agones.dev/agones@v1.54.0/install/helm/agones/templates/crds/k8s/_io.k8s.api.core.v1.PodTemplateSpec.yaml (about) 1 --- 2 # Copyright 2024 Google LLC All Rights Reserved. 3 # 4 # Licensed under the Apache License, Version 2.0 (the "License"); 5 # you may not use this file except in compliance with the License. 6 # You may obtain a copy of the License at 7 # 8 # http://www.apache.org/licenses/LICENSE-2.0 9 # 10 # Unless required by applicable law or agreed to in writing, software 11 # distributed under the License is distributed on an "AS IS" BASIS, 12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 # See the License for the specific language governing permissions and 14 # limitations under the License. 15 16 # This code was autogenerated. Do not edit directly. 17 18 {{- define "io.k8s.api.core.v1.PodTemplateSpec" }} 19 description: PodTemplateSpec describes the data a pod should have when created from a template 20 properties: 21 metadata: 22 description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" 23 properties: 24 annotations: 25 additionalProperties: 26 type: string 27 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 28 type: object 29 creationTimestamp: 30 description: |- 31 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 32 33 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 34 format: date-time 35 nullable: true 36 type: string 37 deletionGracePeriodSeconds: 38 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 39 format: int64 40 type: integer 41 deletionTimestamp: 42 description: |- 43 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 44 45 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 46 format: date-time 47 type: string 48 finalizers: 49 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 50 items: 51 type: string 52 type: array 53 generateName: 54 description: |- 55 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 56 57 If this field is specified and the generated name exists, the server will return a 409. 58 59 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 60 type: string 61 generation: 62 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 63 format: int64 64 type: integer 65 labels: 66 additionalProperties: 67 type: string 68 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 69 type: object 70 managedFields: 71 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 72 items: 73 properties: 74 apiVersion: 75 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 76 type: string 77 fieldsType: 78 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 79 type: string 80 fieldsV1: 81 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 82 type: object 83 manager: 84 description: Manager is an identifier of the workflow managing these fields. 85 type: string 86 operation: 87 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 88 type: string 89 subresource: 90 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 91 type: string 92 time: 93 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 94 format: date-time 95 type: string 96 type: object 97 type: array 98 name: 99 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 100 type: string 101 namespace: 102 description: |- 103 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 104 105 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 106 type: string 107 ownerReferences: 108 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 109 items: 110 properties: 111 apiVersion: 112 description: API version of the referent. 113 type: string 114 blockOwnerDeletion: 115 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 116 type: boolean 117 controller: 118 description: If true, this reference points to the managing controller. 119 type: boolean 120 kind: 121 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 122 type: string 123 name: 124 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 125 type: string 126 uid: 127 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 128 type: string 129 required: 130 - apiVersion 131 - kind 132 - name 133 - uid 134 type: object 135 x-kubernetes-map-type: atomic 136 type: array 137 resourceVersion: 138 description: |- 139 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 140 141 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 142 type: string 143 selfLink: 144 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 145 type: string 146 uid: 147 description: |- 148 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 149 150 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 151 type: string 152 type: object 153 spec: 154 description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" 155 properties: 156 activeDeadlineSeconds: 157 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. 158 format: int64 159 type: integer 160 affinity: 161 description: If specified, the pod's scheduling constraints 162 properties: 163 nodeAffinity: 164 description: Describes node affinity scheduling rules for the pod. 165 properties: 166 preferredDuringSchedulingIgnoredDuringExecution: 167 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 168 items: 169 properties: 170 preference: 171 description: A node selector term, associated with the corresponding weight. 172 properties: 173 matchExpressions: 174 description: A list of node selector requirements by node's labels. 175 items: 176 properties: 177 key: 178 description: The label key that the selector applies to. 179 type: string 180 operator: 181 description: |- 182 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 183 184 Possible enum values: 185 - `"DoesNotExist"` 186 - `"Exists"` 187 - `"Gt"` 188 - `"In"` 189 - `"Lt"` 190 - `"NotIn"` 191 enum: 192 - DoesNotExist 193 - Exists 194 - Gt 195 - In 196 - Lt 197 - NotIn 198 type: string 199 values: 200 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 201 items: 202 type: string 203 type: array 204 required: 205 - key 206 - operator 207 type: object 208 type: array 209 matchFields: 210 description: A list of node selector requirements by node's fields. 211 items: 212 properties: 213 key: 214 description: The label key that the selector applies to. 215 type: string 216 operator: 217 description: |- 218 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 219 220 Possible enum values: 221 - `"DoesNotExist"` 222 - `"Exists"` 223 - `"Gt"` 224 - `"In"` 225 - `"Lt"` 226 - `"NotIn"` 227 enum: 228 - DoesNotExist 229 - Exists 230 - Gt 231 - In 232 - Lt 233 - NotIn 234 type: string 235 values: 236 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 237 items: 238 type: string 239 type: array 240 required: 241 - key 242 - operator 243 type: object 244 type: array 245 type: object 246 x-kubernetes-map-type: atomic 247 weight: 248 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 249 format: int32 250 type: integer 251 required: 252 - weight 253 - preference 254 type: object 255 type: array 256 requiredDuringSchedulingIgnoredDuringExecution: 257 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 258 properties: 259 nodeSelectorTerms: 260 description: Required. A list of node selector terms. The terms are ORed. 261 items: 262 properties: 263 matchExpressions: 264 description: A list of node selector requirements by node's labels. 265 items: 266 properties: 267 key: 268 description: The label key that the selector applies to. 269 type: string 270 operator: 271 description: |- 272 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 273 274 Possible enum values: 275 - `"DoesNotExist"` 276 - `"Exists"` 277 - `"Gt"` 278 - `"In"` 279 - `"Lt"` 280 - `"NotIn"` 281 enum: 282 - DoesNotExist 283 - Exists 284 - Gt 285 - In 286 - Lt 287 - NotIn 288 type: string 289 values: 290 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 291 items: 292 type: string 293 type: array 294 required: 295 - key 296 - operator 297 type: object 298 type: array 299 matchFields: 300 description: A list of node selector requirements by node's fields. 301 items: 302 properties: 303 key: 304 description: The label key that the selector applies to. 305 type: string 306 operator: 307 description: |- 308 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 309 310 Possible enum values: 311 - `"DoesNotExist"` 312 - `"Exists"` 313 - `"Gt"` 314 - `"In"` 315 - `"Lt"` 316 - `"NotIn"` 317 enum: 318 - DoesNotExist 319 - Exists 320 - Gt 321 - In 322 - Lt 323 - NotIn 324 type: string 325 values: 326 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 327 items: 328 type: string 329 type: array 330 required: 331 - key 332 - operator 333 type: object 334 type: array 335 type: object 336 x-kubernetes-map-type: atomic 337 type: array 338 required: 339 - nodeSelectorTerms 340 type: object 341 x-kubernetes-map-type: atomic 342 type: object 343 podAffinity: 344 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 345 properties: 346 preferredDuringSchedulingIgnoredDuringExecution: 347 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 348 items: 349 properties: 350 podAffinityTerm: 351 description: Required. A pod affinity term, associated with the corresponding weight. 352 properties: 353 labelSelector: 354 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 355 properties: 356 matchExpressions: 357 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 358 items: 359 properties: 360 key: 361 description: key is the label key that the selector applies to. 362 type: string 363 operator: 364 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 365 type: string 366 values: 367 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 368 items: 369 type: string 370 type: array 371 required: 372 - key 373 - operator 374 type: object 375 type: array 376 matchLabels: 377 additionalProperties: 378 type: string 379 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 380 type: object 381 type: object 382 x-kubernetes-map-type: atomic 383 matchLabelKeys: 384 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 385 items: 386 type: string 387 type: array 388 mismatchLabelKeys: 389 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 390 items: 391 type: string 392 type: array 393 namespaceSelector: 394 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 395 properties: 396 matchExpressions: 397 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 398 items: 399 properties: 400 key: 401 description: key is the label key that the selector applies to. 402 type: string 403 operator: 404 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 405 type: string 406 values: 407 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 408 items: 409 type: string 410 type: array 411 required: 412 - key 413 - operator 414 type: object 415 type: array 416 matchLabels: 417 additionalProperties: 418 type: string 419 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 420 type: object 421 type: object 422 x-kubernetes-map-type: atomic 423 namespaces: 424 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 425 items: 426 type: string 427 type: array 428 topologyKey: 429 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 430 type: string 431 required: 432 - topologyKey 433 type: object 434 weight: 435 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 436 format: int32 437 type: integer 438 required: 439 - weight 440 - podAffinityTerm 441 type: object 442 type: array 443 requiredDuringSchedulingIgnoredDuringExecution: 444 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 445 items: 446 properties: 447 labelSelector: 448 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 449 properties: 450 matchExpressions: 451 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 452 items: 453 properties: 454 key: 455 description: key is the label key that the selector applies to. 456 type: string 457 operator: 458 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 459 type: string 460 values: 461 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 462 items: 463 type: string 464 type: array 465 required: 466 - key 467 - operator 468 type: object 469 type: array 470 matchLabels: 471 additionalProperties: 472 type: string 473 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 474 type: object 475 type: object 476 x-kubernetes-map-type: atomic 477 matchLabelKeys: 478 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 479 items: 480 type: string 481 type: array 482 mismatchLabelKeys: 483 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 484 items: 485 type: string 486 type: array 487 namespaceSelector: 488 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 489 properties: 490 matchExpressions: 491 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 492 items: 493 properties: 494 key: 495 description: key is the label key that the selector applies to. 496 type: string 497 operator: 498 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 499 type: string 500 values: 501 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 502 items: 503 type: string 504 type: array 505 required: 506 - key 507 - operator 508 type: object 509 type: array 510 matchLabels: 511 additionalProperties: 512 type: string 513 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 514 type: object 515 type: object 516 x-kubernetes-map-type: atomic 517 namespaces: 518 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 519 items: 520 type: string 521 type: array 522 topologyKey: 523 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 524 type: string 525 required: 526 - topologyKey 527 type: object 528 type: array 529 type: object 530 podAntiAffinity: 531 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 532 properties: 533 preferredDuringSchedulingIgnoredDuringExecution: 534 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 535 items: 536 properties: 537 podAffinityTerm: 538 description: Required. A pod affinity term, associated with the corresponding weight. 539 properties: 540 labelSelector: 541 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 542 properties: 543 matchExpressions: 544 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 545 items: 546 properties: 547 key: 548 description: key is the label key that the selector applies to. 549 type: string 550 operator: 551 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 552 type: string 553 values: 554 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 555 items: 556 type: string 557 type: array 558 required: 559 - key 560 - operator 561 type: object 562 type: array 563 matchLabels: 564 additionalProperties: 565 type: string 566 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 567 type: object 568 type: object 569 x-kubernetes-map-type: atomic 570 matchLabelKeys: 571 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 572 items: 573 type: string 574 type: array 575 mismatchLabelKeys: 576 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 577 items: 578 type: string 579 type: array 580 namespaceSelector: 581 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 582 properties: 583 matchExpressions: 584 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 585 items: 586 properties: 587 key: 588 description: key is the label key that the selector applies to. 589 type: string 590 operator: 591 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 592 type: string 593 values: 594 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 595 items: 596 type: string 597 type: array 598 required: 599 - key 600 - operator 601 type: object 602 type: array 603 matchLabels: 604 additionalProperties: 605 type: string 606 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 607 type: object 608 type: object 609 x-kubernetes-map-type: atomic 610 namespaces: 611 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 612 items: 613 type: string 614 type: array 615 topologyKey: 616 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 617 type: string 618 required: 619 - topologyKey 620 type: object 621 weight: 622 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 623 format: int32 624 type: integer 625 required: 626 - weight 627 - podAffinityTerm 628 type: object 629 type: array 630 requiredDuringSchedulingIgnoredDuringExecution: 631 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 632 items: 633 properties: 634 labelSelector: 635 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 636 properties: 637 matchExpressions: 638 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 639 items: 640 properties: 641 key: 642 description: key is the label key that the selector applies to. 643 type: string 644 operator: 645 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 646 type: string 647 values: 648 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 649 items: 650 type: string 651 type: array 652 required: 653 - key 654 - operator 655 type: object 656 type: array 657 matchLabels: 658 additionalProperties: 659 type: string 660 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 661 type: object 662 type: object 663 x-kubernetes-map-type: atomic 664 matchLabelKeys: 665 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 666 items: 667 type: string 668 type: array 669 mismatchLabelKeys: 670 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 671 items: 672 type: string 673 type: array 674 namespaceSelector: 675 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 676 properties: 677 matchExpressions: 678 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 679 items: 680 properties: 681 key: 682 description: key is the label key that the selector applies to. 683 type: string 684 operator: 685 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 686 type: string 687 values: 688 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 689 items: 690 type: string 691 type: array 692 required: 693 - key 694 - operator 695 type: object 696 type: array 697 matchLabels: 698 additionalProperties: 699 type: string 700 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 701 type: object 702 type: object 703 x-kubernetes-map-type: atomic 704 namespaces: 705 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 706 items: 707 type: string 708 type: array 709 topologyKey: 710 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 711 type: string 712 required: 713 - topologyKey 714 type: object 715 type: array 716 type: object 717 type: object 718 automountServiceAccountToken: 719 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 720 type: boolean 721 containers: 722 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. 723 items: 724 properties: 725 args: 726 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 727 items: 728 type: string 729 type: array 730 command: 731 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 732 items: 733 type: string 734 type: array 735 env: 736 description: List of environment variables to set in the container. Cannot be updated. 737 items: 738 properties: 739 name: 740 description: Name of the environment variable. Must be a C_IDENTIFIER. 741 type: string 742 value: 743 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 744 type: string 745 valueFrom: 746 description: Source for the environment variable's value. Cannot be used if value is not empty. 747 properties: 748 configMapKeyRef: 749 description: Selects a key of a ConfigMap. 750 properties: 751 key: 752 description: The key to select. 753 type: string 754 name: 755 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 756 type: string 757 optional: 758 description: Specify whether the ConfigMap or its key must be defined 759 type: boolean 760 required: 761 - key 762 type: object 763 x-kubernetes-map-type: atomic 764 fieldRef: 765 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 766 properties: 767 apiVersion: 768 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 769 type: string 770 fieldPath: 771 description: Path of the field to select in the specified API version. 772 type: string 773 required: 774 - fieldPath 775 type: object 776 x-kubernetes-map-type: atomic 777 resourceFieldRef: 778 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 779 properties: 780 containerName: 781 description: "Container name: required for volumes, optional for env vars" 782 type: string 783 divisor: 784 description: Specifies the output format of the exposed resources, defaults to "1" 785 type: string 786 resource: 787 description: "Required: resource to select" 788 type: string 789 required: 790 - resource 791 type: object 792 x-kubernetes-map-type: atomic 793 secretKeyRef: 794 description: Selects a key of a secret in the pod's namespace 795 properties: 796 key: 797 description: The key of the secret to select from. Must be a valid secret key. 798 type: string 799 name: 800 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 801 type: string 802 optional: 803 description: Specify whether the Secret or its key must be defined 804 type: boolean 805 required: 806 - key 807 type: object 808 x-kubernetes-map-type: atomic 809 type: object 810 required: 811 - name 812 type: object 813 type: array 814 envFrom: 815 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 816 items: 817 properties: 818 configMapRef: 819 description: The ConfigMap to select from 820 properties: 821 name: 822 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 823 type: string 824 optional: 825 description: Specify whether the ConfigMap must be defined 826 type: boolean 827 type: object 828 prefix: 829 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 830 type: string 831 secretRef: 832 description: The Secret to select from 833 properties: 834 name: 835 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 836 type: string 837 optional: 838 description: Specify whether the Secret must be defined 839 type: boolean 840 type: object 841 type: object 842 type: array 843 image: 844 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 845 type: string 846 imagePullPolicy: 847 description: |- 848 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 849 850 Possible enum values: 851 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 852 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 853 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 854 enum: 855 - Always 856 - IfNotPresent 857 - Never 858 type: string 859 lifecycle: 860 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 861 properties: 862 postStart: 863 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 864 properties: 865 exec: 866 description: Exec specifies a command to execute in the container. 867 properties: 868 command: 869 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 870 items: 871 type: string 872 type: array 873 type: object 874 httpGet: 875 description: HTTPGet specifies an HTTP GET request to perform. 876 properties: 877 host: 878 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 879 type: string 880 httpHeaders: 881 description: Custom headers to set in the request. HTTP allows repeated headers. 882 items: 883 properties: 884 name: 885 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 886 type: string 887 value: 888 description: The header field value 889 type: string 890 required: 891 - name 892 - value 893 type: object 894 type: array 895 path: 896 description: Path to access on the HTTP server. 897 type: string 898 port: 899 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 900 format: int-or-string 901 x-kubernetes-int-or-string: true 902 scheme: 903 description: |- 904 Scheme to use for connecting to the host. Defaults to HTTP. 905 906 Possible enum values: 907 - `"HTTP"` means that the scheme used will be http:// 908 - `"HTTPS"` means that the scheme used will be https:// 909 enum: 910 - HTTP 911 - HTTPS 912 type: string 913 required: 914 - port 915 type: object 916 sleep: 917 description: Sleep represents a duration that the container should sleep. 918 properties: 919 seconds: 920 description: Seconds is the number of seconds to sleep. 921 format: int64 922 type: integer 923 required: 924 - seconds 925 type: object 926 tcpSocket: 927 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 928 properties: 929 host: 930 description: "Optional: Host name to connect to, defaults to the pod IP." 931 type: string 932 port: 933 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 934 format: int-or-string 935 x-kubernetes-int-or-string: true 936 required: 937 - port 938 type: object 939 type: object 940 preStop: 941 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 942 properties: 943 exec: 944 description: Exec specifies a command to execute in the container. 945 properties: 946 command: 947 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 948 items: 949 type: string 950 type: array 951 type: object 952 httpGet: 953 description: HTTPGet specifies an HTTP GET request to perform. 954 properties: 955 host: 956 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 957 type: string 958 httpHeaders: 959 description: Custom headers to set in the request. HTTP allows repeated headers. 960 items: 961 properties: 962 name: 963 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 964 type: string 965 value: 966 description: The header field value 967 type: string 968 required: 969 - name 970 - value 971 type: object 972 type: array 973 path: 974 description: Path to access on the HTTP server. 975 type: string 976 port: 977 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 978 format: int-or-string 979 x-kubernetes-int-or-string: true 980 scheme: 981 description: |- 982 Scheme to use for connecting to the host. Defaults to HTTP. 983 984 Possible enum values: 985 - `"HTTP"` means that the scheme used will be http:// 986 - `"HTTPS"` means that the scheme used will be https:// 987 enum: 988 - HTTP 989 - HTTPS 990 type: string 991 required: 992 - port 993 type: object 994 sleep: 995 description: Sleep represents a duration that the container should sleep. 996 properties: 997 seconds: 998 description: Seconds is the number of seconds to sleep. 999 format: int64 1000 type: integer 1001 required: 1002 - seconds 1003 type: object 1004 tcpSocket: 1005 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 1006 properties: 1007 host: 1008 description: "Optional: Host name to connect to, defaults to the pod IP." 1009 type: string 1010 port: 1011 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1012 format: int-or-string 1013 x-kubernetes-int-or-string: true 1014 required: 1015 - port 1016 type: object 1017 type: object 1018 stopSignal: 1019 description: |- 1020 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 1021 1022 Possible enum values: 1023 - `"SIGABRT"` 1024 - `"SIGALRM"` 1025 - `"SIGBUS"` 1026 - `"SIGCHLD"` 1027 - `"SIGCLD"` 1028 - `"SIGCONT"` 1029 - `"SIGFPE"` 1030 - `"SIGHUP"` 1031 - `"SIGILL"` 1032 - `"SIGINT"` 1033 - `"SIGIO"` 1034 - `"SIGIOT"` 1035 - `"SIGKILL"` 1036 - `"SIGPIPE"` 1037 - `"SIGPOLL"` 1038 - `"SIGPROF"` 1039 - `"SIGPWR"` 1040 - `"SIGQUIT"` 1041 - `"SIGRTMAX"` 1042 - `"SIGRTMAX-1"` 1043 - `"SIGRTMAX-10"` 1044 - `"SIGRTMAX-11"` 1045 - `"SIGRTMAX-12"` 1046 - `"SIGRTMAX-13"` 1047 - `"SIGRTMAX-14"` 1048 - `"SIGRTMAX-2"` 1049 - `"SIGRTMAX-3"` 1050 - `"SIGRTMAX-4"` 1051 - `"SIGRTMAX-5"` 1052 - `"SIGRTMAX-6"` 1053 - `"SIGRTMAX-7"` 1054 - `"SIGRTMAX-8"` 1055 - `"SIGRTMAX-9"` 1056 - `"SIGRTMIN"` 1057 - `"SIGRTMIN+1"` 1058 - `"SIGRTMIN+10"` 1059 - `"SIGRTMIN+11"` 1060 - `"SIGRTMIN+12"` 1061 - `"SIGRTMIN+13"` 1062 - `"SIGRTMIN+14"` 1063 - `"SIGRTMIN+15"` 1064 - `"SIGRTMIN+2"` 1065 - `"SIGRTMIN+3"` 1066 - `"SIGRTMIN+4"` 1067 - `"SIGRTMIN+5"` 1068 - `"SIGRTMIN+6"` 1069 - `"SIGRTMIN+7"` 1070 - `"SIGRTMIN+8"` 1071 - `"SIGRTMIN+9"` 1072 - `"SIGSEGV"` 1073 - `"SIGSTKFLT"` 1074 - `"SIGSTOP"` 1075 - `"SIGSYS"` 1076 - `"SIGTERM"` 1077 - `"SIGTRAP"` 1078 - `"SIGTSTP"` 1079 - `"SIGTTIN"` 1080 - `"SIGTTOU"` 1081 - `"SIGURG"` 1082 - `"SIGUSR1"` 1083 - `"SIGUSR2"` 1084 - `"SIGVTALRM"` 1085 - `"SIGWINCH"` 1086 - `"SIGXCPU"` 1087 - `"SIGXFSZ"` 1088 enum: 1089 - SIGABRT 1090 - SIGALRM 1091 - SIGBUS 1092 - SIGCHLD 1093 - SIGCLD 1094 - SIGCONT 1095 - SIGFPE 1096 - SIGHUP 1097 - SIGILL 1098 - SIGINT 1099 - SIGIO 1100 - SIGIOT 1101 - SIGKILL 1102 - SIGPIPE 1103 - SIGPOLL 1104 - SIGPROF 1105 - SIGPWR 1106 - SIGQUIT 1107 - SIGRTMAX 1108 - SIGRTMAX-1 1109 - SIGRTMAX-10 1110 - SIGRTMAX-11 1111 - SIGRTMAX-12 1112 - SIGRTMAX-13 1113 - SIGRTMAX-14 1114 - SIGRTMAX-2 1115 - SIGRTMAX-3 1116 - SIGRTMAX-4 1117 - SIGRTMAX-5 1118 - SIGRTMAX-6 1119 - SIGRTMAX-7 1120 - SIGRTMAX-8 1121 - SIGRTMAX-9 1122 - SIGRTMIN 1123 - SIGRTMIN+1 1124 - SIGRTMIN+10 1125 - SIGRTMIN+11 1126 - SIGRTMIN+12 1127 - SIGRTMIN+13 1128 - SIGRTMIN+14 1129 - SIGRTMIN+15 1130 - SIGRTMIN+2 1131 - SIGRTMIN+3 1132 - SIGRTMIN+4 1133 - SIGRTMIN+5 1134 - SIGRTMIN+6 1135 - SIGRTMIN+7 1136 - SIGRTMIN+8 1137 - SIGRTMIN+9 1138 - SIGSEGV 1139 - SIGSTKFLT 1140 - SIGSTOP 1141 - SIGSYS 1142 - SIGTERM 1143 - SIGTRAP 1144 - SIGTSTP 1145 - SIGTTIN 1146 - SIGTTOU 1147 - SIGURG 1148 - SIGUSR1 1149 - SIGUSR2 1150 - SIGVTALRM 1151 - SIGWINCH 1152 - SIGXCPU 1153 - SIGXFSZ 1154 type: string 1155 type: object 1156 livenessProbe: 1157 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1158 properties: 1159 exec: 1160 description: Exec specifies a command to execute in the container. 1161 properties: 1162 command: 1163 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1164 items: 1165 type: string 1166 type: array 1167 type: object 1168 failureThreshold: 1169 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1170 format: int32 1171 type: integer 1172 grpc: 1173 description: GRPC specifies a GRPC HealthCheckRequest. 1174 properties: 1175 port: 1176 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1177 format: int32 1178 type: integer 1179 service: 1180 description: |- 1181 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1182 1183 If this is not specified, the default behavior is defined by gRPC. 1184 type: string 1185 required: 1186 - port 1187 type: object 1188 httpGet: 1189 description: HTTPGet specifies an HTTP GET request to perform. 1190 properties: 1191 host: 1192 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1193 type: string 1194 httpHeaders: 1195 description: Custom headers to set in the request. HTTP allows repeated headers. 1196 items: 1197 properties: 1198 name: 1199 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1200 type: string 1201 value: 1202 description: The header field value 1203 type: string 1204 required: 1205 - name 1206 - value 1207 type: object 1208 type: array 1209 path: 1210 description: Path to access on the HTTP server. 1211 type: string 1212 port: 1213 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1214 format: int-or-string 1215 x-kubernetes-int-or-string: true 1216 scheme: 1217 description: |- 1218 Scheme to use for connecting to the host. Defaults to HTTP. 1219 1220 Possible enum values: 1221 - `"HTTP"` means that the scheme used will be http:// 1222 - `"HTTPS"` means that the scheme used will be https:// 1223 enum: 1224 - HTTP 1225 - HTTPS 1226 type: string 1227 required: 1228 - port 1229 type: object 1230 initialDelaySeconds: 1231 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1232 format: int32 1233 type: integer 1234 periodSeconds: 1235 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1236 format: int32 1237 type: integer 1238 successThreshold: 1239 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1240 format: int32 1241 type: integer 1242 tcpSocket: 1243 description: TCPSocket specifies a connection to a TCP port. 1244 properties: 1245 host: 1246 description: "Optional: Host name to connect to, defaults to the pod IP." 1247 type: string 1248 port: 1249 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1250 format: int-or-string 1251 x-kubernetes-int-or-string: true 1252 required: 1253 - port 1254 type: object 1255 terminationGracePeriodSeconds: 1256 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1257 format: int64 1258 type: integer 1259 timeoutSeconds: 1260 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1261 format: int32 1262 type: integer 1263 type: object 1264 name: 1265 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 1266 type: string 1267 ports: 1268 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 1269 items: 1270 properties: 1271 containerPort: 1272 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 1273 format: int32 1274 type: integer 1275 hostIP: 1276 description: What host IP to bind the external port to. 1277 type: string 1278 hostPort: 1279 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 1280 format: int32 1281 type: integer 1282 name: 1283 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 1284 type: string 1285 protocol: 1286 description: |- 1287 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 1288 1289 Possible enum values: 1290 - `"SCTP"` is the SCTP protocol. 1291 - `"TCP"` is the TCP protocol. 1292 - `"UDP"` is the UDP protocol. 1293 enum: 1294 - SCTP 1295 - TCP 1296 - UDP 1297 type: string 1298 required: 1299 - containerPort 1300 type: object 1301 type: array 1302 readinessProbe: 1303 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1304 properties: 1305 exec: 1306 description: Exec specifies a command to execute in the container. 1307 properties: 1308 command: 1309 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1310 items: 1311 type: string 1312 type: array 1313 type: object 1314 failureThreshold: 1315 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1316 format: int32 1317 type: integer 1318 grpc: 1319 description: GRPC specifies a GRPC HealthCheckRequest. 1320 properties: 1321 port: 1322 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1323 format: int32 1324 type: integer 1325 service: 1326 description: |- 1327 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1328 1329 If this is not specified, the default behavior is defined by gRPC. 1330 type: string 1331 required: 1332 - port 1333 type: object 1334 httpGet: 1335 description: HTTPGet specifies an HTTP GET request to perform. 1336 properties: 1337 host: 1338 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1339 type: string 1340 httpHeaders: 1341 description: Custom headers to set in the request. HTTP allows repeated headers. 1342 items: 1343 properties: 1344 name: 1345 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1346 type: string 1347 value: 1348 description: The header field value 1349 type: string 1350 required: 1351 - name 1352 - value 1353 type: object 1354 type: array 1355 path: 1356 description: Path to access on the HTTP server. 1357 type: string 1358 port: 1359 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1360 format: int-or-string 1361 x-kubernetes-int-or-string: true 1362 scheme: 1363 description: |- 1364 Scheme to use for connecting to the host. Defaults to HTTP. 1365 1366 Possible enum values: 1367 - `"HTTP"` means that the scheme used will be http:// 1368 - `"HTTPS"` means that the scheme used will be https:// 1369 enum: 1370 - HTTP 1371 - HTTPS 1372 type: string 1373 required: 1374 - port 1375 type: object 1376 initialDelaySeconds: 1377 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1378 format: int32 1379 type: integer 1380 periodSeconds: 1381 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1382 format: int32 1383 type: integer 1384 successThreshold: 1385 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1386 format: int32 1387 type: integer 1388 tcpSocket: 1389 description: TCPSocket specifies a connection to a TCP port. 1390 properties: 1391 host: 1392 description: "Optional: Host name to connect to, defaults to the pod IP." 1393 type: string 1394 port: 1395 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1396 format: int-or-string 1397 x-kubernetes-int-or-string: true 1398 required: 1399 - port 1400 type: object 1401 terminationGracePeriodSeconds: 1402 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1403 format: int64 1404 type: integer 1405 timeoutSeconds: 1406 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1407 format: int32 1408 type: integer 1409 type: object 1410 resizePolicy: 1411 description: Resources resize policy for the container. 1412 items: 1413 properties: 1414 resourceName: 1415 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 1416 type: string 1417 restartPolicy: 1418 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 1419 type: string 1420 required: 1421 - resourceName 1422 - restartPolicy 1423 type: object 1424 type: array 1425 resources: 1426 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1427 properties: 1428 claims: 1429 description: |- 1430 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 1431 1432 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 1433 1434 This field is immutable. It can only be set for containers. 1435 items: 1436 properties: 1437 name: 1438 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1439 type: string 1440 request: 1441 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 1442 type: string 1443 required: 1444 - name 1445 type: object 1446 type: array 1447 limits: 1448 additionalProperties: 1449 type: string 1450 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1451 type: object 1452 requests: 1453 additionalProperties: 1454 type: string 1455 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1456 type: object 1457 type: object 1458 restartPolicy: 1459 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 1460 type: string 1461 securityContext: 1462 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 1463 properties: 1464 allowPrivilegeEscalation: 1465 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 1466 type: boolean 1467 appArmorProfile: 1468 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 1469 properties: 1470 localhostProfile: 1471 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 1472 type: string 1473 type: 1474 description: |- 1475 type indicates which kind of AppArmor profile will be applied. Valid options are: 1476 Localhost - a profile pre-loaded on the node. 1477 RuntimeDefault - the container runtime's default profile. 1478 Unconfined - no AppArmor enforcement. 1479 1480 Possible enum values: 1481 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 1482 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 1483 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 1484 enum: 1485 - Localhost 1486 - RuntimeDefault 1487 - Unconfined 1488 type: string 1489 required: 1490 - type 1491 type: object 1492 capabilities: 1493 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 1494 properties: 1495 add: 1496 description: Added capabilities 1497 items: 1498 type: string 1499 type: array 1500 drop: 1501 description: Removed capabilities 1502 items: 1503 type: string 1504 type: array 1505 type: object 1506 privileged: 1507 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 1508 type: boolean 1509 procMount: 1510 description: |- 1511 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 1512 1513 Possible enum values: 1514 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 1515 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 1516 enum: 1517 - Default 1518 - Unmasked 1519 type: string 1520 readOnlyRootFilesystem: 1521 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 1522 type: boolean 1523 runAsGroup: 1524 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1525 format: int64 1526 type: integer 1527 runAsNonRoot: 1528 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1529 type: boolean 1530 runAsUser: 1531 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1532 format: int64 1533 type: integer 1534 seLinuxOptions: 1535 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1536 properties: 1537 level: 1538 description: Level is SELinux level label that applies to the container. 1539 type: string 1540 role: 1541 description: Role is a SELinux role label that applies to the container. 1542 type: string 1543 type: 1544 description: Type is a SELinux type label that applies to the container. 1545 type: string 1546 user: 1547 description: User is a SELinux user label that applies to the container. 1548 type: string 1549 type: object 1550 seccompProfile: 1551 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 1552 properties: 1553 localhostProfile: 1554 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 1555 type: string 1556 type: 1557 description: |- 1558 type indicates which kind of seccomp profile will be applied. Valid options are: 1559 1560 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 1561 1562 Possible enum values: 1563 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 1564 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 1565 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 1566 enum: 1567 - Localhost 1568 - RuntimeDefault 1569 - Unconfined 1570 type: string 1571 required: 1572 - type 1573 type: object 1574 windowsOptions: 1575 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 1576 properties: 1577 gmsaCredentialSpec: 1578 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 1579 type: string 1580 gmsaCredentialSpecName: 1581 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 1582 type: string 1583 hostProcess: 1584 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 1585 type: boolean 1586 runAsUserName: 1587 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1588 type: string 1589 type: object 1590 type: object 1591 startupProbe: 1592 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1593 properties: 1594 exec: 1595 description: Exec specifies a command to execute in the container. 1596 properties: 1597 command: 1598 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1599 items: 1600 type: string 1601 type: array 1602 type: object 1603 failureThreshold: 1604 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1605 format: int32 1606 type: integer 1607 grpc: 1608 description: GRPC specifies a GRPC HealthCheckRequest. 1609 properties: 1610 port: 1611 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1612 format: int32 1613 type: integer 1614 service: 1615 description: |- 1616 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1617 1618 If this is not specified, the default behavior is defined by gRPC. 1619 type: string 1620 required: 1621 - port 1622 type: object 1623 httpGet: 1624 description: HTTPGet specifies an HTTP GET request to perform. 1625 properties: 1626 host: 1627 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1628 type: string 1629 httpHeaders: 1630 description: Custom headers to set in the request. HTTP allows repeated headers. 1631 items: 1632 properties: 1633 name: 1634 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1635 type: string 1636 value: 1637 description: The header field value 1638 type: string 1639 required: 1640 - name 1641 - value 1642 type: object 1643 type: array 1644 path: 1645 description: Path to access on the HTTP server. 1646 type: string 1647 port: 1648 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1649 format: int-or-string 1650 x-kubernetes-int-or-string: true 1651 scheme: 1652 description: |- 1653 Scheme to use for connecting to the host. Defaults to HTTP. 1654 1655 Possible enum values: 1656 - `"HTTP"` means that the scheme used will be http:// 1657 - `"HTTPS"` means that the scheme used will be https:// 1658 enum: 1659 - HTTP 1660 - HTTPS 1661 type: string 1662 required: 1663 - port 1664 type: object 1665 initialDelaySeconds: 1666 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1667 format: int32 1668 type: integer 1669 periodSeconds: 1670 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1671 format: int32 1672 type: integer 1673 successThreshold: 1674 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1675 format: int32 1676 type: integer 1677 tcpSocket: 1678 description: TCPSocket specifies a connection to a TCP port. 1679 properties: 1680 host: 1681 description: "Optional: Host name to connect to, defaults to the pod IP." 1682 type: string 1683 port: 1684 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1685 format: int-or-string 1686 x-kubernetes-int-or-string: true 1687 required: 1688 - port 1689 type: object 1690 terminationGracePeriodSeconds: 1691 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1692 format: int64 1693 type: integer 1694 timeoutSeconds: 1695 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1696 format: int32 1697 type: integer 1698 type: object 1699 stdin: 1700 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 1701 type: boolean 1702 stdinOnce: 1703 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 1704 type: boolean 1705 terminationMessagePath: 1706 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 1707 type: string 1708 terminationMessagePolicy: 1709 description: |- 1710 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 1711 1712 Possible enum values: 1713 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 1714 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 1715 enum: 1716 - FallbackToLogsOnError 1717 - File 1718 type: string 1719 tty: 1720 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 1721 type: boolean 1722 volumeDevices: 1723 description: volumeDevices is the list of block devices to be used by the container. 1724 items: 1725 properties: 1726 devicePath: 1727 description: devicePath is the path inside of the container that the device will be mapped to. 1728 type: string 1729 name: 1730 description: name must match the name of a persistentVolumeClaim in the pod 1731 type: string 1732 required: 1733 - name 1734 - devicePath 1735 type: object 1736 type: array 1737 volumeMounts: 1738 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 1739 items: 1740 properties: 1741 mountPath: 1742 description: Path within the container at which the volume should be mounted. Must not contain ':'. 1743 type: string 1744 mountPropagation: 1745 description: |- 1746 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 1747 1748 Possible enum values: 1749 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 1750 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 1751 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 1752 enum: 1753 - Bidirectional 1754 - HostToContainer 1755 - None 1756 type: string 1757 name: 1758 description: This must match the Name of a Volume. 1759 type: string 1760 readOnly: 1761 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 1762 type: boolean 1763 recursiveReadOnly: 1764 description: |- 1765 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 1766 1767 If ReadOnly is false, this field has no meaning and must be unspecified. 1768 1769 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 1770 1771 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 1772 1773 If this field is not specified, it is treated as an equivalent of Disabled. 1774 type: string 1775 subPath: 1776 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 1777 type: string 1778 subPathExpr: 1779 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 1780 type: string 1781 required: 1782 - name 1783 - mountPath 1784 type: object 1785 type: array 1786 workingDir: 1787 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 1788 type: string 1789 required: 1790 - name 1791 type: object 1792 type: array 1793 dnsConfig: 1794 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. 1795 properties: 1796 nameservers: 1797 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. 1798 items: 1799 type: string 1800 type: array 1801 options: 1802 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. 1803 items: 1804 properties: 1805 name: 1806 description: Name is this DNS resolver option's name. Required. 1807 type: string 1808 value: 1809 description: Value is this DNS resolver option's value. 1810 type: string 1811 type: object 1812 type: array 1813 searches: 1814 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. 1815 items: 1816 type: string 1817 type: array 1818 type: object 1819 dnsPolicy: 1820 description: |- 1821 Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 1822 1823 Possible enum values: 1824 - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 1825 - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 1826 - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings. 1827 - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig. 1828 enum: 1829 - ClusterFirst 1830 - ClusterFirstWithHostNet 1831 - Default 1832 - None 1833 type: string 1834 enableServiceLinks: 1835 description: "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true." 1836 type: boolean 1837 ephemeralContainers: 1838 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 1839 items: 1840 properties: 1841 args: 1842 description: "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 1843 items: 1844 type: string 1845 type: array 1846 command: 1847 description: "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 1848 items: 1849 type: string 1850 type: array 1851 env: 1852 description: List of environment variables to set in the container. Cannot be updated. 1853 items: 1854 properties: 1855 name: 1856 description: Name of the environment variable. Must be a C_IDENTIFIER. 1857 type: string 1858 value: 1859 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 1860 type: string 1861 valueFrom: 1862 description: Source for the environment variable's value. Cannot be used if value is not empty. 1863 properties: 1864 configMapKeyRef: 1865 description: Selects a key of a ConfigMap. 1866 properties: 1867 key: 1868 description: The key to select. 1869 type: string 1870 name: 1871 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1872 type: string 1873 optional: 1874 description: Specify whether the ConfigMap or its key must be defined 1875 type: boolean 1876 required: 1877 - key 1878 type: object 1879 x-kubernetes-map-type: atomic 1880 fieldRef: 1881 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 1882 properties: 1883 apiVersion: 1884 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 1885 type: string 1886 fieldPath: 1887 description: Path of the field to select in the specified API version. 1888 type: string 1889 required: 1890 - fieldPath 1891 type: object 1892 x-kubernetes-map-type: atomic 1893 resourceFieldRef: 1894 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 1895 properties: 1896 containerName: 1897 description: "Container name: required for volumes, optional for env vars" 1898 type: string 1899 divisor: 1900 description: Specifies the output format of the exposed resources, defaults to "1" 1901 type: string 1902 resource: 1903 description: "Required: resource to select" 1904 type: string 1905 required: 1906 - resource 1907 type: object 1908 x-kubernetes-map-type: atomic 1909 secretKeyRef: 1910 description: Selects a key of a secret in the pod's namespace 1911 properties: 1912 key: 1913 description: The key of the secret to select from. Must be a valid secret key. 1914 type: string 1915 name: 1916 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1917 type: string 1918 optional: 1919 description: Specify whether the Secret or its key must be defined 1920 type: boolean 1921 required: 1922 - key 1923 type: object 1924 x-kubernetes-map-type: atomic 1925 type: object 1926 required: 1927 - name 1928 type: object 1929 type: array 1930 envFrom: 1931 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 1932 items: 1933 properties: 1934 configMapRef: 1935 description: The ConfigMap to select from 1936 properties: 1937 name: 1938 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1939 type: string 1940 optional: 1941 description: Specify whether the ConfigMap must be defined 1942 type: boolean 1943 type: object 1944 prefix: 1945 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 1946 type: string 1947 secretRef: 1948 description: The Secret to select from 1949 properties: 1950 name: 1951 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1952 type: string 1953 optional: 1954 description: Specify whether the Secret must be defined 1955 type: boolean 1956 type: object 1957 type: object 1958 type: array 1959 image: 1960 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images" 1961 type: string 1962 imagePullPolicy: 1963 description: |- 1964 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 1965 1966 Possible enum values: 1967 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 1968 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 1969 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 1970 enum: 1971 - Always 1972 - IfNotPresent 1973 - Never 1974 type: string 1975 lifecycle: 1976 description: Lifecycle is not allowed for ephemeral containers. 1977 properties: 1978 postStart: 1979 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 1980 properties: 1981 exec: 1982 description: Exec specifies a command to execute in the container. 1983 properties: 1984 command: 1985 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1986 items: 1987 type: string 1988 type: array 1989 type: object 1990 httpGet: 1991 description: HTTPGet specifies an HTTP GET request to perform. 1992 properties: 1993 host: 1994 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1995 type: string 1996 httpHeaders: 1997 description: Custom headers to set in the request. HTTP allows repeated headers. 1998 items: 1999 properties: 2000 name: 2001 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2002 type: string 2003 value: 2004 description: The header field value 2005 type: string 2006 required: 2007 - name 2008 - value 2009 type: object 2010 type: array 2011 path: 2012 description: Path to access on the HTTP server. 2013 type: string 2014 port: 2015 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2016 format: int-or-string 2017 x-kubernetes-int-or-string: true 2018 scheme: 2019 description: |- 2020 Scheme to use for connecting to the host. Defaults to HTTP. 2021 2022 Possible enum values: 2023 - `"HTTP"` means that the scheme used will be http:// 2024 - `"HTTPS"` means that the scheme used will be https:// 2025 enum: 2026 - HTTP 2027 - HTTPS 2028 type: string 2029 required: 2030 - port 2031 type: object 2032 sleep: 2033 description: Sleep represents a duration that the container should sleep. 2034 properties: 2035 seconds: 2036 description: Seconds is the number of seconds to sleep. 2037 format: int64 2038 type: integer 2039 required: 2040 - seconds 2041 type: object 2042 tcpSocket: 2043 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 2044 properties: 2045 host: 2046 description: "Optional: Host name to connect to, defaults to the pod IP." 2047 type: string 2048 port: 2049 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2050 format: int-or-string 2051 x-kubernetes-int-or-string: true 2052 required: 2053 - port 2054 type: object 2055 type: object 2056 preStop: 2057 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 2058 properties: 2059 exec: 2060 description: Exec specifies a command to execute in the container. 2061 properties: 2062 command: 2063 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2064 items: 2065 type: string 2066 type: array 2067 type: object 2068 httpGet: 2069 description: HTTPGet specifies an HTTP GET request to perform. 2070 properties: 2071 host: 2072 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2073 type: string 2074 httpHeaders: 2075 description: Custom headers to set in the request. HTTP allows repeated headers. 2076 items: 2077 properties: 2078 name: 2079 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2080 type: string 2081 value: 2082 description: The header field value 2083 type: string 2084 required: 2085 - name 2086 - value 2087 type: object 2088 type: array 2089 path: 2090 description: Path to access on the HTTP server. 2091 type: string 2092 port: 2093 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2094 format: int-or-string 2095 x-kubernetes-int-or-string: true 2096 scheme: 2097 description: |- 2098 Scheme to use for connecting to the host. Defaults to HTTP. 2099 2100 Possible enum values: 2101 - `"HTTP"` means that the scheme used will be http:// 2102 - `"HTTPS"` means that the scheme used will be https:// 2103 enum: 2104 - HTTP 2105 - HTTPS 2106 type: string 2107 required: 2108 - port 2109 type: object 2110 sleep: 2111 description: Sleep represents a duration that the container should sleep. 2112 properties: 2113 seconds: 2114 description: Seconds is the number of seconds to sleep. 2115 format: int64 2116 type: integer 2117 required: 2118 - seconds 2119 type: object 2120 tcpSocket: 2121 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 2122 properties: 2123 host: 2124 description: "Optional: Host name to connect to, defaults to the pod IP." 2125 type: string 2126 port: 2127 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2128 format: int-or-string 2129 x-kubernetes-int-or-string: true 2130 required: 2131 - port 2132 type: object 2133 type: object 2134 stopSignal: 2135 description: |- 2136 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 2137 2138 Possible enum values: 2139 - `"SIGABRT"` 2140 - `"SIGALRM"` 2141 - `"SIGBUS"` 2142 - `"SIGCHLD"` 2143 - `"SIGCLD"` 2144 - `"SIGCONT"` 2145 - `"SIGFPE"` 2146 - `"SIGHUP"` 2147 - `"SIGILL"` 2148 - `"SIGINT"` 2149 - `"SIGIO"` 2150 - `"SIGIOT"` 2151 - `"SIGKILL"` 2152 - `"SIGPIPE"` 2153 - `"SIGPOLL"` 2154 - `"SIGPROF"` 2155 - `"SIGPWR"` 2156 - `"SIGQUIT"` 2157 - `"SIGRTMAX"` 2158 - `"SIGRTMAX-1"` 2159 - `"SIGRTMAX-10"` 2160 - `"SIGRTMAX-11"` 2161 - `"SIGRTMAX-12"` 2162 - `"SIGRTMAX-13"` 2163 - `"SIGRTMAX-14"` 2164 - `"SIGRTMAX-2"` 2165 - `"SIGRTMAX-3"` 2166 - `"SIGRTMAX-4"` 2167 - `"SIGRTMAX-5"` 2168 - `"SIGRTMAX-6"` 2169 - `"SIGRTMAX-7"` 2170 - `"SIGRTMAX-8"` 2171 - `"SIGRTMAX-9"` 2172 - `"SIGRTMIN"` 2173 - `"SIGRTMIN+1"` 2174 - `"SIGRTMIN+10"` 2175 - `"SIGRTMIN+11"` 2176 - `"SIGRTMIN+12"` 2177 - `"SIGRTMIN+13"` 2178 - `"SIGRTMIN+14"` 2179 - `"SIGRTMIN+15"` 2180 - `"SIGRTMIN+2"` 2181 - `"SIGRTMIN+3"` 2182 - `"SIGRTMIN+4"` 2183 - `"SIGRTMIN+5"` 2184 - `"SIGRTMIN+6"` 2185 - `"SIGRTMIN+7"` 2186 - `"SIGRTMIN+8"` 2187 - `"SIGRTMIN+9"` 2188 - `"SIGSEGV"` 2189 - `"SIGSTKFLT"` 2190 - `"SIGSTOP"` 2191 - `"SIGSYS"` 2192 - `"SIGTERM"` 2193 - `"SIGTRAP"` 2194 - `"SIGTSTP"` 2195 - `"SIGTTIN"` 2196 - `"SIGTTOU"` 2197 - `"SIGURG"` 2198 - `"SIGUSR1"` 2199 - `"SIGUSR2"` 2200 - `"SIGVTALRM"` 2201 - `"SIGWINCH"` 2202 - `"SIGXCPU"` 2203 - `"SIGXFSZ"` 2204 enum: 2205 - SIGABRT 2206 - SIGALRM 2207 - SIGBUS 2208 - SIGCHLD 2209 - SIGCLD 2210 - SIGCONT 2211 - SIGFPE 2212 - SIGHUP 2213 - SIGILL 2214 - SIGINT 2215 - SIGIO 2216 - SIGIOT 2217 - SIGKILL 2218 - SIGPIPE 2219 - SIGPOLL 2220 - SIGPROF 2221 - SIGPWR 2222 - SIGQUIT 2223 - SIGRTMAX 2224 - SIGRTMAX-1 2225 - SIGRTMAX-10 2226 - SIGRTMAX-11 2227 - SIGRTMAX-12 2228 - SIGRTMAX-13 2229 - SIGRTMAX-14 2230 - SIGRTMAX-2 2231 - SIGRTMAX-3 2232 - SIGRTMAX-4 2233 - SIGRTMAX-5 2234 - SIGRTMAX-6 2235 - SIGRTMAX-7 2236 - SIGRTMAX-8 2237 - SIGRTMAX-9 2238 - SIGRTMIN 2239 - SIGRTMIN+1 2240 - SIGRTMIN+10 2241 - SIGRTMIN+11 2242 - SIGRTMIN+12 2243 - SIGRTMIN+13 2244 - SIGRTMIN+14 2245 - SIGRTMIN+15 2246 - SIGRTMIN+2 2247 - SIGRTMIN+3 2248 - SIGRTMIN+4 2249 - SIGRTMIN+5 2250 - SIGRTMIN+6 2251 - SIGRTMIN+7 2252 - SIGRTMIN+8 2253 - SIGRTMIN+9 2254 - SIGSEGV 2255 - SIGSTKFLT 2256 - SIGSTOP 2257 - SIGSYS 2258 - SIGTERM 2259 - SIGTRAP 2260 - SIGTSTP 2261 - SIGTTIN 2262 - SIGTTOU 2263 - SIGURG 2264 - SIGUSR1 2265 - SIGUSR2 2266 - SIGVTALRM 2267 - SIGWINCH 2268 - SIGXCPU 2269 - SIGXFSZ 2270 type: string 2271 type: object 2272 livenessProbe: 2273 description: Probes are not allowed for ephemeral containers. 2274 properties: 2275 exec: 2276 description: Exec specifies a command to execute in the container. 2277 properties: 2278 command: 2279 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2280 items: 2281 type: string 2282 type: array 2283 type: object 2284 failureThreshold: 2285 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2286 format: int32 2287 type: integer 2288 grpc: 2289 description: GRPC specifies a GRPC HealthCheckRequest. 2290 properties: 2291 port: 2292 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2293 format: int32 2294 type: integer 2295 service: 2296 description: |- 2297 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2298 2299 If this is not specified, the default behavior is defined by gRPC. 2300 type: string 2301 required: 2302 - port 2303 type: object 2304 httpGet: 2305 description: HTTPGet specifies an HTTP GET request to perform. 2306 properties: 2307 host: 2308 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2309 type: string 2310 httpHeaders: 2311 description: Custom headers to set in the request. HTTP allows repeated headers. 2312 items: 2313 properties: 2314 name: 2315 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2316 type: string 2317 value: 2318 description: The header field value 2319 type: string 2320 required: 2321 - name 2322 - value 2323 type: object 2324 type: array 2325 path: 2326 description: Path to access on the HTTP server. 2327 type: string 2328 port: 2329 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2330 format: int-or-string 2331 x-kubernetes-int-or-string: true 2332 scheme: 2333 description: |- 2334 Scheme to use for connecting to the host. Defaults to HTTP. 2335 2336 Possible enum values: 2337 - `"HTTP"` means that the scheme used will be http:// 2338 - `"HTTPS"` means that the scheme used will be https:// 2339 enum: 2340 - HTTP 2341 - HTTPS 2342 type: string 2343 required: 2344 - port 2345 type: object 2346 initialDelaySeconds: 2347 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2348 format: int32 2349 type: integer 2350 periodSeconds: 2351 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2352 format: int32 2353 type: integer 2354 successThreshold: 2355 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2356 format: int32 2357 type: integer 2358 tcpSocket: 2359 description: TCPSocket specifies a connection to a TCP port. 2360 properties: 2361 host: 2362 description: "Optional: Host name to connect to, defaults to the pod IP." 2363 type: string 2364 port: 2365 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2366 format: int-or-string 2367 x-kubernetes-int-or-string: true 2368 required: 2369 - port 2370 type: object 2371 terminationGracePeriodSeconds: 2372 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2373 format: int64 2374 type: integer 2375 timeoutSeconds: 2376 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2377 format: int32 2378 type: integer 2379 type: object 2380 name: 2381 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. 2382 type: string 2383 ports: 2384 description: Ports are not allowed for ephemeral containers. 2385 items: 2386 properties: 2387 containerPort: 2388 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 2389 format: int32 2390 type: integer 2391 hostIP: 2392 description: What host IP to bind the external port to. 2393 type: string 2394 hostPort: 2395 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 2396 format: int32 2397 type: integer 2398 name: 2399 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 2400 type: string 2401 protocol: 2402 description: |- 2403 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 2404 2405 Possible enum values: 2406 - `"SCTP"` is the SCTP protocol. 2407 - `"TCP"` is the TCP protocol. 2408 - `"UDP"` is the UDP protocol. 2409 enum: 2410 - SCTP 2411 - TCP 2412 - UDP 2413 type: string 2414 required: 2415 - containerPort 2416 type: object 2417 type: array 2418 readinessProbe: 2419 description: Probes are not allowed for ephemeral containers. 2420 properties: 2421 exec: 2422 description: Exec specifies a command to execute in the container. 2423 properties: 2424 command: 2425 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2426 items: 2427 type: string 2428 type: array 2429 type: object 2430 failureThreshold: 2431 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2432 format: int32 2433 type: integer 2434 grpc: 2435 description: GRPC specifies a GRPC HealthCheckRequest. 2436 properties: 2437 port: 2438 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2439 format: int32 2440 type: integer 2441 service: 2442 description: |- 2443 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2444 2445 If this is not specified, the default behavior is defined by gRPC. 2446 type: string 2447 required: 2448 - port 2449 type: object 2450 httpGet: 2451 description: HTTPGet specifies an HTTP GET request to perform. 2452 properties: 2453 host: 2454 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2455 type: string 2456 httpHeaders: 2457 description: Custom headers to set in the request. HTTP allows repeated headers. 2458 items: 2459 properties: 2460 name: 2461 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2462 type: string 2463 value: 2464 description: The header field value 2465 type: string 2466 required: 2467 - name 2468 - value 2469 type: object 2470 type: array 2471 path: 2472 description: Path to access on the HTTP server. 2473 type: string 2474 port: 2475 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2476 format: int-or-string 2477 x-kubernetes-int-or-string: true 2478 scheme: 2479 description: |- 2480 Scheme to use for connecting to the host. Defaults to HTTP. 2481 2482 Possible enum values: 2483 - `"HTTP"` means that the scheme used will be http:// 2484 - `"HTTPS"` means that the scheme used will be https:// 2485 enum: 2486 - HTTP 2487 - HTTPS 2488 type: string 2489 required: 2490 - port 2491 type: object 2492 initialDelaySeconds: 2493 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2494 format: int32 2495 type: integer 2496 periodSeconds: 2497 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2498 format: int32 2499 type: integer 2500 successThreshold: 2501 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2502 format: int32 2503 type: integer 2504 tcpSocket: 2505 description: TCPSocket specifies a connection to a TCP port. 2506 properties: 2507 host: 2508 description: "Optional: Host name to connect to, defaults to the pod IP." 2509 type: string 2510 port: 2511 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2512 format: int-or-string 2513 x-kubernetes-int-or-string: true 2514 required: 2515 - port 2516 type: object 2517 terminationGracePeriodSeconds: 2518 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2519 format: int64 2520 type: integer 2521 timeoutSeconds: 2522 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2523 format: int32 2524 type: integer 2525 type: object 2526 resizePolicy: 2527 description: Resources resize policy for the container. 2528 items: 2529 properties: 2530 resourceName: 2531 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 2532 type: string 2533 restartPolicy: 2534 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 2535 type: string 2536 required: 2537 - resourceName 2538 - restartPolicy 2539 type: object 2540 type: array 2541 resources: 2542 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. 2543 properties: 2544 claims: 2545 description: |- 2546 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 2547 2548 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 2549 2550 This field is immutable. It can only be set for containers. 2551 items: 2552 properties: 2553 name: 2554 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 2555 type: string 2556 request: 2557 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 2558 type: string 2559 required: 2560 - name 2561 type: object 2562 type: array 2563 limits: 2564 additionalProperties: 2565 type: string 2566 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 2567 type: object 2568 requests: 2569 additionalProperties: 2570 type: string 2571 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 2572 type: object 2573 type: object 2574 restartPolicy: 2575 description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. 2576 type: string 2577 securityContext: 2578 description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." 2579 properties: 2580 allowPrivilegeEscalation: 2581 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 2582 type: boolean 2583 appArmorProfile: 2584 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 2585 properties: 2586 localhostProfile: 2587 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 2588 type: string 2589 type: 2590 description: |- 2591 type indicates which kind of AppArmor profile will be applied. Valid options are: 2592 Localhost - a profile pre-loaded on the node. 2593 RuntimeDefault - the container runtime's default profile. 2594 Unconfined - no AppArmor enforcement. 2595 2596 Possible enum values: 2597 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 2598 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 2599 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 2600 enum: 2601 - Localhost 2602 - RuntimeDefault 2603 - Unconfined 2604 type: string 2605 required: 2606 - type 2607 type: object 2608 capabilities: 2609 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 2610 properties: 2611 add: 2612 description: Added capabilities 2613 items: 2614 type: string 2615 type: array 2616 drop: 2617 description: Removed capabilities 2618 items: 2619 type: string 2620 type: array 2621 type: object 2622 privileged: 2623 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 2624 type: boolean 2625 procMount: 2626 description: |- 2627 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 2628 2629 Possible enum values: 2630 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 2631 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 2632 enum: 2633 - Default 2634 - Unmasked 2635 type: string 2636 readOnlyRootFilesystem: 2637 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 2638 type: boolean 2639 runAsGroup: 2640 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 2641 format: int64 2642 type: integer 2643 runAsNonRoot: 2644 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2645 type: boolean 2646 runAsUser: 2647 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 2648 format: int64 2649 type: integer 2650 seLinuxOptions: 2651 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 2652 properties: 2653 level: 2654 description: Level is SELinux level label that applies to the container. 2655 type: string 2656 role: 2657 description: Role is a SELinux role label that applies to the container. 2658 type: string 2659 type: 2660 description: Type is a SELinux type label that applies to the container. 2661 type: string 2662 user: 2663 description: User is a SELinux user label that applies to the container. 2664 type: string 2665 type: object 2666 seccompProfile: 2667 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 2668 properties: 2669 localhostProfile: 2670 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 2671 type: string 2672 type: 2673 description: |- 2674 type indicates which kind of seccomp profile will be applied. Valid options are: 2675 2676 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 2677 2678 Possible enum values: 2679 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 2680 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 2681 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 2682 enum: 2683 - Localhost 2684 - RuntimeDefault 2685 - Unconfined 2686 type: string 2687 required: 2688 - type 2689 type: object 2690 windowsOptions: 2691 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 2692 properties: 2693 gmsaCredentialSpec: 2694 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 2695 type: string 2696 gmsaCredentialSpecName: 2697 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 2698 type: string 2699 hostProcess: 2700 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 2701 type: boolean 2702 runAsUserName: 2703 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2704 type: string 2705 type: object 2706 type: object 2707 startupProbe: 2708 description: Probes are not allowed for ephemeral containers. 2709 properties: 2710 exec: 2711 description: Exec specifies a command to execute in the container. 2712 properties: 2713 command: 2714 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2715 items: 2716 type: string 2717 type: array 2718 type: object 2719 failureThreshold: 2720 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2721 format: int32 2722 type: integer 2723 grpc: 2724 description: GRPC specifies a GRPC HealthCheckRequest. 2725 properties: 2726 port: 2727 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2728 format: int32 2729 type: integer 2730 service: 2731 description: |- 2732 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2733 2734 If this is not specified, the default behavior is defined by gRPC. 2735 type: string 2736 required: 2737 - port 2738 type: object 2739 httpGet: 2740 description: HTTPGet specifies an HTTP GET request to perform. 2741 properties: 2742 host: 2743 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2744 type: string 2745 httpHeaders: 2746 description: Custom headers to set in the request. HTTP allows repeated headers. 2747 items: 2748 properties: 2749 name: 2750 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2751 type: string 2752 value: 2753 description: The header field value 2754 type: string 2755 required: 2756 - name 2757 - value 2758 type: object 2759 type: array 2760 path: 2761 description: Path to access on the HTTP server. 2762 type: string 2763 port: 2764 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2765 format: int-or-string 2766 x-kubernetes-int-or-string: true 2767 scheme: 2768 description: |- 2769 Scheme to use for connecting to the host. Defaults to HTTP. 2770 2771 Possible enum values: 2772 - `"HTTP"` means that the scheme used will be http:// 2773 - `"HTTPS"` means that the scheme used will be https:// 2774 enum: 2775 - HTTP 2776 - HTTPS 2777 type: string 2778 required: 2779 - port 2780 type: object 2781 initialDelaySeconds: 2782 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2783 format: int32 2784 type: integer 2785 periodSeconds: 2786 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2787 format: int32 2788 type: integer 2789 successThreshold: 2790 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2791 format: int32 2792 type: integer 2793 tcpSocket: 2794 description: TCPSocket specifies a connection to a TCP port. 2795 properties: 2796 host: 2797 description: "Optional: Host name to connect to, defaults to the pod IP." 2798 type: string 2799 port: 2800 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2801 format: int-or-string 2802 x-kubernetes-int-or-string: true 2803 required: 2804 - port 2805 type: object 2806 terminationGracePeriodSeconds: 2807 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2808 format: int64 2809 type: integer 2810 timeoutSeconds: 2811 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2812 format: int32 2813 type: integer 2814 type: object 2815 stdin: 2816 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 2817 type: boolean 2818 stdinOnce: 2819 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 2820 type: boolean 2821 targetContainerName: 2822 description: |- 2823 If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. 2824 2825 The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined. 2826 type: string 2827 terminationMessagePath: 2828 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 2829 type: string 2830 terminationMessagePolicy: 2831 description: |- 2832 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 2833 2834 Possible enum values: 2835 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 2836 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 2837 enum: 2838 - FallbackToLogsOnError 2839 - File 2840 type: string 2841 tty: 2842 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 2843 type: boolean 2844 volumeDevices: 2845 description: volumeDevices is the list of block devices to be used by the container. 2846 items: 2847 properties: 2848 devicePath: 2849 description: devicePath is the path inside of the container that the device will be mapped to. 2850 type: string 2851 name: 2852 description: name must match the name of a persistentVolumeClaim in the pod 2853 type: string 2854 required: 2855 - name 2856 - devicePath 2857 type: object 2858 type: array 2859 volumeMounts: 2860 description: Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. 2861 items: 2862 properties: 2863 mountPath: 2864 description: Path within the container at which the volume should be mounted. Must not contain ':'. 2865 type: string 2866 mountPropagation: 2867 description: |- 2868 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 2869 2870 Possible enum values: 2871 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 2872 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 2873 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 2874 enum: 2875 - Bidirectional 2876 - HostToContainer 2877 - None 2878 type: string 2879 name: 2880 description: This must match the Name of a Volume. 2881 type: string 2882 readOnly: 2883 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 2884 type: boolean 2885 recursiveReadOnly: 2886 description: |- 2887 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 2888 2889 If ReadOnly is false, this field has no meaning and must be unspecified. 2890 2891 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 2892 2893 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 2894 2895 If this field is not specified, it is treated as an equivalent of Disabled. 2896 type: string 2897 subPath: 2898 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 2899 type: string 2900 subPathExpr: 2901 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 2902 type: string 2903 required: 2904 - name 2905 - mountPath 2906 type: object 2907 type: array 2908 workingDir: 2909 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 2910 type: string 2911 required: 2912 - name 2913 type: object 2914 type: array 2915 hostAliases: 2916 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. 2917 items: 2918 properties: 2919 hostnames: 2920 description: Hostnames for the above IP address. 2921 items: 2922 type: string 2923 type: array 2924 ip: 2925 description: IP address of the host file entry. 2926 type: string 2927 required: 2928 - ip 2929 type: object 2930 type: array 2931 hostIPC: 2932 description: "Use the host's ipc namespace. Optional: Default to false." 2933 type: boolean 2934 hostNetwork: 2935 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. 2936 type: boolean 2937 hostPID: 2938 description: "Use the host's pid namespace. Optional: Default to false." 2939 type: boolean 2940 hostUsers: 2941 description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." 2942 type: boolean 2943 hostname: 2944 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. 2945 type: string 2946 imagePullSecrets: 2947 description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" 2948 items: 2949 properties: 2950 name: 2951 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2952 type: string 2953 type: object 2954 x-kubernetes-map-type: atomic 2955 type: array 2956 initContainers: 2957 description: "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" 2958 items: 2959 properties: 2960 args: 2961 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 2962 items: 2963 type: string 2964 type: array 2965 command: 2966 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 2967 items: 2968 type: string 2969 type: array 2970 env: 2971 description: List of environment variables to set in the container. Cannot be updated. 2972 items: 2973 properties: 2974 name: 2975 description: Name of the environment variable. Must be a C_IDENTIFIER. 2976 type: string 2977 value: 2978 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 2979 type: string 2980 valueFrom: 2981 description: Source for the environment variable's value. Cannot be used if value is not empty. 2982 properties: 2983 configMapKeyRef: 2984 description: Selects a key of a ConfigMap. 2985 properties: 2986 key: 2987 description: The key to select. 2988 type: string 2989 name: 2990 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2991 type: string 2992 optional: 2993 description: Specify whether the ConfigMap or its key must be defined 2994 type: boolean 2995 required: 2996 - key 2997 type: object 2998 x-kubernetes-map-type: atomic 2999 fieldRef: 3000 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 3001 properties: 3002 apiVersion: 3003 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 3004 type: string 3005 fieldPath: 3006 description: Path of the field to select in the specified API version. 3007 type: string 3008 required: 3009 - fieldPath 3010 type: object 3011 x-kubernetes-map-type: atomic 3012 resourceFieldRef: 3013 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 3014 properties: 3015 containerName: 3016 description: "Container name: required for volumes, optional for env vars" 3017 type: string 3018 divisor: 3019 description: Specifies the output format of the exposed resources, defaults to "1" 3020 type: string 3021 resource: 3022 description: "Required: resource to select" 3023 type: string 3024 required: 3025 - resource 3026 type: object 3027 x-kubernetes-map-type: atomic 3028 secretKeyRef: 3029 description: Selects a key of a secret in the pod's namespace 3030 properties: 3031 key: 3032 description: The key of the secret to select from. Must be a valid secret key. 3033 type: string 3034 name: 3035 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3036 type: string 3037 optional: 3038 description: Specify whether the Secret or its key must be defined 3039 type: boolean 3040 required: 3041 - key 3042 type: object 3043 x-kubernetes-map-type: atomic 3044 type: object 3045 required: 3046 - name 3047 type: object 3048 type: array 3049 envFrom: 3050 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 3051 items: 3052 properties: 3053 configMapRef: 3054 description: The ConfigMap to select from 3055 properties: 3056 name: 3057 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3058 type: string 3059 optional: 3060 description: Specify whether the ConfigMap must be defined 3061 type: boolean 3062 type: object 3063 prefix: 3064 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 3065 type: string 3066 secretRef: 3067 description: The Secret to select from 3068 properties: 3069 name: 3070 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3071 type: string 3072 optional: 3073 description: Specify whether the Secret must be defined 3074 type: boolean 3075 type: object 3076 type: object 3077 type: array 3078 image: 3079 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 3080 type: string 3081 imagePullPolicy: 3082 description: |- 3083 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 3084 3085 Possible enum values: 3086 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 3087 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 3088 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 3089 enum: 3090 - Always 3091 - IfNotPresent 3092 - Never 3093 type: string 3094 lifecycle: 3095 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 3096 properties: 3097 postStart: 3098 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 3099 properties: 3100 exec: 3101 description: Exec specifies a command to execute in the container. 3102 properties: 3103 command: 3104 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3105 items: 3106 type: string 3107 type: array 3108 type: object 3109 httpGet: 3110 description: HTTPGet specifies an HTTP GET request to perform. 3111 properties: 3112 host: 3113 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3114 type: string 3115 httpHeaders: 3116 description: Custom headers to set in the request. HTTP allows repeated headers. 3117 items: 3118 properties: 3119 name: 3120 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3121 type: string 3122 value: 3123 description: The header field value 3124 type: string 3125 required: 3126 - name 3127 - value 3128 type: object 3129 type: array 3130 path: 3131 description: Path to access on the HTTP server. 3132 type: string 3133 port: 3134 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3135 format: int-or-string 3136 x-kubernetes-int-or-string: true 3137 scheme: 3138 description: |- 3139 Scheme to use for connecting to the host. Defaults to HTTP. 3140 3141 Possible enum values: 3142 - `"HTTP"` means that the scheme used will be http:// 3143 - `"HTTPS"` means that the scheme used will be https:// 3144 enum: 3145 - HTTP 3146 - HTTPS 3147 type: string 3148 required: 3149 - port 3150 type: object 3151 sleep: 3152 description: Sleep represents a duration that the container should sleep. 3153 properties: 3154 seconds: 3155 description: Seconds is the number of seconds to sleep. 3156 format: int64 3157 type: integer 3158 required: 3159 - seconds 3160 type: object 3161 tcpSocket: 3162 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 3163 properties: 3164 host: 3165 description: "Optional: Host name to connect to, defaults to the pod IP." 3166 type: string 3167 port: 3168 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3169 format: int-or-string 3170 x-kubernetes-int-or-string: true 3171 required: 3172 - port 3173 type: object 3174 type: object 3175 preStop: 3176 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 3177 properties: 3178 exec: 3179 description: Exec specifies a command to execute in the container. 3180 properties: 3181 command: 3182 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3183 items: 3184 type: string 3185 type: array 3186 type: object 3187 httpGet: 3188 description: HTTPGet specifies an HTTP GET request to perform. 3189 properties: 3190 host: 3191 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3192 type: string 3193 httpHeaders: 3194 description: Custom headers to set in the request. HTTP allows repeated headers. 3195 items: 3196 properties: 3197 name: 3198 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3199 type: string 3200 value: 3201 description: The header field value 3202 type: string 3203 required: 3204 - name 3205 - value 3206 type: object 3207 type: array 3208 path: 3209 description: Path to access on the HTTP server. 3210 type: string 3211 port: 3212 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3213 format: int-or-string 3214 x-kubernetes-int-or-string: true 3215 scheme: 3216 description: |- 3217 Scheme to use for connecting to the host. Defaults to HTTP. 3218 3219 Possible enum values: 3220 - `"HTTP"` means that the scheme used will be http:// 3221 - `"HTTPS"` means that the scheme used will be https:// 3222 enum: 3223 - HTTP 3224 - HTTPS 3225 type: string 3226 required: 3227 - port 3228 type: object 3229 sleep: 3230 description: Sleep represents a duration that the container should sleep. 3231 properties: 3232 seconds: 3233 description: Seconds is the number of seconds to sleep. 3234 format: int64 3235 type: integer 3236 required: 3237 - seconds 3238 type: object 3239 tcpSocket: 3240 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 3241 properties: 3242 host: 3243 description: "Optional: Host name to connect to, defaults to the pod IP." 3244 type: string 3245 port: 3246 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3247 format: int-or-string 3248 x-kubernetes-int-or-string: true 3249 required: 3250 - port 3251 type: object 3252 type: object 3253 stopSignal: 3254 description: |- 3255 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 3256 3257 Possible enum values: 3258 - `"SIGABRT"` 3259 - `"SIGALRM"` 3260 - `"SIGBUS"` 3261 - `"SIGCHLD"` 3262 - `"SIGCLD"` 3263 - `"SIGCONT"` 3264 - `"SIGFPE"` 3265 - `"SIGHUP"` 3266 - `"SIGILL"` 3267 - `"SIGINT"` 3268 - `"SIGIO"` 3269 - `"SIGIOT"` 3270 - `"SIGKILL"` 3271 - `"SIGPIPE"` 3272 - `"SIGPOLL"` 3273 - `"SIGPROF"` 3274 - `"SIGPWR"` 3275 - `"SIGQUIT"` 3276 - `"SIGRTMAX"` 3277 - `"SIGRTMAX-1"` 3278 - `"SIGRTMAX-10"` 3279 - `"SIGRTMAX-11"` 3280 - `"SIGRTMAX-12"` 3281 - `"SIGRTMAX-13"` 3282 - `"SIGRTMAX-14"` 3283 - `"SIGRTMAX-2"` 3284 - `"SIGRTMAX-3"` 3285 - `"SIGRTMAX-4"` 3286 - `"SIGRTMAX-5"` 3287 - `"SIGRTMAX-6"` 3288 - `"SIGRTMAX-7"` 3289 - `"SIGRTMAX-8"` 3290 - `"SIGRTMAX-9"` 3291 - `"SIGRTMIN"` 3292 - `"SIGRTMIN+1"` 3293 - `"SIGRTMIN+10"` 3294 - `"SIGRTMIN+11"` 3295 - `"SIGRTMIN+12"` 3296 - `"SIGRTMIN+13"` 3297 - `"SIGRTMIN+14"` 3298 - `"SIGRTMIN+15"` 3299 - `"SIGRTMIN+2"` 3300 - `"SIGRTMIN+3"` 3301 - `"SIGRTMIN+4"` 3302 - `"SIGRTMIN+5"` 3303 - `"SIGRTMIN+6"` 3304 - `"SIGRTMIN+7"` 3305 - `"SIGRTMIN+8"` 3306 - `"SIGRTMIN+9"` 3307 - `"SIGSEGV"` 3308 - `"SIGSTKFLT"` 3309 - `"SIGSTOP"` 3310 - `"SIGSYS"` 3311 - `"SIGTERM"` 3312 - `"SIGTRAP"` 3313 - `"SIGTSTP"` 3314 - `"SIGTTIN"` 3315 - `"SIGTTOU"` 3316 - `"SIGURG"` 3317 - `"SIGUSR1"` 3318 - `"SIGUSR2"` 3319 - `"SIGVTALRM"` 3320 - `"SIGWINCH"` 3321 - `"SIGXCPU"` 3322 - `"SIGXFSZ"` 3323 enum: 3324 - SIGABRT 3325 - SIGALRM 3326 - SIGBUS 3327 - SIGCHLD 3328 - SIGCLD 3329 - SIGCONT 3330 - SIGFPE 3331 - SIGHUP 3332 - SIGILL 3333 - SIGINT 3334 - SIGIO 3335 - SIGIOT 3336 - SIGKILL 3337 - SIGPIPE 3338 - SIGPOLL 3339 - SIGPROF 3340 - SIGPWR 3341 - SIGQUIT 3342 - SIGRTMAX 3343 - SIGRTMAX-1 3344 - SIGRTMAX-10 3345 - SIGRTMAX-11 3346 - SIGRTMAX-12 3347 - SIGRTMAX-13 3348 - SIGRTMAX-14 3349 - SIGRTMAX-2 3350 - SIGRTMAX-3 3351 - SIGRTMAX-4 3352 - SIGRTMAX-5 3353 - SIGRTMAX-6 3354 - SIGRTMAX-7 3355 - SIGRTMAX-8 3356 - SIGRTMAX-9 3357 - SIGRTMIN 3358 - SIGRTMIN+1 3359 - SIGRTMIN+10 3360 - SIGRTMIN+11 3361 - SIGRTMIN+12 3362 - SIGRTMIN+13 3363 - SIGRTMIN+14 3364 - SIGRTMIN+15 3365 - SIGRTMIN+2 3366 - SIGRTMIN+3 3367 - SIGRTMIN+4 3368 - SIGRTMIN+5 3369 - SIGRTMIN+6 3370 - SIGRTMIN+7 3371 - SIGRTMIN+8 3372 - SIGRTMIN+9 3373 - SIGSEGV 3374 - SIGSTKFLT 3375 - SIGSTOP 3376 - SIGSYS 3377 - SIGTERM 3378 - SIGTRAP 3379 - SIGTSTP 3380 - SIGTTIN 3381 - SIGTTOU 3382 - SIGURG 3383 - SIGUSR1 3384 - SIGUSR2 3385 - SIGVTALRM 3386 - SIGWINCH 3387 - SIGXCPU 3388 - SIGXFSZ 3389 type: string 3390 type: object 3391 livenessProbe: 3392 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3393 properties: 3394 exec: 3395 description: Exec specifies a command to execute in the container. 3396 properties: 3397 command: 3398 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3399 items: 3400 type: string 3401 type: array 3402 type: object 3403 failureThreshold: 3404 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3405 format: int32 3406 type: integer 3407 grpc: 3408 description: GRPC specifies a GRPC HealthCheckRequest. 3409 properties: 3410 port: 3411 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3412 format: int32 3413 type: integer 3414 service: 3415 description: |- 3416 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3417 3418 If this is not specified, the default behavior is defined by gRPC. 3419 type: string 3420 required: 3421 - port 3422 type: object 3423 httpGet: 3424 description: HTTPGet specifies an HTTP GET request to perform. 3425 properties: 3426 host: 3427 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3428 type: string 3429 httpHeaders: 3430 description: Custom headers to set in the request. HTTP allows repeated headers. 3431 items: 3432 properties: 3433 name: 3434 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3435 type: string 3436 value: 3437 description: The header field value 3438 type: string 3439 required: 3440 - name 3441 - value 3442 type: object 3443 type: array 3444 path: 3445 description: Path to access on the HTTP server. 3446 type: string 3447 port: 3448 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3449 format: int-or-string 3450 x-kubernetes-int-or-string: true 3451 scheme: 3452 description: |- 3453 Scheme to use for connecting to the host. Defaults to HTTP. 3454 3455 Possible enum values: 3456 - `"HTTP"` means that the scheme used will be http:// 3457 - `"HTTPS"` means that the scheme used will be https:// 3458 enum: 3459 - HTTP 3460 - HTTPS 3461 type: string 3462 required: 3463 - port 3464 type: object 3465 initialDelaySeconds: 3466 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3467 format: int32 3468 type: integer 3469 periodSeconds: 3470 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3471 format: int32 3472 type: integer 3473 successThreshold: 3474 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3475 format: int32 3476 type: integer 3477 tcpSocket: 3478 description: TCPSocket specifies a connection to a TCP port. 3479 properties: 3480 host: 3481 description: "Optional: Host name to connect to, defaults to the pod IP." 3482 type: string 3483 port: 3484 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3485 format: int-or-string 3486 x-kubernetes-int-or-string: true 3487 required: 3488 - port 3489 type: object 3490 terminationGracePeriodSeconds: 3491 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3492 format: int64 3493 type: integer 3494 timeoutSeconds: 3495 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3496 format: int32 3497 type: integer 3498 type: object 3499 name: 3500 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 3501 type: string 3502 ports: 3503 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 3504 items: 3505 properties: 3506 containerPort: 3507 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 3508 format: int32 3509 type: integer 3510 hostIP: 3511 description: What host IP to bind the external port to. 3512 type: string 3513 hostPort: 3514 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 3515 format: int32 3516 type: integer 3517 name: 3518 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 3519 type: string 3520 protocol: 3521 description: |- 3522 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 3523 3524 Possible enum values: 3525 - `"SCTP"` is the SCTP protocol. 3526 - `"TCP"` is the TCP protocol. 3527 - `"UDP"` is the UDP protocol. 3528 enum: 3529 - SCTP 3530 - TCP 3531 - UDP 3532 type: string 3533 required: 3534 - containerPort 3535 type: object 3536 type: array 3537 readinessProbe: 3538 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3539 properties: 3540 exec: 3541 description: Exec specifies a command to execute in the container. 3542 properties: 3543 command: 3544 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3545 items: 3546 type: string 3547 type: array 3548 type: object 3549 failureThreshold: 3550 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3551 format: int32 3552 type: integer 3553 grpc: 3554 description: GRPC specifies a GRPC HealthCheckRequest. 3555 properties: 3556 port: 3557 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3558 format: int32 3559 type: integer 3560 service: 3561 description: |- 3562 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3563 3564 If this is not specified, the default behavior is defined by gRPC. 3565 type: string 3566 required: 3567 - port 3568 type: object 3569 httpGet: 3570 description: HTTPGet specifies an HTTP GET request to perform. 3571 properties: 3572 host: 3573 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3574 type: string 3575 httpHeaders: 3576 description: Custom headers to set in the request. HTTP allows repeated headers. 3577 items: 3578 properties: 3579 name: 3580 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3581 type: string 3582 value: 3583 description: The header field value 3584 type: string 3585 required: 3586 - name 3587 - value 3588 type: object 3589 type: array 3590 path: 3591 description: Path to access on the HTTP server. 3592 type: string 3593 port: 3594 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3595 format: int-or-string 3596 x-kubernetes-int-or-string: true 3597 scheme: 3598 description: |- 3599 Scheme to use for connecting to the host. Defaults to HTTP. 3600 3601 Possible enum values: 3602 - `"HTTP"` means that the scheme used will be http:// 3603 - `"HTTPS"` means that the scheme used will be https:// 3604 enum: 3605 - HTTP 3606 - HTTPS 3607 type: string 3608 required: 3609 - port 3610 type: object 3611 initialDelaySeconds: 3612 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3613 format: int32 3614 type: integer 3615 periodSeconds: 3616 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3617 format: int32 3618 type: integer 3619 successThreshold: 3620 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3621 format: int32 3622 type: integer 3623 tcpSocket: 3624 description: TCPSocket specifies a connection to a TCP port. 3625 properties: 3626 host: 3627 description: "Optional: Host name to connect to, defaults to the pod IP." 3628 type: string 3629 port: 3630 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3631 format: int-or-string 3632 x-kubernetes-int-or-string: true 3633 required: 3634 - port 3635 type: object 3636 terminationGracePeriodSeconds: 3637 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3638 format: int64 3639 type: integer 3640 timeoutSeconds: 3641 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3642 format: int32 3643 type: integer 3644 type: object 3645 resizePolicy: 3646 description: Resources resize policy for the container. 3647 items: 3648 properties: 3649 resourceName: 3650 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 3651 type: string 3652 restartPolicy: 3653 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 3654 type: string 3655 required: 3656 - resourceName 3657 - restartPolicy 3658 type: object 3659 type: array 3660 resources: 3661 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3662 properties: 3663 claims: 3664 description: |- 3665 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 3666 3667 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 3668 3669 This field is immutable. It can only be set for containers. 3670 items: 3671 properties: 3672 name: 3673 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 3674 type: string 3675 request: 3676 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 3677 type: string 3678 required: 3679 - name 3680 type: object 3681 type: array 3682 limits: 3683 additionalProperties: 3684 type: string 3685 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3686 type: object 3687 requests: 3688 additionalProperties: 3689 type: string 3690 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3691 type: object 3692 type: object 3693 restartPolicy: 3694 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 3695 type: string 3696 securityContext: 3697 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 3698 properties: 3699 allowPrivilegeEscalation: 3700 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 3701 type: boolean 3702 appArmorProfile: 3703 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 3704 properties: 3705 localhostProfile: 3706 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 3707 type: string 3708 type: 3709 description: |- 3710 type indicates which kind of AppArmor profile will be applied. Valid options are: 3711 Localhost - a profile pre-loaded on the node. 3712 RuntimeDefault - the container runtime's default profile. 3713 Unconfined - no AppArmor enforcement. 3714 3715 Possible enum values: 3716 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 3717 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 3718 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 3719 enum: 3720 - Localhost 3721 - RuntimeDefault 3722 - Unconfined 3723 type: string 3724 required: 3725 - type 3726 type: object 3727 capabilities: 3728 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 3729 properties: 3730 add: 3731 description: Added capabilities 3732 items: 3733 type: string 3734 type: array 3735 drop: 3736 description: Removed capabilities 3737 items: 3738 type: string 3739 type: array 3740 type: object 3741 privileged: 3742 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 3743 type: boolean 3744 procMount: 3745 description: |- 3746 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 3747 3748 Possible enum values: 3749 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 3750 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 3751 enum: 3752 - Default 3753 - Unmasked 3754 type: string 3755 readOnlyRootFilesystem: 3756 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 3757 type: boolean 3758 runAsGroup: 3759 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3760 format: int64 3761 type: integer 3762 runAsNonRoot: 3763 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3764 type: boolean 3765 runAsUser: 3766 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3767 format: int64 3768 type: integer 3769 seLinuxOptions: 3770 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3771 properties: 3772 level: 3773 description: Level is SELinux level label that applies to the container. 3774 type: string 3775 role: 3776 description: Role is a SELinux role label that applies to the container. 3777 type: string 3778 type: 3779 description: Type is a SELinux type label that applies to the container. 3780 type: string 3781 user: 3782 description: User is a SELinux user label that applies to the container. 3783 type: string 3784 type: object 3785 seccompProfile: 3786 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 3787 properties: 3788 localhostProfile: 3789 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 3790 type: string 3791 type: 3792 description: |- 3793 type indicates which kind of seccomp profile will be applied. Valid options are: 3794 3795 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 3796 3797 Possible enum values: 3798 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 3799 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 3800 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 3801 enum: 3802 - Localhost 3803 - RuntimeDefault 3804 - Unconfined 3805 type: string 3806 required: 3807 - type 3808 type: object 3809 windowsOptions: 3810 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 3811 properties: 3812 gmsaCredentialSpec: 3813 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 3814 type: string 3815 gmsaCredentialSpecName: 3816 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 3817 type: string 3818 hostProcess: 3819 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 3820 type: boolean 3821 runAsUserName: 3822 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3823 type: string 3824 type: object 3825 type: object 3826 startupProbe: 3827 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3828 properties: 3829 exec: 3830 description: Exec specifies a command to execute in the container. 3831 properties: 3832 command: 3833 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3834 items: 3835 type: string 3836 type: array 3837 type: object 3838 failureThreshold: 3839 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3840 format: int32 3841 type: integer 3842 grpc: 3843 description: GRPC specifies a GRPC HealthCheckRequest. 3844 properties: 3845 port: 3846 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3847 format: int32 3848 type: integer 3849 service: 3850 description: |- 3851 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3852 3853 If this is not specified, the default behavior is defined by gRPC. 3854 type: string 3855 required: 3856 - port 3857 type: object 3858 httpGet: 3859 description: HTTPGet specifies an HTTP GET request to perform. 3860 properties: 3861 host: 3862 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3863 type: string 3864 httpHeaders: 3865 description: Custom headers to set in the request. HTTP allows repeated headers. 3866 items: 3867 properties: 3868 name: 3869 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3870 type: string 3871 value: 3872 description: The header field value 3873 type: string 3874 required: 3875 - name 3876 - value 3877 type: object 3878 type: array 3879 path: 3880 description: Path to access on the HTTP server. 3881 type: string 3882 port: 3883 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3884 format: int-or-string 3885 x-kubernetes-int-or-string: true 3886 scheme: 3887 description: |- 3888 Scheme to use for connecting to the host. Defaults to HTTP. 3889 3890 Possible enum values: 3891 - `"HTTP"` means that the scheme used will be http:// 3892 - `"HTTPS"` means that the scheme used will be https:// 3893 enum: 3894 - HTTP 3895 - HTTPS 3896 type: string 3897 required: 3898 - port 3899 type: object 3900 initialDelaySeconds: 3901 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3902 format: int32 3903 type: integer 3904 periodSeconds: 3905 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3906 format: int32 3907 type: integer 3908 successThreshold: 3909 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3910 format: int32 3911 type: integer 3912 tcpSocket: 3913 description: TCPSocket specifies a connection to a TCP port. 3914 properties: 3915 host: 3916 description: "Optional: Host name to connect to, defaults to the pod IP." 3917 type: string 3918 port: 3919 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3920 format: int-or-string 3921 x-kubernetes-int-or-string: true 3922 required: 3923 - port 3924 type: object 3925 terminationGracePeriodSeconds: 3926 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3927 format: int64 3928 type: integer 3929 timeoutSeconds: 3930 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3931 format: int32 3932 type: integer 3933 type: object 3934 stdin: 3935 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 3936 type: boolean 3937 stdinOnce: 3938 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 3939 type: boolean 3940 terminationMessagePath: 3941 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 3942 type: string 3943 terminationMessagePolicy: 3944 description: |- 3945 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 3946 3947 Possible enum values: 3948 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 3949 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 3950 enum: 3951 - FallbackToLogsOnError 3952 - File 3953 type: string 3954 tty: 3955 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 3956 type: boolean 3957 volumeDevices: 3958 description: volumeDevices is the list of block devices to be used by the container. 3959 items: 3960 properties: 3961 devicePath: 3962 description: devicePath is the path inside of the container that the device will be mapped to. 3963 type: string 3964 name: 3965 description: name must match the name of a persistentVolumeClaim in the pod 3966 type: string 3967 required: 3968 - name 3969 - devicePath 3970 type: object 3971 type: array 3972 volumeMounts: 3973 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 3974 items: 3975 properties: 3976 mountPath: 3977 description: Path within the container at which the volume should be mounted. Must not contain ':'. 3978 type: string 3979 mountPropagation: 3980 description: |- 3981 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 3982 3983 Possible enum values: 3984 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 3985 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 3986 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 3987 enum: 3988 - Bidirectional 3989 - HostToContainer 3990 - None 3991 type: string 3992 name: 3993 description: This must match the Name of a Volume. 3994 type: string 3995 readOnly: 3996 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 3997 type: boolean 3998 recursiveReadOnly: 3999 description: |- 4000 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 4001 4002 If ReadOnly is false, this field has no meaning and must be unspecified. 4003 4004 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 4005 4006 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 4007 4008 If this field is not specified, it is treated as an equivalent of Disabled. 4009 type: string 4010 subPath: 4011 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 4012 type: string 4013 subPathExpr: 4014 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 4015 type: string 4016 required: 4017 - name 4018 - mountPath 4019 type: object 4020 type: array 4021 workingDir: 4022 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 4023 type: string 4024 required: 4025 - name 4026 type: object 4027 type: array 4028 nodeName: 4029 description: NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename 4030 type: string 4031 nodeSelector: 4032 additionalProperties: 4033 type: string 4034 description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" 4035 type: object 4036 x-kubernetes-map-type: atomic 4037 os: 4038 description: |- 4039 Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. 4040 4041 If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions 4042 4043 If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup 4044 properties: 4045 name: 4046 description: "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null" 4047 type: string 4048 required: 4049 - name 4050 type: object 4051 overhead: 4052 additionalProperties: 4053 type: string 4054 description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" 4055 type: object 4056 preemptionPolicy: 4057 description: |- 4058 PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. 4059 4060 Possible enum values: 4061 - `"Never"` means that pod never preempts other pods with lower priority. 4062 - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority. 4063 enum: 4064 - Never 4065 - PreemptLowerPriority 4066 type: string 4067 priority: 4068 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. 4069 format: int32 4070 type: integer 4071 priorityClassName: 4072 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. 4073 type: string 4074 readinessGates: 4075 description: "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" 4076 items: 4077 properties: 4078 conditionType: 4079 description: ConditionType refers to a condition in the pod's condition list with matching type. 4080 type: string 4081 required: 4082 - conditionType 4083 type: object 4084 type: array 4085 resourceClaims: 4086 description: |- 4087 ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. 4088 4089 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 4090 4091 This field is immutable. 4092 items: 4093 properties: 4094 name: 4095 description: Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. 4096 type: string 4097 resourceClaimName: 4098 description: |- 4099 ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. 4100 4101 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 4102 type: string 4103 resourceClaimTemplateName: 4104 description: |- 4105 ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. 4106 4107 The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 4108 4109 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. 4110 4111 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 4112 type: string 4113 required: 4114 - name 4115 type: object 4116 type: array 4117 resources: 4118 description: |- 4119 Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for "cpu" and "memory" resource names only. ResourceClaims are not supported. 4120 4121 This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. 4122 4123 This is an alpha field and requires enabling the PodLevelResources feature gate. 4124 properties: 4125 claims: 4126 description: |- 4127 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 4128 4129 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 4130 4131 This field is immutable. It can only be set for containers. 4132 items: 4133 properties: 4134 name: 4135 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 4136 type: string 4137 request: 4138 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 4139 type: string 4140 required: 4141 - name 4142 type: object 4143 type: array 4144 limits: 4145 additionalProperties: 4146 type: string 4147 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4148 type: object 4149 requests: 4150 additionalProperties: 4151 type: string 4152 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4153 type: object 4154 type: object 4155 restartPolicy: 4156 description: |- 4157 Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 4158 4159 Possible enum values: 4160 - `"Always"` 4161 - `"Never"` 4162 - `"OnFailure"` 4163 enum: 4164 - Always 4165 - Never 4166 - OnFailure 4167 type: string 4168 runtimeClassName: 4169 description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" 4170 type: string 4171 schedulerName: 4172 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. 4173 type: string 4174 schedulingGates: 4175 description: |- 4176 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. 4177 4178 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 4179 items: 4180 properties: 4181 name: 4182 description: Name of the scheduling gate. Each scheduling gate must have a unique name field. 4183 type: string 4184 required: 4185 - name 4186 type: object 4187 type: array 4188 securityContext: 4189 description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." 4190 properties: 4191 appArmorProfile: 4192 description: appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 4193 properties: 4194 localhostProfile: 4195 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 4196 type: string 4197 type: 4198 description: |- 4199 type indicates which kind of AppArmor profile will be applied. Valid options are: 4200 Localhost - a profile pre-loaded on the node. 4201 RuntimeDefault - the container runtime's default profile. 4202 Unconfined - no AppArmor enforcement. 4203 4204 Possible enum values: 4205 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 4206 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 4207 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 4208 enum: 4209 - Localhost 4210 - RuntimeDefault 4211 - Unconfined 4212 type: string 4213 required: 4214 - type 4215 type: object 4216 fsGroup: 4217 description: |- 4218 A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 4219 4220 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- 4221 4222 If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. 4223 format: int64 4224 type: integer 4225 fsGroupChangePolicy: 4226 description: |- 4227 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. 4228 4229 Possible enum values: 4230 - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior. 4231 - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume. 4232 enum: 4233 - Always 4234 - OnRootMismatch 4235 type: string 4236 runAsGroup: 4237 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 4238 format: int64 4239 type: integer 4240 runAsNonRoot: 4241 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 4242 type: boolean 4243 runAsUser: 4244 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 4245 format: int64 4246 type: integer 4247 seLinuxChangePolicy: 4248 description: |- 4249 seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". 4250 4251 "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. 4252 4253 "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. 4254 4255 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. 4256 4257 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. 4258 4259 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows. 4260 type: string 4261 seLinuxOptions: 4262 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 4263 properties: 4264 level: 4265 description: Level is SELinux level label that applies to the container. 4266 type: string 4267 role: 4268 description: Role is a SELinux role label that applies to the container. 4269 type: string 4270 type: 4271 description: Type is a SELinux type label that applies to the container. 4272 type: string 4273 user: 4274 description: User is a SELinux user label that applies to the container. 4275 type: string 4276 type: object 4277 seccompProfile: 4278 description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 4279 properties: 4280 localhostProfile: 4281 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 4282 type: string 4283 type: 4284 description: |- 4285 type indicates which kind of seccomp profile will be applied. Valid options are: 4286 4287 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 4288 4289 Possible enum values: 4290 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 4291 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 4292 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 4293 enum: 4294 - Localhost 4295 - RuntimeDefault 4296 - Unconfined 4297 type: string 4298 required: 4299 - type 4300 type: object 4301 supplementalGroups: 4302 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. 4303 items: 4304 format: int64 4305 type: integer 4306 type: array 4307 supplementalGroupsPolicy: 4308 description: |- 4309 Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows. 4310 4311 Possible enum values: 4312 - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group). 4313 - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image. 4314 enum: 4315 - Merge 4316 - Strict 4317 type: string 4318 sysctls: 4319 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. 4320 items: 4321 properties: 4322 name: 4323 description: Name of a property to set 4324 type: string 4325 value: 4326 description: Value of a property to set 4327 type: string 4328 required: 4329 - name 4330 - value 4331 type: object 4332 type: array 4333 windowsOptions: 4334 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 4335 properties: 4336 gmsaCredentialSpec: 4337 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 4338 type: string 4339 gmsaCredentialSpecName: 4340 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 4341 type: string 4342 hostProcess: 4343 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 4344 type: boolean 4345 runAsUserName: 4346 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 4347 type: string 4348 type: object 4349 type: object 4350 serviceAccount: 4351 description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead." 4352 type: string 4353 serviceAccountName: 4354 description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" 4355 type: string 4356 setHostnameAsFQDN: 4357 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. 4358 type: boolean 4359 shareProcessNamespace: 4360 description: "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false." 4361 type: boolean 4362 subdomain: 4363 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all. 4364 type: string 4365 terminationGracePeriodSeconds: 4366 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. 4367 format: int64 4368 type: integer 4369 tolerations: 4370 description: If specified, the pod's tolerations. 4371 items: 4372 properties: 4373 effect: 4374 description: |- 4375 Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 4376 4377 Possible enum values: 4378 - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController. 4379 - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler. 4380 - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler. 4381 enum: 4382 - NoExecute 4383 - NoSchedule 4384 - PreferNoSchedule 4385 type: string 4386 key: 4387 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 4388 type: string 4389 operator: 4390 description: |- 4391 Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 4392 4393 Possible enum values: 4394 - `"Equal"` 4395 - `"Exists"` 4396 enum: 4397 - Equal 4398 - Exists 4399 type: string 4400 tolerationSeconds: 4401 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 4402 format: int64 4403 type: integer 4404 value: 4405 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 4406 type: string 4407 type: object 4408 type: array 4409 topologySpreadConstraints: 4410 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. 4411 items: 4412 properties: 4413 labelSelector: 4414 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 4415 properties: 4416 matchExpressions: 4417 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4418 items: 4419 properties: 4420 key: 4421 description: key is the label key that the selector applies to. 4422 type: string 4423 operator: 4424 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4425 type: string 4426 values: 4427 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4428 items: 4429 type: string 4430 type: array 4431 required: 4432 - key 4433 - operator 4434 type: object 4435 type: array 4436 matchLabels: 4437 additionalProperties: 4438 type: string 4439 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4440 type: object 4441 type: object 4442 x-kubernetes-map-type: atomic 4443 matchLabelKeys: 4444 description: |- 4445 MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 4446 4447 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 4448 items: 4449 type: string 4450 type: array 4451 maxSkew: 4452 description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." 4453 format: int32 4454 type: integer 4455 minDomains: 4456 description: |- 4457 MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 4458 4459 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. 4460 format: int32 4461 type: integer 4462 nodeAffinityPolicy: 4463 description: |- 4464 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 4465 4466 If this value is nil, the behavior is equivalent to the Honor policy. 4467 4468 Possible enum values: 4469 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 4470 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 4471 enum: 4472 - Honor 4473 - Ignore 4474 type: string 4475 nodeTaintsPolicy: 4476 description: |- 4477 NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 4478 4479 If this value is nil, the behavior is equivalent to the Ignore policy. 4480 4481 Possible enum values: 4482 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 4483 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 4484 enum: 4485 - Honor 4486 - Ignore 4487 type: string 4488 topologyKey: 4489 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. 4490 type: string 4491 whenUnsatisfiable: 4492 description: |- 4493 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, 4494 but giving higher precedence to topologies that would help reduce the 4495 skew. 4496 A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. 4497 4498 Possible enum values: 4499 - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied. 4500 - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied. 4501 enum: 4502 - DoNotSchedule 4503 - ScheduleAnyway 4504 type: string 4505 required: 4506 - maxSkew 4507 - topologyKey 4508 - whenUnsatisfiable 4509 type: object 4510 type: array 4511 volumes: 4512 description: "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" 4513 items: 4514 properties: 4515 awsElasticBlockStore: 4516 description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4517 properties: 4518 fsType: 4519 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4520 type: string 4521 partition: 4522 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." 4523 format: int32 4524 type: integer 4525 readOnly: 4526 description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4527 type: boolean 4528 volumeID: 4529 description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4530 type: string 4531 required: 4532 - volumeID 4533 type: object 4534 azureDisk: 4535 description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver." 4536 properties: 4537 cachingMode: 4538 description: |- 4539 cachingMode is the Host Caching mode: None, Read Only, Read Write. 4540 4541 Possible enum values: 4542 - `"None"` 4543 - `"ReadOnly"` 4544 - `"ReadWrite"` 4545 enum: 4546 - None 4547 - ReadOnly 4548 - ReadWrite 4549 type: string 4550 diskName: 4551 description: diskName is the Name of the data disk in the blob storage 4552 type: string 4553 diskURI: 4554 description: diskURI is the URI of data disk in the blob storage 4555 type: string 4556 fsType: 4557 description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4558 type: string 4559 kind: 4560 description: |- 4561 kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared 4562 4563 Possible enum values: 4564 - `"Dedicated"` 4565 - `"Managed"` 4566 - `"Shared"` 4567 enum: 4568 - Dedicated 4569 - Managed 4570 - Shared 4571 type: string 4572 readOnly: 4573 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4574 type: boolean 4575 required: 4576 - diskName 4577 - diskURI 4578 type: object 4579 azureFile: 4580 description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver." 4581 properties: 4582 readOnly: 4583 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4584 type: boolean 4585 secretName: 4586 description: secretName is the name of secret that contains Azure Storage Account Name and Key 4587 type: string 4588 shareName: 4589 description: shareName is the azure share Name 4590 type: string 4591 required: 4592 - secretName 4593 - shareName 4594 type: object 4595 cephfs: 4596 description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported." 4597 properties: 4598 monitors: 4599 description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4600 items: 4601 type: string 4602 type: array 4603 path: 4604 description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" 4605 type: string 4606 readOnly: 4607 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4608 type: boolean 4609 secretFile: 4610 description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4611 type: string 4612 secretRef: 4613 description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4614 properties: 4615 name: 4616 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4617 type: string 4618 type: object 4619 x-kubernetes-map-type: atomic 4620 user: 4621 description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4622 type: string 4623 required: 4624 - monitors 4625 type: object 4626 cinder: 4627 description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4628 properties: 4629 fsType: 4630 description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4631 type: string 4632 readOnly: 4633 description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4634 type: boolean 4635 secretRef: 4636 description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." 4637 properties: 4638 name: 4639 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4640 type: string 4641 type: object 4642 x-kubernetes-map-type: atomic 4643 volumeID: 4644 description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4645 type: string 4646 required: 4647 - volumeID 4648 type: object 4649 configMap: 4650 description: configMap represents a configMap that should populate this volume 4651 properties: 4652 defaultMode: 4653 description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4654 format: int32 4655 type: integer 4656 items: 4657 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 4658 items: 4659 properties: 4660 key: 4661 description: key is the key to project. 4662 type: string 4663 mode: 4664 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4665 format: int32 4666 type: integer 4667 path: 4668 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 4669 type: string 4670 required: 4671 - key 4672 - path 4673 type: object 4674 type: array 4675 name: 4676 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4677 type: string 4678 optional: 4679 description: optional specify whether the ConfigMap or its keys must be defined 4680 type: boolean 4681 type: object 4682 csi: 4683 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. 4684 properties: 4685 driver: 4686 description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 4687 type: string 4688 fsType: 4689 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 4690 type: string 4691 nodePublishSecretRef: 4692 description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 4693 properties: 4694 name: 4695 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4696 type: string 4697 type: object 4698 x-kubernetes-map-type: atomic 4699 readOnly: 4700 description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). 4701 type: boolean 4702 volumeAttributes: 4703 additionalProperties: 4704 type: string 4705 description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 4706 type: object 4707 required: 4708 - driver 4709 type: object 4710 downwardAPI: 4711 description: downwardAPI represents downward API about the pod that should populate this volume 4712 properties: 4713 defaultMode: 4714 description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4715 format: int32 4716 type: integer 4717 items: 4718 description: Items is a list of downward API volume file 4719 items: 4720 properties: 4721 fieldRef: 4722 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 4723 properties: 4724 apiVersion: 4725 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 4726 type: string 4727 fieldPath: 4728 description: Path of the field to select in the specified API version. 4729 type: string 4730 required: 4731 - fieldPath 4732 type: object 4733 x-kubernetes-map-type: atomic 4734 mode: 4735 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4736 format: int32 4737 type: integer 4738 path: 4739 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 4740 type: string 4741 resourceFieldRef: 4742 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 4743 properties: 4744 containerName: 4745 description: "Container name: required for volumes, optional for env vars" 4746 type: string 4747 divisor: 4748 description: Specifies the output format of the exposed resources, defaults to "1" 4749 type: string 4750 resource: 4751 description: "Required: resource to select" 4752 type: string 4753 required: 4754 - resource 4755 type: object 4756 x-kubernetes-map-type: atomic 4757 required: 4758 - path 4759 type: object 4760 type: array 4761 type: object 4762 emptyDir: 4763 description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 4764 properties: 4765 medium: 4766 description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 4767 type: string 4768 sizeLimit: 4769 description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 4770 type: string 4771 type: object 4772 ephemeral: 4773 description: |- 4774 ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. 4775 4776 Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity 4777 tracking are needed, 4778 c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through 4779 a PersistentVolumeClaim (see EphemeralVolumeSource for more 4780 information on the connection between this volume type 4781 and PersistentVolumeClaim). 4782 4783 Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. 4784 4785 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. 4786 4787 A pod can use both types of ephemeral volumes and persistent volumes at the same time. 4788 properties: 4789 volumeClaimTemplate: 4790 description: |- 4791 Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). 4792 4793 An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. 4794 4795 This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. 4796 4797 Required, must not be nil. 4798 properties: 4799 metadata: 4800 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 4801 properties: 4802 annotations: 4803 additionalProperties: 4804 type: string 4805 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 4806 type: object 4807 creationTimestamp: 4808 description: |- 4809 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 4810 4811 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 4812 format: date-time 4813 nullable: true 4814 type: string 4815 deletionGracePeriodSeconds: 4816 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 4817 format: int64 4818 type: integer 4819 deletionTimestamp: 4820 description: |- 4821 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 4822 4823 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 4824 format: date-time 4825 type: string 4826 finalizers: 4827 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 4828 items: 4829 type: string 4830 type: array 4831 generateName: 4832 description: |- 4833 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 4834 4835 If this field is specified and the generated name exists, the server will return a 409. 4836 4837 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 4838 type: string 4839 generation: 4840 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 4841 format: int64 4842 type: integer 4843 labels: 4844 additionalProperties: 4845 type: string 4846 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 4847 type: object 4848 managedFields: 4849 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 4850 items: 4851 properties: 4852 apiVersion: 4853 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 4854 type: string 4855 fieldsType: 4856 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 4857 type: string 4858 fieldsV1: 4859 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 4860 type: object 4861 manager: 4862 description: Manager is an identifier of the workflow managing these fields. 4863 type: string 4864 operation: 4865 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 4866 type: string 4867 subresource: 4868 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 4869 type: string 4870 time: 4871 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 4872 format: date-time 4873 type: string 4874 type: object 4875 type: array 4876 name: 4877 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 4878 type: string 4879 namespace: 4880 description: |- 4881 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 4882 4883 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 4884 type: string 4885 ownerReferences: 4886 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 4887 items: 4888 properties: 4889 apiVersion: 4890 description: API version of the referent. 4891 type: string 4892 blockOwnerDeletion: 4893 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 4894 type: boolean 4895 controller: 4896 description: If true, this reference points to the managing controller. 4897 type: boolean 4898 kind: 4899 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 4900 type: string 4901 name: 4902 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 4903 type: string 4904 uid: 4905 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 4906 type: string 4907 required: 4908 - apiVersion 4909 - kind 4910 - name 4911 - uid 4912 type: object 4913 x-kubernetes-map-type: atomic 4914 type: array 4915 resourceVersion: 4916 description: |- 4917 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 4918 4919 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 4920 type: string 4921 selfLink: 4922 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 4923 type: string 4924 uid: 4925 description: |- 4926 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 4927 4928 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 4929 type: string 4930 type: object 4931 spec: 4932 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 4933 properties: 4934 accessModes: 4935 description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" 4936 items: 4937 enum: 4938 - ReadOnlyMany 4939 - ReadWriteMany 4940 - ReadWriteOnce 4941 - ReadWriteOncePod 4942 type: string 4943 type: array 4944 dataSource: 4945 description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." 4946 properties: 4947 apiGroup: 4948 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 4949 type: string 4950 kind: 4951 description: Kind is the type of resource being referenced 4952 type: string 4953 name: 4954 description: Name is the name of resource being referenced 4955 type: string 4956 required: 4957 - kind 4958 - name 4959 type: object 4960 x-kubernetes-map-type: atomic 4961 dataSourceRef: 4962 description: |- 4963 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef 4964 allows any non-core object, as well as PersistentVolumeClaim objects. 4965 * While dataSource ignores disallowed values (dropping them), dataSourceRef 4966 preserves all values, and generates an error if a disallowed value is 4967 specified. 4968 * While dataSource only allows local objects, dataSourceRef allows objects 4969 in any namespaces. 4970 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 4971 properties: 4972 apiGroup: 4973 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 4974 type: string 4975 kind: 4976 description: Kind is the type of resource being referenced 4977 type: string 4978 name: 4979 description: Name is the name of resource being referenced 4980 type: string 4981 namespace: 4982 description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 4983 type: string 4984 required: 4985 - kind 4986 - name 4987 type: object 4988 resources: 4989 description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" 4990 properties: 4991 limits: 4992 additionalProperties: 4993 type: string 4994 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4995 type: object 4996 requests: 4997 additionalProperties: 4998 type: string 4999 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 5000 type: object 5001 type: object 5002 selector: 5003 description: selector is a label query over volumes to consider for binding. 5004 properties: 5005 matchExpressions: 5006 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 5007 items: 5008 properties: 5009 key: 5010 description: key is the label key that the selector applies to. 5011 type: string 5012 operator: 5013 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 5014 type: string 5015 values: 5016 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 5017 items: 5018 type: string 5019 type: array 5020 required: 5021 - key 5022 - operator 5023 type: object 5024 type: array 5025 matchLabels: 5026 additionalProperties: 5027 type: string 5028 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 5029 type: object 5030 type: object 5031 x-kubernetes-map-type: atomic 5032 storageClassName: 5033 description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" 5034 type: string 5035 volumeAttributesClassName: 5036 description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." 5037 type: string 5038 volumeMode: 5039 description: |- 5040 volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 5041 5042 Possible enum values: 5043 - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device. 5044 - `"Filesystem"` means the volume will be or is formatted with a filesystem. 5045 enum: 5046 - Block 5047 - Filesystem 5048 type: string 5049 volumeName: 5050 description: volumeName is the binding reference to the PersistentVolume backing this claim. 5051 type: string 5052 type: object 5053 required: 5054 - spec 5055 type: object 5056 type: object 5057 fc: 5058 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 5059 properties: 5060 fsType: 5061 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5062 type: string 5063 lun: 5064 description: "lun is Optional: FC target lun number" 5065 format: int32 5066 type: integer 5067 readOnly: 5068 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 5069 type: boolean 5070 targetWWNs: 5071 description: "targetWWNs is Optional: FC target worldwide names (WWNs)" 5072 items: 5073 type: string 5074 type: array 5075 wwids: 5076 description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." 5077 items: 5078 type: string 5079 type: array 5080 type: object 5081 flexVolume: 5082 description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead." 5083 properties: 5084 driver: 5085 description: driver is the name of the driver to use for this volume. 5086 type: string 5087 fsType: 5088 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 5089 type: string 5090 options: 5091 additionalProperties: 5092 type: string 5093 description: "options is Optional: this field holds extra command options if any." 5094 type: object 5095 readOnly: 5096 description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 5097 type: boolean 5098 secretRef: 5099 description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." 5100 properties: 5101 name: 5102 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5103 type: string 5104 type: object 5105 x-kubernetes-map-type: atomic 5106 required: 5107 - driver 5108 type: object 5109 flocker: 5110 description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported." 5111 properties: 5112 datasetName: 5113 description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 5114 type: string 5115 datasetUUID: 5116 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset 5117 type: string 5118 type: object 5119 gcePersistentDisk: 5120 description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5121 properties: 5122 fsType: 5123 description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5124 type: string 5125 partition: 5126 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5127 format: int32 5128 type: integer 5129 pdName: 5130 description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5131 type: string 5132 readOnly: 5133 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5134 type: boolean 5135 required: 5136 - pdName 5137 type: object 5138 gitRepo: 5139 description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." 5140 properties: 5141 directory: 5142 description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 5143 type: string 5144 repository: 5145 description: repository is the URL 5146 type: string 5147 revision: 5148 description: revision is the commit hash for the specified revision. 5149 type: string 5150 required: 5151 - repository 5152 type: object 5153 glusterfs: 5154 description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md" 5155 properties: 5156 endpoints: 5157 description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 5158 type: string 5159 path: 5160 description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 5161 type: string 5162 readOnly: 5163 description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 5164 type: boolean 5165 required: 5166 - endpoints 5167 - path 5168 type: object 5169 hostPath: 5170 description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 5171 properties: 5172 path: 5173 description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 5174 type: string 5175 type: 5176 description: |- 5177 type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 5178 5179 Possible enum values: 5180 - `""` For backwards compatible, leave it empty if unset 5181 - `"BlockDevice"` A block device must exist at the given path 5182 - `"CharDevice"` A character device must exist at the given path 5183 - `"Directory"` A directory must exist at the given path 5184 - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet. 5185 - `"File"` A file must exist at the given path 5186 - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet. 5187 - `"Socket"` A UNIX socket must exist at the given path 5188 enum: 5189 - "" 5190 - BlockDevice 5191 - CharDevice 5192 - Directory 5193 - DirectoryOrCreate 5194 - File 5195 - FileOrCreate 5196 - Socket 5197 type: string 5198 required: 5199 - path 5200 type: object 5201 image: 5202 description: |- 5203 image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: 5204 5205 - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. 5206 5207 The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. 5208 properties: 5209 pullPolicy: 5210 description: |- 5211 Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 5212 5213 Possible enum values: 5214 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 5215 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 5216 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 5217 enum: 5218 - Always 5219 - IfNotPresent 5220 - Never 5221 type: string 5222 reference: 5223 description: "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 5224 type: string 5225 type: object 5226 iscsi: 5227 description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" 5228 properties: 5229 chapAuthDiscovery: 5230 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication 5231 type: boolean 5232 chapAuthSession: 5233 description: chapAuthSession defines whether support iSCSI Session CHAP authentication 5234 type: boolean 5235 fsType: 5236 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" 5237 type: string 5238 initiatorName: 5239 description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 5240 type: string 5241 iqn: 5242 description: iqn is the target iSCSI Qualified Name. 5243 type: string 5244 iscsiInterface: 5245 description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 5246 type: string 5247 lun: 5248 description: lun represents iSCSI Target Lun number. 5249 format: int32 5250 type: integer 5251 portals: 5252 description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 5253 items: 5254 type: string 5255 type: array 5256 readOnly: 5257 description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 5258 type: boolean 5259 secretRef: 5260 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication 5261 properties: 5262 name: 5263 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5264 type: string 5265 type: object 5266 x-kubernetes-map-type: atomic 5267 targetPortal: 5268 description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 5269 type: string 5270 required: 5271 - targetPortal 5272 - iqn 5273 - lun 5274 type: object 5275 name: 5276 description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5277 type: string 5278 nfs: 5279 description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5280 properties: 5281 path: 5282 description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5283 type: string 5284 readOnly: 5285 description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5286 type: boolean 5287 server: 5288 description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5289 type: string 5290 required: 5291 - server 5292 - path 5293 type: object 5294 persistentVolumeClaim: 5295 description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 5296 properties: 5297 claimName: 5298 description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 5299 type: string 5300 readOnly: 5301 description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. 5302 type: boolean 5303 required: 5304 - claimName 5305 type: object 5306 photonPersistentDisk: 5307 description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported." 5308 properties: 5309 fsType: 5310 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5311 type: string 5312 pdID: 5313 description: pdID is the ID that identifies Photon Controller persistent disk 5314 type: string 5315 required: 5316 - pdID 5317 type: object 5318 portworxVolume: 5319 description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on." 5320 properties: 5321 fsType: 5322 description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 5323 type: string 5324 readOnly: 5325 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5326 type: boolean 5327 volumeID: 5328 description: volumeID uniquely identifies a Portworx volume 5329 type: string 5330 required: 5331 - volumeID 5332 type: object 5333 projected: 5334 description: projected items for all in one resources secrets, configmaps, and downward API 5335 properties: 5336 defaultMode: 5337 description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 5338 format: int32 5339 type: integer 5340 sources: 5341 description: sources is the list of volume projections. Each entry in this list handles one source. 5342 items: 5343 properties: 5344 clusterTrustBundle: 5345 description: |- 5346 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. 5347 5348 Alpha, gated by the ClusterTrustBundleProjection feature gate. 5349 5350 ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. 5351 5352 Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. 5353 properties: 5354 labelSelector: 5355 description: Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". 5356 properties: 5357 matchExpressions: 5358 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 5359 items: 5360 properties: 5361 key: 5362 description: key is the label key that the selector applies to. 5363 type: string 5364 operator: 5365 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 5366 type: string 5367 values: 5368 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 5369 items: 5370 type: string 5371 type: array 5372 required: 5373 - key 5374 - operator 5375 type: object 5376 type: array 5377 matchLabels: 5378 additionalProperties: 5379 type: string 5380 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 5381 type: object 5382 type: object 5383 x-kubernetes-map-type: atomic 5384 name: 5385 description: Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. 5386 type: string 5387 optional: 5388 description: If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. 5389 type: boolean 5390 path: 5391 description: Relative path from the volume root to write the bundle. 5392 type: string 5393 signerName: 5394 description: Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. 5395 type: string 5396 required: 5397 - path 5398 type: object 5399 configMap: 5400 description: configMap information about the configMap data to project 5401 properties: 5402 items: 5403 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5404 items: 5405 properties: 5406 key: 5407 description: key is the key to project. 5408 type: string 5409 mode: 5410 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5411 format: int32 5412 type: integer 5413 path: 5414 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5415 type: string 5416 required: 5417 - key 5418 - path 5419 type: object 5420 type: array 5421 name: 5422 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5423 type: string 5424 optional: 5425 description: optional specify whether the ConfigMap or its keys must be defined 5426 type: boolean 5427 type: object 5428 downwardAPI: 5429 description: downwardAPI information about the downwardAPI data to project 5430 properties: 5431 items: 5432 description: Items is a list of DownwardAPIVolume file 5433 items: 5434 properties: 5435 fieldRef: 5436 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 5437 properties: 5438 apiVersion: 5439 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 5440 type: string 5441 fieldPath: 5442 description: Path of the field to select in the specified API version. 5443 type: string 5444 required: 5445 - fieldPath 5446 type: object 5447 x-kubernetes-map-type: atomic 5448 mode: 5449 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5450 format: int32 5451 type: integer 5452 path: 5453 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 5454 type: string 5455 resourceFieldRef: 5456 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 5457 properties: 5458 containerName: 5459 description: "Container name: required for volumes, optional for env vars" 5460 type: string 5461 divisor: 5462 description: Specifies the output format of the exposed resources, defaults to "1" 5463 type: string 5464 resource: 5465 description: "Required: resource to select" 5466 type: string 5467 required: 5468 - resource 5469 type: object 5470 x-kubernetes-map-type: atomic 5471 required: 5472 - path 5473 type: object 5474 type: array 5475 type: object 5476 secret: 5477 description: secret information about the secret data to project 5478 properties: 5479 items: 5480 description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5481 items: 5482 properties: 5483 key: 5484 description: key is the key to project. 5485 type: string 5486 mode: 5487 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5488 format: int32 5489 type: integer 5490 path: 5491 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5492 type: string 5493 required: 5494 - key 5495 - path 5496 type: object 5497 type: array 5498 name: 5499 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5500 type: string 5501 optional: 5502 description: optional field specify whether the Secret or its key must be defined 5503 type: boolean 5504 type: object 5505 serviceAccountToken: 5506 description: serviceAccountToken is information about the serviceAccountToken data to project 5507 properties: 5508 audience: 5509 description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 5510 type: string 5511 expirationSeconds: 5512 description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 5513 format: int64 5514 type: integer 5515 path: 5516 description: path is the path relative to the mount point of the file to project the token into. 5517 type: string 5518 required: 5519 - path 5520 type: object 5521 type: object 5522 type: array 5523 type: object 5524 quobyte: 5525 description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported." 5526 properties: 5527 group: 5528 description: group to map volume access to Default is no group 5529 type: string 5530 readOnly: 5531 description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 5532 type: boolean 5533 registry: 5534 description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 5535 type: string 5536 tenant: 5537 description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 5538 type: string 5539 user: 5540 description: user to map volume access to Defaults to serivceaccount user 5541 type: string 5542 volume: 5543 description: volume is a string that references an already created Quobyte volume by name. 5544 type: string 5545 required: 5546 - registry 5547 - volume 5548 type: object 5549 rbd: 5550 description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md" 5551 properties: 5552 fsType: 5553 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" 5554 type: string 5555 image: 5556 description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5557 type: string 5558 keyring: 5559 description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5560 type: string 5561 monitors: 5562 description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5563 items: 5564 type: string 5565 type: array 5566 pool: 5567 description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5568 type: string 5569 readOnly: 5570 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5571 type: boolean 5572 secretRef: 5573 description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5574 properties: 5575 name: 5576 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5577 type: string 5578 type: object 5579 x-kubernetes-map-type: atomic 5580 user: 5581 description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5582 type: string 5583 required: 5584 - monitors 5585 - image 5586 type: object 5587 scaleIO: 5588 description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported." 5589 properties: 5590 fsType: 5591 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 5592 type: string 5593 gateway: 5594 description: gateway is the host address of the ScaleIO API Gateway. 5595 type: string 5596 protectionDomain: 5597 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. 5598 type: string 5599 readOnly: 5600 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5601 type: boolean 5602 secretRef: 5603 description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 5604 properties: 5605 name: 5606 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5607 type: string 5608 type: object 5609 x-kubernetes-map-type: atomic 5610 sslEnabled: 5611 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false 5612 type: boolean 5613 storageMode: 5614 description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 5615 type: string 5616 storagePool: 5617 description: storagePool is the ScaleIO Storage Pool associated with the protection domain. 5618 type: string 5619 system: 5620 description: system is the name of the storage system as configured in ScaleIO. 5621 type: string 5622 volumeName: 5623 description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. 5624 type: string 5625 required: 5626 - gateway 5627 - system 5628 - secretRef 5629 type: object 5630 secret: 5631 description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 5632 properties: 5633 defaultMode: 5634 description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5635 format: int32 5636 type: integer 5637 items: 5638 description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5639 items: 5640 properties: 5641 key: 5642 description: key is the key to project. 5643 type: string 5644 mode: 5645 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5646 format: int32 5647 type: integer 5648 path: 5649 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5650 type: string 5651 required: 5652 - key 5653 - path 5654 type: object 5655 type: array 5656 optional: 5657 description: optional field specify whether the Secret or its keys must be defined 5658 type: boolean 5659 secretName: 5660 description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 5661 type: string 5662 type: object 5663 storageos: 5664 description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported." 5665 properties: 5666 fsType: 5667 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5668 type: string 5669 readOnly: 5670 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5671 type: boolean 5672 secretRef: 5673 description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 5674 properties: 5675 name: 5676 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5677 type: string 5678 type: object 5679 x-kubernetes-map-type: atomic 5680 volumeName: 5681 description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 5682 type: string 5683 volumeNamespace: 5684 description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 5685 type: string 5686 type: object 5687 vsphereVolume: 5688 description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver." 5689 properties: 5690 fsType: 5691 description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5692 type: string 5693 storagePolicyID: 5694 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 5695 type: string 5696 storagePolicyName: 5697 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. 5698 type: string 5699 volumePath: 5700 description: volumePath is the path that identifies vSphere volume vmdk 5701 type: string 5702 required: 5703 - volumePath 5704 type: object 5705 required: 5706 - name 5707 type: object 5708 type: array 5709 required: 5710 - containers 5711 type: object 5712 type: object 5713 5714 {{- end }}