 14322 - None 14323 type: string 14324 name: 14325 description: This must match the Name of a Volume. 14326 type: string 14327 readOnly: 14328 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 14329 type: boolean 14330 recursiveReadOnly: 14331 description: |- 14332 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 14333 14334 If ReadOnly is false, this field has no meaning and must be unspecified. 14335 14336 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 14337 14338 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 14339 14340 If this field is not specified, it is treated as an equivalent of Disabled. 14341 type: string 14342 subPath: 14343 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 14344 type: string 14345 subPathExpr: 14346 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 14347 type: string 14348 required: 14349 - name 14350 - mountPath 14351 type: object 14352 type: array 14353 workingDir: 14354 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 14355 type: string 14356 required: 14357 - name 14358 type: object 14359 type: array 14360 dnsConfig: 14361 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. 14362 properties: 14363 nameservers: 14364 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. 14365 items: 14366 type: string 14367 type: array 14368 options: 14369 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. 14370 items: 14371 properties: 14372 name: 14373 description: Name is this DNS resolver option's name. Required. 14374 type: string 14375 value: 14376 description: Value is this DNS resolver option's value. 14377 type: string 14378 type: object 14379 type: array 14380 searches: 14381 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. 14382 items: 14383 type: string 14384 type: array 14385 type: object 14386 dnsPolicy: 14387 description: |- 14388 Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 14389 14390 Possible enum values: 14391 - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 14392 - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 14393 - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings. 14394 - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig. 14395 enum: 14396 - ClusterFirst 14397 - ClusterFirstWithHostNet 14398 - Default 14399 - None 14400 type: string 14401 enableServiceLinks: 14402 description: "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true." 14403 type: boolean 14404 ephemeralContainers: 14405 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 14406 items: 14407 properties: 14408 args: 14409 description: "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 14410 items: 14411 type: string 14412 type: array 14413 command: 14414 description: "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 14415 items: 14416 type: string 14417 type: array 14418 env: 14419 description: List of environment variables to set in the container. Cannot be updated. 14420 items: 14421 properties: 14422 name: 14423 description: Name of the environment variable. Must be a C_IDENTIFIER. 14424 type: string 14425 value: 14426 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 14427 type: string 14428 valueFrom: 14429 description: Source for the environment variable's value. Cannot be used if value is not empty. 14430 properties: 14431 configMapKeyRef: 14432 description: Selects a key of a ConfigMap. 14433 properties: 14434 key: 14435 description: The key to select. 14436 type: string 14437 name: 14438 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 14439 type: string 14440 optional: 14441 description: Specify whether the ConfigMap or its key must be defined 14442 type: boolean 14443 required: 14444 - key 14445 type: object 14446 x-kubernetes-map-type: atomic 14447 fieldRef: 14448 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 14449 properties: 14450 apiVersion: 14451 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 14452 type: string 14453 fieldPath: 14454 description: Path of the field to select in the specified API version. 14455 type: string 14456 required: 14457 - fieldPath 14458 type: object 14459 x-kubernetes-map-type: atomic 14460 resourceFieldRef: 14461 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 14462 properties: 14463 containerName: 14464 description: "Container name: required for volumes, optional for env vars" 14465 type: string 14466 divisor: 14467 description: Specifies the output format of the exposed resources, defaults to "1" 14468 type: string 14469 resource: 14470 description: "Required: resource to select" 14471 type: string 14472 required: 14473 - resource 14474 type: object 14475 x-kubernetes-map-type: atomic 14476 secretKeyRef: 14477 description: Selects a key of a secret in the pod's namespace 14478 properties: 14479 key: 14480 description: The key of the secret to select from. Must be a valid secret key. 14481 type: string 14482 name: 14483 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 14484 type: string 14485 optional: 14486 description: Specify whether the Secret or its key must be defined 14487 type: boolean 14488 required: 14489 - key 14490 type: object 14491 x-kubernetes-map-type: atomic 14492 type: object 14493 required: 14494 - name 14495 type: object 14496 type: array 14497 envFrom: 14498 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 14499 items: 14500 properties: 14501 configMapRef: 14502 description: The ConfigMap to select from 14503 properties: 14504 name: 14505 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 14506 type: string 14507 optional: 14508 description: Specify whether the ConfigMap must be defined 14509 type: boolean 14510 type: object 14511 prefix: 14512 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 14513 type: string 14514 secretRef: 14515 description: The Secret to select from 14516 properties: 14517 name: 14518 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 14519 type: string 14520 optional: 14521 description: Specify whether the Secret must be defined 14522 type: boolean 14523 type: object 14524 type: object 14525 type: array 14526 image: 14527 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images" 14528 type: string 14529 imagePullPolicy: 14530 description: |- 14531 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 14532 14533 Possible enum values: 14534 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 14535 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 14536 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 14537 enum: 14538 - Always 14539 - IfNotPresent 14540 - Never 14541 type: string 14542 lifecycle: 14543 description: Lifecycle is not allowed for ephemeral containers. 14544 properties: 14545 postStart: 14546 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 14547 properties: 14548 exec: 14549 description: Exec specifies a command to execute in the container. 14550 properties: 14551 command: 14552 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 14553 items: 14554 type: string 14555 type: array 14556 type: object 14557 httpGet: 14558 description: HTTPGet specifies an HTTP GET request to perform. 14559 properties: 14560 host: 14561 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 14562 type: string 14563 httpHeaders: 14564 description: Custom headers to set in the request. HTTP allows repeated headers. 14565 items: 14566 properties: 14567 name: 14568 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 14569 type: string 14570 value: 14571 description: The header field value 14572 type: string 14573 required: 14574 - name 14575 - value 14576 type: object 14577 type: array 14578 path: 14579 description: Path to access on the HTTP server. 14580 type: string 14581 port: 14582 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14583 format: int-or-string 14584 x-kubernetes-int-or-string: true 14585 scheme: 14586 description: |- 14587 Scheme to use for connecting to the host. Defaults to HTTP. 14588 14589 Possible enum values: 14590 - `"HTTP"` means that the scheme used will be http:// 14591 - `"HTTPS"` means that the scheme used will be https:// 14592 enum: 14593 - HTTP 14594 - HTTPS 14595 type: string 14596 required: 14597 - port 14598 type: object 14599 sleep: 14600 description: Sleep represents a duration that the container should sleep. 14601 properties: 14602 seconds: 14603 description: Seconds is the number of seconds to sleep. 14604 format: int64 14605 type: integer 14606 required: 14607 - seconds 14608 type: object 14609 tcpSocket: 14610 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 14611 properties: 14612 host: 14613 description: "Optional: Host name to connect to, defaults to the pod IP." 14614 type: string 14615 port: 14616 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14617 format: int-or-string 14618 x-kubernetes-int-or-string: true 14619 required: 14620 - port 14621 type: object 14622 type: object 14623 preStop: 14624 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 14625 properties: 14626 exec: 14627 description: Exec specifies a command to execute in the container. 14628 properties: 14629 command: 14630 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 14631 items: 14632 type: string 14633 type: array 14634 type: object 14635 httpGet: 14636 description: HTTPGet specifies an HTTP GET request to perform. 14637 properties: 14638 host: 14639 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 14640 type: string 14641 httpHeaders: 14642 description: Custom headers to set in the request. HTTP allows repeated headers. 14643 items: 14644 properties: 14645 name: 14646 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 14647 type: string 14648 value: 14649 description: The header field value 14650 type: string 14651 required: 14652 - name 14653 - value 14654 type: object 14655 type: array 14656 path: 14657 description: Path to access on the HTTP server. 14658 type: string 14659 port: 14660 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14661 format: int-or-string 14662 x-kubernetes-int-or-string: true 14663 scheme: 14664 description: |- 14665 Scheme to use for connecting to the host. Defaults to HTTP. 14666 14667 Possible enum values: 14668 - `"HTTP"` means that the scheme used will be http:// 14669 - `"HTTPS"` means that the scheme used will be https:// 14670 enum: 14671 - HTTP 14672 - HTTPS 14673 type: string 14674 required: 14675 - port 14676 type: object 14677 sleep: 14678 description: Sleep represents a duration that the container should sleep. 14679 properties: 14680 seconds: 14681 description: Seconds is the number of seconds to sleep. 14682 format: int64 14683 type: integer 14684 required: 14685 - seconds 14686 type: object 14687 tcpSocket: 14688 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 14689 properties: 14690 host: 14691 description: "Optional: Host name to connect to, defaults to the pod IP." 14692 type: string 14693 port: 14694 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14695 format: int-or-string 14696 x-kubernetes-int-or-string: true 14697 required: 14698 - port 14699 type: object 14700 type: object 14701 type: object 14702 livenessProbe: 14703 description: Probes are not allowed for ephemeral containers. 14704 properties: 14705 exec: 14706 description: Exec specifies a command to execute in the container. 14707 properties: 14708 command: 14709 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 14710 items: 14711 type: string 14712 type: array 14713 type: object 14714 failureThreshold: 14715 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 14716 format: int32 14717 type: integer 14718 grpc: 14719 description: GRPC specifies a GRPC HealthCheckRequest. 14720 properties: 14721 port: 14722 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 14723 format: int32 14724 type: integer 14725 service: 14726 description: |- 14727 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 14728 14729 If this is not specified, the default behavior is defined by gRPC. 14730 type: string 14731 required: 14732 - port 14733 type: object 14734 httpGet: 14735 description: HTTPGet specifies an HTTP GET request to perform. 14736 properties: 14737 host: 14738 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 14739 type: string 14740 httpHeaders: 14741 description: Custom headers to set in the request. HTTP allows repeated headers. 14742 items: 14743 properties: 14744 name: 14745 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 14746 type: string 14747 value: 14748 description: The header field value 14749 type: string 14750 required: 14751 - name 14752 - value 14753 type: object 14754 type: array 14755 path: 14756 description: Path to access on the HTTP server. 14757 type: string 14758 port: 14759 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14760 format: int-or-string 14761 x-kubernetes-int-or-string: true 14762 scheme: 14763 description: |- 14764 Scheme to use for connecting to the host. Defaults to HTTP. 14765 14766 Possible enum values: 14767 - `"HTTP"` means that the scheme used will be http:// 14768 - `"HTTPS"` means that the scheme used will be https:// 14769 enum: 14770 - HTTP 14771 - HTTPS 14772 type: string 14773 required: 14774 - port 14775 type: object 14776 initialDelaySeconds: 14777 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14778 format: int32 14779 type: integer 14780 periodSeconds: 14781 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 14782 format: int32 14783 type: integer 14784 successThreshold: 14785 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 14786 format: int32 14787 type: integer 14788 tcpSocket: 14789 description: TCPSocket specifies a connection to a TCP port. 14790 properties: 14791 host: 14792 description: "Optional: Host name to connect to, defaults to the pod IP." 14793 type: string 14794 port: 14795 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14796 format: int-or-string 14797 x-kubernetes-int-or-string: true 14798 required: 14799 - port 14800 type: object 14801 terminationGracePeriodSeconds: 14802 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 14803 format: int64 14804 type: integer 14805 timeoutSeconds: 14806 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14807 format: int32 14808 type: integer 14809 type: object 14810 name: 14811 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. 14812 type: string 14813 ports: 14814 description: Ports are not allowed for ephemeral containers. 14815 items: 14816 properties: 14817 containerPort: 14818 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 14819 format: int32 14820 type: integer 14821 hostIP: 14822 description: What host IP to bind the external port to. 14823 type: string 14824 hostPort: 14825 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 14826 format: int32 14827 type: integer 14828 name: 14829 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 14830 type: string 14831 protocol: 14832 description: |- 14833 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 14834 14835 Possible enum values: 14836 - `"SCTP"` is the SCTP protocol. 14837 - `"TCP"` is the TCP protocol. 14838 - `"UDP"` is the UDP protocol. 14839 enum: 14840 - SCTP 14841 - TCP 14842 - UDP 14843 type: string 14844 required: 14845 - containerPort 14846 type: object 14847 type: array 14848 readinessProbe: 14849 description: Probes are not allowed for ephemeral containers. 14850 properties: 14851 exec: 14852 description: Exec specifies a command to execute in the container. 14853 properties: 14854 command: 14855 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 14856 items: 14857 type: string 14858 type: array 14859 type: object 14860 failureThreshold: 14861 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 14862 format: int32 14863 type: integer 14864 grpc: 14865 description: GRPC specifies a GRPC HealthCheckRequest. 14866 properties: 14867 port: 14868 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 14869 format: int32 14870 type: integer 14871 service: 14872 description: |- 14873 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 14874 14875 If this is not specified, the default behavior is defined by gRPC. 14876 type: string 14877 required: 14878 - port 14879 type: object 14880 httpGet: 14881 description: HTTPGet specifies an HTTP GET request to perform. 14882 properties: 14883 host: 14884 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 14885 type: string 14886 httpHeaders: 14887 description: Custom headers to set in the request. HTTP allows repeated headers. 14888 items: 14889 properties: 14890 name: 14891 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 14892 type: string 14893 value: 14894 description: The header field value 14895 type: string 14896 required: 14897 - name 14898 - value 14899 type: object 14900 type: array 14901 path: 14902 description: Path to access on the HTTP server. 14903 type: string 14904 port: 14905 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14906 format: int-or-string 14907 x-kubernetes-int-or-string: true 14908 scheme: 14909 description: |- 14910 Scheme to use for connecting to the host. Defaults to HTTP. 14911 14912 Possible enum values: 14913 - `"HTTP"` means that the scheme used will be http:// 14914 - `"HTTPS"` means that the scheme used will be https:// 14915 enum: 14916 - HTTP 14917 - HTTPS 14918 type: string 14919 required: 14920 - port 14921 type: object 14922 initialDelaySeconds: 14923 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14924 format: int32 14925 type: integer 14926 periodSeconds: 14927 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 14928 format: int32 14929 type: integer 14930 successThreshold: 14931 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 14932 format: int32 14933 type: integer 14934 tcpSocket: 14935 description: TCPSocket specifies a connection to a TCP port. 14936 properties: 14937 host: 14938 description: "Optional: Host name to connect to, defaults to the pod IP." 14939 type: string 14940 port: 14941 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14942 format: int-or-string 14943 x-kubernetes-int-or-string: true 14944 required: 14945 - port 14946 type: object 14947 terminationGracePeriodSeconds: 14948 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 14949 format: int64 14950 type: integer 14951 timeoutSeconds: 14952 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14953 format: int32 14954 type: integer 14955 type: object 14956 resizePolicy: 14957 description: Resources resize policy for the container. 14958 items: 14959 properties: 14960 resourceName: 14961 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 14962 type: string 14963 restartPolicy: 14964 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 14965 type: string 14966 required: 14967 - resourceName 14968 - restartPolicy 14969 type: object 14970 type: array 14971 resources: 14972 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. 14973 properties: 14974 claims: 14975 description: |- 14976 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 14977 14978 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 14979 14980 This field is immutable. It can only be set for containers. 14981 items: 14982 properties: 14983 name: 14984 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 14985 type: string 14986 request: 14987 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 14988 type: string 14989 required: 14990 - name 14991 type: object 14992 type: array 14993 limits: 14994 additionalProperties: 14995 type: string 14996 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 14997 type: object 14998 requests: 14999 additionalProperties: 15000 type: string 15001 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 15002 type: object 15003 type: object 15004 restartPolicy: 15005 description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. 15006 type: string 15007 securityContext: 15008 description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." 15009 properties: 15010 allowPrivilegeEscalation: 15011 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 15012 type: boolean 15013 appArmorProfile: 15014 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 15015 properties: 15016 localhostProfile: 15017 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 15018 type: string 15019 type: 15020 description: |- 15021 type indicates which kind of AppArmor profile will be applied. Valid options are: 15022 Localhost - a profile pre-loaded on the node. 15023 RuntimeDefault - the container runtime's default profile. 15024 Unconfined - no AppArmor enforcement. 15025 15026 Possible enum values: 15027 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 15028 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 15029 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 15030 enum: 15031 - Localhost 15032 - RuntimeDefault 15033 - Unconfined 15034 type: string 15035 required: 15036 - type 15037 type: object 15038 capabilities: 15039 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 15040 properties: 15041 add: 15042 description: Added capabilities 15043 items: 15044 type: string 15045 type: array 15046 drop: 15047 description: Removed capabilities 15048 items: 15049 type: string 15050 type: array 15051 type: object 15052 privileged: 15053 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 15054 type: boolean 15055 procMount: 15056 description: |- 15057 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 15058 15059 Possible enum values: 15060 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 15061 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 15062 enum: 15063 - Default 15064 - Unmasked 15065 type: string 15066 readOnlyRootFilesystem: 15067 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 15068 type: boolean 15069 runAsGroup: 15070 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 15071 format: int64 15072 type: integer 15073 runAsNonRoot: 15074 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 15075 type: boolean 15076 runAsUser: 15077 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 15078 format: int64 15079 type: integer 15080 seLinuxOptions: 15081 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 15082 properties: 15083 level: 15084 description: Level is SELinux level label that applies to the container. 15085 type: string 15086 role: 15087 description: Role is a SELinux role label that applies to the container. 15088 type: string 15089 type: 15090 description: Type is a SELinux type label that applies to the container. 15091 type: string 15092 user: 15093 description: User is a SELinux user label that applies to the container. 15094 type: string 15095 type: object 15096 seccompProfile: 15097 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 15098 properties: 15099 localhostProfile: 15100 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 15101 type: string 15102 type: 15103 description: |- 15104 type indicates which kind of seccomp profile will be applied. Valid options are: 15105 15106 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 15107 15108 Possible enum values: 15109 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 15110 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 15111 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 15112 enum: 15113 - Localhost 15114 - RuntimeDefault 15115 - Unconfined 15116 type: string 15117 required: 15118 - type 15119 type: object 15120 windowsOptions: 15121 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 15122 properties: 15123 gmsaCredentialSpec: 15124 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 15125 type: string 15126 gmsaCredentialSpecName: 15127 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 15128 type: string 15129 hostProcess: 15130 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 15131 type: boolean 15132 runAsUserName: 15133 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 15134 type: string 15135 type: object 15136 type: object 15137 startupProbe: 15138 description: Probes are not allowed for ephemeral containers. 15139 properties: 15140 exec: 15141 description: Exec specifies a command to execute in the container. 15142 properties: 15143 command: 15144 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 15145 items: 15146 type: string 15147 type: array 15148 type: object 15149 failureThreshold: 15150 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 15151 format: int32 15152 type: integer 15153 grpc: 15154 description: GRPC specifies a GRPC HealthCheckRequest. 15155 properties: 15156 port: 15157 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 15158 format: int32 15159 type: integer 15160 service: 15161 description: |- 15162 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 15163 15164 If this is not specified, the default behavior is defined by gRPC. 15165 type: string 15166 required: 15167 - port 15168 type: object 15169 httpGet: 15170 description: HTTPGet specifies an HTTP GET request to perform. 15171 properties: 15172 host: 15173 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 15174 type: string 15175 httpHeaders: 15176 description: Custom headers to set in the request. HTTP allows repeated headers. 15177 items: 15178 properties: 15179 name: 15180 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 15181 type: string 15182 value: 15183 description: The header field value 15184 type: string 15185 required: 15186 - name 15187 - value 15188 type: object 15189 type: array 15190 path: 15191 description: Path to access on the HTTP server. 15192 type: string 15193 port: 15194 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15195 format: int-or-string 15196 x-kubernetes-int-or-string: true 15197 scheme: 15198 description: |- 15199 Scheme to use for connecting to the host. Defaults to HTTP. 15200 15201 Possible enum values: 15202 - `"HTTP"` means that the scheme used will be http:// 15203 - `"HTTPS"` means that the scheme used will be https:// 15204 enum: 15205 - HTTP 15206 - HTTPS 15207 type: string 15208 required: 15209 - port 15210 type: object 15211 initialDelaySeconds: 15212 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15213 format: int32 15214 type: integer 15215 periodSeconds: 15216 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 15217 format: int32 15218 type: integer 15219 successThreshold: 15220 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 15221 format: int32 15222 type: integer 15223 tcpSocket: 15224 description: TCPSocket specifies a connection to a TCP port. 15225 properties: 15226 host: 15227 description: "Optional: Host name to connect to, defaults to the pod IP." 15228 type: string 15229 port: 15230 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15231 format: int-or-string 15232 x-kubernetes-int-or-string: true 15233 required: 15234 - port 15235 type: object 15236 terminationGracePeriodSeconds: 15237 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 15238 format: int64 15239 type: integer 15240 timeoutSeconds: 15241 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15242 format: int32 15243 type: integer 15244 type: object 15245 stdin: 15246 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 15247 type: boolean 15248 stdinOnce: 15249 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 15250 type: boolean 15251 targetContainerName: 15252 description: |- 15253 If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. 15254 15255 The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined. 15256 type: string 15257 terminationMessagePath: 15258 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 15259 type: string 15260 terminationMessagePolicy: 15261 description: |- 15262 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 15263 15264 Possible enum values: 15265 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 15266 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 15267 enum: 15268 - FallbackToLogsOnError 15269 - File 15270 type: string 15271 tty: 15272 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 15273 type: boolean 15274 volumeDevices: 15275 description: volumeDevices is the list of block devices to be used by the container. 15276 items: 15277 properties: 15278 devicePath: 15279 description: devicePath is the path inside of the container that the device will be mapped to. 15280 type: string 15281 name: 15282 description: name must match the name of a persistentVolumeClaim in the pod 15283 type: string 15284 required: 15285 - name 15286 - devicePath 15287 type: object 15288 type: array 15289 volumeMounts: 15290 description: Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. 15291 items: 15292 properties: 15293 mountPath: 15294 description: Path within the container at which the volume should be mounted. Must not contain ':'. 15295 type: string 15296 mountPropagation: 15297 description: |- 15298 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 15299 15300 Possible enum values: 15301 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 15302 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 15303 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 15304 enum: 15305 - Bidirectional 15306 - HostToContainer 15307 - None 15308 type: string 15309 name: 15310 description: This must match the Name of a Volume. 15311 type: string 15312 readOnly: 15313 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 15314 type: boolean 15315 recursiveReadOnly: 15316 description: |- 15317 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 15318 15319 If ReadOnly is false, this field has no meaning and must be unspecified. 15320 15321 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 15322 15323 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 15324 15325 If this field is not specified, it is treated as an equivalent of Disabled. 15326 type: string 15327 subPath: 15328 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 15329 type: string 15330 subPathExpr: 15331 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 15332 type: string 15333 required: 15334 - name 15335 - mountPath 15336 type: object 15337 type: array 15338 workingDir: 15339 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 15340 type: string 15341 required: 15342 - name 15343 type: object 15344 type: array 15345 hostAliases: 15346 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. 15347 items: 15348 properties: 15349 hostnames: 15350 description: Hostnames for the above IP address. 15351 items: 15352 type: string 15353 type: array 15354 ip: 15355 description: IP address of the host file entry. 15356 type: string 15357 required: 15358 - ip 15359 type: object 15360 type: array 15361 hostIPC: 15362 description: "Use the host's ipc namespace. Optional: Default to false." 15363 type: boolean 15364 hostNetwork: 15365 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. 15366 type: boolean 15367 hostPID: 15368 description: "Use the host's pid namespace. Optional: Default to false." 15369 type: boolean 15370 hostUsers: 15371 description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." 15372 type: boolean 15373 hostname: 15374 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. 15375 type: string 15376 imagePullSecrets: 15377 description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" 15378 items: 15379 properties: 15380 name: 15381 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 15382 type: string 15383 type: object 15384 x-kubernetes-map-type: atomic 15385 type: array 15386 initContainers: 15387 description: "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" 15388 items: 15389 properties: 15390 args: 15391 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 15392 items: 15393 type: string 15394 type: array 15395 command: 15396 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 15397 items: 15398 type: string 15399 type: array 15400 env: 15401 description: List of environment variables to set in the container. Cannot be updated. 15402 items: 15403 properties: 15404 name: 15405 description: Name of the environment variable. Must be a C_IDENTIFIER. 15406 type: string 15407 value: 15408 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 15409 type: string 15410 valueFrom: 15411 description: Source for the environment variable's value. Cannot be used if value is not empty. 15412 properties: 15413 configMapKeyRef: 15414 description: Selects a key of a ConfigMap. 15415 properties: 15416 key: 15417 description: The key to select. 15418 type: string 15419 name: 15420 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 15421 type: string 15422 optional: 15423 description: Specify whether the ConfigMap or its key must be defined 15424 type: boolean 15425 required: 15426 - key 15427 type: object 15428 x-kubernetes-map-type: atomic 15429 fieldRef: 15430 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 15431 properties: 15432 apiVersion: 15433 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 15434 type: string 15435 fieldPath: 15436 description: Path of the field to select in the specified API version. 15437 type: string 15438 required: 15439 - fieldPath 15440 type: object 15441 x-kubernetes-map-type: atomic 15442 resourceFieldRef: 15443 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 15444 properties: 15445 containerName: 15446 description: "Container name: required for volumes, optional for env vars" 15447 type: string 15448 divisor: 15449 description: Specifies the output format of the exposed resources, defaults to "1" 15450 type: string 15451 resource: 15452 description: "Required: resource to select" 15453 type: string 15454 required: 15455 - resource 15456 type: object 15457 x-kubernetes-map-type: atomic 15458 secretKeyRef: 15459 description: Selects a key of a secret in the pod's namespace 15460 properties: 15461 key: 15462 description: The key of the secret to select from. Must be a valid secret key. 15463 type: string 15464 name: 15465 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 15466 type: string 15467 optional: 15468 description: Specify whether the Secret or its key must be defined 15469 type: boolean 15470 required: 15471 - key 15472 type: object 15473 x-kubernetes-map-type: atomic 15474 type: object 15475 required: 15476 - name 15477 type: object 15478 type: array 15479 envFrom: 15480 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 15481 items: 15482 properties: 15483 configMapRef: 15484 description: The ConfigMap to select from 15485 properties: 15486 name: 15487 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 15488 type: string 15489 optional: 15490 description: Specify whether the ConfigMap must be defined 15491 type: boolean 15492 type: object 15493 prefix: 15494 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 15495 type: string 15496 secretRef: 15497 description: The Secret to select from 15498 properties: 15499 name: 15500 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 15501 type: string 15502 optional: 15503 description: Specify whether the Secret must be defined 15504 type: boolean 15505 type: object 15506 type: object 15507 type: array 15508 image: 15509 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 15510 type: string 15511 imagePullPolicy: 15512 description: |- 15513 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 15514 15515 Possible enum values: 15516 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 15517 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 15518 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 15519 enum: 15520 - Always 15521 - IfNotPresent 15522 - Never 15523 type: string 15524 lifecycle: 15525 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 15526 properties: 15527 postStart: 15528 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 15529 properties: 15530 exec: 15531 description: Exec specifies a command to execute in the container. 15532 properties: 15533 command: 15534 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 15535 items: 15536 type: string 15537 type: array 15538 type: object 15539 httpGet: 15540 description: HTTPGet specifies an HTTP GET request to perform. 15541 properties: 15542 host: 15543 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 15544 type: string 15545 httpHeaders: 15546 description: Custom headers to set in the request. HTTP allows repeated headers. 15547 items: 15548 properties: 15549 name: 15550 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 15551 type: string 15552 value: 15553 description: The header field value 15554 type: string 15555 required: 15556 - name 15557 - value 15558 type: object 15559 type: array 15560 path: 15561 description: Path to access on the HTTP server. 15562 type: string 15563 port: 15564 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15565 format: int-or-string 15566 x-kubernetes-int-or-string: true 15567 scheme: 15568 description: |- 15569 Scheme to use for connecting to the host. Defaults to HTTP. 15570 15571 Possible enum values: 15572 - `"HTTP"` means that the scheme used will be http:// 15573 - `"HTTPS"` means that the scheme used will be https:// 15574 enum: 15575 - HTTP 15576 - HTTPS 15577 type: string 15578 required: 15579 - port 15580 type: object 15581 sleep: 15582 description: Sleep represents a duration that the container should sleep. 15583 properties: 15584 seconds: 15585 description: Seconds is the number of seconds to sleep. 15586 format: int64 15587 type: integer 15588 required: 15589 - seconds 15590 type: object 15591 tcpSocket: 15592 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 15593 properties: 15594 host: 15595 description: "Optional: Host name to connect to, defaults to the pod IP." 15596 type: string 15597 port: 15598 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15599 format: int-or-string 15600 x-kubernetes-int-or-string: true 15601 required: 15602 - port 15603 type: object 15604 type: object 15605 preStop: 15606 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 15607 properties: 15608 exec: 15609 description: Exec specifies a command to execute in the container. 15610 properties: 15611 command: 15612 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 15613 items: 15614 type: string 15615 type: array 15616 type: object 15617 httpGet: 15618 description: HTTPGet specifies an HTTP GET request to perform. 15619 properties: 15620 host: 15621 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 15622 type: string 15623 httpHeaders: 15624 description: Custom headers to set in the request. HTTP allows repeated headers. 15625 items: 15626 properties: 15627 name: 15628 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 15629 type: string 15630 value: 15631 description: The header field value 15632 type: string 15633 required: 15634 - name 15635 - value 15636 type: object 15637 type: array 15638 path: 15639 description: Path to access on the HTTP server. 15640 type: string 15641 port: 15642 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15643 format: int-or-string 15644 x-kubernetes-int-or-string: true 15645 scheme: 15646 description: |- 15647 Scheme to use for connecting to the host. Defaults to HTTP. 15648 15649 Possible enum values: 15650 - `"HTTP"` means that the scheme used will be http:// 15651 - `"HTTPS"` means that the scheme used will be https:// 15652 enum: 15653 - HTTP 15654 - HTTPS 15655 type: string 15656 required: 15657 - port 15658 type: object 15659 sleep: 15660 description: Sleep represents a duration that the container should sleep. 15661 properties: 15662 seconds: 15663 description: Seconds is the number of seconds to sleep. 15664 format: int64 15665 type: integer 15666 required: 15667 - seconds 15668 type: object 15669 tcpSocket: 15670 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 15671 properties: 15672 host: 15673 description: "Optional: Host name to connect to, defaults to the pod IP." 15674 type: string 15675 port: 15676 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15677 format: int-or-string 15678 x-kubernetes-int-or-string: true 15679 required: 15680 - port 15681 type: object 15682 type: object 15683 type: object 15684 livenessProbe: 15685 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15686 properties: 15687 exec: 15688 description: Exec specifies a command to execute in the container. 15689 properties: 15690 command: 15691 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 15692 items: 15693 type: string 15694 type: array 15695 type: object 15696 failureThreshold: 15697 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 15698 format: int32 15699 type: integer 15700 grpc: 15701 description: GRPC specifies a GRPC HealthCheckRequest. 15702 properties: 15703 port: 15704 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 15705 format: int32 15706 type: integer 15707 service: 15708 description: |- 15709 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 15710 15711 If this is not specified, the default behavior is defined by gRPC. 15712 type: string 15713 required: 15714 - port 15715 type: object 15716 httpGet: 15717 description: HTTPGet specifies an HTTP GET request to perform. 15718 properties: 15719 host: 15720 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 15721 type: string 15722 httpHeaders: 15723 description: Custom headers to set in the request. HTTP allows repeated headers. 15724 items: 15725 properties: 15726 name: 15727 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 15728 type: string 15729 value: 15730 description: The header field value 15731 type: string 15732 required: 15733 - name 15734 - value 15735 type: object 15736 type: array 15737 path: 15738 description: Path to access on the HTTP server. 15739 type: string 15740 port: 15741 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15742 format: int-or-string 15743 x-kubernetes-int-or-string: true 15744 scheme: 15745 description: |- 15746 Scheme to use for connecting to the host. Defaults to HTTP. 15747 15748 Possible enum values: 15749 - `"HTTP"` means that the scheme used will be http:// 15750 - `"HTTPS"` means that the scheme used will be https:// 15751 enum: 15752 - HTTP 15753 - HTTPS 15754 type: string 15755 required: 15756 - port 15757 type: object 15758 initialDelaySeconds: 15759 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15760 format: int32 15761 type: integer 15762 periodSeconds: 15763 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 15764 format: int32 15765 type: integer 15766 successThreshold: 15767 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 15768 format: int32 15769 type: integer 15770 tcpSocket: 15771 description: TCPSocket specifies a connection to a TCP port. 15772 properties: 15773 host: 15774 description: "Optional: Host name to connect to, defaults to the pod IP." 15775 type: string 15776 port: 15777 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15778 format: int-or-string 15779 x-kubernetes-int-or-string: true 15780 required: 15781 - port 15782 type: object 15783 terminationGracePeriodSeconds: 15784 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 15785 format: int64 15786 type: integer 15787 timeoutSeconds: 15788 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15789 format: int32 15790 type: integer 15791 type: object 15792 name: 15793 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 15794 type: string 15795 ports: 15796 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 15797 items: 15798 properties: 15799 containerPort: 15800 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 15801 format: int32 15802 type: integer 15803 hostIP: 15804 description: What host IP to bind the external port to. 15805 type: string 15806 hostPort: 15807 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 15808 format: int32 15809 type: integer 15810 name: 15811 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 15812 type: string 15813 protocol: 15814 description: |- 15815 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 15816 15817 Possible enum values: 15818 - `"SCTP"` is the SCTP protocol. 15819 - `"TCP"` is the TCP protocol. 15820 - `"UDP"` is the UDP protocol. 15821 enum: 15822 - SCTP 15823 - TCP 15824 - UDP 15825 type: string 15826 required: 15827 - containerPort 15828 type: object 15829 type: array 15830 readinessProbe: 15831 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15832 properties: 15833 exec: 15834 description: Exec specifies a command to execute in the container. 15835 properties: 15836 command: 15837 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 15838 items: 15839 type: string 15840 type: array 15841 type: object 15842 failureThreshold: 15843 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 15844 format: int32 15845 type: integer 15846 grpc: 15847 description: GRPC specifies a GRPC HealthCheckRequest. 15848 properties: 15849 port: 15850 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 15851 format: int32 15852 type: integer 15853 service: 15854 description: |- 15855 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 15856 15857 If this is not specified, the default behavior is defined by gRPC. 15858 type: string 15859 required: 15860 - port 15861 type: object 15862 httpGet: 15863 description: HTTPGet specifies an HTTP GET request to perform. 15864 properties: 15865 host: 15866 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 15867 type: string 15868 httpHeaders: 15869 description: Custom headers to set in the request. HTTP allows repeated headers. 15870 items: 15871 properties: 15872 name: 15873 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 15874 type: string 15875 value: 15876 description: The header field value 15877 type: string 15878 required: 15879 - name 15880 - value 15881 type: object 15882 type: array 15883 path: 15884 description: Path to access on the HTTP server. 15885 type: string 15886 port: 15887 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15888 format: int-or-string 15889 x-kubernetes-int-or-string: true 15890 scheme: 15891 description: |- 15892 Scheme to use for connecting to the host. Defaults to HTTP. 15893 15894 Possible enum values: 15895 - `"HTTP"` means that the scheme used will be http:// 15896 - `"HTTPS"` means that the scheme used will be https:// 15897 enum: 15898 - HTTP 15899 - HTTPS 15900 type: string 15901 required: 15902 - port 15903 type: object 15904 initialDelaySeconds: 15905 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15906 format: int32 15907 type: integer 15908 periodSeconds: 15909 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 15910 format: int32 15911 type: integer 15912 successThreshold: 15913 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 15914 format: int32 15915 type: integer 15916 tcpSocket: 15917 description: TCPSocket specifies a connection to a TCP port. 15918 properties: 15919 host: 15920 description: "Optional: Host name to connect to, defaults to the pod IP." 15921 type: string 15922 port: 15923 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15924 format: int-or-string 15925 x-kubernetes-int-or-string: true 15926 required: 15927 - port 15928 type: object 15929 terminationGracePeriodSeconds: 15930 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 15931 format: int64 15932 type: integer 15933 timeoutSeconds: 15934 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15935 format: int32 15936 type: integer 15937 type: object 15938 resizePolicy: 15939 description: Resources resize policy for the container. 15940 items: 15941 properties: 15942 resourceName: 15943 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 15944 type: string 15945 restartPolicy: 15946 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 15947 type: string 15948 required: 15949 - resourceName 15950 - restartPolicy 15951 type: object 15952 type: array 15953 resources: 15954 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 15955 properties: 15956 claims: 15957 description: |- 15958 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 15959 15960 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 15961 15962 This field is immutable. It can only be set for containers. 15963 items: 15964 properties: 15965 name: 15966 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 15967 type: string 15968 request: 15969 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 15970 type: string 15971 required: 15972 - name 15973 type: object 15974 type: array 15975 limits: 15976 additionalProperties: 15977 type: string 15978 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 15979 type: object 15980 requests: 15981 additionalProperties: 15982 type: string 15983 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 15984 type: object 15985 type: object 15986 restartPolicy: 15987 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 15988 type: string 15989 securityContext: 15990 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 15991 properties: 15992 allowPrivilegeEscalation: 15993 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 15994 type: boolean 15995 appArmorProfile: 15996 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 15997 properties: 15998 localhostProfile: 15999 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 16000 type: string 16001 type: 16002 description: |- 16003 type indicates which kind of AppArmor profile will be applied. Valid options are: 16004 Localhost - a profile pre-loaded on the node. 16005 RuntimeDefault - the container runtime's default profile. 16006 Unconfined - no AppArmor enforcement. 16007 16008 Possible enum values: 16009 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 16010 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 16011 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 16012 enum: 16013 - Localhost 16014 - RuntimeDefault 16015 - Unconfined 16016 type: string 16017 required: 16018 - type 16019 type: object 16020 capabilities: 16021 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 16022 properties: 16023 add: 16024 description: Added capabilities 16025 items: 16026 type: string 16027 type: array 16028 drop: 16029 description: Removed capabilities 16030 items: 16031 type: string 16032 type: array 16033 type: object 16034 privileged: 16035 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 16036 type: boolean 16037 procMount: 16038 description: |- 16039 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 16040 16041 Possible enum values: 16042 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 16043 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 16044 enum: 16045 - Default 16046 - Unmasked 16047 type: string 16048 readOnlyRootFilesystem: 16049 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 16050 type: boolean 16051 runAsGroup: 16052 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 16053 format: int64 16054 type: integer 16055 runAsNonRoot: 16056 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 16057 type: boolean 16058 runAsUser: 16059 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 16060 format: int64 16061 type: integer 16062 seLinuxOptions: 16063 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 16064 properties: 16065 level: 16066 description: Level is SELinux level label that applies to the container. 16067 type: string 16068 role: 16069 description: Role is a SELinux role label that applies to the container. 16070 type: string 16071 type: 16072 description: Type is a SELinux type label that applies to the container. 16073 type: string 16074 user: 16075 description: User is a SELinux user label that applies to the container. 16076 type: string 16077 type: object 16078 seccompProfile: 16079 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 16080 properties: 16081 localhostProfile: 16082 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 16083 type: string 16084 type: 16085 description: |- 16086 type indicates which kind of seccomp profile will be applied. Valid options are: 16087 16088 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 16089 16090 Possible enum values: 16091 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 16092 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 16093 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 16094 enum: 16095 - Localhost 16096 - RuntimeDefault 16097 - Unconfined 16098 type: string 16099 required: 16100 - type 16101 type: object 16102 windowsOptions: 16103 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 16104 properties: 16105 gmsaCredentialSpec: 16106 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 16107 type: string 16108 gmsaCredentialSpecName: 16109 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 16110 type: string 16111 hostProcess: 16112 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 16113 type: boolean 16114 runAsUserName: 16115 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 16116 type: string 16117 type: object 16118 type: object 16119 startupProbe: 16120 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 16121 properties: 16122 exec: 16123 description: Exec specifies a command to execute in the container. 16124 properties: 16125 command: 16126 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 16127 items: 16128 type: string 16129 type: array 16130 type: object 16131 failureThreshold: 16132 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 16133 format: int32 16134 type: integer 16135 grpc: 16136 description: GRPC specifies a GRPC HealthCheckRequest. 16137 properties: 16138 port: 16139 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 16140 format: int32 16141 type: integer 16142 service: 16143 description: |- 16144 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 16145 16146 If this is not specified, the default behavior is defined by gRPC. 16147 type: string 16148 required: 16149 - port 16150 type: object 16151 httpGet: 16152 description: HTTPGet specifies an HTTP GET request to perform. 16153 properties: 16154 host: 16155 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 16156 type: string 16157 httpHeaders: 16158 description: Custom headers to set in the request. HTTP allows repeated headers. 16159 items: 16160 properties: 16161 name: 16162 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 16163 type: string 16164 value: 16165 description: The header field value 16166 type: string 16167 required: 16168 - name 16169 - value 16170 type: object 16171 type: array 16172 path: 16173 description: Path to access on the HTTP server. 16174 type: string 16175 port: 16176 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16177 format: int-or-string 16178 x-kubernetes-int-or-string: true 16179 scheme: 16180 description: |- 16181 Scheme to use for connecting to the host. Defaults to HTTP. 16182 16183 Possible enum values: 16184 - `"HTTP"` means that the scheme used will be http:// 16185 - `"HTTPS"` means that the scheme used will be https:// 16186 enum: 16187 - HTTP 16188 - HTTPS 16189 type: string 16190 required: 16191 - port 16192 type: object 16193 initialDelaySeconds: 16194 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 16195 format: int32 16196 type: integer 16197 periodSeconds: 16198 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 16199 format: int32 16200 type: integer 16201 successThreshold: 16202 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 16203 format: int32 16204 type: integer 16205 tcpSocket: 16206 description: TCPSocket specifies a connection to a TCP port. 16207 properties: 16208 host: 16209 description: "Optional: Host name to connect to, defaults to the pod IP." 16210 type: string 16211 port: 16212 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16213 format: int-or-string 16214 x-kubernetes-int-or-string: true 16215 required: 16216 - port 16217 type: object 16218 terminationGracePeriodSeconds: 16219 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 16220 format: int64 16221 type: integer 16222 timeoutSeconds: 16223 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 16224 format: int32 16225 type: integer 16226 type: object 16227 stdin: 16228 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 16229 type: boolean 16230 stdinOnce: 16231 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 16232 type: boolean 16233 terminationMessagePath: 16234 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 16235 type: string 16236 terminationMessagePolicy: 16237 description: |- 16238 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 16239 16240 Possible enum values: 16241 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 16242 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 16243 enum: 16244 - FallbackToLogsOnError 16245 - File 16246 type: string 16247 tty: 16248 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 16249 type: boolean 16250 volumeDevices: 16251 description: volumeDevices is the list of block devices to be used by the container. 16252 items: 16253 properties: 16254 devicePath: 16255 description: devicePath is the path inside of the container that the device will be mapped to. 16256 type: string 16257 name: 16258 description: name must match the name of a persistentVolumeClaim in the pod 16259 type: string 16260 required: 16261 - name 16262 - devicePath 16263 type: object 16264 type: array 16265 volumeMounts: 16266 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 16267 items: 16268 properties: 16269 mountPath: 16270 description: Path within the container at which the volume should be mounted. Must not contain ':'. 16271 type: string 16272 mountPropagation: 16273 description: |- 16274 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 16275 16276 Possible enum values: 16277 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 16278 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 16279 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 16280 enum: 16281 - Bidirectional 16282 - HostToContainer 16283 - None 16284 type: string 16285 name: 16286 description: This must match the Name of a Volume. 16287 type: string 16288 readOnly: 16289 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 16290 type: boolean 16291 recursiveReadOnly: 16292 description: |- 16293 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 16294 16295 If ReadOnly is false, this field has no meaning and must be unspecified. 16296 16297 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 16298 16299 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 16300 16301 If this field is not specified, it is treated as an equivalent of Disabled. 16302 type: string 16303 subPath: 16304 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 16305 type: string 16306 subPathExpr: 16307 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 16308 type: string 16309 required: 16310 - name 16311 - mountPath 16312 type: object 16313 type: array 16314 workingDir: 16315 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 16316 type: string 16317 required: 16318 - name 16319 type: object 16320 type: array 16321 nodeName: 16322 description: NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename 16323 type: string 16324 nodeSelector: 16325 additionalProperties: 16326 type: string 16327 description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" 16328 type: object 16329 x-kubernetes-map-type: atomic 16330 os: 16331 description: |- 16332 Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. 16333 16334 If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions 16335 16336 If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup 16337 properties: 16338 name: 16339 description: "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null" 16340 type: string 16341 required: 16342 - name 16343 type: object 16344 overhead: 16345 additionalProperties: 16346 type: string 16347 description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" 16348 type: object 16349 preemptionPolicy: 16350 description: |- 16351 PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. 16352 16353 Possible enum values: 16354 - `"Never"` means that pod never preempts other pods with lower priority. 16355 - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority. 16356 enum: 16357 - Never 16358 - PreemptLowerPriority 16359 type: string 16360 priority: 16361 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. 16362 format: int32 16363 type: integer 16364 priorityClassName: 16365 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. 16366 type: string 16367 readinessGates: 16368 description: "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" 16369 items: 16370 properties: 16371 conditionType: 16372 description: ConditionType refers to a condition in the pod's condition list with matching type. 16373 type: string 16374 required: 16375 - conditionType 16376 type: object 16377 type: array 16378 resourceClaims: 16379 description: |- 16380 ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. 16381 16382 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 16383 16384 This field is immutable. 16385 items: 16386 properties: 16387 name: 16388 description: Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. 16389 type: string 16390 resourceClaimName: 16391 description: |- 16392 ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. 16393 16394 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 16395 type: string 16396 resourceClaimTemplateName: 16397 description: |- 16398 ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. 16399 16400 The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 16401 16402 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. 16403 16404 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 16405 type: string 16406 required: 16407 - name 16408 type: object 16409 type: array 16410 resources: 16411 description: |- 16412 Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for "cpu" and "memory" resource names only. ResourceClaims are not supported. 16413 16414 This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. 16415 16416 This is an alpha field and requires enabling the PodLevelResources feature gate. 16417 properties: 16418 claims: 16419 description: |- 16420 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 16421 16422 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 16423 16424 This field is immutable. It can only be set for containers. 16425 items: 16426 properties: 16427 name: 16428 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 16429 type: string 16430 request: 16431 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 16432 type: string 16433 required: 16434 - name 16435 type: object 16436 type: array 16437 limits: 16438 additionalProperties: 16439 type: string 16440 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 16441 type: object 16442 requests: 16443 additionalProperties: 16444 type: string 16445 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 16446 type: object 16447 type: object 16448 restartPolicy: 16449 description: |- 16450 Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 16451 16452 Possible enum values: 16453 - `"Always"` 16454 - `"Never"` 16455 - `"OnFailure"` 16456 enum: 16457 - Always 16458 - Never 16459 - OnFailure 16460 type: string 16461 runtimeClassName: 16462 description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" 16463 type: string 16464 schedulerName: 16465 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. 16466 type: string 16467 schedulingGates: 16468 description: |- 16469 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. 16470 16471 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 16472 items: 16473 properties: 16474 name: 16475 description: Name of the scheduling gate. Each scheduling gate must have a unique name field. 16476 type: string 16477 required: 16478 - name 16479 type: object 16480 type: array 16481 securityContext: 16482 description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." 16483 properties: 16484 appArmorProfile: 16485 description: appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 16486 properties: 16487 localhostProfile: 16488 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 16489 type: string 16490 type: 16491 description: |- 16492 type indicates which kind of AppArmor profile will be applied. Valid options are: 16493 Localhost - a profile pre-loaded on the node. 16494 RuntimeDefault - the container runtime's default profile. 16495 Unconfined - no AppArmor enforcement. 16496 16497 Possible enum values: 16498 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 16499 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 16500 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 16501 enum: 16502 - Localhost 16503 - RuntimeDefault 16504 - Unconfined 16505 type: string 16506 required: 16507 - type 16508 type: object 16509 fsGroup: 16510 description: |- 16511 A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 16512 16513 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- 16514 16515 If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. 16516 format: int64 16517 type: integer 16518 fsGroupChangePolicy: 16519 description: |- 16520 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. 16521 16522 Possible enum values: 16523 - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior. 16524 - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume. 16525 enum: 16526 - Always 16527 - OnRootMismatch 16528 type: string 16529 runAsGroup: 16530 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 16531 format: int64 16532 type: integer 16533 runAsNonRoot: 16534 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 16535 type: boolean 16536 runAsUser: 16537 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 16538 format: int64 16539 type: integer 16540 seLinuxChangePolicy: 16541 description: |- 16542 seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". 16543 16544 "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. 16545 16546 "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. 16547 16548 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. 16549 16550 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. 16551 16552 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows. 16553 type: string 16554 seLinuxOptions: 16555 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 16556 properties: 16557 level: 16558 description: Level is SELinux level label that applies to the container. 16559 type: string 16560 role: 16561 description: Role is a SELinux role label that applies to the container. 16562 type: string 16563 type: 16564 description: Type is a SELinux type label that applies to the container. 16565 type: string 16566 user: 16567 description: User is a SELinux user label that applies to the container. 16568 type: string 16569 type: object 16570 seccompProfile: 16571 description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 16572 properties: 16573 localhostProfile: 16574 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 16575 type: string 16576 type: 16577 description: |- 16578 type indicates which kind of seccomp profile will be applied. Valid options are: 16579 16580 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 16581 16582 Possible enum values: 16583 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 16584 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 16585 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 16586 enum: 16587 - Localhost 16588 - RuntimeDefault 16589 - Unconfined 16590 type: string 16591 required: 16592 - type 16593 type: object 16594 supplementalGroups: 16595 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. 16596 items: 16597 format: int64 16598 type: integer 16599 type: array 16600 supplementalGroupsPolicy: 16601 description: |- 16602 Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows. 16603 16604 Possible enum values: 16605 - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group). 16606 - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image. 16607 enum: 16608 - Merge 16609 - Strict 16610 type: string 16611 sysctls: 16612 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. 16613 items: 16614 properties: 16615 name: 16616 description: Name of a property to set 16617 type: string 16618 value: 16619 description: Value of a property to set 16620 type: string 16621 required: 16622 - name 16623 - value 16624 type: object 16625 type: array 16626 windowsOptions: 16627 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 16628 properties: 16629 gmsaCredentialSpec: 16630 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 16631 type: string 16632 gmsaCredentialSpecName: 16633 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 16634 type: string 16635 hostProcess: 16636 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 16637 type: boolean 16638 runAsUserName: 16639 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 16640 type: string 16641 type: object 16642 type: object 16643 serviceAccount: 16644 description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead." 16645 type: string 16646 serviceAccountName: 16647 description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" 16648 type: string 16649 setHostnameAsFQDN: 16650 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. 16651 type: boolean 16652 shareProcessNamespace: 16653 description: "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false." 16654 type: boolean 16655 subdomain: 16656 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all. 16657 type: string 16658 terminationGracePeriodSeconds: 16659 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. 16660 format: int64 16661 type: integer 16662 tolerations: 16663 description: If specified, the pod's tolerations. 16664 items: 16665 properties: 16666 effect: 16667 description: |- 16668 Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 16669 16670 Possible enum values: 16671 - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController. 16672 - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler. 16673 - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler. 16674 enum: 16675 - NoExecute 16676 - NoSchedule 16677 - PreferNoSchedule 16678 type: string 16679 key: 16680 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 16681 type: string 16682 operator: 16683 description: |- 16684 Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 16685 16686 Possible enum values: 16687 - `"Equal"` 16688 - `"Exists"` 16689 enum: 16690 - Equal 16691 - Exists 16692 type: string 16693 tolerationSeconds: 16694 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 16695 format: int64 16696 type: integer 16697 value: 16698 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 16699 type: string 16700 type: object 16701 type: array 16702 topologySpreadConstraints: 16703 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. 16704 items: 16705 properties: 16706 labelSelector: 16707 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 16708 properties: 16709 matchExpressions: 16710 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 16711 items: 16712 properties: 16713 key: 16714 description: key is the label key that the selector applies to. 16715 type: string 16716 operator: 16717 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 16718 type: string 16719 values: 16720 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 16721 items: 16722 type: string 16723 type: array 16724 required: 16725 - key 16726 - operator 16727 type: object 16728 type: array 16729 matchLabels: 16730 additionalProperties: 16731 type: string 16732 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 16733 type: object 16734 type: object 16735 x-kubernetes-map-type: atomic 16736 matchLabelKeys: 16737 description: |- 16738 MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 16739 16740 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 16741 items: 16742 type: string 16743 type: array 16744 maxSkew: 16745 description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." 16746 format: int32 16747 type: integer 16748 minDomains: 16749 description: |- 16750 MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 16751 16752 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. 16753 format: int32 16754 type: integer 16755 nodeAffinityPolicy: 16756 description: |- 16757 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 16758 16759 If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 16760 16761 Possible enum values: 16762 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 16763 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 16764 enum: 16765 - Honor 16766 - Ignore 16767 type: string 16768 nodeTaintsPolicy: 16769 description: |- 16770 NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 16771 16772 If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 16773 16774 Possible enum values: 16775 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 16776 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 16777 enum: 16778 - Honor 16779 - Ignore 16780 type: string 16781 topologyKey: 16782 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. 16783 type: string 16784 whenUnsatisfiable: 16785 description: |- 16786 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, 16787 but giving higher precedence to topologies that would help reduce the 16788 skew. 16789 A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. 16790 16791 Possible enum values: 16792 - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied. 16793 - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied. 16794 enum: 16795 - DoNotSchedule 16796 - ScheduleAnyway 16797 type: string 16798 required: 16799 - maxSkew 16800 - topologyKey 16801 - whenUnsatisfiable 16802 type: object 16803 type: array 16804 volumes: 16805 description: "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" 16806 items: 16807 properties: 16808 awsElasticBlockStore: 16809 description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 16810 properties: 16811 fsType: 16812 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 16813 type: string 16814 partition: 16815 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." 16816 format: int32 16817 type: integer 16818 readOnly: 16819 description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 16820 type: boolean 16821 volumeID: 16822 description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 16823 type: string 16824 required: 16825 - volumeID 16826 type: object 16827 azureDisk: 16828 description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver." 16829 properties: 16830 cachingMode: 16831 description: |- 16832 cachingMode is the Host Caching mode: None, Read Only, Read Write. 16833 16834 Possible enum values: 16835 - `"None"` 16836 - `"ReadOnly"` 16837 - `"ReadWrite"` 16838 enum: 16839 - None 16840 - ReadOnly 16841 - ReadWrite 16842 type: string 16843 diskName: 16844 description: diskName is the Name of the data disk in the blob storage 16845 type: string 16846 diskURI: 16847 description: diskURI is the URI of data disk in the blob storage 16848 type: string 16849 fsType: 16850 description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 16851 type: string 16852 kind: 16853 description: |- 16854 kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared 16855 16856 Possible enum values: 16857 - `"Dedicated"` 16858 - `"Managed"` 16859 - `"Shared"` 16860 enum: 16861 - Dedicated 16862 - Managed 16863 - Shared 16864 type: string 16865 readOnly: 16866 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 16867 type: boolean 16868 required: 16869 - diskName 16870 - diskURI 16871 type: object 16872 azureFile: 16873 description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver." 16874 properties: 16875 readOnly: 16876 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 16877 type: boolean 16878 secretName: 16879 description: secretName is the name of secret that contains Azure Storage Account Name and Key 16880 type: string 16881 shareName: 16882 description: shareName is the azure share Name 16883 type: string 16884 required: 16885 - secretName 16886 - shareName 16887 type: object 16888 cephfs: 16889 description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported." 16890 properties: 16891 monitors: 16892 description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 16893 items: 16894 type: string 16895 type: array 16896 path: 16897 description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" 16898 type: string 16899 readOnly: 16900 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 16901 type: boolean 16902 secretFile: 16903 description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 16904 type: string 16905 secretRef: 16906 description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 16907 properties: 16908 name: 16909 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 16910 type: string 16911 type: object 16912 x-kubernetes-map-type: atomic 16913 user: 16914 description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 16915 type: string 16916 required: 16917 - monitors 16918 type: object 16919 cinder: 16920 description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 16921 properties: 16922 fsType: 16923 description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 16924 type: string 16925 readOnly: 16926 description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 16927 type: boolean 16928 secretRef: 16929 description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." 16930 properties: 16931 name: 16932 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 16933 type: string 16934 type: object 16935 x-kubernetes-map-type: atomic 16936 volumeID: 16937 description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 16938 type: string 16939 required: 16940 - volumeID 16941 type: object 16942 configMap: 16943 description: configMap represents a configMap that should populate this volume 16944 properties: 16945 defaultMode: 16946 description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 16947 format: int32 16948 type: integer 16949 items: 16950 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 16951 items: 16952 properties: 16953 key: 16954 description: key is the key to project. 16955 type: string 16956 mode: 16957 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 16958 format: int32 16959 type: integer 16960 path: 16961 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 16962 type: string 16963 required: 16964 - key 16965 - path 16966 type: object 16967 type: array 16968 name: 16969 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 16970 type: string 16971 optional: 16972 description: optional specify whether the ConfigMap or its keys must be defined 16973 type: boolean 16974 type: object 16975 csi: 16976 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. 16977 properties: 16978 driver: 16979 description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 16980 type: string 16981 fsType: 16982 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 16983 type: string 16984 nodePublishSecretRef: 16985 description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 16986 properties: 16987 name: 16988 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 16989 type: string 16990 type: object 16991 x-kubernetes-map-type: atomic 16992 readOnly: 16993 description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). 16994 type: boolean 16995 volumeAttributes: 16996 additionalProperties: 16997 type: string 16998 description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 16999 type: object 17000 required: 17001 - driver 17002 type: object 17003 downwardAPI: 17004 description: downwardAPI represents downward API about the pod that should populate this volume 17005 properties: 17006 defaultMode: 17007 description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 17008 format: int32 17009 type: integer 17010 items: 17011 description: Items is a list of downward API volume file 17012 items: 17013 properties: 17014 fieldRef: 17015 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 17016 properties: 17017 apiVersion: 17018 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 17019 type: string 17020 fieldPath: 17021 description: Path of the field to select in the specified API version. 17022 type: string 17023 required: 17024 - fieldPath 17025 type: object 17026 x-kubernetes-map-type: atomic 17027 mode: 17028 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 17029 format: int32 17030 type: integer 17031 path: 17032 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 17033 type: string 17034 resourceFieldRef: 17035 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 17036 properties: 17037 containerName: 17038 description: "Container name: required for volumes, optional for env vars" 17039 type: string 17040 divisor: 17041 description: Specifies the output format of the exposed resources, defaults to "1" 17042 type: string 17043 resource: 17044 description: "Required: resource to select" 17045 type: string 17046 required: 17047 - resource 17048 type: object 17049 x-kubernetes-map-type: atomic 17050 required: 17051 - path 17052 type: object 17053 type: array 17054 type: object 17055 emptyDir: 17056 description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 17057 properties: 17058 medium: 17059 description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 17060 type: string 17061 sizeLimit: 17062 description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 17063 type: string 17064 type: object 17065 ephemeral: 17066 description: |- 17067 ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. 17068 17069 Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity 17070 tracking are needed, 17071 c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through 17072 a PersistentVolumeClaim (see EphemeralVolumeSource for more 17073 information on the connection between this volume type 17074 and PersistentVolumeClaim). 17075 17076 Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. 17077 17078 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. 17079 17080 A pod can use both types of ephemeral volumes and persistent volumes at the same time. 17081 properties: 17082 volumeClaimTemplate: 17083 description: |- 17084 Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). 17085 17086 An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. 17087 17088 This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. 17089 17090 Required, must not be nil. 17091 properties: 17092 metadata: 17093 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 17094 properties: 17095 annotations: 17096 additionalProperties: 17097 type: string 17098 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 17099 type: object 17100 creationTimestamp: 17101 description: |- 17102 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 17103 17104 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 17105 format: date-time 17106 nullable: true 17107 type: string 17108 deletionGracePeriodSeconds: 17109 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 17110 format: int64 17111 type: integer 17112 deletionTimestamp: 17113 description: |- 17114 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 17115 17116 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 17117 format: date-time 17118 type: string 17119 finalizers: 17120 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 17121 items: 17122 type: string 17123 type: array 17124 generateName: 17125 description: |- 17126 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 17127 17128 If this field is specified and the generated name exists, the server will return a 409. 17129 17130 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 17131 type: string 17132 generation: 17133 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 17134 format: int64 17135 type: integer 17136 labels: 17137 additionalProperties: 17138 type: string 17139 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 17140 type: object 17141 managedFields: 17142 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 17143 items: 17144 properties: 17145 apiVersion: 17146 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 17147 type: string 17148 fieldsType: 17149 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 17150 type: string 17151 fieldsV1: 17152 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 17153 type: object 17154 manager: 17155 description: Manager is an identifier of the workflow managing these fields. 17156 type: string 17157 operation: 17158 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 17159 type: string 17160 subresource: 17161 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 17162 type: string 17163 time: 17164 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 17165 format: date-time 17166 type: string 17167 type: object 17168 type: array 17169 name: 17170 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 17171 type: string 17172 namespace: 17173 description: |- 17174 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 17175 17176 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 17177 type: string 17178 ownerReferences: 17179 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 17180 items: 17181 properties: 17182 apiVersion: 17183 description: API version of the referent. 17184 type: string 17185 blockOwnerDeletion: 17186 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 17187 type: boolean 17188 controller: 17189 description: If true, this reference points to the managing controller. 17190 type: boolean 17191 kind: 17192 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 17193 type: string 17194 name: 17195 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 17196 type: string 17197 uid: 17198 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 17199 type: string 17200 required: 17201 - apiVersion 17202 - kind 17203 - name 17204 - uid 17205 type: object 17206 x-kubernetes-map-type: atomic 17207 type: array 17208 resourceVersion: 17209 description: |- 17210 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 17211 17212 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 17213 type: string 17214 selfLink: 17215 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 17216 type: string 17217 uid: 17218 description: |- 17219 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 17220 17221 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 17222 type: string 17223 type: object 17224 spec: 17225 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 17226 properties: 17227 accessModes: 17228 description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" 17229 items: 17230 enum: 17231 - ReadOnlyMany 17232 - ReadWriteMany 17233 - ReadWriteOnce 17234 - ReadWriteOncePod 17235 type: string 17236 type: array 17237 dataSource: 17238 description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." 17239 properties: 17240 apiGroup: 17241 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 17242 type: string 17243 kind: 17244 description: Kind is the type of resource being referenced 17245 type: string 17246 name: 17247 description: Name is the name of resource being referenced 17248 type: string 17249 required: 17250 - kind 17251 - name 17252 type: object 17253 x-kubernetes-map-type: atomic 17254 dataSourceRef: 17255 description: |- 17256 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef 17257 allows any non-core object, as well as PersistentVolumeClaim objects. 17258 * While dataSource ignores disallowed values (dropping them), dataSourceRef 17259 preserves all values, and generates an error if a disallowed value is 17260 specified. 17261 * While dataSource only allows local objects, dataSourceRef allows objects 17262 in any namespaces. 17263 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 17264 properties: 17265 apiGroup: 17266 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 17267 type: string 17268 kind: 17269 description: Kind is the type of resource being referenced 17270 type: string 17271 name: 17272 description: Name is the name of resource being referenced 17273 type: string 17274 namespace: 17275 description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 17276 type: string 17277 required: 17278 - kind 17279 - name 17280 type: object 17281 resources: 17282 description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" 17283 properties: 17284 limits: 17285 additionalProperties: 17286 type: string 17287 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 17288 type: object 17289 requests: 17290 additionalProperties: 17291 type: string 17292 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 17293 type: object 17294 type: object 17295 selector: 17296 description: selector is a label query over volumes to consider for binding. 17297 properties: 17298 matchExpressions: 17299 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 17300 items: 17301 properties: 17302 key: 17303 description: key is the label key that the selector applies to. 17304 type: string 17305 operator: 17306 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 17307 type: string 17308 values: 17309 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 17310 items: 17311 type: string 17312 type: array 17313 required: 17314 - key 17315 - operator 17316 type: object 17317 type: array 17318 matchLabels: 17319 additionalProperties: 17320 type: string 17321 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 17322 type: object 17323 type: object 17324 x-kubernetes-map-type: atomic 17325 storageClassName: 17326 description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" 17327 type: string 17328 volumeAttributesClassName: 17329 description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." 17330 type: string 17331 volumeMode: 17332 description: |- 17333 volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 17334 17335 Possible enum values: 17336 - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device. 17337 - `"Filesystem"` means the volume will be or is formatted with a filesystem. 17338 enum: 17339 - Block 17340 - Filesystem 17341 type: string 17342 volumeName: 17343 description: volumeName is the binding reference to the PersistentVolume backing this claim. 17344 type: string 17345 type: object 17346 required: 17347 - spec 17348 type: object 17349 type: object 17350 fc: 17351 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 17352 properties: 17353 fsType: 17354 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 17355 type: string 17356 lun: 17357 description: "lun is Optional: FC target lun number" 17358 format: int32 17359 type: integer 17360 readOnly: 17361 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 17362 type: boolean 17363 targetWWNs: 17364 description: "targetWWNs is Optional: FC target worldwide names (WWNs)" 17365 items: 17366 type: string 17367 type: array 17368 wwids: 17369 description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." 17370 items: 17371 type: string 17372 type: array 17373 type: object 17374 flexVolume: 17375 description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead." 17376 properties: 17377 driver: 17378 description: driver is the name of the driver to use for this volume. 17379 type: string 17380 fsType: 17381 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 17382 type: string 17383 options: 17384 additionalProperties: 17385 type: string 17386 description: "options is Optional: this field holds extra command options if any." 17387 type: object 17388 readOnly: 17389 description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 17390 type: boolean 17391 secretRef: 17392 description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." 17393 properties: 17394 name: 17395 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 17396 type: string 17397 type: object 17398 x-kubernetes-map-type: atomic 17399 required: 17400 - driver 17401 type: object 17402 flocker: 17403 description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported." 17404 properties: 17405 datasetName: 17406 description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 17407 type: string 17408 datasetUUID: 17409 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset 17410 type: string 17411 type: object 17412 gcePersistentDisk: 17413 description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 17414 properties: 17415 fsType: 17416 description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 17417 type: string 17418 partition: 17419 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 17420 format: int32 17421 type: integer 17422 pdName: 17423 description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 17424 type: string 17425 readOnly: 17426 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 17427 type: boolean 17428 required: 17429 - pdName 17430 type: object 17431 gitRepo: 17432 description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." 17433 properties: 17434 directory: 17435 description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 17436 type: string 17437 repository: 17438 description: repository is the URL 17439 type: string 17440 revision: 17441 description: revision is the commit hash for the specified revision. 17442 type: string 17443 required: 17444 - repository 17445 type: object 17446 glusterfs: 17447 description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md" 17448 properties: 17449 endpoints: 17450 description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 17451 type: string 17452 path: 17453 description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 17454 type: string 17455 readOnly: 17456 description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 17457 type: boolean 17458 required: 17459 - endpoints 17460 - path 17461 type: object 17462 hostPath: 17463 description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 17464 properties: 17465 path: 17466 description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 17467 type: string 17468 type: 17469 description: |- 17470 type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 17471 17472 Possible enum values: 17473 - `""` For backwards compatible, leave it empty if unset 17474 - `"BlockDevice"` A block device must exist at the given path 17475 - `"CharDevice"` A character device must exist at the given path 17476 - `"Directory"` A directory must exist at the given path 17477 - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet. 17478 - `"File"` A file must exist at the given path 17479 - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet. 17480 - `"Socket"` A UNIX socket must exist at the given path 17481 enum: 17482 - "" 17483 - BlockDevice 17484 - CharDevice 17485 - Directory 17486 - DirectoryOrCreate 17487 - File 17488 - FileOrCreate 17489 - Socket 17490 type: string 17491 required: 17492 - path 17493 type: object 17494 image: 17495 description: |- 17496 image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: 17497 17498 - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. 17499 17500 The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. 17501 properties: 17502 pullPolicy: 17503 description: |- 17504 Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 17505 17506 Possible enum values: 17507 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 17508 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 17509 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 17510 enum: 17511 - Always 17512 - IfNotPresent 17513 - Never 17514 type: string 17515 reference: 17516 description: "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 17517 type: string 17518 type: object 17519 iscsi: 17520 description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" 17521 properties: 17522 chapAuthDiscovery: 17523 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication 17524 type: boolean 17525 chapAuthSession: 17526 description: chapAuthSession defines whether support iSCSI Session CHAP authentication 17527 type: boolean 17528 fsType: 17529 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" 17530 type: string 17531 initiatorName: 17532 description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 17533 type: string 17534 iqn: 17535 description: iqn is the target iSCSI Qualified Name. 17536 type: string 17537 iscsiInterface: 17538 description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 17539 type: string 17540 lun: 17541 description: lun represents iSCSI Target Lun number. 17542 format: int32 17543 type: integer 17544 portals: 17545 description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 17546 items: 17547 type: string 17548 type: array 17549 readOnly: 17550 description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 17551 type: boolean 17552 secretRef: 17553 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication 17554 properties: 17555 name: 17556 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 17557 type: string 17558 type: object 17559 x-kubernetes-map-type: atomic 17560 targetPortal: 17561 description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 17562 type: string 17563 required: 17564 - targetPortal 17565 - iqn 17566 - lun 17567 type: object 17568 name: 17569 description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 17570 type: string 17571 nfs: 17572 description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 17573 properties: 17574 path: 17575 description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 17576 type: string 17577 readOnly: 17578 description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 17579 type: boolean 17580 server: 17581 description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 17582 type: string 17583 required: 17584 - server 17585 - path 17586 type: object 17587 persistentVolumeClaim: 17588 description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 17589 properties: 17590 claimName: 17591 description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 17592 type: string 17593 readOnly: 17594 description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. 17595 type: boolean 17596 required: 17597 - claimName 17598 type: object 17599 photonPersistentDisk: 17600 description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported." 17601 properties: 17602 fsType: 17603 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 17604 type: string 17605 pdID: 17606 description: pdID is the ID that identifies Photon Controller persistent disk 17607 type: string 17608 required: 17609 - pdID 17610 type: object 17611 portworxVolume: 17612 description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on." 17613 properties: 17614 fsType: 17615 description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 17616 type: string 17617 readOnly: 17618 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 17619 type: boolean 17620 volumeID: 17621 description: volumeID uniquely identifies a Portworx volume 17622 type: string 17623 required: 17624 - volumeID 17625 type: object 17626 projected: 17627 description: projected items for all in one resources secrets, configmaps, and downward API 17628 properties: 17629 defaultMode: 17630 description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 17631 format: int32 17632 type: integer 17633 sources: 17634 description: sources is the list of volume projections. Each entry in this list handles one source. 17635 items: 17636 properties: 17637 clusterTrustBundle: 17638 description: |- 17639 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. 17640 17641 Alpha, gated by the ClusterTrustBundleProjection feature gate. 17642 17643 ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. 17644 17645 Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. 17646 properties: 17647 labelSelector: 17648 description: Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". 17649 properties: 17650 matchExpressions: 17651 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 17652 items: 17653 properties: 17654 key: 17655 description: key is the label key that the selector applies to. 17656 type: string 17657 operator: 17658 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 17659 type: string 17660 values: 17661 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 17662 items: 17663 type: string 17664 type: array 17665 required: 17666 - key 17667 - operator 17668 type: object 17669 type: array 17670 matchLabels: 17671 additionalProperties: 17672 type: string 17673 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 17674 type: object 17675 type: object 17676 x-kubernetes-map-type: atomic 17677 name: 17678 description: Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. 17679 type: string 17680 optional: 17681 description: If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. 17682 type: boolean 17683 path: 17684 description: Relative path from the volume root to write the bundle. 17685 type: string 17686 signerName: 17687 description: Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. 17688 type: string 17689 required: 17690 - path 17691 type: object 17692 configMap: 17693 description: configMap information about the configMap data to project 17694 properties: 17695 items: 17696 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 17697 items: 17698 properties: 17699 key: 17700 description: key is the key to project. 17701 type: string 17702 mode: 17703 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 17704 format: int32 17705 type: integer 17706 path: 17707 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 17708 type: string 17709 required: 17710 - key 17711 - path 17712 type: object 17713 type: array 17714 name: 17715 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 17716 type: string 17717 optional: 17718 description: optional specify whether the ConfigMap or its keys must be defined 17719 type: boolean 17720 type: object 17721 downwardAPI: 17722 description: downwardAPI information about the downwardAPI data to project 17723 properties: 17724 items: 17725 description: Items is a list of DownwardAPIVolume file 17726 items: 17727 properties: 17728 fieldRef: 17729 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 17730 properties: 17731 apiVersion: 17732 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 17733 type: string 17734 fieldPath: 17735 description: Path of the field to select in the specified API version. 17736 type: string 17737 required: 17738 - fieldPath 17739 type: object 17740 x-kubernetes-map-type: atomic 17741 mode: 17742 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 17743 format: int32 17744 type: integer 17745 path: 17746 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 17747 type: string 17748 resourceFieldRef: 17749 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 17750 properties: 17751 containerName: 17752 description: "Container name: required for volumes, optional for env vars" 17753 type: string 17754 divisor: 17755 description: Specifies the output format of the exposed resources, defaults to "1" 17756 type: string 17757 resource: 17758 description: "Required: resource to select" 17759 type: string 17760 required: 17761 - resource 17762 type: object 17763 x-kubernetes-map-type: atomic 17764 required: 17765 - path 17766 type: object 17767 type: array 17768 type: object 17769 secret: 17770 description: secret information about the secret data to project 17771 properties: 17772 items: 17773 description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 17774 items: 17775 properties: 17776 key: 17777 description: key is the key to project. 17778 type: string 17779 mode: 17780 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 17781 format: int32 17782 type: integer 17783 path: 17784 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 17785 type: string 17786 required: 17787 - key 17788 - path 17789 type: object 17790 type: array 17791 name: 17792 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 17793 type: string 17794 optional: 17795 description: optional field specify whether the Secret or its key must be defined 17796 type: boolean 17797 type: object 17798 serviceAccountToken: 17799 description: serviceAccountToken is information about the serviceAccountToken data to project 17800 properties: 17801 audience: 17802 description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 17803 type: string 17804 expirationSeconds: 17805 description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 17806 format: int64 17807 type: integer 17808 path: 17809 description: path is the path relative to the mount point of the file to project the token into. 17810 type: string 17811 required: 17812 - path 17813 type: object 17814 type: object 17815 type: array 17816 type: object 17817 quobyte: 17818 description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported." 17819 properties: 17820 group: 17821 description: group to map volume access to Default is no group 17822 type: string 17823 readOnly: 17824 description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 17825 type: boolean 17826 registry: 17827 description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 17828 type: string 17829 tenant: 17830 description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 17831 type: string 17832 user: 17833 description: user to map volume access to Defaults to serivceaccount user 17834 type: string 17835 volume: 17836 description: volume is a string that references an already created Quobyte volume by name. 17837 type: string 17838 required: 17839 - registry 17840 - volume 17841 type: object 17842 rbd: 17843 description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md" 17844 properties: 17845 fsType: 17846 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" 17847 type: string 17848 image: 17849 description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 17850 type: string 17851 keyring: 17852 description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 17853 type: string 17854 monitors: 17855 description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 17856 items: 17857 type: string 17858 type: array 17859 pool: 17860 description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 17861 type: string 17862 readOnly: 17863 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 17864 type: boolean 17865 secretRef: 17866 description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 17867 properties: 17868 name: 17869 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 17870 type: string 17871 type: object 17872 x-kubernetes-map-type: atomic 17873 user: 17874 description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 17875 type: string 17876 required: 17877 - monitors 17878 - image 17879 type: object 17880 scaleIO: 17881 description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported." 17882 properties: 17883 fsType: 17884 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 17885 type: string 17886 gateway: 17887 description: gateway is the host address of the ScaleIO API Gateway. 17888 type: string 17889 protectionDomain: 17890 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. 17891 type: string 17892 readOnly: 17893 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 17894 type: boolean 17895 secretRef: 17896 description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 17897 properties: 17898 name: 17899 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 17900 type: string 17901 type: object 17902 x-kubernetes-map-type: atomic 17903 sslEnabled: 17904 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false 17905 type: boolean 17906 storageMode: 17907 description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 17908 type: string 17909 storagePool: 17910 description: storagePool is the ScaleIO Storage Pool associated with the protection domain. 17911 type: string 17912 system: 17913 description: system is the name of the storage system as configured in ScaleIO. 17914 type: string 17915 volumeName: 17916 description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. 17917 type: string 17918 required: 17919 - gateway 17920 - system 17921 - secretRef 17922 type: object 17923 secret: 17924 description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 17925 properties: 17926 defaultMode: 17927 description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 17928 format: int32 17929 type: integer 17930 items: 17931 description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 17932 items: 17933 properties: 17934 key: 17935 description: key is the key to project. 17936 type: string 17937 mode: 17938 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 17939 format: int32 17940 type: integer 17941 path: 17942 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 17943 type: string 17944 required: 17945 - key 17946 - path 17947 type: object 17948 type: array 17949 optional: 17950 description: optional field specify whether the Secret or its keys must be defined 17951 type: boolean 17952 secretName: 17953 description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 17954 type: string 17955 type: object 17956 storageos: 17957 description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported." 17958 properties: 17959 fsType: 17960 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 17961 type: string 17962 readOnly: 17963 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 17964 type: boolean 17965 secretRef: 17966 description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 17967 properties: 17968 name: 17969 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 17970 type: string 17971 type: object 17972 x-kubernetes-map-type: atomic 17973 volumeName: 17974 description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 17975 type: string 17976 volumeNamespace: 17977 description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 17978 type: string 17979 type: object 17980 vsphereVolume: 17981 description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver." 17982 properties: 17983 fsType: 17984 description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 17985 type: string 17986 storagePolicyID: 17987 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 17988 type: string 17989 storagePolicyName: 17990 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. 17991 type: string 17992 volumePath: 17993 description: volumePath is the path that identifies vSphere volume vmdk 17994 type: string 17995 required: 17996 - volumePath 17997 type: object 17998 required: 17999 - name 18000 type: object 18001 type: array 18002 required: 18003 - containers 18004 type: object 18005 type: object 18006 container: 18007 title: The container name running the gameserver 18008 description: if there is more than one container, specify which one is the game server 18009 type: string 18010 minLength: 0 18011 maxLength: 63 18012 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" 18013 ports: 18014 title: array of ports to expose on the game server container 18015 type: array 18016 nullable: true 18017 items: 18018 type: object 18019 properties: 18020 name: 18021 title: Name is the descriptive name of the port 18022 type: string 18023 range: 18024 title: the port range name from which to select a port when using a 'Dynamic' or 'Passthrough' port policy. Defaults to 'default'. 18025 type: string 18026 portPolicy: 18027 title: the port policy that will be applied to the game server 18028 description: | 18029 portPolicy has four options: 18030 - "Dynamic" (default) the system allocates a random free hostPort for the gameserver, for game clients to connect to 18031 - "Static", user defines the hostPort that the game client will connect to. Then onus is on the user to ensure that the 18032 port is available. When static is the policy specified, `hostPort` is required to be populated 18033 - "Passthrough" dynamically sets the `containerPort` to the same value as the dynamically selected hostPort. 18034 This will mean that users will need to lookup what port has been opened through the server side SDK. 18035 - "None" means the `hostPort` is ignored and if defined, the `containerPort` (optional) is used to set the port on the GameServer instance. 18036 type: string 18037 enum: 18038 - Dynamic 18039 - Static 18040 - Passthrough 18041 - None 18042 protocol: 18043 title: Protocol being used. Defaults to UDP. TCP and TCPUDP are other options. 18044 type: string 18045 enum: 18046 - UDP 18047 - TCP 18048 - TCPUDP 18049 container: 18050 title: | 18051 Container is the name of the container on which to open the port. Defaults to the game server container. 18052 type: string 18053 containerPort: 18054 title: The port that is being opened on the game server process 18055 type: integer 18056 minimum: 1 18057 maximum: 65535 18058 hostPort: 18059 title: The port exposed on the host 18060 description: Only required when `portPolicy` is "Static". Overwritten when portPolicy is "Dynamic" or "Passthrough". 18061 type: integer 18062 minimum: 1 18063 maximum: 65535 18064 sdkServer: 18065 type: object 18066 title: Parameters for the SDK Server (sidecar) 18067 properties: 18068 logLevel: 18069 type: string 18070 description: | 18071 sdkServer log level parameter has three options: 18072 - "Info" (default) The SDK server will output all messages except for debug messages 18073 - "Debug" The SDK server will output all messages including debug messages 18074 - "Error" The SDK server will only output error messages 18075 - "Trace" The SDK server will output all messages, including detailed tracing information 18076 enum: 18077 - Error 18078 - Info 18079 - Debug 18080 - Trace 18081 grpcPort: 18082 title: The port on which the SDK server binds the gRPC server to accept incoming connections 18083 description: | 18084 Starting with Agones 1.2 the default gRPC port is 9357. In earlier releases, the default was 59357. 18085 type: integer 18086 minimum: 1 18087 maximum: 65535 18088 httpPort: 18089 title: The port on which the SDK server binds the HTTP gRPC gateway server to accept incoming connections 18090 description: | 18091 Starting with Agones 1.2 the default HTTP port is 9358. In earlier releases, the default was 59358. 18092 type: integer 18093 minimum: 1 18094 maximum: 65535 18095 scheduling: 18096 type: string 18097 enum: 18098 - Packed 18099 - Distributed 18100 health: 18101 type: object 18102 title: Health checking for the running game server 18103 properties: 18104 disabled: 18105 title: Disable health checking. defaults to false, but can be set to true 18106 type: boolean 18107 initialDelaySeconds: 18108 title: Number of seconds after the container has started before health check is initiated. Defaults to 5 seconds 18109 type: integer 18110 minimum: 0 18111 maximum: 2147483648 18112 periodSeconds: 18113 title: How long before the server is considered not healthy 18114 type: integer 18115 minimum: 0 18116 maximum: 2147483648 18117 failureThreshold: 18118 title: Minimum consecutive failures for the health probe to be considered failed after having succeeded. 18119 type: integer 18120 minimum: 1 18121 maximum: 2147483648 18122 players: 18123 type: object 18124 title: Configuration of player capacity 18125 nullable: true 18126 properties: 18127 initialCapacity: 18128 type: integer 18129 title: The initial player capacity of this Game Server 18130 minimum: 0 18131 counters: 18132 type: object 18133 title: Map of player, room, session, etc. counters 18134 nullable: true 18135 maxProperties: 1000 18136 additionalProperties: 18137 type: object 18138 properties: 18139 count: 18140 title: Initial count value 18141 type: integer 18142 default: 0 18143 minimum: 0 18144 capacity: 18145 title: Max capacity of the counter 18146 type: integer 18147 default: 1000 18148 minimum: 0 18149 lists: 18150 type: object 18151 title: Map of player, room, session, etc. lists 18152 nullable: true 18153 maxProperties: 1000 18154 additionalProperties: 18155 type: object 18156 properties: 18157 capacity: 18158 type: integer 18159 title: Max capacity of the array (can be less than or equal to value of maxItems) 18160 minimum: 0 18161 default: 1000 18162 maximum: 1000 # must be equal to values.maxItems 18163 values: 18164 title: set of all the items in the list 18165 type: array 18166 x-kubernetes-list-type: set # Requires items in the array to be unique 18167 maxItems: 1000 # max possible size of the value array (cannot be updated) 18168 items: # name of the item (player1, session1, room1, etc.) 18169 type: string 18170 default: [] 18171 eviction: 18172 type: object 18173 title: Eviction tolerance of the game server 18174 properties: 18175 safe: 18176 type: string 18177 title: Game server supports termination via SIGTERM 18178 description: | 18179 - Never: The game server should run to completion. Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"` and label `agones.dev/safe-to-evict: "false"`, which matches a restrictive PodDisruptionBudget. 18180 - OnUpgrade: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"`, which blocks evictions by Cluster Autoscaler. Evictions from node upgrades proceed normally. 18181 - Always: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated, typically within 10m; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "true"`, which allows evictions by Cluster Autoscaler. 18182 enum: 18183 - Always 18184 - OnUpgrade 18185 - Never 18186 immutableReplicas: 18187 type: integer 18188 title: Immutable count of Pods to a GameServer. Always 1. (Implementation detail of implementing the Scale subresource.) 18189 default: 1 18190 minimum: 1 18191 maximum: 1 18192 status: 18193 description: 'GameServerSetStatus is the status of a GameServerSet. More info: 18194 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServerSet' 18195 type: object 18196 properties: 18197 replicas: 18198 type: integer 18199 minimum: 0 18200 readyReplicas: 18201 type: integer 18202 minimum: 0 18203 reservedReplicas: 18204 type: integer 18205 minimum: 0 18206 allocatedReplicas: 18207 type: integer 18208 minimum: 0 18209 shutdownReplicas: 18210 type: integer 18211 minimum: 0 18212 players: 18213 type: object 18214 nullable: true 18215 properties: 18216 count: 18217 type: integer 18218 minimum: 0 18219 capacity: 18220 type: integer 18221 minimum: 0 18222 counters: 18223 type: object 18224 title: Map of player, room, session, etc. counters 18225 nullable: true 18226 maxProperties: 1000 18227 additionalProperties: 18228 type: object 18229 properties: 18230 allocatedCount: # Aggregated count of the Counter across allocated GameServers in the GameServerSet 18231 type: integer 18232 minimum: 0 18233 allocatedCapacity: # Aggregated maximum capacity of the Counter across allocated GameServers in the GameServerSet 18234 type: integer 18235 minimum: 0 18236 count: # Aggregated count of the Counter across the GameServerSet 18237 type: integer 18238 default: 0 18239 minimum: 0 18240 capacity: # Aggregated maximum capacity of the Counter across the GameServerSet 18241 type: integer 18242 minimum: 0 18243 lists: 18244 type: object 18245 title: Map of player, room, session, etc. lists 18246 nullable: true 18247 maxProperties: 1000 18248 additionalProperties: 18249 type: object 18250 properties: 18251 allocatedCount: # Aggregated number of items in the List across allocated GameServers in the GameServerSet 18252 type: integer 18253 minimum: 0 18254 allocatedCapacity: # Aggregated maximum capacity of the List across allocated GameServers in the GameServerSet 18255 type: integer 18256 minimum: 0 18257 count: # Aggregated number of items in the List across the GameServerSet 18258 type: integer 18259 default: 0 18260 minimum: 0 18261 capacity: # Aggregated maximum capacity of the List across the GameServerSet 18262 type: integer 18263 minimum: 0 18264 subresources: 18265 # status enables the status subresource. 18266 status: { } 18267 # scale enables the scale subresource. 18268 scale: 18269 # specReplicasPath defines the jsonPath inside of a custom resource that corresponds to Scale.Spec.Replicas. 18270 specReplicasPath: .spec.replicas 18271 # statusReplicasPath defines the jsonPath inside of a custom resource that corresponds to Scale.Status.Replicas. 18272 statusReplicasPath: .status.replicas 18273 # labelSelectorPath defines the jsonPath inside of a custom resource that corresponds to Scale.Status.Selector. 18274 labelSelectorPath: .status.labelSelector 18275 --- 18276 # Source: agones/templates/service/allocation.yaml 18277 # Create a ClusterRole in that grants access to the agones allocation api 18278 apiVersion: rbac.authorization.k8s.io/v1 18279 kind: ClusterRole 18280 metadata: 18281 name: agones-allocator 18282 labels: 18283 app: agones 18284 chart: agones-1.53.0 18285 release: agones-manual 18286 heritage: Helm 18287 rules: 18288 - apiGroups: [""] 18289 resources: ["events"] 18290 verbs: ["create", "patch"] 18291 - apiGroups: ["allocation.agones.dev"] 18292 resources: ["gameserverallocations"] 18293 verbs: ["create"] 18294 - apiGroups: [""] 18295 resources: ["nodes", "secrets"] 18296 verbs: ["get", "list", "watch"] 18297 - apiGroups: ["agones.dev"] 18298 resources: ["gameservers", "gameserversets"] 18299 verbs: ["get", "list", "update", "watch"] 18300 - apiGroups: ["agones.dev"] 18301 resources: ["gameservers"] 18302 verbs: ["patch"] 18303 - apiGroups: ["multicluster.agones.dev"] 18304 resources: ["gameserverallocationpolicies"] 18305 verbs: ["get", "list", "watch"] 18306 --- 18307 # Source: agones/templates/serviceaccounts/controller.yaml 18308 apiVersion: rbac.authorization.k8s.io/v1 18309 kind: ClusterRole 18310 metadata: 18311 name: agones-controller 18312 labels: 18313 app: agones 18314 chart: agones-1.53.0 18315 release: agones-manual 18316 heritage: Helm 18317 rules: 18318 - apiGroups: [""] 18319 resources: ["events"] 18320 verbs: ["create", "patch"] 18321 - apiGroups: [""] 18322 resources: ["pods"] 18323 verbs: ["create", "update", "delete", "list", "watch"] 18324 - apiGroups: [""] 18325 resources: ["nodes", "secrets"] 18326 verbs: ["list", "watch"] 18327 - apiGroups: ["admissionregistration.k8s.io"] # only needed for cloudProduct detection 18328 resources: ["mutatingwebhookconfigurations"] 18329 verbs: ["get"] 18330 - apiGroups: ["apiextensions.k8s.io"] 18331 resources: ["customresourcedefinitions"] 18332 verbs: ["get"] 18333 - apiGroups: ["agones.dev"] 18334 resources: ["gameservers", "gameserversets"] 18335 verbs: ["create", "delete", "get", "list", "update", "watch"] 18336 - apiGroups: ["agones.dev"] 18337 resources: ["gameservers"] 18338 verbs: ["patch"] 18339 - apiGroups: ["agones.dev"] 18340 resources: ["fleets"] 18341 verbs: ["get", "list", "update", "watch"] 18342 - apiGroups: ["agones.dev"] 18343 resources: ["fleets/status", "gameserversets/status"] 18344 verbs: ["update"] 18345 - apiGroups: ["agones.dev"] 18346 resources: ["fleets/finalizers", "gameserversets/finalizers", "gameservers/finalizers"] 18347 verbs: ["update"] 18348 - apiGroups: ["multicluster.agones.dev"] 18349 resources: ["gameserverallocationpolicies"] 18350 verbs: ["create", "delete", "get", "list", "update", "watch"] 18351 - apiGroups: ["autoscaling.agones.dev"] 18352 resources: ["fleetautoscalers"] 18353 verbs: ["get", "list", "update", "watch"] 18354 - apiGroups: ["autoscaling.agones.dev"] 18355 resources: ["fleetautoscalers/status"] 18356 verbs: ["update"] 18357 - apiGroups: ["coordination.k8s.io"] 18358 resources: ["leases"] 18359 verbs: ["create", "delete", "get", "list", "update", "watch"] 18360 --- 18361 # Source: agones/templates/serviceaccounts/sdk.yaml 18362 apiVersion: rbac.authorization.k8s.io/v1 18363 kind: ClusterRole 18364 metadata: 18365 name: agones-sdk 18366 labels: 18367 app: agones 18368 chart: agones-1.53.0 18369 release: agones-manual 18370 heritage: Helm 18371 rules: 18372 - apiGroups: [""] 18373 resources: ["events"] 18374 verbs: ["create", "patch"] 18375 - apiGroups: ["agones.dev"] 18376 resources: ["gameservers"] 18377 verbs: ["list", "patch", "watch"] 18378 --- 18379 # Source: agones/templates/service/allocation.yaml 18380 # Bind the agones-allocator ServiceAccount to the agones-allocator ClusterRole 18381 apiVersion: rbac.authorization.k8s.io/v1 18382 kind: ClusterRoleBinding 18383 metadata: 18384 name: agones-allocator 18385 labels: 18386 app: agones 18387 chart: agones-1.53.0 18388 release: agones-manual 18389 heritage: Helm 18390 subjects: 18391 - kind: ServiceAccount 18392 name: agones-allocator 18393 namespace: agones-system 18394 roleRef: 18395 apiGroup: rbac.authorization.k8s.io 18396 kind: ClusterRole 18397 name: agones-allocator 18398 --- 18399 # Source: agones/templates/serviceaccounts/controller.yaml 18400 apiVersion: rbac.authorization.k8s.io/v1 18401 kind: ClusterRoleBinding 18402 metadata: 18403 name: agones-controller-access 18404 labels: 18405 app: agones 18406 chart: agones-1.53.0 18407 release: agones-manual 18408 heritage: Helm 18409 subjects: 18410 - kind: User 18411 name: system:serviceaccount:agones-system:agones-controller 18412 apiGroup: rbac.authorization.k8s.io 18413 roleRef: 18414 apiGroup: rbac.authorization.k8s.io 18415 kind: ClusterRole 18416 name: agones-controller 18417 --- 18418 # Source: agones/templates/serviceaccounts/controller.yaml 18419 # 18420 # RBACs for APIService 18421 # 18422 apiVersion: rbac.authorization.k8s.io/v1 18423 kind: ClusterRoleBinding 18424 metadata: 18425 name: agones-controller:system:auth-delegator 18426 roleRef: 18427 apiGroup: rbac.authorization.k8s.io 18428 kind: ClusterRole 18429 name: system:auth-delegator 18430 subjects: 18431 - kind: ServiceAccount 18432 name: agones-controller 18433 namespace: agones-system 18434 --- 18435 # Source: agones/templates/serviceaccounts/controller.yaml 18436 apiVersion: rbac.authorization.k8s.io/v1 18437 kind: RoleBinding 18438 metadata: 18439 name: agones-controller-auth-reader 18440 namespace: kube-system 18441 roleRef: 18442 apiGroup: rbac.authorization.k8s.io 18443 kind: Role 18444 name: extension-apiserver-authentication-reader 18445 subjects: 18446 - kind: ServiceAccount 18447 name: agones-controller 18448 namespace: agones-system 18449 --- 18450 # Source: agones/templates/serviceaccounts/sdk.yaml 18451 apiVersion: rbac.authorization.k8s.io/v1 18452 kind: RoleBinding 18453 metadata: 18454 name: agones-sdk-access 18455 namespace: default 18456 labels: 18457 app: agones 18458 chart: agones-1.53.0 18459 release: agones-manual 18460 heritage: Helm 18461 subjects: 18462 - kind: User 18463 name: system:serviceaccount:default:agones-sdk 18464 apiGroup: rbac.authorization.k8s.io 18465 roleRef: 18466 apiGroup: rbac.authorization.k8s.io 18467 kind: ClusterRole 18468 name: agones-sdk 18469 --- 18470 # Source: agones/templates/controller-metrics-service.yaml 18471 # Copyright 2023 Google LLC All Rights Reserved. 18472 # 18473 # Licensed under the Apache License, Version 2.0 (the "License"); 18474 # you may not use this file except in compliance with the License. 18475 # You may obtain a copy of the License at 18476 # 18477 # http://www.apache.org/licenses/LICENSE-2.0 18478 # 18479 # Unless required by applicable law or agreed to in writing, software 18480 # distributed under the License is distributed on an "AS IS" BASIS, 18481 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18482 # See the License for the specific language governing permissions and 18483 # limitations under the License. 18484 apiVersion: v1 18485 kind: Service 18486 metadata: 18487 name: agones-controller-metrics-service 18488 namespace: agones-system 18489 labels: 18490 agones.dev/role: controller 18491 app: agones 18492 chart: agones-1.53.0 18493 release: agones-manual 18494 heritage: Helm 18495 spec: 18496 selector: 18497 agones.dev/role: controller 18498 ports: 18499 - name: metrics 18500 port: 8080 18501 targetPort: http 18502 --- 18503 # Source: agones/templates/extensions-metrics-service.yaml 18504 # Copyright 2023 Google LLC All Rights Reserved. 18505 # 18506 # Licensed under the Apache License, Version 2.0 (the "License"); 18507 # you may not use this file except in compliance with the License. 18508 # You may obtain a copy of the License at 18509 # 18510 # http://www.apache.org/licenses/LICENSE-2.0 18511 # 18512 # Unless required by applicable law or agreed to in writing, software 18513 # distributed under the License is distributed on an "AS IS" BASIS, 18514 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18515 # See the License for the specific language governing permissions and 18516 # limitations under the License. 18517 18518 apiVersion: v1 18519 kind: Service 18520 metadata: 18521 name: agones-extensions-metrics-service 18522 namespace: agones-system 18523 labels: 18524 agones.dev/role: extensions 18525 app: agones 18526 chart: agones-1.53.0 18527 release: agones-manual 18528 heritage: Helm 18529 spec: 18530 selector: 18531 agones.dev/role: extensions 18532 ports: 18533 - name: metrics 18534 port: 8080 18535 targetPort: http 18536 --- 18537 # Source: agones/templates/ping.yaml 18538 apiVersion: v1 18539 kind: Service 18540 metadata: 18541 name: agones-ping-http-service 18542 namespace: agones-system 18543 labels: 18544 component: ping 18545 app: agones 18546 chart: agones-1.53.0 18547 release: agones-manual 18548 heritage: Helm 18549 spec: 18550 selector: 18551 agones.dev/role: ping 18552 ports: 18553 - port: 80 18554 name: http 18555 targetPort: 8080 18556 protocol: TCP 18557 type: LoadBalancer 18558 externalTrafficPolicy: Cluster 18559 --- 18560 # Source: agones/templates/ping.yaml 18561 apiVersion: v1 18562 kind: Service 18563 metadata: 18564 name: agones-ping-udp-service 18565 namespace: agones-system 18566 labels: 18567 component: ping 18568 app: agones 18569 chart: agones-1.53.0 18570 release: agones-manual 18571 heritage: Helm 18572 spec: 18573 selector: 18574 agones.dev/role: ping 18575 ports: 18576 - port: 50000 18577 name: udp 18578 targetPort: 8080 18579 protocol: UDP 18580 type: LoadBalancer 18581 externalTrafficPolicy: Cluster 18582 --- 18583 # Source: agones/templates/service.yaml 18584 # Copyright 2018 Google LLC All Rights Reserved. 18585 # 18586 # Licensed under the Apache License, Version 2.0 (the "License"); 18587 # you may not use this file except in compliance with the License. 18588 # You may obtain a copy of the License at 18589 # 18590 # http://www.apache.org/licenses/LICENSE-2.0 18591 # 18592 # Unless required by applicable law or agreed to in writing, software 18593 # distributed under the License is distributed on an "AS IS" BASIS, 18594 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18595 # See the License for the specific language governing permissions and 18596 # limitations under the License. 18597 18598 apiVersion: v1 18599 kind: Service 18600 metadata: 18601 name: agones-controller-service 18602 namespace: agones-system 18603 labels: 18604 agones.dev/role: extensions 18605 app: agones 18606 chart: agones-1.53.0 18607 release: agones-manual 18608 heritage: Helm 18609 spec: 18610 selector: 18611 agones.dev/role: extensions 18612 ports: 18613 - name: webhooks 18614 port: 443 18615 targetPort: webhooks 18616 - name: web 18617 port: 8080 18618 targetPort: http 18619 --- 18620 # Source: agones/templates/service/allocation.yaml 18621 # Copyright 2019 Google LLC All Rights Reserved. 18622 # 18623 # Licensed under the Apache License, Version 2.0 (the "License"); 18624 # you may not use this file except in compliance with the License. 18625 # You may obtain a copy of the License at 18626 # 18627 # http://www.apache.org/licenses/LICENSE-2.0 18628 # 18629 # Unless required by applicable law or agreed to in writing, software 18630 # distributed under the License is distributed on an "AS IS" BASIS, 18631 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18632 # See the License for the specific language governing permissions and 18633 # limitations under the License. 18634 # Define a Service for the agones-allocator 18635 apiVersion: v1 18636 kind: Service 18637 metadata: 18638 name: agones-allocator 18639 namespace: agones-system 18640 labels: 18641 component: allocator 18642 app: agones 18643 chart: agones-1.53.0 18644 release: agones-manual 18645 heritage: Helm 18646 spec: 18647 selector: 18648 multicluster.agones.dev/role: allocator 18649 ports: 18650 - port: 443 18651 name: https 18652 targetPort: 8443 18653 protocol: TCP 18654 type: LoadBalancer 18655 externalTrafficPolicy: Cluster 18656 --- 18657 # Source: agones/templates/service/allocation.yaml 18658 apiVersion: v1 18659 kind: Service 18660 metadata: 18661 name: agones-allocator-metrics-service 18662 namespace: agones-system 18663 labels: 18664 multicluster.agones.dev/role: allocator 18665 app: agones 18666 chart: agones-1.53.0 18667 release: agones-manual 18668 heritage: Helm 18669 spec: 18670 selector: 18671 multicluster.agones.dev/role: allocator 18672 ports: 18673 - port: 8080 18674 name: http 18675 targetPort: 8080 18676 protocol: TCP 18677 --- 18678 # Source: agones/templates/controller.yaml 18679 # Copyright 2018 Google LLC All Rights Reserved. 18680 # 18681 # Licensed under the Apache License, Version 2.0 (the "License"); 18682 # you may not use this file except in compliance with the License. 18683 # You may obtain a copy of the License at 18684 # 18685 # http://www.apache.org/licenses/LICENSE-2.0 18686 # 18687 # Unless required by applicable law or agreed to in writing, software 18688 # distributed under the License is distributed on an "AS IS" BASIS, 18689 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18690 # See the License for the specific language governing permissions and 18691 # limitations under the License. 18692 apiVersion: apps/v1 18693 kind: Deployment 18694 metadata: 18695 name: agones-controller 18696 namespace: agones-system 18697 labels: 18698 component: controller 18699 app: agones 18700 chart: agones-1.53.0 18701 release: agones-manual 18702 heritage: Helm 18703 spec: 18704 selector: 18705 matchLabels: 18706 agones.dev/role: controller 18707 app: agones 18708 release: agones-manual 18709 heritage: Helm 18710 replicas: 2 18711 strategy: 18712 type: Recreate 18713 template: 18714 metadata: 18715 annotations: 18716 prometheus.io/scrape: "true" 18717 prometheus.io/port: "8080" 18718 prometheus.io/path: "/metrics" 18719 labels: 18720 agones.dev/role: controller 18721 app: agones 18722 release: agones-manual 18723 heritage: Helm 18724 spec: 18725 affinity: 18726 nodeAffinity: 18727 preferredDuringSchedulingIgnoredDuringExecution: 18728 - weight: 1 18729 preference: 18730 matchExpressions: 18731 - key: agones.dev/agones-system 18732 operator: Exists 18733 tolerations: 18734 - effect: NoExecute 18735 key: agones.dev/agones-system 18736 operator: Equal 18737 value: "true" 18738 priorityClassName: agones-system 18739 serviceAccountName: agones-controller 18740 containers: 18741 - name: agones-controller 18742 image: "us-docker.pkg.dev/agones-images/release/agones-controller:1.53.0" 18743 imagePullPolicy: IfNotPresent 18744 securityContext: 18745 runAsNonRoot: true 18746 runAsUser: 1000 18747 allowPrivilegeEscalation: false 18748 env: 18749 # minimum port that can be exposed to GameServer traffic 18750 - name: MIN_PORT 18751 value: "7000" 18752 # maximum port that can be exposed to GameServer traffic 18753 - name: MAX_PORT 18754 value: "8000" 18755 - name: SIDECAR_IMAGE # overwrite the GameServer sidecar image that is used 18756 value: "us-docker.pkg.dev/agones-images/release/agones-sdk:1.53.0" 18757 - name: ALWAYS_PULL_SIDECAR # set the sidecar imagePullPolicy to Always 18758 value: "false" 18759 - name: SIDECAR_CPU_REQUEST 18760 value: "30m" 18761 - name: SIDECAR_CPU_LIMIT 18762 value: "0" 18763 - name: SIDECAR_MEMORY_REQUEST 18764 value: "0" 18765 - name: SIDECAR_MEMORY_LIMIT 18766 value: "0" 18767 - name: SIDECAR_RUN_AS_USER 18768 value: "1000" 18769 - name: SIDECAR_REQUESTS_RATE_LIMIT 18770 value: "500ms" 18771 - name: SDK_SERVICE_ACCOUNT 18772 value: "agones-sdk" 18773 - name: PROMETHEUS_EXPORTER 18774 value: "true" 18775 - name: STACKDRIVER_EXPORTER 18776 value: "false" 18777 - name: STACKDRIVER_LABELS 18778 value: "" 18779 - name: GCP_PROJECT_ID 18780 value: "" 18781 - name: NUM_WORKERS 18782 value: "100" 18783 - name: MAX_CREATION_PARALLELISM 18784 value: "16" 18785 - name: MAX_GAME_SERVER_CREATIONS_PER_BATCH 18786 value: "64" 18787 - name: MAX_DELETION_PARALLELISM 18788 value: "64" 18789 - name: MAX_GAME_SERVER_DELETIONS_PER_BATCH 18790 value: "64" 18791 - name: MAX_POD_PENDING_COUNT 18792 value: "5000" 18793 - name: API_SERVER_QPS 18794 value: "400" 18795 - name: API_SERVER_QPS_BURST 18796 value: "500" 18797 - name: LOG_LEVEL 18798 value: "info" 18799 - name: FEATURE_GATES 18800 value: "" 18801 - name: ALLOCATION_BATCH_WAIT_TIME 18802 value: "500ms" 18803 - name: CLOUD_PRODUCT 18804 value: "auto" 18805 - name: LOG_DIR 18806 value: "/logs" 18807 - name: LOG_SIZE_LIMIT_MB 18808 value: "10000" 18809 - name: POD_NAME 18810 valueFrom: 18811 fieldRef: 18812 fieldPath: metadata.name 18813 - name: POD_NAMESPACE 18814 valueFrom: 18815 fieldRef: 18816 fieldPath: metadata.namespace 18817 - name: CONTAINER_NAME 18818 value: "agones-controller" 18819 - name: LEADER_ELECTION 18820 value: "true" 18821 ports: 18822 - name: webhooks 18823 containerPort: 8081 18824 - name: http 18825 containerPort: 8080 18826 livenessProbe: 18827 httpGet: 18828 path: /live 18829 port: http 18830 initialDelaySeconds: 3 18831 periodSeconds: 3 18832 failureThreshold: 3 18833 timeoutSeconds: 1 18834 resources: 18835 limits: 18836 ephemeral-storage: 10100Mi 18837 requests: 18838 ephemeral-storage: 10100Mi 18839 volumeMounts: 18840 - name: certs 18841 mountPath: /certs 18842 readOnly: true 18843 - name: logs 18844 mountPath: /logs 18845 readOnly: false 18846 volumes: 18847 - name: certs 18848 secret: 18849 secretName: agones-manual-cert 18850 - name: logs 18851 emptyDir: {} 18852 --- 18853 # Source: agones/templates/extensions-deployment.yaml 18854 # Copyright 2022 Google LLC All Rights Reserved. 18855 # 18856 # Licensed under the Apache License, Version 2.0 (the "License"); 18857 # you may not use this file except in compliance with the License. 18858 # You may obtain a copy of the License at 18859 # 18860 # http://www.apache.org/licenses/LICENSE-2.0 18861 # 18862 # Unless required by applicable law or agreed to in writing, software 18863 # distributed under the License is distributed on an "AS IS" BASIS, 18864 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18865 # See the License for the specific language governing permissions and 18866 # limitations under the License. 18867 18868 apiVersion: apps/v1 18869 kind: Deployment 18870 metadata: 18871 name: agones-extensions 18872 namespace: agones-system 18873 labels: 18874 component: extensions 18875 app: agones 18876 chart: agones-1.53.0 18877 release: agones-manual 18878 heritage: Helm 18879 spec: 18880 selector: 18881 matchLabels: 18882 agones.dev/role: extensions 18883 app: agones 18884 release: agones-manual 18885 heritage: Helm 18886 replicas: 2 18887 strategy: 18888 type: Recreate 18889 template: 18890 metadata: 18891 annotations: 18892 revision/tls-cert: "1" 18893 prometheus.io/scrape: "true" 18894 prometheus.io/port: "8080" 18895 prometheus.io/path: "/metrics" 18896 labels: 18897 agones.dev/role: extensions 18898 app: agones 18899 release: agones-manual 18900 heritage: Helm 18901 spec: 18902 affinity: 18903 nodeAffinity: 18904 preferredDuringSchedulingIgnoredDuringExecution: 18905 - weight: 1 18906 preference: 18907 matchExpressions: 18908 - key: agones.dev/agones-system 18909 operator: Exists 18910 tolerations: 18911 - effect: NoExecute 18912 key: agones.dev/agones-system 18913 operator: Equal 18914 value: "true" 18915 priorityClassName: agones-system 18916 serviceAccountName: agones-controller 18917 terminationGracePeriodSeconds: 27 18918 containers: 18919 - name: agones-extensions 18920 image: "us-docker.pkg.dev/agones-images/release/agones-extensions:1.53.0" 18921 imagePullPolicy: IfNotPresent 18922 securityContext: 18923 runAsNonRoot: true 18924 runAsUser: 1000 18925 allowPrivilegeEscalation: false 18926 env: 18927 - name: PROMETHEUS_EXPORTER 18928 value: "true" 18929 - name: STACKDRIVER_EXPORTER 18930 value: "false" 18931 - name: STACKDRIVER_LABELS 18932 value: "" 18933 - name: GCP_PROJECT_ID 18934 value: "" 18935 - name: NUM_WORKERS 18936 value: "100" 18937 - name: API_SERVER_QPS 18938 value: "400" 18939 - name: API_SERVER_QPS_BURST 18940 value: "500" 18941 - name: LOG_LEVEL 18942 value: "info" 18943 - name: FEATURE_GATES 18944 value: "" 18945 - name: ALLOCATION_BATCH_WAIT_TIME 18946 value: "500ms" 18947 - name: CLOUD_PRODUCT 18948 value: "auto" 18949 - name: LOG_DIR 18950 value: "/logs" 18951 - name: LOG_SIZE_LIMIT_MB 18952 value: "10000" 18953 - name: POD_NAME 18954 valueFrom: 18955 fieldRef: 18956 fieldPath: metadata.name 18957 - name: POD_NAMESPACE 18958 valueFrom: 18959 fieldRef: 18960 fieldPath: metadata.namespace 18961 - name: CONTAINER_NAME 18962 value: "agones-extensions" 18963 - name: READINESS_SHUTDOWN_DURATION 18964 value: 18s 18965 - name: WEBHOOK_PORT 18966 value: "8081" 18967 - name: HTTP_PORT 18968 value: "8080" 18969 ports: 18970 - name: webhooks 18971 containerPort: 8081 18972 - name: http 18973 containerPort: 8080 18974 livenessProbe: 18975 httpGet: 18976 path: /live 18977 port: http 18978 initialDelaySeconds: 3 18979 periodSeconds: 3 18980 failureThreshold: 3 18981 timeoutSeconds: 1 18982 readinessProbe: 18983 httpGet: 18984 path: /ready 18985 port: 8080 18986 initialDelaySeconds: 3 18987 periodSeconds: 3 18988 failureThreshold: 3 18989 resources: 18990 limits: 18991 ephemeral-storage: 10100Mi 18992 requests: 18993 ephemeral-storage: 10100Mi 18994 volumeMounts: 18995 - name: certs 18996 mountPath: /certs 18997 readOnly: true 18998 - name: logs 18999 mountPath: /logs 19000 readOnly: false 19001 volumes: 19002 - name: certs 19003 secret: 19004 secretName: agones-manual-cert 19005 - name: logs 19006 emptyDir: {} 19007 --- 19008 # Source: agones/templates/ping.yaml 19009 # Copyright 2018 Google LLC All Rights Reserved. 19010 # 19011 # Licensed under the Apache License, Version 2.0 (the "License"); 19012 # you may not use this file except in compliance with the License. 19013 # You may obtain a copy of the License at 19014 # 19015 # http://www.apache.org/licenses/LICENSE-2.0 19016 # 19017 # Unless required by applicable law or agreed to in writing, software 19018 # distributed under the License is distributed on an "AS IS" BASIS, 19019 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19020 # See the License for the specific language governing permissions and 19021 # limitations under the License. 19022 apiVersion: apps/v1 19023 kind: Deployment 19024 metadata: 19025 name: agones-ping 19026 namespace: agones-system 19027 labels: 19028 component: ping 19029 app: agones 19030 chart: agones-1.53.0 19031 release: agones-manual 19032 heritage: Helm 19033 spec: 19034 selector: 19035 matchLabels: 19036 agones.dev/role: ping 19037 app: agones 19038 release: agones-manual 19039 heritage: Helm 19040 replicas: 2 19041 template: 19042 metadata: 19043 labels: 19044 agones.dev/role: ping 19045 app: agones 19046 release: agones-manual 19047 heritage: Helm 19048 spec: 19049 affinity: 19050 nodeAffinity: 19051 preferredDuringSchedulingIgnoredDuringExecution: 19052 - weight: 1 19053 preference: 19054 matchExpressions: 19055 - key: agones.dev/agones-system 19056 operator: Exists 19057 tolerations: 19058 - effect: NoExecute 19059 key: agones.dev/agones-system 19060 operator: Equal 19061 value: "true" 19062 priorityClassName: agones-system 19063 containers: 19064 - name: agones-ping 19065 image: "us-docker.pkg.dev/agones-images/release/agones-ping:1.53.0" 19066 imagePullPolicy: IfNotPresent 19067 securityContext: 19068 runAsNonRoot: true 19069 runAsUser: 1000 19070 allowPrivilegeEscalation: false 19071 livenessProbe: 19072 httpGet: 19073 port: 8080 19074 path: /live 19075 initialDelaySeconds: 3 19076 periodSeconds: 3 19077 failureThreshold: 3 19078 timeoutSeconds: 1 19079 env: 19080 - name: HTTP_RESPONSE 19081 value: "ok" 19082 - name: UDP_RATE_LIMIT 19083 value: "20" 19084 - name: FEATURE_GATES 19085 value: "" 19086 --- 19087 # Source: agones/templates/service/allocation.yaml 19088 # Deploy pods to run the agones-allocator code 19089 apiVersion: apps/v1 19090 kind: Deployment 19091 metadata: 19092 name: agones-allocator 19093 namespace: agones-system 19094 labels: 19095 multicluster.agones.dev/role: allocator 19096 app: agones 19097 release: agones-manual 19098 heritage: Helm 19099 spec: 19100 replicas: 3 19101 selector: 19102 matchLabels: 19103 multicluster.agones.dev/role: allocator 19104 app: agones 19105 release: agones-manual 19106 heritage: Helm 19107 template: 19108 metadata: 19109 labels: 19110 multicluster.agones.dev/role: allocator 19111 app: agones 19112 release: agones-manual 19113 heritage: Helm 19114 annotations: 19115 prometheus.io/scrape: "true" 19116 prometheus.io/port: "8080" 19117 prometheus.io/path: "/metrics" 19118 spec: 19119 affinity: 19120 nodeAffinity: 19121 preferredDuringSchedulingIgnoredDuringExecution: 19122 - weight: 1 19123 preference: 19124 matchExpressions: 19125 - key: agones.dev/agones-system 19126 operator: Exists 19127 tolerations: 19128 - effect: NoExecute 19129 key: agones.dev/agones-system 19130 operator: Equal 19131 value: "true" 19132 serviceAccountName: agones-allocator 19133 terminationGracePeriodSeconds: 27 19134 volumes: 19135 - name: tls 19136 secret: 19137 secretName: allocator-tls 19138 - name: client-ca 19139 secret: 19140 secretName: allocator-client-ca 19141 containers: 19142 - name: agones-allocator 19143 image: "us-docker.pkg.dev/agones-images/release/agones-allocator:1.53.0" 19144 imagePullPolicy: IfNotPresent 19145 securityContext: 19146 runAsNonRoot: true 19147 runAsUser: 1000 19148 allowPrivilegeEscalation: false 19149 livenessProbe: 19150 httpGet: 19151 path: /live 19152 port: 8080 19153 initialDelaySeconds: 3 19154 periodSeconds: 3 19155 failureThreshold: 3 19156 timeoutSeconds: 1 19157 readinessProbe: 19158 httpGet: 19159 path: /ready 19160 port: 8080 19161 initialDelaySeconds: 3 19162 periodSeconds: 3 19163 failureThreshold: 3 19164 env: 19165 - name: HTTP_PORT 19166 value: "8443" 19167 - name: GRPC_PORT 19168 value: "8443" 19169 - name: HTTP_UNALLOCATED_STATUS_CODE 19170 value: "429" 19171 - name: API_SERVER_QPS 19172 value: "400" 19173 - name: API_SERVER_QPS_BURST 19174 value: "500" 19175 - name: PROMETHEUS_EXPORTER 19176 value: "true" 19177 - name: STACKDRIVER_EXPORTER 19178 value: "false" 19179 - name: GCP_PROJECT_ID 19180 value: "" 19181 - name: STACKDRIVER_LABELS 19182 value: "" 19183 - name: DISABLE_MTLS 19184 value: "false" 19185 - name: DISABLE_TLS 19186 value: "false" 19187 - name: REMOTE_ALLOCATION_TIMEOUT 19188 value: "10s" 19189 - name: TOTAL_REMOTE_ALLOCATION_TIMEOUT 19190 value: "30s" 19191 - name: POD_NAME 19192 valueFrom: 19193 fieldRef: 19194 fieldPath: metadata.name 19195 - name: POD_NAMESPACE 19196 valueFrom: 19197 fieldRef: 19198 fieldPath: metadata.namespace 19199 - name: CONTAINER_NAME 19200 value: "agones-allocator" 19201 - name: LOG_LEVEL 19202 value: "info" 19203 - name: FEATURE_GATES 19204 value: "" 19205 - name: ALLOCATION_BATCH_WAIT_TIME 19206 value: "500ms" 19207 - name: READINESS_SHUTDOWN_DURATION 19208 value: 18s 19209 ports: 19210 - name: https 19211 containerPort: 8443 19212 - name: http 19213 containerPort: 8080 19214 volumeMounts: 19215 - mountPath: /home/allocator/tls 19216 name: tls 19217 readOnly: true 19218 - mountPath: /home/allocator/client-ca 19219 name: client-ca 19220 readOnly: true 19221 --- 19222 # Source: agones/templates/extensions.yaml 19223 apiVersion: apiregistration.k8s.io/v1 19224 kind: APIService 19225 metadata: 19226 name: v1.allocation.agones.dev 19227 labels: 19228 component: controller 19229 app: agones 19230 chart: agones-1.53.0 19231 release: agones-manual 19232 heritage: Helm 19233 spec: 19234 group: allocation.agones.dev 19235 groupPriorityMinimum: 1000 19236 versionPriority: 15 19237 service: 19238 name: agones-controller-service 19239 namespace: agones-system 19240 caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVRm5DOUsxT1kzRnFNaWhqN3RWbXh5R3hwUVdzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dhb3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1ROHdEUVlEVlFRSwpEQVpCWjI5dVpYTXhEekFOQmdOVkJBc01Ca0ZuYjI1bGN6RTBNRElHQTFVRUF3d3JZV2R2Ym1WekxXTnZiblJ5CmIyeHNaWEl0YzJWeWRtbGpaUzVoWjI5dVpYTXRjM2x6ZEdWdExuTjJZekV1TUN3R0NTcUdTSWIzRFFFSkFSWWYKWVdkdmJtVnpMV1JwYzJOMWMzTkFaMjl2WjJ4bFozSnZkWEJ6TG1OdmJUQWVGdzB5TVRBMk16QXhPVFUyTWpGYQpGdzB6TVRBMk1qZ3hPVFUyTWpGYU1JR3FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1UyOXRaUzFUCmRHRjBaVEVQTUEwR0ExVUVDZ3dHUVdkdmJtVnpNUTh3RFFZRFZRUUxEQVpCWjI5dVpYTXhOREF5QmdOVkJBTU0KSzJGbmIyNWxjeTFqYjI1MGNtOXNiR1Z5TFhObGNuWnBZMlV1WVdkdmJtVnpMWE41YzNSbGJTNXpkbU14TGpBcwpCZ2txaGtpRzl3MEJDUUVXSDJGbmIyNWxjeTFrYVhOamRYTnpRR2R2YjJkc1pXZHliM1Z3Y3k1amIyMHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dka0xPS0NINThLSkJpdEJqeVlyTDArRTkKdEl0TFhGVGdxQU9TMGdBQitSVXNZMGhicmVWRHd0SExKYXBnMG55Ni9UYTcvMEc1Wm9kaGR4RlFtS2JWMUxmWQpmZGR0Qm4vOGd4Wi9JQ2dRblU3N3RqY1pLV3JxaW4vZ3h3ZUJua3hjWEtrT3Z1MldoRHdZZVFLN3ZHNEljOGhzClZHb1hTZWo4US94d2M4a0FCRG04YVRSU1RUYmsyWi9kem9mUmswU2xrc1BrVWV5b0NwRGVGbERqY0tTcDAzWnUKV2dBUTNpVy83c1AxVFV5WEtnblZ5M2ZpWm1RQUZreEtOQkxVV0gvVEJJeWtMdUVCMmRYYUd0L0VpZzQ4SWpVOQpMYUxyM3JWSW1Dcmt6dlB5V3VEZTd6MmVKdDE3WEhoTFVHcnE4YTFUSFp3d1NSWUZRc29tQ09ORVNBSTdBZ01CCkFBR2pnWXd3Z1lrd0hRWURWUjBPQkJZRUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQjhHQTFVZEl3UVkKTUJhQUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUgpCQzh3TFlJcllXZHZibVZ6TFdOdmJuUnliMnhzWlhJdGMyVnlkbWxqWlM1aFoyOXVaWE10YzNsemRHVnRMbk4yCll6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWQTUxU3dNcEhZY20zUnRuc2I5MkgwUTZYT1ZndEJzSWRaY1QKbFBuSmFBSGdybEt2SnhiMU0rdTdQYllDZkZOTWlUTStyWGZ5cWtJRXY3VU1aN0dWeS9CYm9zTk1sb2M0UHJjaAo3RnVlai9zVnArcW1GT1c0VzlPVTFwcytqWm5vcHJ4Z3R1OVgzbmpBZjZiWWVqQWMzaVo0Q0xpem8vMDd2Qk94CnA5L3J4R0FjSVVjQW04Y3hXa01kaEduNnZOYkNFcXJoVTRJdnZSYlMwVnlrckhPY3RGM25raC9GbnRHQU80RDEKUEgrUThSQXBNK2xBeGtXcFIvNXlHTXdLM05WcS9kc2JaclQ5RHhId0hUU2tqL3JXZVRrWmxIN042MHpZL3JqbwpNUjBJNEtOWHl3WElTcGdNbE93dkxPdGY2aUNYeHJDNyt1RjdyQmxCei9tSUNxYnR0dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 19241 version: v1 19242 --- 19243 # Source: agones/templates/extensions.yaml 19244 # Copyright 2018 Google LLC All Rights Reserved. 19245 # 19246 # Licensed under the Apache License, Version 2.0 (the "License"); 19247 # you may not use this file except in compliance with the License. 19248 # You may obtain a copy of the License at 19249 # 19250 # http://www.apache.org/licenses/LICENSE-2.0 19251 # 19252 # Unless required by applicable law or agreed to in writing, software 19253 # distributed under the License is distributed on an "AS IS" BASIS, 19254 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19255 # See the License for the specific language governing permissions and 19256 # limitations under the License. 19257 --- 19258 # Source: agones/templates/pdb.yaml 19259 # Copyright 2022 Google LLC All Rights Reserved. 19260 # 19261 # Licensed under the Apache License, Version 2.0 (the "License"); 19262 # you may not use this file except in compliance with the License. 19263 # You may obtain a copy of the License at 19264 # 19265 # http://www.apache.org/licenses/LICENSE-2.0 19266 # 19267 # Unless required by applicable law or agreed to in writing, software 19268 # distributed under the License is distributed on an "AS IS" BASIS, 19269 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19270 # See the License for the specific language governing permissions and 19271 # limitations under the License. 19272 --- 19273 # Source: agones/templates/processor.yaml 19274 # Copyright 2025 Google LLC All Rights Reserved. 19275 # 19276 # Licensed under the Apache License, Version 2.0 (the "License"); 19277 # you may not use this file except in compliance with the License. 19278 # You may obtain a copy of the License at 19279 # 19280 # http://www.apache.org/licenses/LICENSE-2.0 19281 # 19282 # Unless required by applicable law or agreed to in writing, software 19283 # distributed under the License is distributed on an "AS IS" BASIS, 19284 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19285 # See the License for the specific language governing permissions and 19286 # limitations under the License. 19287 --- 19288 # Source: agones/templates/extensions.yaml 19289 apiVersion: admissionregistration.k8s.io/v1 19290 kind: MutatingWebhookConfiguration 19291 metadata: 19292 name: agones-mutation-webhook 19293 labels: 19294 component: controller 19295 app: agones 19296 chart: agones-1.53.0 19297 release: agones-manual 19298 heritage: Helm 19299 webhooks: 19300 - name: mutations.agones.dev 19301 admissionReviewVersions: 19302 - v1 19303 sideEffects: None 19304 failurePolicy: Fail 19305 clientConfig: 19306 service: 19307 name: agones-controller-service 19308 namespace: agones-system 19309 path: /mutate 19310 caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVRm5DOUsxT1kzRnFNaWhqN3RWbXh5R3hwUVdzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dhb3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1ROHdEUVlEVlFRSwpEQVpCWjI5dVpYTXhEekFOQmdOVkJBc01Ca0ZuYjI1bGN6RTBNRElHQTFVRUF3d3JZV2R2Ym1WekxXTnZiblJ5CmIyeHNaWEl0YzJWeWRtbGpaUzVoWjI5dVpYTXRjM2x6ZEdWdExuTjJZekV1TUN3R0NTcUdTSWIzRFFFSkFSWWYKWVdkdmJtVnpMV1JwYzJOMWMzTkFaMjl2WjJ4bFozSnZkWEJ6TG1OdmJUQWVGdzB5TVRBMk16QXhPVFUyTWpGYQpGdzB6TVRBMk1qZ3hPVFUyTWpGYU1JR3FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1UyOXRaUzFUCmRHRjBaVEVQTUEwR0ExVUVDZ3dHUVdkdmJtVnpNUTh3RFFZRFZRUUxEQVpCWjI5dVpYTXhOREF5QmdOVkJBTU0KSzJGbmIyNWxjeTFqYjI1MGNtOXNiR1Z5TFhObGNuWnBZMlV1WVdkdmJtVnpMWE41YzNSbGJTNXpkbU14TGpBcwpCZ2txaGtpRzl3MEJDUUVXSDJGbmIyNWxjeTFrYVhOamRYTnpRR2R2YjJkc1pXZHliM1Z3Y3k1amIyMHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dka0xPS0NINThLSkJpdEJqeVlyTDArRTkKdEl0TFhGVGdxQU9TMGdBQitSVXNZMGhicmVWRHd0SExKYXBnMG55Ni9UYTcvMEc1Wm9kaGR4RlFtS2JWMUxmWQpmZGR0Qm4vOGd4Wi9JQ2dRblU3N3RqY1pLV3JxaW4vZ3h3ZUJua3hjWEtrT3Z1MldoRHdZZVFLN3ZHNEljOGhzClZHb1hTZWo4US94d2M4a0FCRG04YVRSU1RUYmsyWi9kem9mUmswU2xrc1BrVWV5b0NwRGVGbERqY0tTcDAzWnUKV2dBUTNpVy83c1AxVFV5WEtnblZ5M2ZpWm1RQUZreEtOQkxVV0gvVEJJeWtMdUVCMmRYYUd0L0VpZzQ4SWpVOQpMYUxyM3JWSW1Dcmt6dlB5V3VEZTd6MmVKdDE3WEhoTFVHcnE4YTFUSFp3d1NSWUZRc29tQ09ORVNBSTdBZ01CCkFBR2pnWXd3Z1lrd0hRWURWUjBPQkJZRUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQjhHQTFVZEl3UVkKTUJhQUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUgpCQzh3TFlJcllXZHZibVZ6TFdOdmJuUnliMnhzWlhJdGMyVnlkbWxqWlM1aFoyOXVaWE10YzNsemRHVnRMbk4yCll6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWQTUxU3dNcEhZY20zUnRuc2I5MkgwUTZYT1ZndEJzSWRaY1QKbFBuSmFBSGdybEt2SnhiMU0rdTdQYllDZkZOTWlUTStyWGZ5cWtJRXY3VU1aN0dWeS9CYm9zTk1sb2M0UHJjaAo3RnVlai9zVnArcW1GT1c0VzlPVTFwcytqWm5vcHJ4Z3R1OVgzbmpBZjZiWWVqQWMzaVo0Q0xpem8vMDd2Qk94CnA5L3J4R0FjSVVjQW04Y3hXa01kaEduNnZOYkNFcXJoVTRJdnZSYlMwVnlrckhPY3RGM25raC9GbnRHQU80RDEKUEgrUThSQXBNK2xBeGtXcFIvNXlHTXdLM05WcS9kc2JaclQ5RHhId0hUU2tqL3JXZVRrWmxIN042MHpZL3JqbwpNUjBJNEtOWHl3WElTcGdNbE93dkxPdGY2aUNYeHJDNyt1RjdyQmxCei9tSUNxYnR0dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 19311 rules: 19312 - apiGroups: 19313 - agones.dev 19314 resources: 19315 - "gameservers" 19316 - "fleets" 19317 apiVersions: 19318 - "v1" 19319 operations: 19320 - CREATE 19321 - apiGroups: 19322 - autoscaling.agones.dev 19323 resources: 19324 - "fleetautoscalers" 19325 apiVersions: 19326 - "v1" 19327 operations: 19328 - CREATE 19329 - UPDATE 19330 --- 19331 # Source: agones/templates/extensions.yaml 19332 apiVersion: admissionregistration.k8s.io/v1 19333 kind: MutatingWebhookConfiguration 19334 metadata: 19335 name: zzz-agones-mutation-webhook 19336 labels: 19337 component: controller 19338 app: agones 19339 chart: agones-1.53.0 19340 release: agones-manual 19341 heritage: Helm 19342 webhooks: 19343 - name: mutations.agones.dev 19344 admissionReviewVersions: 19345 - v1 19346 sideEffects: None 19347 failurePolicy: Fail 19348 clientConfig: 19349 service: 19350 name: agones-controller-service 19351 namespace: agones-system 19352 path: /mutate 19353 caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVRm5DOUsxT1kzRnFNaWhqN3RWbXh5R3hwUVdzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dhb3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1ROHdEUVlEVlFRSwpEQVpCWjI5dVpYTXhEekFOQmdOVkJBc01Ca0ZuYjI1bGN6RTBNRElHQTFVRUF3d3JZV2R2Ym1WekxXTnZiblJ5CmIyeHNaWEl0YzJWeWRtbGpaUzVoWjI5dVpYTXRjM2x6ZEdWdExuTjJZekV1TUN3R0NTcUdTSWIzRFFFSkFSWWYKWVdkdmJtVnpMV1JwYzJOMWMzTkFaMjl2WjJ4bFozSnZkWEJ6TG1OdmJUQWVGdzB5TVRBMk16QXhPVFUyTWpGYQpGdzB6TVRBMk1qZ3hPVFUyTWpGYU1JR3FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1UyOXRaUzFUCmRHRjBaVEVQTUEwR0ExVUVDZ3dHUVdkdmJtVnpNUTh3RFFZRFZRUUxEQVpCWjI5dVpYTXhOREF5QmdOVkJBTU0KSzJGbmIyNWxjeTFqYjI1MGNtOXNiR1Z5TFhObGNuWnBZMlV1WVdkdmJtVnpMWE41YzNSbGJTNXpkbU14TGpBcwpCZ2txaGtpRzl3MEJDUUVXSDJGbmIyNWxjeTFrYVhOamRYTnpRR2R2YjJkc1pXZHliM1Z3Y3k1amIyMHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dka0xPS0NINThLSkJpdEJqeVlyTDArRTkKdEl0TFhGVGdxQU9TMGdBQitSVXNZMGhicmVWRHd0SExKYXBnMG55Ni9UYTcvMEc1Wm9kaGR4RlFtS2JWMUxmWQpmZGR0Qm4vOGd4Wi9JQ2dRblU3N3RqY1pLV3JxaW4vZ3h3ZUJua3hjWEtrT3Z1MldoRHdZZVFLN3ZHNEljOGhzClZHb1hTZWo4US94d2M4a0FCRG04YVRSU1RUYmsyWi9kem9mUmswU2xrc1BrVWV5b0NwRGVGbERqY0tTcDAzWnUKV2dBUTNpVy83c1AxVFV5WEtnblZ5M2ZpWm1RQUZreEtOQkxVV0gvVEJJeWtMdUVCMmRYYUd0L0VpZzQ4SWpVOQpMYUxyM3JWSW1Dcmt6dlB5V3VEZTd6MmVKdDE3WEhoTFVHcnE4YTFUSFp3d1NSWUZRc29tQ09ORVNBSTdBZ01CCkFBR2pnWXd3Z1lrd0hRWURWUjBPQkJZRUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQjhHQTFVZEl3UVkKTUJhQUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUgpCQzh3TFlJcllXZHZibVZ6TFdOdmJuUnliMnhzWlhJdGMyVnlkbWxqWlM1aFoyOXVaWE10YzNsemRHVnRMbk4yCll6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWQTUxU3dNcEhZY20zUnRuc2I5MkgwUTZYT1ZndEJzSWRaY1QKbFBuSmFBSGdybEt2SnhiMU0rdTdQYllDZkZOTWlUTStyWGZ5cWtJRXY3VU1aN0dWeS9CYm9zTk1sb2M0UHJjaAo3RnVlai9zVnArcW1GT1c0VzlPVTFwcytqWm5vcHJ4Z3R1OVgzbmpBZjZiWWVqQWMzaVo0Q0xpem8vMDd2Qk94CnA5L3J4R0FjSVVjQW04Y3hXa01kaEduNnZOYkNFcXJoVTRJdnZSYlMwVnlrckhPY3RGM25raC9GbnRHQU80RDEKUEgrUThSQXBNK2xBeGtXcFIvNXlHTXdLM05WcS9kc2JaclQ5RHhId0hUU2tqL3JXZVRrWmxIN042MHpZL3JqbwpNUjBJNEtOWHl3WElTcGdNbE93dkxPdGY2aUNYeHJDNyt1RjdyQmxCei9tSUNxYnR0dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 19354 objectSelector: 19355 matchLabels: 19356 agones.dev/port: "autopilot-passthrough" 19357 rules: 19358 - apiGroups: 19359 - "" 19360 resources: 19361 - "pods" 19362 apiVersions: 19363 - "v1" 19364 operations: 19365 - CREATE 19366 --- 19367 # Source: agones/templates/extensions.yaml 19368 apiVersion: admissionregistration.k8s.io/v1 19369 kind: ValidatingWebhookConfiguration 19370 metadata: 19371 name: agones-validation-webhook 19372 labels: 19373 component: controller 19374 app: agones 19375 chart: agones-1.53.0 19376 release: agones-manual 19377 heritage: Helm 19378 webhooks: 19379 - name: validations.agones.dev 19380 admissionReviewVersions: 19381 - v1 19382 sideEffects: None 19383 failurePolicy: Fail 19384 clientConfig: 19385 service: 19386 name: agones-controller-service 19387 namespace: agones-system 19388 path: /validate 19389 caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVRm5DOUsxT1kzRnFNaWhqN3RWbXh5R3hwUVdzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dhb3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1ROHdEUVlEVlFRSwpEQVpCWjI5dVpYTXhEekFOQmdOVkJBc01Ca0ZuYjI1bGN6RTBNRElHQTFVRUF3d3JZV2R2Ym1WekxXTnZiblJ5CmIyeHNaWEl0YzJWeWRtbGpaUzVoWjI5dVpYTXRjM2x6ZEdWdExuTjJZekV1TUN3R0NTcUdTSWIzRFFFSkFSWWYKWVdkdmJtVnpMV1JwYzJOMWMzTkFaMjl2WjJ4bFozSnZkWEJ6TG1OdmJUQWVGdzB5TVRBMk16QXhPVFUyTWpGYQpGdzB6TVRBMk1qZ3hPVFUyTWpGYU1JR3FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1UyOXRaUzFUCmRHRjBaVEVQTUEwR0ExVUVDZ3dHUVdkdmJtVnpNUTh3RFFZRFZRUUxEQVpCWjI5dVpYTXhOREF5QmdOVkJBTU0KSzJGbmIyNWxjeTFqYjI1MGNtOXNiR1Z5TFhObGNuWnBZMlV1WVdkdmJtVnpMWE41YzNSbGJTNXpkbU14TGpBcwpCZ2txaGtpRzl3MEJDUUVXSDJGbmIyNWxjeTFrYVhOamRYTnpRR2R2YjJkc1pXZHliM1Z3Y3k1amIyMHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dka0xPS0NINThLSkJpdEJqeVlyTDArRTkKdEl0TFhGVGdxQU9TMGdBQitSVXNZMGhicmVWRHd0SExKYXBnMG55Ni9UYTcvMEc1Wm9kaGR4RlFtS2JWMUxmWQpmZGR0Qm4vOGd4Wi9JQ2dRblU3N3RqY1pLV3JxaW4vZ3h3ZUJua3hjWEtrT3Z1MldoRHdZZVFLN3ZHNEljOGhzClZHb1hTZWo4US94d2M4a0FCRG04YVRSU1RUYmsyWi9kem9mUmswU2xrc1BrVWV5b0NwRGVGbERqY0tTcDAzWnUKV2dBUTNpVy83c1AxVFV5WEtnblZ5M2ZpWm1RQUZreEtOQkxVV0gvVEJJeWtMdUVCMmRYYUd0L0VpZzQ4SWpVOQpMYUxyM3JWSW1Dcmt6dlB5V3VEZTd6MmVKdDE3WEhoTFVHcnE4YTFUSFp3d1NSWUZRc29tQ09ORVNBSTdBZ01CCkFBR2pnWXd3Z1lrd0hRWURWUjBPQkJZRUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQjhHQTFVZEl3UVkKTUJhQUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUgpCQzh3TFlJcllXZHZibVZ6TFdOdmJuUnliMnhzWlhJdGMyVnlkbWxqWlM1aFoyOXVaWE10YzNsemRHVnRMbk4yCll6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWQTUxU3dNcEhZY20zUnRuc2I5MkgwUTZYT1ZndEJzSWRaY1QKbFBuSmFBSGdybEt2SnhiMU0rdTdQYllDZkZOTWlUTStyWGZ5cWtJRXY3VU1aN0dWeS9CYm9zTk1sb2M0UHJjaAo3RnVlai9zVnArcW1GT1c0VzlPVTFwcytqWm5vcHJ4Z3R1OVgzbmpBZjZiWWVqQWMzaVo0Q0xpem8vMDd2Qk94CnA5L3J4R0FjSVVjQW04Y3hXa01kaEduNnZOYkNFcXJoVTRJdnZSYlMwVnlrckhPY3RGM25raC9GbnRHQU80RDEKUEgrUThSQXBNK2xBeGtXcFIvNXlHTXdLM05WcS9kc2JaclQ5RHhId0hUU2tqL3JXZVRrWmxIN042MHpZL3JqbwpNUjBJNEtOWHl3WElTcGdNbE93dkxPdGY2aUNYeHJDNyt1RjdyQmxCei9tSUNxYnR0dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 19390 rules: 19391 - apiGroups: 19392 - agones.dev 19393 resources: 19394 - "fleets" 19395 - "gameservers" 19396 - "gameserversets" 19397 apiVersions: 19398 - "v1" 19399 operations: 19400 - CREATE 19401 - apiGroups: 19402 - agones.dev 19403 resources: 19404 - "fleets" 19405 - "gameserversets" 19406 apiVersions: 19407 - "v1" 19408 operations: 19409 - UPDATE 19410 - apiGroups: 19411 - autoscaling.agones.dev 19412 resources: 19413 - "fleetautoscalers" 19414 apiVersions: 19415 - "v1" 19416 operations: 19417 - CREATE 19418 - UPDATE