agones.dev/agones@v1.54.0/install/yaml/install.yaml (about) 1 --- 2 # Source: agones/templates/priority-class.yaml 3 apiVersion: scheduling.k8s.io/v1 4 kind: PriorityClass 5 metadata: 6 name: agones-system 7 value: 1000000 8 globalDefault: false 9 description: "This priority class should be used for Agones service pods only." 10 --- 11 # Source: agones/templates/controller.yaml 12 apiVersion: policy/v1 13 kind: PodDisruptionBudget 14 metadata: 15 name: agones-controller-pdb 16 spec: 17 minAvailable: 1 18 maxUnavailable: 19 selector: 20 matchLabels: 21 agones.dev/role: controller 22 app: agones 23 release: agones-manual 24 heritage: Helm 25 --- 26 # Source: agones/templates/extensions-deployment.yaml 27 apiVersion: policy/v1 28 kind: PodDisruptionBudget 29 metadata: 30 name: agones-extensions-pdb 31 spec: 32 minAvailable: 1 33 maxUnavailable: 34 selector: 35 matchLabels: 36 agones.dev/role: extensions 37 app: agones 38 release: agones-manual 39 heritage: Helm 40 --- 41 # Source: agones/templates/pdb.yaml 42 apiVersion: policy/v1 43 kind: PodDisruptionBudget 44 metadata: 45 name: agones-gameserver-safe-to-evict-false 46 namespace: default 47 spec: 48 maxUnavailable: 0% 49 selector: 50 matchLabels: 51 agones.dev/safe-to-evict: "false" 52 --- 53 # Source: agones/templates/service/allocation.yaml 54 # Create a ServiceAccount that will be bound to the above role 55 apiVersion: v1 56 kind: ServiceAccount 57 metadata: 58 name: agones-allocator 59 namespace: agones-system 60 labels: 61 app: agones 62 chart: agones-1.54.0-dev 63 release: agones-manual 64 heritage: Helm 65 --- 66 # Source: agones/templates/serviceaccounts/controller.yaml 67 # Copyright 2018 Google LLC All Rights Reserved. 68 # 69 # Licensed under the Apache License, Version 2.0 (the "License"); 70 # you may not use this file except in compliance with the License. 71 # You may obtain a copy of the License at 72 # 73 # http://www.apache.org/licenses/LICENSE-2.0 74 # 75 # Unless required by applicable law or agreed to in writing, software 76 # distributed under the License is distributed on an "AS IS" BASIS, 77 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 78 # See the License for the specific language governing permissions and 79 # limitations under the License. 80 apiVersion: v1 81 kind: ServiceAccount 82 metadata: 83 name: agones-controller 84 namespace: agones-system 85 labels: 86 app: agones 87 chart: agones-1.54.0-dev 88 release: agones-manual 89 heritage: Helm 90 --- 91 # Source: agones/templates/serviceaccounts/sdk.yaml 92 # Copyright 2018 Google LLC All Rights Reserved. 93 # 94 # Licensed under the Apache License, Version 2.0 (the "License"); 95 # you may not use this file except in compliance with the License. 96 # You may obtain a copy of the License at 97 # 98 # http://www.apache.org/licenses/LICENSE-2.0 99 # 100 # Unless required by applicable law or agreed to in writing, software 101 # distributed under the License is distributed on an "AS IS" BASIS, 102 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 103 # See the License for the specific language governing permissions and 104 # limitations under the License. 105 apiVersion: v1 106 kind: ServiceAccount 107 metadata: 108 name: agones-sdk 109 namespace: default 110 labels: 111 app: agones 112 chart: agones-1.54.0-dev 113 release: agones-manual 114 heritage: Helm 115 --- 116 # Source: agones/templates/extensions.yaml 117 apiVersion: v1 118 kind: Secret 119 metadata: 120 name: agones-manual-cert 121 namespace: agones-system 122 labels: 123 app: agones 124 chart: "agones-1.54.0-dev" 125 release: "agones-manual" 126 heritage: "Helm" 127 type: Opaque 128 data: 129 server.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVRm5DOUsxT1kzRnFNaWhqN3RWbXh5R3hwUVdzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dhb3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1ROHdEUVlEVlFRSwpEQVpCWjI5dVpYTXhEekFOQmdOVkJBc01Ca0ZuYjI1bGN6RTBNRElHQTFVRUF3d3JZV2R2Ym1WekxXTnZiblJ5CmIyeHNaWEl0YzJWeWRtbGpaUzVoWjI5dVpYTXRjM2x6ZEdWdExuTjJZekV1TUN3R0NTcUdTSWIzRFFFSkFSWWYKWVdkdmJtVnpMV1JwYzJOMWMzTkFaMjl2WjJ4bFozSnZkWEJ6TG1OdmJUQWVGdzB5TVRBMk16QXhPVFUyTWpGYQpGdzB6TVRBMk1qZ3hPVFUyTWpGYU1JR3FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1UyOXRaUzFUCmRHRjBaVEVQTUEwR0ExVUVDZ3dHUVdkdmJtVnpNUTh3RFFZRFZRUUxEQVpCWjI5dVpYTXhOREF5QmdOVkJBTU0KSzJGbmIyNWxjeTFqYjI1MGNtOXNiR1Z5TFhObGNuWnBZMlV1WVdkdmJtVnpMWE41YzNSbGJTNXpkbU14TGpBcwpCZ2txaGtpRzl3MEJDUUVXSDJGbmIyNWxjeTFrYVhOamRYTnpRR2R2YjJkc1pXZHliM1Z3Y3k1amIyMHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dka0xPS0NINThLSkJpdEJqeVlyTDArRTkKdEl0TFhGVGdxQU9TMGdBQitSVXNZMGhicmVWRHd0SExKYXBnMG55Ni9UYTcvMEc1Wm9kaGR4RlFtS2JWMUxmWQpmZGR0Qm4vOGd4Wi9JQ2dRblU3N3RqY1pLV3JxaW4vZ3h3ZUJua3hjWEtrT3Z1MldoRHdZZVFLN3ZHNEljOGhzClZHb1hTZWo4US94d2M4a0FCRG04YVRSU1RUYmsyWi9kem9mUmswU2xrc1BrVWV5b0NwRGVGbERqY0tTcDAzWnUKV2dBUTNpVy83c1AxVFV5WEtnblZ5M2ZpWm1RQUZreEtOQkxVV0gvVEJJeWtMdUVCMmRYYUd0L0VpZzQ4SWpVOQpMYUxyM3JWSW1Dcmt6dlB5V3VEZTd6MmVKdDE3WEhoTFVHcnE4YTFUSFp3d1NSWUZRc29tQ09ORVNBSTdBZ01CCkFBR2pnWXd3Z1lrd0hRWURWUjBPQkJZRUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQjhHQTFVZEl3UVkKTUJhQUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUgpCQzh3TFlJcllXZHZibVZ6TFdOdmJuUnliMnhzWlhJdGMyVnlkbWxqWlM1aFoyOXVaWE10YzNsemRHVnRMbk4yCll6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWQTUxU3dNcEhZY20zUnRuc2I5MkgwUTZYT1ZndEJzSWRaY1QKbFBuSmFBSGdybEt2SnhiMU0rdTdQYllDZkZOTWlUTStyWGZ5cWtJRXY3VU1aN0dWeS9CYm9zTk1sb2M0UHJjaAo3RnVlai9zVnArcW1GT1c0VzlPVTFwcytqWm5vcHJ4Z3R1OVgzbmpBZjZiWWVqQWMzaVo0Q0xpem8vMDd2Qk94CnA5L3J4R0FjSVVjQW04Y3hXa01kaEduNnZOYkNFcXJoVTRJdnZSYlMwVnlrckhPY3RGM25raC9GbnRHQU80RDEKUEgrUThSQXBNK2xBeGtXcFIvNXlHTXdLM05WcS9kc2JaclQ5RHhId0hUU2tqL3JXZVRrWmxIN042MHpZL3JqbwpNUjBJNEtOWHl3WElTcGdNbE93dkxPdGY2aUNYeHJDNyt1RjdyQmxCei9tSUNxYnR0dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 130 server.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBb0haQ3ppZ2grZkNpUVlyUVk4bUt5OVBoUGJTTFMxeFU0S2dEa3RJQUFma1ZMR05JClc2M2xROExSeXlXcVlOSjh1djAydS85QnVXYUhZWGNSVUppbTFkUzMySDNYYlFaLy9JTVdmeUFvRUoxTys3WTMKR1NscTZvcC80TWNIZ1o1TVhGeXBEcjd0bG9ROEdIa0N1N3h1Q0hQSWJGUnFGMG5vL0VQOGNIUEpBQVE1dkdrMApVazAyNU5tZjNjNkgwWk5FcFpMRDVGSHNxQXFRM2haUTQzQ2txZE4yYmxvQUVONGx2KzdEOVUxTWx5b0oxY3QzCjRtWmtBQlpNU2pRUzFGaC8wd1NNcEM3aEFkblYyaHJmeElvT1BDSTFQUzJpNjk2MVNKZ3E1TTd6OGxyZzN1ODkKbmliZGUxeDRTMUJxNnZHdFV4MmNNRWtXQlVMS0pnampSRWdDT3dJREFRQUJBb0lCQUdNYXg0WUdtWDJDVnVSKwpOTmo4MklHdFdsYy9GQzAyV0tIc2cxQ0I3VWxLcXY0Z1Q4ZDM3cnJjTDdEMWtYWjlhbFlmSUZnYWZtQmc1OHFWCnZKYjN3VXNlTjNJNXZ2enlYOGY0dXNOSGZCZE80VUpydHpvT0w1K3ViTzdLWG1ONi9wU3BFaTB1VlJWNmxKZFUKM2hCUGYvSXVlS0lYdlBLblRvUElCYmo2ZWpGTWNIQ1BibTJ6WmtTcXBrdmE5UXFkc002am5WQW5ibGJqcHdwegpzRlBBZ1ZaTHRvcWJNd2dQVGlQZ1B6UExidmlmc2E3ZHpScVlsY0wvaTZPdjhEMlRHa0h4YktEb0R4SzNWZnh1CllCajZLaUk4MkdyNkZXcTVvQmlsT3d6Mmhoa2RUemZneWZZeEhMcTNIMEE1UHBHNFVCVnA0cGkzeUgxaVg3U1EKVkc5OE40RUNnWUVBek9GdXRWRFlyL21HRlRQNU5kK0MrbHpzRjhDakQyU2FCM3ZWMXRIaTdVYnR0UkZnU1FJUgpsUndRTnNISDhnTFZoMlVLMnJpVW1YTmhEd2lwRWhOc1h1RHFjbURmZUZ4ck8rTDJncGJUNkdjR2U4Wk9OT2doCmFHYnQ2anN5SjF3eXBLNTdFNU1QeWx0U3NQNmRabU1iQzBuYk02QzRCNFIraUlFVGpseTE5Y0VDZ1lFQXlIK2cKaVEzNm03b0llQmo2MXBHQWJCc0YyNDVrbXJPWDZmYzkzMXc0L2VHZmJWSDFyUXRiTzgwU1Q3bmdVbDBKVThzSgovZXVyZVlKVmJqYVBVclhvdThQS0FTYjZZWm9nbndvSUFlNSs1VU1rdWYyTGtkVDRDMHpidUJOaGtiQWl6bmdpCjhldEx4eVlwVE9rVmd2MmxxQnBwYi9hTUgwWlVFR3VwNnRsUGp2c0NnWUFuaGpuWVNyOXl1MTF0aTdoQTkxeUsKTmhEcHlDVHMzRWlHdHhJYXZpVGNCM25tRzNNS3dwWm53S0UwSHhBV2xRdGljbEMwdnpVVG9WbVJEK2VsOEE5UgpBbXpZSWU0YWh5Rzh6TjBuZGpkdE55cmVCL1NnYWtPL28xTzBnelQ2dU9PZ04zVFE0dWNCNzdvMUlQbDJmaG9DCmhINEFLTG8zNFF5VUF1cWw1U2JKUVFLQmdRQ0liN2tacXNhUDlCOVJRb1puUHVvcUpwVnMyOUFBS2hoRllUYmMKYVJCclMzN0cwSkFpNm1oeUlGSEdxUkZLV3Y4KzR4cndqTS9LUnZQRnBTRVF3ck1XR3R5NnZnQ0NMSFRvWk5ZZwpJbUI5dUp3a2FMSHlVZjlkQ1RjM1l4RHhKKy8zbW04Rk92MzlEaTNxcFc0N0Rrb05RN1BlT2VNT1lUaFJXRUp2Cml1T0Z3d0tCZ0Q3SlpIY1RaTlNreHN5THlXTTN2cTBSZ3Y5RFJHODA2Uk91ZTRSMTJqUXlKYVdleUxWK0svK08KNmJKcTJiZkl0YVBxWnpWTHJhZlJqdGViSVNLZzRidmhCR2NKTnUvOUZrWThtbVFnMVhqOUJMWVBEdm4zUXU4bwp3dDhKT2tJSmpyWnN1cXlLeitMR3F6Y2xGUGlKVm1UcmRtd1FrSGhuYmNZQkl2RXV6dXJ2Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== 131 --- 132 # Source: agones/templates/service/allocation.yaml 133 # Allocation CA 134 apiVersion: v1 135 kind: Secret 136 metadata: 137 name: allocator-client-ca 138 namespace: agones-system 139 labels: 140 app: agones 141 chart: "agones-1.54.0-dev" 142 release: "agones-manual" 143 heritage: "Helm" 144 data: 145 ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0akNDQWNxZ0F3SUJBZ0lSQU9lTWcwK1JKaFBJbks5ekFpMnpoUjR3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQXhNTllXeHNiMk5oZEdsdmJpMWpZVEFlRncweE9UQTJNVGt4T0RRek5UVmFGdzB5T1RBMgpNVFl4T0RRek5UVmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRDZMSm5DCmk5RmZnc0Z4MVQremNScm5FNEZRNUNQVUVQOEdrUHNxSE1ic21EelArMEIrVWtFK3k1cGpWbGcrdThxbHNkQ24KenRRVlU1OC9sejJTUDdBZnNIMTNISUpzaTZ4azc3M1hSRVE0NlhxSnBvblg3NjRSajJ5Zjd4T25KMDRidGxUSgp0M3E4U0IvUFk3c2tXdHlRTjJQRDN4QVN0REVXbnUvdzNHMUxNNzYyWGJ3a1o3VlJUY1hFdEpUaTY3dWlwdy96CmhVaU9NcFplT1YxV09neit4cjJQZTZmK0NObTNYUzNVblhjUzhKYmlxajhXQmM4bzdaS2VyRnJlNGFMRElldFkKK3g5M1lYWDZYNjNCZDNvZ3JlR3BmeFdRU3hBYTBHUEtLa1dvaHNESWZRREYwZ0pKcjZSc0prOVVOWEZyaHJqMApUSTRzTGRMbCthdlJMSjFQQWdNQkFBR2pQekE5TUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVCkJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFKZ1ErVzZlYTdKZjhldmp0cWNmRC9EZUVMYzRLcFFwdk9NR0ZGVDkzQTM4bWFzeFNxVXluOGk4RgppaEplNDZFZnFkREQvcWRWSDh4TkJId2NIcjgyVDVLcFkzTWc1amJPWG1iMEoxZEdSTFRHSmdGd0ZpUXdsM3J3CmZ4dWhlYnZvaTJkcVhQbGc3L2ZZZmVqN2RkbTAxMTdhRCtwUExCN0NNUGVLdk5QSHF2N0VBRlowOU8rRjM3cjkKNTBPZEMrSk1VK0FNczRVMzVVeEZGZjRVRHVIbWM4U0l0bTJra1U3Vk1TcDFaV1VuRVZFUExaU09SZ3dZdWFNcQo3WTgzOVpXVmtyRGZMUEJrS09Ec1BVMDI3NGdmbXBpTmNyVElYREhPY2hhcFByWG53eDhxLzcrZERYYlhoUk84ClFDK2lZWVY0MVlTSGt1djNiYUtrYXlYamV0czc3Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 146 --- 147 # Source: agones/templates/service/allocation.yaml 148 # Allocation TLS certs 149 apiVersion: v1 150 kind: Secret 151 type: kubernetes.io/tls 152 metadata: 153 name: allocator-tls 154 namespace: agones-system 155 labels: 156 app: agones 157 chart: "agones-1.54.0-dev" 158 release: "agones-manual" 159 heritage: "Helm" 160 data: 161 tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0akNDQWNxZ0F3SUJBZ0lSQU9lTWcwK1JKaFBJbks5ekFpMnpoUjR3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQXhNTllXeHNiMk5oZEdsdmJpMWpZVEFlRncweE9UQTJNVGt4T0RRek5UVmFGdzB5T1RBMgpNVFl4T0RRek5UVmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRDZMSm5DCmk5RmZnc0Z4MVQremNScm5FNEZRNUNQVUVQOEdrUHNxSE1ic21EelArMEIrVWtFK3k1cGpWbGcrdThxbHNkQ24KenRRVlU1OC9sejJTUDdBZnNIMTNISUpzaTZ4azc3M1hSRVE0NlhxSnBvblg3NjRSajJ5Zjd4T25KMDRidGxUSgp0M3E4U0IvUFk3c2tXdHlRTjJQRDN4QVN0REVXbnUvdzNHMUxNNzYyWGJ3a1o3VlJUY1hFdEpUaTY3dWlwdy96CmhVaU9NcFplT1YxV09neit4cjJQZTZmK0NObTNYUzNVblhjUzhKYmlxajhXQmM4bzdaS2VyRnJlNGFMRElldFkKK3g5M1lYWDZYNjNCZDNvZ3JlR3BmeFdRU3hBYTBHUEtLa1dvaHNESWZRREYwZ0pKcjZSc0prOVVOWEZyaHJqMApUSTRzTGRMbCthdlJMSjFQQWdNQkFBR2pQekE5TUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVCkJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFKZ1ErVzZlYTdKZjhldmp0cWNmRC9EZUVMYzRLcFFwdk9NR0ZGVDkzQTM4bWFzeFNxVXluOGk4RgppaEplNDZFZnFkREQvcWRWSDh4TkJId2NIcjgyVDVLcFkzTWc1amJPWG1iMEoxZEdSTFRHSmdGd0ZpUXdsM3J3CmZ4dWhlYnZvaTJkcVhQbGc3L2ZZZmVqN2RkbTAxMTdhRCtwUExCN0NNUGVLdk5QSHF2N0VBRlowOU8rRjM3cjkKNTBPZEMrSk1VK0FNczRVMzVVeEZGZjRVRHVIbWM4U0l0bTJra1U3Vk1TcDFaV1VuRVZFUExaU09SZ3dZdWFNcQo3WTgzOVpXVmtyRGZMUEJrS09Ec1BVMDI3NGdmbXBpTmNyVElYREhPY2hhcFByWG53eDhxLzcrZERYYlhoUk84ClFDK2lZWVY0MVlTSGt1djNiYUtrYXlYamV0czc3Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 162 tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBK2l5WndvdlJYNExCY2RVL3MzRWE1eE9CVU9RajFCRC9CcEQ3S2h6RzdKZzh6L3RBCmZsSkJQc3VhWTFaWVBydktwYkhRcDg3VUZWT2ZQNWM5a2ord0g3QjlkeHlDYkl1c1pPKzkxMFJFT09sNmlhYUoKMSsrdUVZOXNuKzhUcHlkT0c3WlV5YmQ2dkVnZnoyTzdKRnJja0Rkanc5OFFFclF4RnA3djhOeHRTek8rdGwyOApKR2UxVVUzRnhMU1U0dXU3b3FjUDg0VklqaktXWGpsZFZqb00vc2E5ajN1bi9nalp0MTB0MUoxM0V2Q1c0cW8vCkZnWFBLTzJTbnF4YTN1R2l3eUhyV1BzZmQyRjErbCt0d1hkNklLM2hxWDhWa0VzUUd0Qmp5aXBGcUliQXlIMEEKeGRJQ1NhK2tiQ1pQVkRWeGE0YTQ5RXlPTEMzUzVmbXIwU3lkVHdJREFRQUJBb0lCQVFDK1JQV2NsU0prZGRvUwpiWkhKTkJpMTdvdkhyZnZoNmh0TUx6QVhVMU9uMWhGS1RWazd1ZXVOaXVTYzhLcWs2OGF3UnBEZlQ5clZiWWdNCm9VWmUyTGxuSUtBTDIwOEdweVF5a0hQZUtUbUozMmtuRDlaK3VQZTJ1MUp1UVRLOVNwT0pXQjhjVzhPcE4yR2EKSmN2TFZwK3h2NjdNNWZZZmc1UmlFL2VCUk9TSzhBc0ZFMUlTNmpSRzRVaC84U1dSUUdEYzlReU1Lc3lNbFNVZwphajB4ZWtsWUZDWXl0WUtCMnBaSGw0N1lUK1kzalR6cXN1ekhxK1hIM1hkT043bDk3eHZYZWJPTEJZRWorMGI1Cml4NEJ1bEJIQS9WRk93eXU2LzRKalptRHB1dVRpNnpNbVMyYXV0OW1EY3VoOUZjem1qQ0ZMcnAyWmJiMC9acDQKRkttZXRJR0JBb0dCQVAwSzk4V3kyN2xyVklrQ2JVTnpoNkdzeUhGSXZZYXY0cTJsSzJZVGdKRld2a0tGemFKagpmYWRZMHRmUHV6V3dPUU9nWkl3aW94TElOVFNSa0llbCtrQnFVMkNIblZOc3F4M05nSWk0S0g3K1ltS2ZFMFJtCkRaamV0YTlpTW52a0IyQXVSRUhDSEplVThYd2JNR2JnaXJNSmhlZmIwREJlY2xmZmwrbk8wSlFSQW9HQkFQMFoKRFBoU2RsQnBRMDFQcDVSNmpwaW1KaEIrNXNaejhsZXNiRlpSMDc2VHI5STJXQm1vY2t2dmZYWi8vWkRxSllaYgpoWkxEN09NdjFELy9MMDFvK1ZTaGRwNVovL05samw3NG5nV3VoY01GYmVLMjdhVmEyQTRmak1VMGE2a3NCZXM3CmkxZTRIOTJLOHpHVk9vOTV3dXhub3RtVEY1SHpncE9CUFhLY0NmdGZBb0dCQUlId3ZlZWh2ejlxSkZEdkZCak4KSE5zakZSTkhYVHZxMmlaOWFOblVMZk4wYmVOUFBwZWpLNFZpRVhPTlV2OXc3UFkxeVN4RkpTU2g5dUIxMTVndwozVjl5dWpvWnFlcUxKUnY2eVlScnZTL3BoYkJMSytPMTNFbWlJLzVhR0w2U0RFK1JzcTlwOUxES1pXOXJydUZGCmNUUWJNYzRzaks0cDhlRzZDaEtnaDI5aEFvR0JBTkdUK01WM296a2FzUHhIeFVDUjY1cERtcWwySzZxUlFFK1IKRzNTdTlXT043NzFsK3JYa1lpQzNBM0Vvc3ROWTBCSGRuMUhVbzBmTXh6am5Ha2hEY0pLLzBQVjNHUlozTmRrMgpqY091ckZ5OUZpenh4UDl6cGd5cjIybEE2eFYrdXJmNjZudU1uL1pYcE9HZDdJdjZDNHF1bG84TDJpeWxNNjdwCkNmVHBlT3FKQW9HQUF4cit6Qm1wSkNMbjJZcXJQRVRSUTE2K2Vna1ovMElIQWh4KzhTVlZnN2hjc2Z0MmJLSEoKWUJ2bVBlRnNaNjFTdmRHbXRtT2pqMkUremtFekZvQzhHWXpOU0hsbjFLYTh3UnNlVmI1UlJkWiswSnB5ZUFCWQpOVVlISDVjcWgxamdnQlg4eXExSmdPcDN1REZLQVFJelpCWnZXZ01YRFUwY2thS1pHQkxsQUYwPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= 163 --- 164 # Source: agones/templates/service/allocation.yaml 165 # Allocation TLS CA 166 apiVersion: v1 167 kind: Secret 168 metadata: 169 name: allocator-tls-ca 170 namespace: agones-system 171 labels: 172 app: agones 173 chart: "agones-1.54.0-dev" 174 release: "agones-manual" 175 heritage: "Helm" 176 data: 177 tls-ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0akNDQWNxZ0F3SUJBZ0lSQU9lTWcwK1JKaFBJbks5ekFpMnpoUjR3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQXhNTllXeHNiMk5oZEdsdmJpMWpZVEFlRncweE9UQTJNVGt4T0RRek5UVmFGdzB5T1RBMgpNVFl4T0RRek5UVmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRDZMSm5DCmk5RmZnc0Z4MVQremNScm5FNEZRNUNQVUVQOEdrUHNxSE1ic21EelArMEIrVWtFK3k1cGpWbGcrdThxbHNkQ24KenRRVlU1OC9sejJTUDdBZnNIMTNISUpzaTZ4azc3M1hSRVE0NlhxSnBvblg3NjRSajJ5Zjd4T25KMDRidGxUSgp0M3E4U0IvUFk3c2tXdHlRTjJQRDN4QVN0REVXbnUvdzNHMUxNNzYyWGJ3a1o3VlJUY1hFdEpUaTY3dWlwdy96CmhVaU9NcFplT1YxV09neit4cjJQZTZmK0NObTNYUzNVblhjUzhKYmlxajhXQmM4bzdaS2VyRnJlNGFMRElldFkKK3g5M1lYWDZYNjNCZDNvZ3JlR3BmeFdRU3hBYTBHUEtLa1dvaHNESWZRREYwZ0pKcjZSc0prOVVOWEZyaHJqMApUSTRzTGRMbCthdlJMSjFQQWdNQkFBR2pQekE5TUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVCkJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFKZ1ErVzZlYTdKZjhldmp0cWNmRC9EZUVMYzRLcFFwdk9NR0ZGVDkzQTM4bWFzeFNxVXluOGk4RgppaEplNDZFZnFkREQvcWRWSDh4TkJId2NIcjgyVDVLcFkzTWc1amJPWG1iMEoxZEdSTFRHSmdGd0ZpUXdsM3J3CmZ4dWhlYnZvaTJkcVhQbGc3L2ZZZmVqN2RkbTAxMTdhRCtwUExCN0NNUGVLdk5QSHF2N0VBRlowOU8rRjM3cjkKNTBPZEMrSk1VK0FNczRVMzVVeEZGZjRVRHVIbWM4U0l0bTJra1U3Vk1TcDFaV1VuRVZFUExaU09SZ3dZdWFNcQo3WTgzOVpXVmtyRGZMUEJrS09Ec1BVMDI3NGdmbXBpTmNyVElYREhPY2hhcFByWG53eDhxLzcrZERYYlhoUk84ClFDK2lZWVY0MVlTSGt1djNiYUtrYXlYamV0czc3Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 178 179 # Default allocation client secret 180 --- 181 # Source: agones/templates/crds/fleet.yaml 182 # Copyright 2018 Google LLC All Rights Reserved. 183 # 184 # Licensed under the Apache License, Version 2.0 (the "License"); 185 # you may not use this file except in compliance with the License. 186 # You may obtain a copy of the License at 187 # 188 # http://www.apache.org/licenses/LICENSE-2.0 189 # 190 # Unless required by applicable law or agreed to in writing, software 191 # distributed under the License is distributed on an "AS IS" BASIS, 192 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 193 # See the License for the specific language governing permissions and 194 # limitations under the License. 195 196 apiVersion: apiextensions.k8s.io/v1 197 kind: CustomResourceDefinition 198 metadata: 199 name: fleets.agones.dev 200 labels: 201 component: crd 202 app: agones 203 chart: agones-1.54.0-dev 204 release: agones-manual 205 heritage: Helm 206 spec: 207 group: agones.dev 208 names: 209 kind: Fleet 210 plural: fleets 211 shortNames: 212 - flt 213 singular: fleet 214 scope: Namespaced 215 versions: 216 - name: v1 217 served: true 218 storage: true 219 additionalPrinterColumns: 220 - jsonPath: .spec.scheduling 221 name: Scheduling 222 type: string 223 - jsonPath: .spec.replicas 224 name: Desired 225 type: integer 226 - jsonPath: .status.replicas 227 name: Current 228 type: integer 229 - jsonPath: .status.allocatedReplicas 230 name: Allocated 231 type: integer 232 - jsonPath: .status.readyReplicas 233 name: Ready 234 type: integer 235 - jsonPath: .metadata.creationTimestamp 236 name: Age 237 type: date 238 schema: 239 openAPIV3Schema: 240 description: 'Fleet is the data structure for a Fleet resource' 241 type: object 242 properties: 243 spec: 244 description: 'FleetSpec is the spec for a Fleet. More info: 245 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.Fleet' 246 type: object 247 required: 248 - template 249 properties: 250 replicas: 251 type: integer 252 minimum: 0 253 allocationOverflow: 254 type: object 255 nullable: true 256 properties: 257 labels: 258 type: object 259 additionalProperties: 260 type: string 261 annotations: 262 type: object 263 additionalProperties: 264 type: string 265 scheduling: 266 type: string 267 enum: 268 - Packed 269 - Distributed 270 strategy: 271 type: object 272 properties: 273 type: 274 type: string 275 enum: 276 - Recreate 277 - RollingUpdate 278 rollingUpdate: 279 type: object 280 nullable: true 281 properties: 282 maxSurge: 283 x-kubernetes-int-or-string: true 284 anyOf: 285 - type: integer 286 - type: string 287 maxUnavailable: 288 x-kubernetes-int-or-string: true 289 anyOf: 290 - type: integer 291 - type: string 292 priorities: 293 type: array 294 description: Configuration of Counters and Lists scale down logic -- which gameservers in the Fleet are most important to keep around. 295 nullable: true 296 items: 297 type: object 298 properties: 299 type: 300 type: string 301 description: Whether a Counter or a List. 302 enum: 303 - Counter 304 - List 305 key: 306 type: string 307 description: The name of the Counter or List. If not found on the GameServer, those GameServer with the key will have priority over those that do not. 308 order: 309 type: string 310 description: Ascending or Descending sort order. Default is "Ascending" so remove smaller available capacity first. "Descending" would remove larger available capacity first. 311 default: Ascending 312 enum: 313 - Ascending 314 - Descending 315 template: 316 description: 'GameServer is the data structure for a GameServer resource.' 317 type: object 318 required: 319 - spec 320 properties: 321 metadata: 322 description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. 323 properties: 324 annotations: 325 additionalProperties: 326 type: string 327 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 328 type: object 329 creationTimestamp: 330 description: |- 331 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 332 333 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 334 format: date-time 335 nullable: true 336 type: string 337 deletionGracePeriodSeconds: 338 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 339 format: int64 340 type: integer 341 deletionTimestamp: 342 description: |- 343 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 344 345 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 346 format: date-time 347 type: string 348 finalizers: 349 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 350 items: 351 type: string 352 type: array 353 generateName: 354 description: |- 355 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 356 357 If this field is specified and the generated name exists, the server will return a 409. 358 359 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 360 type: string 361 generation: 362 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 363 format: int64 364 type: integer 365 labels: 366 additionalProperties: 367 type: string 368 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 369 type: object 370 managedFields: 371 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 372 items: 373 properties: 374 apiVersion: 375 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 376 type: string 377 fieldsType: 378 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 379 type: string 380 fieldsV1: 381 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 382 type: object 383 manager: 384 description: Manager is an identifier of the workflow managing these fields. 385 type: string 386 operation: 387 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 388 type: string 389 subresource: 390 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 391 type: string 392 time: 393 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 394 format: date-time 395 type: string 396 type: object 397 type: array 398 name: 399 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 400 type: string 401 namespace: 402 description: |- 403 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 404 405 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 406 type: string 407 ownerReferences: 408 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 409 items: 410 properties: 411 apiVersion: 412 description: API version of the referent. 413 type: string 414 blockOwnerDeletion: 415 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 416 type: boolean 417 controller: 418 description: If true, this reference points to the managing controller. 419 type: boolean 420 kind: 421 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 422 type: string 423 name: 424 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 425 type: string 426 uid: 427 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 428 type: string 429 required: 430 - apiVersion 431 - kind 432 - name 433 - uid 434 type: object 435 x-kubernetes-map-type: atomic 436 type: array 437 resourceVersion: 438 description: |- 439 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 440 441 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 442 type: string 443 selfLink: 444 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 445 type: string 446 uid: 447 description: |- 448 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 449 450 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 451 type: string 452 type: object 453 spec: 454 description: 'GameServerSpec is the spec for a GameServer resource. More info: 455 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServer' 456 type: object 457 required: 458 - template 459 properties: 460 template: 461 description: PodTemplateSpec describes the data a pod should have when created from a template 462 properties: 463 metadata: 464 description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" 465 properties: 466 annotations: 467 additionalProperties: 468 type: string 469 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 470 type: object 471 creationTimestamp: 472 description: |- 473 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 474 475 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 476 format: date-time 477 nullable: true 478 type: string 479 deletionGracePeriodSeconds: 480 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 481 format: int64 482 type: integer 483 deletionTimestamp: 484 description: |- 485 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 486 487 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 488 format: date-time 489 type: string 490 finalizers: 491 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 492 items: 493 type: string 494 type: array 495 generateName: 496 description: |- 497 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 498 499 If this field is specified and the generated name exists, the server will return a 409. 500 501 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 502 type: string 503 generation: 504 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 505 format: int64 506 type: integer 507 labels: 508 additionalProperties: 509 type: string 510 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 511 type: object 512 managedFields: 513 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 514 items: 515 properties: 516 apiVersion: 517 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 518 type: string 519 fieldsType: 520 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 521 type: string 522 fieldsV1: 523 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 524 type: object 525 manager: 526 description: Manager is an identifier of the workflow managing these fields. 527 type: string 528 operation: 529 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 530 type: string 531 subresource: 532 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 533 type: string 534 time: 535 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 536 format: date-time 537 type: string 538 type: object 539 type: array 540 name: 541 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 542 type: string 543 namespace: 544 description: |- 545 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 546 547 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 548 type: string 549 ownerReferences: 550 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 551 items: 552 properties: 553 apiVersion: 554 description: API version of the referent. 555 type: string 556 blockOwnerDeletion: 557 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 558 type: boolean 559 controller: 560 description: If true, this reference points to the managing controller. 561 type: boolean 562 kind: 563 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 564 type: string 565 name: 566 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 567 type: string 568 uid: 569 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 570 type: string 571 required: 572 - apiVersion 573 - kind 574 - name 575 - uid 576 type: object 577 x-kubernetes-map-type: atomic 578 type: array 579 resourceVersion: 580 description: |- 581 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 582 583 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 584 type: string 585 selfLink: 586 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 587 type: string 588 uid: 589 description: |- 590 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 591 592 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 593 type: string 594 type: object 595 spec: 596 description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" 597 properties: 598 activeDeadlineSeconds: 599 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. 600 format: int64 601 type: integer 602 affinity: 603 description: If specified, the pod's scheduling constraints 604 properties: 605 nodeAffinity: 606 description: Describes node affinity scheduling rules for the pod. 607 properties: 608 preferredDuringSchedulingIgnoredDuringExecution: 609 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 610 items: 611 properties: 612 preference: 613 description: A node selector term, associated with the corresponding weight. 614 properties: 615 matchExpressions: 616 description: A list of node selector requirements by node's labels. 617 items: 618 properties: 619 key: 620 description: The label key that the selector applies to. 621 type: string 622 operator: 623 description: |- 624 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 625 626 Possible enum values: 627 - `"DoesNotExist"` 628 - `"Exists"` 629 - `"Gt"` 630 - `"In"` 631 - `"Lt"` 632 - `"NotIn"` 633 enum: 634 - DoesNotExist 635 - Exists 636 - Gt 637 - In 638 - Lt 639 - NotIn 640 type: string 641 values: 642 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 643 items: 644 type: string 645 type: array 646 required: 647 - key 648 - operator 649 type: object 650 type: array 651 matchFields: 652 description: A list of node selector requirements by node's fields. 653 items: 654 properties: 655 key: 656 description: The label key that the selector applies to. 657 type: string 658 operator: 659 description: |- 660 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 661 662 Possible enum values: 663 - `"DoesNotExist"` 664 - `"Exists"` 665 - `"Gt"` 666 - `"In"` 667 - `"Lt"` 668 - `"NotIn"` 669 enum: 670 - DoesNotExist 671 - Exists 672 - Gt 673 - In 674 - Lt 675 - NotIn 676 type: string 677 values: 678 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 679 items: 680 type: string 681 type: array 682 required: 683 - key 684 - operator 685 type: object 686 type: array 687 type: object 688 x-kubernetes-map-type: atomic 689 weight: 690 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 691 format: int32 692 type: integer 693 required: 694 - weight 695 - preference 696 type: object 697 type: array 698 requiredDuringSchedulingIgnoredDuringExecution: 699 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 700 properties: 701 nodeSelectorTerms: 702 description: Required. A list of node selector terms. The terms are ORed. 703 items: 704 properties: 705 matchExpressions: 706 description: A list of node selector requirements by node's labels. 707 items: 708 properties: 709 key: 710 description: The label key that the selector applies to. 711 type: string 712 operator: 713 description: |- 714 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 715 716 Possible enum values: 717 - `"DoesNotExist"` 718 - `"Exists"` 719 - `"Gt"` 720 - `"In"` 721 - `"Lt"` 722 - `"NotIn"` 723 enum: 724 - DoesNotExist 725 - Exists 726 - Gt 727 - In 728 - Lt 729 - NotIn 730 type: string 731 values: 732 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 733 items: 734 type: string 735 type: array 736 required: 737 - key 738 - operator 739 type: object 740 type: array 741 matchFields: 742 description: A list of node selector requirements by node's fields. 743 items: 744 properties: 745 key: 746 description: The label key that the selector applies to. 747 type: string 748 operator: 749 description: |- 750 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 751 752 Possible enum values: 753 - `"DoesNotExist"` 754 - `"Exists"` 755 - `"Gt"` 756 - `"In"` 757 - `"Lt"` 758 - `"NotIn"` 759 enum: 760 - DoesNotExist 761 - Exists 762 - Gt 763 - In 764 - Lt 765 - NotIn 766 type: string 767 values: 768 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 769 items: 770 type: string 771 type: array 772 required: 773 - key 774 - operator 775 type: object 776 type: array 777 type: object 778 x-kubernetes-map-type: atomic 779 type: array 780 required: 781 - nodeSelectorTerms 782 type: object 783 x-kubernetes-map-type: atomic 784 type: object 785 podAffinity: 786 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 787 properties: 788 preferredDuringSchedulingIgnoredDuringExecution: 789 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 790 items: 791 properties: 792 podAffinityTerm: 793 description: Required. A pod affinity term, associated with the corresponding weight. 794 properties: 795 labelSelector: 796 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 797 properties: 798 matchExpressions: 799 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 800 items: 801 properties: 802 key: 803 description: key is the label key that the selector applies to. 804 type: string 805 operator: 806 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 807 type: string 808 values: 809 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 810 items: 811 type: string 812 type: array 813 required: 814 - key 815 - operator 816 type: object 817 type: array 818 matchLabels: 819 additionalProperties: 820 type: string 821 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 822 type: object 823 type: object 824 x-kubernetes-map-type: atomic 825 matchLabelKeys: 826 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 827 items: 828 type: string 829 type: array 830 mismatchLabelKeys: 831 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 832 items: 833 type: string 834 type: array 835 namespaceSelector: 836 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 837 properties: 838 matchExpressions: 839 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 840 items: 841 properties: 842 key: 843 description: key is the label key that the selector applies to. 844 type: string 845 operator: 846 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 847 type: string 848 values: 849 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 850 items: 851 type: string 852 type: array 853 required: 854 - key 855 - operator 856 type: object 857 type: array 858 matchLabels: 859 additionalProperties: 860 type: string 861 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 862 type: object 863 type: object 864 x-kubernetes-map-type: atomic 865 namespaces: 866 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 867 items: 868 type: string 869 type: array 870 topologyKey: 871 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 872 type: string 873 required: 874 - topologyKey 875 type: object 876 weight: 877 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 878 format: int32 879 type: integer 880 required: 881 - weight 882 - podAffinityTerm 883 type: object 884 type: array 885 requiredDuringSchedulingIgnoredDuringExecution: 886 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 887 items: 888 properties: 889 labelSelector: 890 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 891 properties: 892 matchExpressions: 893 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 894 items: 895 properties: 896 key: 897 description: key is the label key that the selector applies to. 898 type: string 899 operator: 900 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 901 type: string 902 values: 903 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 904 items: 905 type: string 906 type: array 907 required: 908 - key 909 - operator 910 type: object 911 type: array 912 matchLabels: 913 additionalProperties: 914 type: string 915 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 916 type: object 917 type: object 918 x-kubernetes-map-type: atomic 919 matchLabelKeys: 920 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 921 items: 922 type: string 923 type: array 924 mismatchLabelKeys: 925 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 926 items: 927 type: string 928 type: array 929 namespaceSelector: 930 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 931 properties: 932 matchExpressions: 933 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 934 items: 935 properties: 936 key: 937 description: key is the label key that the selector applies to. 938 type: string 939 operator: 940 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 941 type: string 942 values: 943 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 944 items: 945 type: string 946 type: array 947 required: 948 - key 949 - operator 950 type: object 951 type: array 952 matchLabels: 953 additionalProperties: 954 type: string 955 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 956 type: object 957 type: object 958 x-kubernetes-map-type: atomic 959 namespaces: 960 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 961 items: 962 type: string 963 type: array 964 topologyKey: 965 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 966 type: string 967 required: 968 - topologyKey 969 type: object 970 type: array 971 type: object 972 podAntiAffinity: 973 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 974 properties: 975 preferredDuringSchedulingIgnoredDuringExecution: 976 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 977 items: 978 properties: 979 podAffinityTerm: 980 description: Required. A pod affinity term, associated with the corresponding weight. 981 properties: 982 labelSelector: 983 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 984 properties: 985 matchExpressions: 986 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 987 items: 988 properties: 989 key: 990 description: key is the label key that the selector applies to. 991 type: string 992 operator: 993 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 994 type: string 995 values: 996 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 997 items: 998 type: string 999 type: array 1000 required: 1001 - key 1002 - operator 1003 type: object 1004 type: array 1005 matchLabels: 1006 additionalProperties: 1007 type: string 1008 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1009 type: object 1010 type: object 1011 x-kubernetes-map-type: atomic 1012 matchLabelKeys: 1013 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 1014 items: 1015 type: string 1016 type: array 1017 mismatchLabelKeys: 1018 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 1019 items: 1020 type: string 1021 type: array 1022 namespaceSelector: 1023 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 1024 properties: 1025 matchExpressions: 1026 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1027 items: 1028 properties: 1029 key: 1030 description: key is the label key that the selector applies to. 1031 type: string 1032 operator: 1033 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1034 type: string 1035 values: 1036 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1037 items: 1038 type: string 1039 type: array 1040 required: 1041 - key 1042 - operator 1043 type: object 1044 type: array 1045 matchLabels: 1046 additionalProperties: 1047 type: string 1048 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1049 type: object 1050 type: object 1051 x-kubernetes-map-type: atomic 1052 namespaces: 1053 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1054 items: 1055 type: string 1056 type: array 1057 topologyKey: 1058 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 1059 type: string 1060 required: 1061 - topologyKey 1062 type: object 1063 weight: 1064 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 1065 format: int32 1066 type: integer 1067 required: 1068 - weight 1069 - podAffinityTerm 1070 type: object 1071 type: array 1072 requiredDuringSchedulingIgnoredDuringExecution: 1073 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 1074 items: 1075 properties: 1076 labelSelector: 1077 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 1078 properties: 1079 matchExpressions: 1080 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1081 items: 1082 properties: 1083 key: 1084 description: key is the label key that the selector applies to. 1085 type: string 1086 operator: 1087 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1088 type: string 1089 values: 1090 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1091 items: 1092 type: string 1093 type: array 1094 required: 1095 - key 1096 - operator 1097 type: object 1098 type: array 1099 matchLabels: 1100 additionalProperties: 1101 type: string 1102 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1103 type: object 1104 type: object 1105 x-kubernetes-map-type: atomic 1106 matchLabelKeys: 1107 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 1108 items: 1109 type: string 1110 type: array 1111 mismatchLabelKeys: 1112 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 1113 items: 1114 type: string 1115 type: array 1116 namespaceSelector: 1117 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 1118 properties: 1119 matchExpressions: 1120 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1121 items: 1122 properties: 1123 key: 1124 description: key is the label key that the selector applies to. 1125 type: string 1126 operator: 1127 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1128 type: string 1129 values: 1130 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1131 items: 1132 type: string 1133 type: array 1134 required: 1135 - key 1136 - operator 1137 type: object 1138 type: array 1139 matchLabels: 1140 additionalProperties: 1141 type: string 1142 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1143 type: object 1144 type: object 1145 x-kubernetes-map-type: atomic 1146 namespaces: 1147 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1148 items: 1149 type: string 1150 type: array 1151 topologyKey: 1152 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 1153 type: string 1154 required: 1155 - topologyKey 1156 type: object 1157 type: array 1158 type: object 1159 type: object 1160 automountServiceAccountToken: 1161 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 1162 type: boolean 1163 containers: 1164 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. 1165 items: 1166 properties: 1167 args: 1168 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 1169 items: 1170 type: string 1171 type: array 1172 command: 1173 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 1174 items: 1175 type: string 1176 type: array 1177 env: 1178 description: List of environment variables to set in the container. Cannot be updated. 1179 items: 1180 properties: 1181 name: 1182 description: Name of the environment variable. Must be a C_IDENTIFIER. 1183 type: string 1184 value: 1185 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 1186 type: string 1187 valueFrom: 1188 description: Source for the environment variable's value. Cannot be used if value is not empty. 1189 properties: 1190 configMapKeyRef: 1191 description: Selects a key of a ConfigMap. 1192 properties: 1193 key: 1194 description: The key to select. 1195 type: string 1196 name: 1197 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1198 type: string 1199 optional: 1200 description: Specify whether the ConfigMap or its key must be defined 1201 type: boolean 1202 required: 1203 - key 1204 type: object 1205 x-kubernetes-map-type: atomic 1206 fieldRef: 1207 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 1208 properties: 1209 apiVersion: 1210 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 1211 type: string 1212 fieldPath: 1213 description: Path of the field to select in the specified API version. 1214 type: string 1215 required: 1216 - fieldPath 1217 type: object 1218 x-kubernetes-map-type: atomic 1219 resourceFieldRef: 1220 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 1221 properties: 1222 containerName: 1223 description: "Container name: required for volumes, optional for env vars" 1224 type: string 1225 divisor: 1226 description: Specifies the output format of the exposed resources, defaults to "1" 1227 type: string 1228 resource: 1229 description: "Required: resource to select" 1230 type: string 1231 required: 1232 - resource 1233 type: object 1234 x-kubernetes-map-type: atomic 1235 secretKeyRef: 1236 description: Selects a key of a secret in the pod's namespace 1237 properties: 1238 key: 1239 description: The key of the secret to select from. Must be a valid secret key. 1240 type: string 1241 name: 1242 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1243 type: string 1244 optional: 1245 description: Specify whether the Secret or its key must be defined 1246 type: boolean 1247 required: 1248 - key 1249 type: object 1250 x-kubernetes-map-type: atomic 1251 type: object 1252 required: 1253 - name 1254 type: object 1255 type: array 1256 envFrom: 1257 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 1258 items: 1259 properties: 1260 configMapRef: 1261 description: The ConfigMap to select from 1262 properties: 1263 name: 1264 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1265 type: string 1266 optional: 1267 description: Specify whether the ConfigMap must be defined 1268 type: boolean 1269 type: object 1270 prefix: 1271 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 1272 type: string 1273 secretRef: 1274 description: The Secret to select from 1275 properties: 1276 name: 1277 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1278 type: string 1279 optional: 1280 description: Specify whether the Secret must be defined 1281 type: boolean 1282 type: object 1283 type: object 1284 type: array 1285 image: 1286 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 1287 type: string 1288 imagePullPolicy: 1289 description: |- 1290 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 1291 1292 Possible enum values: 1293 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 1294 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 1295 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 1296 enum: 1297 - Always 1298 - IfNotPresent 1299 - Never 1300 type: string 1301 lifecycle: 1302 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 1303 properties: 1304 postStart: 1305 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 1306 properties: 1307 exec: 1308 description: Exec specifies a command to execute in the container. 1309 properties: 1310 command: 1311 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1312 items: 1313 type: string 1314 type: array 1315 type: object 1316 httpGet: 1317 description: HTTPGet specifies an HTTP GET request to perform. 1318 properties: 1319 host: 1320 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1321 type: string 1322 httpHeaders: 1323 description: Custom headers to set in the request. HTTP allows repeated headers. 1324 items: 1325 properties: 1326 name: 1327 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1328 type: string 1329 value: 1330 description: The header field value 1331 type: string 1332 required: 1333 - name 1334 - value 1335 type: object 1336 type: array 1337 path: 1338 description: Path to access on the HTTP server. 1339 type: string 1340 port: 1341 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1342 format: int-or-string 1343 x-kubernetes-int-or-string: true 1344 scheme: 1345 description: |- 1346 Scheme to use for connecting to the host. Defaults to HTTP. 1347 1348 Possible enum values: 1349 - `"HTTP"` means that the scheme used will be http:// 1350 - `"HTTPS"` means that the scheme used will be https:// 1351 enum: 1352 - HTTP 1353 - HTTPS 1354 type: string 1355 required: 1356 - port 1357 type: object 1358 sleep: 1359 description: Sleep represents a duration that the container should sleep. 1360 properties: 1361 seconds: 1362 description: Seconds is the number of seconds to sleep. 1363 format: int64 1364 type: integer 1365 required: 1366 - seconds 1367 type: object 1368 tcpSocket: 1369 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 1370 properties: 1371 host: 1372 description: "Optional: Host name to connect to, defaults to the pod IP." 1373 type: string 1374 port: 1375 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1376 format: int-or-string 1377 x-kubernetes-int-or-string: true 1378 required: 1379 - port 1380 type: object 1381 type: object 1382 preStop: 1383 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 1384 properties: 1385 exec: 1386 description: Exec specifies a command to execute in the container. 1387 properties: 1388 command: 1389 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1390 items: 1391 type: string 1392 type: array 1393 type: object 1394 httpGet: 1395 description: HTTPGet specifies an HTTP GET request to perform. 1396 properties: 1397 host: 1398 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1399 type: string 1400 httpHeaders: 1401 description: Custom headers to set in the request. HTTP allows repeated headers. 1402 items: 1403 properties: 1404 name: 1405 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1406 type: string 1407 value: 1408 description: The header field value 1409 type: string 1410 required: 1411 - name 1412 - value 1413 type: object 1414 type: array 1415 path: 1416 description: Path to access on the HTTP server. 1417 type: string 1418 port: 1419 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1420 format: int-or-string 1421 x-kubernetes-int-or-string: true 1422 scheme: 1423 description: |- 1424 Scheme to use for connecting to the host. Defaults to HTTP. 1425 1426 Possible enum values: 1427 - `"HTTP"` means that the scheme used will be http:// 1428 - `"HTTPS"` means that the scheme used will be https:// 1429 enum: 1430 - HTTP 1431 - HTTPS 1432 type: string 1433 required: 1434 - port 1435 type: object 1436 sleep: 1437 description: Sleep represents a duration that the container should sleep. 1438 properties: 1439 seconds: 1440 description: Seconds is the number of seconds to sleep. 1441 format: int64 1442 type: integer 1443 required: 1444 - seconds 1445 type: object 1446 tcpSocket: 1447 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 1448 properties: 1449 host: 1450 description: "Optional: Host name to connect to, defaults to the pod IP." 1451 type: string 1452 port: 1453 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1454 format: int-or-string 1455 x-kubernetes-int-or-string: true 1456 required: 1457 - port 1458 type: object 1459 type: object 1460 stopSignal: 1461 description: |- 1462 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 1463 1464 Possible enum values: 1465 - `"SIGABRT"` 1466 - `"SIGALRM"` 1467 - `"SIGBUS"` 1468 - `"SIGCHLD"` 1469 - `"SIGCLD"` 1470 - `"SIGCONT"` 1471 - `"SIGFPE"` 1472 - `"SIGHUP"` 1473 - `"SIGILL"` 1474 - `"SIGINT"` 1475 - `"SIGIO"` 1476 - `"SIGIOT"` 1477 - `"SIGKILL"` 1478 - `"SIGPIPE"` 1479 - `"SIGPOLL"` 1480 - `"SIGPROF"` 1481 - `"SIGPWR"` 1482 - `"SIGQUIT"` 1483 - `"SIGRTMAX"` 1484 - `"SIGRTMAX-1"` 1485 - `"SIGRTMAX-10"` 1486 - `"SIGRTMAX-11"` 1487 - `"SIGRTMAX-12"` 1488 - `"SIGRTMAX-13"` 1489 - `"SIGRTMAX-14"` 1490 - `"SIGRTMAX-2"` 1491 - `"SIGRTMAX-3"` 1492 - `"SIGRTMAX-4"` 1493 - `"SIGRTMAX-5"` 1494 - `"SIGRTMAX-6"` 1495 - `"SIGRTMAX-7"` 1496 - `"SIGRTMAX-8"` 1497 - `"SIGRTMAX-9"` 1498 - `"SIGRTMIN"` 1499 - `"SIGRTMIN+1"` 1500 - `"SIGRTMIN+10"` 1501 - `"SIGRTMIN+11"` 1502 - `"SIGRTMIN+12"` 1503 - `"SIGRTMIN+13"` 1504 - `"SIGRTMIN+14"` 1505 - `"SIGRTMIN+15"` 1506 - `"SIGRTMIN+2"` 1507 - `"SIGRTMIN+3"` 1508 - `"SIGRTMIN+4"` 1509 - `"SIGRTMIN+5"` 1510 - `"SIGRTMIN+6"` 1511 - `"SIGRTMIN+7"` 1512 - `"SIGRTMIN+8"` 1513 - `"SIGRTMIN+9"` 1514 - `"SIGSEGV"` 1515 - `"SIGSTKFLT"` 1516 - `"SIGSTOP"` 1517 - `"SIGSYS"` 1518 - `"SIGTERM"` 1519 - `"SIGTRAP"` 1520 - `"SIGTSTP"` 1521 - `"SIGTTIN"` 1522 - `"SIGTTOU"` 1523 - `"SIGURG"` 1524 - `"SIGUSR1"` 1525 - `"SIGUSR2"` 1526 - `"SIGVTALRM"` 1527 - `"SIGWINCH"` 1528 - `"SIGXCPU"` 1529 - `"SIGXFSZ"` 1530 enum: 1531 - SIGABRT 1532 - SIGALRM 1533 - SIGBUS 1534 - SIGCHLD 1535 - SIGCLD 1536 - SIGCONT 1537 - SIGFPE 1538 - SIGHUP 1539 - SIGILL 1540 - SIGINT 1541 - SIGIO 1542 - SIGIOT 1543 - SIGKILL 1544 - SIGPIPE 1545 - SIGPOLL 1546 - SIGPROF 1547 - SIGPWR 1548 - SIGQUIT 1549 - SIGRTMAX 1550 - SIGRTMAX-1 1551 - SIGRTMAX-10 1552 - SIGRTMAX-11 1553 - SIGRTMAX-12 1554 - SIGRTMAX-13 1555 - SIGRTMAX-14 1556 - SIGRTMAX-2 1557 - SIGRTMAX-3 1558 - SIGRTMAX-4 1559 - SIGRTMAX-5 1560 - SIGRTMAX-6 1561 - SIGRTMAX-7 1562 - SIGRTMAX-8 1563 - SIGRTMAX-9 1564 - SIGRTMIN 1565 - SIGRTMIN+1 1566 - SIGRTMIN+10 1567 - SIGRTMIN+11 1568 - SIGRTMIN+12 1569 - SIGRTMIN+13 1570 - SIGRTMIN+14 1571 - SIGRTMIN+15 1572 - SIGRTMIN+2 1573 - SIGRTMIN+3 1574 - SIGRTMIN+4 1575 - SIGRTMIN+5 1576 - SIGRTMIN+6 1577 - SIGRTMIN+7 1578 - SIGRTMIN+8 1579 - SIGRTMIN+9 1580 - SIGSEGV 1581 - SIGSTKFLT 1582 - SIGSTOP 1583 - SIGSYS 1584 - SIGTERM 1585 - SIGTRAP 1586 - SIGTSTP 1587 - SIGTTIN 1588 - SIGTTOU 1589 - SIGURG 1590 - SIGUSR1 1591 - SIGUSR2 1592 - SIGVTALRM 1593 - SIGWINCH 1594 - SIGXCPU 1595 - SIGXFSZ 1596 type: string 1597 type: object 1598 livenessProbe: 1599 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1600 properties: 1601 exec: 1602 description: Exec specifies a command to execute in the container. 1603 properties: 1604 command: 1605 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1606 items: 1607 type: string 1608 type: array 1609 type: object 1610 failureThreshold: 1611 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1612 format: int32 1613 type: integer 1614 grpc: 1615 description: GRPC specifies a GRPC HealthCheckRequest. 1616 properties: 1617 port: 1618 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1619 format: int32 1620 type: integer 1621 service: 1622 description: |- 1623 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1624 1625 If this is not specified, the default behavior is defined by gRPC. 1626 type: string 1627 required: 1628 - port 1629 type: object 1630 httpGet: 1631 description: HTTPGet specifies an HTTP GET request to perform. 1632 properties: 1633 host: 1634 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1635 type: string 1636 httpHeaders: 1637 description: Custom headers to set in the request. HTTP allows repeated headers. 1638 items: 1639 properties: 1640 name: 1641 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1642 type: string 1643 value: 1644 description: The header field value 1645 type: string 1646 required: 1647 - name 1648 - value 1649 type: object 1650 type: array 1651 path: 1652 description: Path to access on the HTTP server. 1653 type: string 1654 port: 1655 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1656 format: int-or-string 1657 x-kubernetes-int-or-string: true 1658 scheme: 1659 description: |- 1660 Scheme to use for connecting to the host. Defaults to HTTP. 1661 1662 Possible enum values: 1663 - `"HTTP"` means that the scheme used will be http:// 1664 - `"HTTPS"` means that the scheme used will be https:// 1665 enum: 1666 - HTTP 1667 - HTTPS 1668 type: string 1669 required: 1670 - port 1671 type: object 1672 initialDelaySeconds: 1673 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1674 format: int32 1675 type: integer 1676 periodSeconds: 1677 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1678 format: int32 1679 type: integer 1680 successThreshold: 1681 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1682 format: int32 1683 type: integer 1684 tcpSocket: 1685 description: TCPSocket specifies a connection to a TCP port. 1686 properties: 1687 host: 1688 description: "Optional: Host name to connect to, defaults to the pod IP." 1689 type: string 1690 port: 1691 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1692 format: int-or-string 1693 x-kubernetes-int-or-string: true 1694 required: 1695 - port 1696 type: object 1697 terminationGracePeriodSeconds: 1698 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1699 format: int64 1700 type: integer 1701 timeoutSeconds: 1702 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1703 format: int32 1704 type: integer 1705 type: object 1706 name: 1707 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 1708 type: string 1709 ports: 1710 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 1711 items: 1712 properties: 1713 containerPort: 1714 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 1715 format: int32 1716 type: integer 1717 hostIP: 1718 description: What host IP to bind the external port to. 1719 type: string 1720 hostPort: 1721 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 1722 format: int32 1723 type: integer 1724 name: 1725 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 1726 type: string 1727 protocol: 1728 description: |- 1729 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 1730 1731 Possible enum values: 1732 - `"SCTP"` is the SCTP protocol. 1733 - `"TCP"` is the TCP protocol. 1734 - `"UDP"` is the UDP protocol. 1735 enum: 1736 - SCTP 1737 - TCP 1738 - UDP 1739 type: string 1740 required: 1741 - containerPort 1742 type: object 1743 type: array 1744 readinessProbe: 1745 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1746 properties: 1747 exec: 1748 description: Exec specifies a command to execute in the container. 1749 properties: 1750 command: 1751 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1752 items: 1753 type: string 1754 type: array 1755 type: object 1756 failureThreshold: 1757 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1758 format: int32 1759 type: integer 1760 grpc: 1761 description: GRPC specifies a GRPC HealthCheckRequest. 1762 properties: 1763 port: 1764 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1765 format: int32 1766 type: integer 1767 service: 1768 description: |- 1769 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1770 1771 If this is not specified, the default behavior is defined by gRPC. 1772 type: string 1773 required: 1774 - port 1775 type: object 1776 httpGet: 1777 description: HTTPGet specifies an HTTP GET request to perform. 1778 properties: 1779 host: 1780 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1781 type: string 1782 httpHeaders: 1783 description: Custom headers to set in the request. HTTP allows repeated headers. 1784 items: 1785 properties: 1786 name: 1787 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1788 type: string 1789 value: 1790 description: The header field value 1791 type: string 1792 required: 1793 - name 1794 - value 1795 type: object 1796 type: array 1797 path: 1798 description: Path to access on the HTTP server. 1799 type: string 1800 port: 1801 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1802 format: int-or-string 1803 x-kubernetes-int-or-string: true 1804 scheme: 1805 description: |- 1806 Scheme to use for connecting to the host. Defaults to HTTP. 1807 1808 Possible enum values: 1809 - `"HTTP"` means that the scheme used will be http:// 1810 - `"HTTPS"` means that the scheme used will be https:// 1811 enum: 1812 - HTTP 1813 - HTTPS 1814 type: string 1815 required: 1816 - port 1817 type: object 1818 initialDelaySeconds: 1819 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1820 format: int32 1821 type: integer 1822 periodSeconds: 1823 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1824 format: int32 1825 type: integer 1826 successThreshold: 1827 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1828 format: int32 1829 type: integer 1830 tcpSocket: 1831 description: TCPSocket specifies a connection to a TCP port. 1832 properties: 1833 host: 1834 description: "Optional: Host name to connect to, defaults to the pod IP." 1835 type: string 1836 port: 1837 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1838 format: int-or-string 1839 x-kubernetes-int-or-string: true 1840 required: 1841 - port 1842 type: object 1843 terminationGracePeriodSeconds: 1844 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1845 format: int64 1846 type: integer 1847 timeoutSeconds: 1848 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1849 format: int32 1850 type: integer 1851 type: object 1852 resizePolicy: 1853 description: Resources resize policy for the container. 1854 items: 1855 properties: 1856 resourceName: 1857 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 1858 type: string 1859 restartPolicy: 1860 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 1861 type: string 1862 required: 1863 - resourceName 1864 - restartPolicy 1865 type: object 1866 type: array 1867 resources: 1868 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1869 properties: 1870 claims: 1871 description: |- 1872 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 1873 1874 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 1875 1876 This field is immutable. It can only be set for containers. 1877 items: 1878 properties: 1879 name: 1880 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1881 type: string 1882 request: 1883 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 1884 type: string 1885 required: 1886 - name 1887 type: object 1888 type: array 1889 limits: 1890 additionalProperties: 1891 type: string 1892 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1893 type: object 1894 requests: 1895 additionalProperties: 1896 type: string 1897 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1898 type: object 1899 type: object 1900 restartPolicy: 1901 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 1902 type: string 1903 securityContext: 1904 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 1905 properties: 1906 allowPrivilegeEscalation: 1907 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 1908 type: boolean 1909 appArmorProfile: 1910 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 1911 properties: 1912 localhostProfile: 1913 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 1914 type: string 1915 type: 1916 description: |- 1917 type indicates which kind of AppArmor profile will be applied. Valid options are: 1918 Localhost - a profile pre-loaded on the node. 1919 RuntimeDefault - the container runtime's default profile. 1920 Unconfined - no AppArmor enforcement. 1921 1922 Possible enum values: 1923 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 1924 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 1925 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 1926 enum: 1927 - Localhost 1928 - RuntimeDefault 1929 - Unconfined 1930 type: string 1931 required: 1932 - type 1933 type: object 1934 capabilities: 1935 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 1936 properties: 1937 add: 1938 description: Added capabilities 1939 items: 1940 type: string 1941 type: array 1942 drop: 1943 description: Removed capabilities 1944 items: 1945 type: string 1946 type: array 1947 type: object 1948 privileged: 1949 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 1950 type: boolean 1951 procMount: 1952 description: |- 1953 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 1954 1955 Possible enum values: 1956 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 1957 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 1958 enum: 1959 - Default 1960 - Unmasked 1961 type: string 1962 readOnlyRootFilesystem: 1963 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 1964 type: boolean 1965 runAsGroup: 1966 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1967 format: int64 1968 type: integer 1969 runAsNonRoot: 1970 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1971 type: boolean 1972 runAsUser: 1973 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1974 format: int64 1975 type: integer 1976 seLinuxOptions: 1977 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1978 properties: 1979 level: 1980 description: Level is SELinux level label that applies to the container. 1981 type: string 1982 role: 1983 description: Role is a SELinux role label that applies to the container. 1984 type: string 1985 type: 1986 description: Type is a SELinux type label that applies to the container. 1987 type: string 1988 user: 1989 description: User is a SELinux user label that applies to the container. 1990 type: string 1991 type: object 1992 seccompProfile: 1993 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 1994 properties: 1995 localhostProfile: 1996 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 1997 type: string 1998 type: 1999 description: |- 2000 type indicates which kind of seccomp profile will be applied. Valid options are: 2001 2002 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 2003 2004 Possible enum values: 2005 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 2006 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 2007 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 2008 enum: 2009 - Localhost 2010 - RuntimeDefault 2011 - Unconfined 2012 type: string 2013 required: 2014 - type 2015 type: object 2016 windowsOptions: 2017 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 2018 properties: 2019 gmsaCredentialSpec: 2020 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 2021 type: string 2022 gmsaCredentialSpecName: 2023 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 2024 type: string 2025 hostProcess: 2026 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 2027 type: boolean 2028 runAsUserName: 2029 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2030 type: string 2031 type: object 2032 type: object 2033 startupProbe: 2034 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2035 properties: 2036 exec: 2037 description: Exec specifies a command to execute in the container. 2038 properties: 2039 command: 2040 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2041 items: 2042 type: string 2043 type: array 2044 type: object 2045 failureThreshold: 2046 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2047 format: int32 2048 type: integer 2049 grpc: 2050 description: GRPC specifies a GRPC HealthCheckRequest. 2051 properties: 2052 port: 2053 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2054 format: int32 2055 type: integer 2056 service: 2057 description: |- 2058 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2059 2060 If this is not specified, the default behavior is defined by gRPC. 2061 type: string 2062 required: 2063 - port 2064 type: object 2065 httpGet: 2066 description: HTTPGet specifies an HTTP GET request to perform. 2067 properties: 2068 host: 2069 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2070 type: string 2071 httpHeaders: 2072 description: Custom headers to set in the request. HTTP allows repeated headers. 2073 items: 2074 properties: 2075 name: 2076 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2077 type: string 2078 value: 2079 description: The header field value 2080 type: string 2081 required: 2082 - name 2083 - value 2084 type: object 2085 type: array 2086 path: 2087 description: Path to access on the HTTP server. 2088 type: string 2089 port: 2090 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2091 format: int-or-string 2092 x-kubernetes-int-or-string: true 2093 scheme: 2094 description: |- 2095 Scheme to use for connecting to the host. Defaults to HTTP. 2096 2097 Possible enum values: 2098 - `"HTTP"` means that the scheme used will be http:// 2099 - `"HTTPS"` means that the scheme used will be https:// 2100 enum: 2101 - HTTP 2102 - HTTPS 2103 type: string 2104 required: 2105 - port 2106 type: object 2107 initialDelaySeconds: 2108 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2109 format: int32 2110 type: integer 2111 periodSeconds: 2112 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2113 format: int32 2114 type: integer 2115 successThreshold: 2116 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2117 format: int32 2118 type: integer 2119 tcpSocket: 2120 description: TCPSocket specifies a connection to a TCP port. 2121 properties: 2122 host: 2123 description: "Optional: Host name to connect to, defaults to the pod IP." 2124 type: string 2125 port: 2126 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2127 format: int-or-string 2128 x-kubernetes-int-or-string: true 2129 required: 2130 - port 2131 type: object 2132 terminationGracePeriodSeconds: 2133 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2134 format: int64 2135 type: integer 2136 timeoutSeconds: 2137 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2138 format: int32 2139 type: integer 2140 type: object 2141 stdin: 2142 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 2143 type: boolean 2144 stdinOnce: 2145 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 2146 type: boolean 2147 terminationMessagePath: 2148 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 2149 type: string 2150 terminationMessagePolicy: 2151 description: |- 2152 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 2153 2154 Possible enum values: 2155 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 2156 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 2157 enum: 2158 - FallbackToLogsOnError 2159 - File 2160 type: string 2161 tty: 2162 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 2163 type: boolean 2164 volumeDevices: 2165 description: volumeDevices is the list of block devices to be used by the container. 2166 items: 2167 properties: 2168 devicePath: 2169 description: devicePath is the path inside of the container that the device will be mapped to. 2170 type: string 2171 name: 2172 description: name must match the name of a persistentVolumeClaim in the pod 2173 type: string 2174 required: 2175 - name 2176 - devicePath 2177 type: object 2178 type: array 2179 volumeMounts: 2180 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 2181 items: 2182 properties: 2183 mountPath: 2184 description: Path within the container at which the volume should be mounted. Must not contain ':'. 2185 type: string 2186 mountPropagation: 2187 description: |- 2188 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 2189 2190 Possible enum values: 2191 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 2192 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 2193 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 2194 enum: 2195 - Bidirectional 2196 - HostToContainer 2197 - None 2198 type: string 2199 name: 2200 description: This must match the Name of a Volume. 2201 type: string 2202 readOnly: 2203 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 2204 type: boolean 2205 recursiveReadOnly: 2206 description: |- 2207 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 2208 2209 If ReadOnly is false, this field has no meaning and must be unspecified. 2210 2211 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 2212 2213 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 2214 2215 If this field is not specified, it is treated as an equivalent of Disabled. 2216 type: string 2217 subPath: 2218 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 2219 type: string 2220 subPathExpr: 2221 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 2222 type: string 2223 required: 2224 - name 2225 - mountPath 2226 type: object 2227 type: array 2228 workingDir: 2229 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 2230 type: string 2231 required: 2232 - name 2233 type: object 2234 type: array 2235 dnsConfig: 2236 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. 2237 properties: 2238 nameservers: 2239 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. 2240 items: 2241 type: string 2242 type: array 2243 options: 2244 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. 2245 items: 2246 properties: 2247 name: 2248 description: Name is this DNS resolver option's name. Required. 2249 type: string 2250 value: 2251 description: Value is this DNS resolver option's value. 2252 type: string 2253 type: object 2254 type: array 2255 searches: 2256 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. 2257 items: 2258 type: string 2259 type: array 2260 type: object 2261 dnsPolicy: 2262 description: |- 2263 Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 2264 2265 Possible enum values: 2266 - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 2267 - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 2268 - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings. 2269 - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig. 2270 enum: 2271 - ClusterFirst 2272 - ClusterFirstWithHostNet 2273 - Default 2274 - None 2275 type: string 2276 enableServiceLinks: 2277 description: "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true." 2278 type: boolean 2279 ephemeralContainers: 2280 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 2281 items: 2282 properties: 2283 args: 2284 description: "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 2285 items: 2286 type: string 2287 type: array 2288 command: 2289 description: "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 2290 items: 2291 type: string 2292 type: array 2293 env: 2294 description: List of environment variables to set in the container. Cannot be updated. 2295 items: 2296 properties: 2297 name: 2298 description: Name of the environment variable. Must be a C_IDENTIFIER. 2299 type: string 2300 value: 2301 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 2302 type: string 2303 valueFrom: 2304 description: Source for the environment variable's value. Cannot be used if value is not empty. 2305 properties: 2306 configMapKeyRef: 2307 description: Selects a key of a ConfigMap. 2308 properties: 2309 key: 2310 description: The key to select. 2311 type: string 2312 name: 2313 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2314 type: string 2315 optional: 2316 description: Specify whether the ConfigMap or its key must be defined 2317 type: boolean 2318 required: 2319 - key 2320 type: object 2321 x-kubernetes-map-type: atomic 2322 fieldRef: 2323 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 2324 properties: 2325 apiVersion: 2326 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 2327 type: string 2328 fieldPath: 2329 description: Path of the field to select in the specified API version. 2330 type: string 2331 required: 2332 - fieldPath 2333 type: object 2334 x-kubernetes-map-type: atomic 2335 resourceFieldRef: 2336 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 2337 properties: 2338 containerName: 2339 description: "Container name: required for volumes, optional for env vars" 2340 type: string 2341 divisor: 2342 description: Specifies the output format of the exposed resources, defaults to "1" 2343 type: string 2344 resource: 2345 description: "Required: resource to select" 2346 type: string 2347 required: 2348 - resource 2349 type: object 2350 x-kubernetes-map-type: atomic 2351 secretKeyRef: 2352 description: Selects a key of a secret in the pod's namespace 2353 properties: 2354 key: 2355 description: The key of the secret to select from. Must be a valid secret key. 2356 type: string 2357 name: 2358 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2359 type: string 2360 optional: 2361 description: Specify whether the Secret or its key must be defined 2362 type: boolean 2363 required: 2364 - key 2365 type: object 2366 x-kubernetes-map-type: atomic 2367 type: object 2368 required: 2369 - name 2370 type: object 2371 type: array 2372 envFrom: 2373 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 2374 items: 2375 properties: 2376 configMapRef: 2377 description: The ConfigMap to select from 2378 properties: 2379 name: 2380 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2381 type: string 2382 optional: 2383 description: Specify whether the ConfigMap must be defined 2384 type: boolean 2385 type: object 2386 prefix: 2387 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 2388 type: string 2389 secretRef: 2390 description: The Secret to select from 2391 properties: 2392 name: 2393 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2394 type: string 2395 optional: 2396 description: Specify whether the Secret must be defined 2397 type: boolean 2398 type: object 2399 type: object 2400 type: array 2401 image: 2402 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images" 2403 type: string 2404 imagePullPolicy: 2405 description: |- 2406 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 2407 2408 Possible enum values: 2409 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 2410 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 2411 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 2412 enum: 2413 - Always 2414 - IfNotPresent 2415 - Never 2416 type: string 2417 lifecycle: 2418 description: Lifecycle is not allowed for ephemeral containers. 2419 properties: 2420 postStart: 2421 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 2422 properties: 2423 exec: 2424 description: Exec specifies a command to execute in the container. 2425 properties: 2426 command: 2427 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2428 items: 2429 type: string 2430 type: array 2431 type: object 2432 httpGet: 2433 description: HTTPGet specifies an HTTP GET request to perform. 2434 properties: 2435 host: 2436 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2437 type: string 2438 httpHeaders: 2439 description: Custom headers to set in the request. HTTP allows repeated headers. 2440 items: 2441 properties: 2442 name: 2443 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2444 type: string 2445 value: 2446 description: The header field value 2447 type: string 2448 required: 2449 - name 2450 - value 2451 type: object 2452 type: array 2453 path: 2454 description: Path to access on the HTTP server. 2455 type: string 2456 port: 2457 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2458 format: int-or-string 2459 x-kubernetes-int-or-string: true 2460 scheme: 2461 description: |- 2462 Scheme to use for connecting to the host. Defaults to HTTP. 2463 2464 Possible enum values: 2465 - `"HTTP"` means that the scheme used will be http:// 2466 - `"HTTPS"` means that the scheme used will be https:// 2467 enum: 2468 - HTTP 2469 - HTTPS 2470 type: string 2471 required: 2472 - port 2473 type: object 2474 sleep: 2475 description: Sleep represents a duration that the container should sleep. 2476 properties: 2477 seconds: 2478 description: Seconds is the number of seconds to sleep. 2479 format: int64 2480 type: integer 2481 required: 2482 - seconds 2483 type: object 2484 tcpSocket: 2485 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 2486 properties: 2487 host: 2488 description: "Optional: Host name to connect to, defaults to the pod IP." 2489 type: string 2490 port: 2491 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2492 format: int-or-string 2493 x-kubernetes-int-or-string: true 2494 required: 2495 - port 2496 type: object 2497 type: object 2498 preStop: 2499 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 2500 properties: 2501 exec: 2502 description: Exec specifies a command to execute in the container. 2503 properties: 2504 command: 2505 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2506 items: 2507 type: string 2508 type: array 2509 type: object 2510 httpGet: 2511 description: HTTPGet specifies an HTTP GET request to perform. 2512 properties: 2513 host: 2514 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2515 type: string 2516 httpHeaders: 2517 description: Custom headers to set in the request. HTTP allows repeated headers. 2518 items: 2519 properties: 2520 name: 2521 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2522 type: string 2523 value: 2524 description: The header field value 2525 type: string 2526 required: 2527 - name 2528 - value 2529 type: object 2530 type: array 2531 path: 2532 description: Path to access on the HTTP server. 2533 type: string 2534 port: 2535 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2536 format: int-or-string 2537 x-kubernetes-int-or-string: true 2538 scheme: 2539 description: |- 2540 Scheme to use for connecting to the host. Defaults to HTTP. 2541 2542 Possible enum values: 2543 - `"HTTP"` means that the scheme used will be http:// 2544 - `"HTTPS"` means that the scheme used will be https:// 2545 enum: 2546 - HTTP 2547 - HTTPS 2548 type: string 2549 required: 2550 - port 2551 type: object 2552 sleep: 2553 description: Sleep represents a duration that the container should sleep. 2554 properties: 2555 seconds: 2556 description: Seconds is the number of seconds to sleep. 2557 format: int64 2558 type: integer 2559 required: 2560 - seconds 2561 type: object 2562 tcpSocket: 2563 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 2564 properties: 2565 host: 2566 description: "Optional: Host name to connect to, defaults to the pod IP." 2567 type: string 2568 port: 2569 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2570 format: int-or-string 2571 x-kubernetes-int-or-string: true 2572 required: 2573 - port 2574 type: object 2575 type: object 2576 stopSignal: 2577 description: |- 2578 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 2579 2580 Possible enum values: 2581 - `"SIGABRT"` 2582 - `"SIGALRM"` 2583 - `"SIGBUS"` 2584 - `"SIGCHLD"` 2585 - `"SIGCLD"` 2586 - `"SIGCONT"` 2587 - `"SIGFPE"` 2588 - `"SIGHUP"` 2589 - `"SIGILL"` 2590 - `"SIGINT"` 2591 - `"SIGIO"` 2592 - `"SIGIOT"` 2593 - `"SIGKILL"` 2594 - `"SIGPIPE"` 2595 - `"SIGPOLL"` 2596 - `"SIGPROF"` 2597 - `"SIGPWR"` 2598 - `"SIGQUIT"` 2599 - `"SIGRTMAX"` 2600 - `"SIGRTMAX-1"` 2601 - `"SIGRTMAX-10"` 2602 - `"SIGRTMAX-11"` 2603 - `"SIGRTMAX-12"` 2604 - `"SIGRTMAX-13"` 2605 - `"SIGRTMAX-14"` 2606 - `"SIGRTMAX-2"` 2607 - `"SIGRTMAX-3"` 2608 - `"SIGRTMAX-4"` 2609 - `"SIGRTMAX-5"` 2610 - `"SIGRTMAX-6"` 2611 - `"SIGRTMAX-7"` 2612 - `"SIGRTMAX-8"` 2613 - `"SIGRTMAX-9"` 2614 - `"SIGRTMIN"` 2615 - `"SIGRTMIN+1"` 2616 - `"SIGRTMIN+10"` 2617 - `"SIGRTMIN+11"` 2618 - `"SIGRTMIN+12"` 2619 - `"SIGRTMIN+13"` 2620 - `"SIGRTMIN+14"` 2621 - `"SIGRTMIN+15"` 2622 - `"SIGRTMIN+2"` 2623 - `"SIGRTMIN+3"` 2624 - `"SIGRTMIN+4"` 2625 - `"SIGRTMIN+5"` 2626 - `"SIGRTMIN+6"` 2627 - `"SIGRTMIN+7"` 2628 - `"SIGRTMIN+8"` 2629 - `"SIGRTMIN+9"` 2630 - `"SIGSEGV"` 2631 - `"SIGSTKFLT"` 2632 - `"SIGSTOP"` 2633 - `"SIGSYS"` 2634 - `"SIGTERM"` 2635 - `"SIGTRAP"` 2636 - `"SIGTSTP"` 2637 - `"SIGTTIN"` 2638 - `"SIGTTOU"` 2639 - `"SIGURG"` 2640 - `"SIGUSR1"` 2641 - `"SIGUSR2"` 2642 - `"SIGVTALRM"` 2643 - `"SIGWINCH"` 2644 - `"SIGXCPU"` 2645 - `"SIGXFSZ"` 2646 enum: 2647 - SIGABRT 2648 - SIGALRM 2649 - SIGBUS 2650 - SIGCHLD 2651 - SIGCLD 2652 - SIGCONT 2653 - SIGFPE 2654 - SIGHUP 2655 - SIGILL 2656 - SIGINT 2657 - SIGIO 2658 - SIGIOT 2659 - SIGKILL 2660 - SIGPIPE 2661 - SIGPOLL 2662 - SIGPROF 2663 - SIGPWR 2664 - SIGQUIT 2665 - SIGRTMAX 2666 - SIGRTMAX-1 2667 - SIGRTMAX-10 2668 - SIGRTMAX-11 2669 - SIGRTMAX-12 2670 - SIGRTMAX-13 2671 - SIGRTMAX-14 2672 - SIGRTMAX-2 2673 - SIGRTMAX-3 2674 - SIGRTMAX-4 2675 - SIGRTMAX-5 2676 - SIGRTMAX-6 2677 - SIGRTMAX-7 2678 - SIGRTMAX-8 2679 - SIGRTMAX-9 2680 - SIGRTMIN 2681 - SIGRTMIN+1 2682 - SIGRTMIN+10 2683 - SIGRTMIN+11 2684 - SIGRTMIN+12 2685 - SIGRTMIN+13 2686 - SIGRTMIN+14 2687 - SIGRTMIN+15 2688 - SIGRTMIN+2 2689 - SIGRTMIN+3 2690 - SIGRTMIN+4 2691 - SIGRTMIN+5 2692 - SIGRTMIN+6 2693 - SIGRTMIN+7 2694 - SIGRTMIN+8 2695 - SIGRTMIN+9 2696 - SIGSEGV 2697 - SIGSTKFLT 2698 - SIGSTOP 2699 - SIGSYS 2700 - SIGTERM 2701 - SIGTRAP 2702 - SIGTSTP 2703 - SIGTTIN 2704 - SIGTTOU 2705 - SIGURG 2706 - SIGUSR1 2707 - SIGUSR2 2708 - SIGVTALRM 2709 - SIGWINCH 2710 - SIGXCPU 2711 - SIGXFSZ 2712 type: string 2713 type: object 2714 livenessProbe: 2715 description: Probes are not allowed for ephemeral containers. 2716 properties: 2717 exec: 2718 description: Exec specifies a command to execute in the container. 2719 properties: 2720 command: 2721 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2722 items: 2723 type: string 2724 type: array 2725 type: object 2726 failureThreshold: 2727 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2728 format: int32 2729 type: integer 2730 grpc: 2731 description: GRPC specifies a GRPC HealthCheckRequest. 2732 properties: 2733 port: 2734 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2735 format: int32 2736 type: integer 2737 service: 2738 description: |- 2739 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2740 2741 If this is not specified, the default behavior is defined by gRPC. 2742 type: string 2743 required: 2744 - port 2745 type: object 2746 httpGet: 2747 description: HTTPGet specifies an HTTP GET request to perform. 2748 properties: 2749 host: 2750 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2751 type: string 2752 httpHeaders: 2753 description: Custom headers to set in the request. HTTP allows repeated headers. 2754 items: 2755 properties: 2756 name: 2757 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2758 type: string 2759 value: 2760 description: The header field value 2761 type: string 2762 required: 2763 - name 2764 - value 2765 type: object 2766 type: array 2767 path: 2768 description: Path to access on the HTTP server. 2769 type: string 2770 port: 2771 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2772 format: int-or-string 2773 x-kubernetes-int-or-string: true 2774 scheme: 2775 description: |- 2776 Scheme to use for connecting to the host. Defaults to HTTP. 2777 2778 Possible enum values: 2779 - `"HTTP"` means that the scheme used will be http:// 2780 - `"HTTPS"` means that the scheme used will be https:// 2781 enum: 2782 - HTTP 2783 - HTTPS 2784 type: string 2785 required: 2786 - port 2787 type: object 2788 initialDelaySeconds: 2789 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2790 format: int32 2791 type: integer 2792 periodSeconds: 2793 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2794 format: int32 2795 type: integer 2796 successThreshold: 2797 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2798 format: int32 2799 type: integer 2800 tcpSocket: 2801 description: TCPSocket specifies a connection to a TCP port. 2802 properties: 2803 host: 2804 description: "Optional: Host name to connect to, defaults to the pod IP." 2805 type: string 2806 port: 2807 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2808 format: int-or-string 2809 x-kubernetes-int-or-string: true 2810 required: 2811 - port 2812 type: object 2813 terminationGracePeriodSeconds: 2814 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2815 format: int64 2816 type: integer 2817 timeoutSeconds: 2818 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2819 format: int32 2820 type: integer 2821 type: object 2822 name: 2823 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. 2824 type: string 2825 ports: 2826 description: Ports are not allowed for ephemeral containers. 2827 items: 2828 properties: 2829 containerPort: 2830 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 2831 format: int32 2832 type: integer 2833 hostIP: 2834 description: What host IP to bind the external port to. 2835 type: string 2836 hostPort: 2837 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 2838 format: int32 2839 type: integer 2840 name: 2841 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 2842 type: string 2843 protocol: 2844 description: |- 2845 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 2846 2847 Possible enum values: 2848 - `"SCTP"` is the SCTP protocol. 2849 - `"TCP"` is the TCP protocol. 2850 - `"UDP"` is the UDP protocol. 2851 enum: 2852 - SCTP 2853 - TCP 2854 - UDP 2855 type: string 2856 required: 2857 - containerPort 2858 type: object 2859 type: array 2860 readinessProbe: 2861 description: Probes are not allowed for ephemeral containers. 2862 properties: 2863 exec: 2864 description: Exec specifies a command to execute in the container. 2865 properties: 2866 command: 2867 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2868 items: 2869 type: string 2870 type: array 2871 type: object 2872 failureThreshold: 2873 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2874 format: int32 2875 type: integer 2876 grpc: 2877 description: GRPC specifies a GRPC HealthCheckRequest. 2878 properties: 2879 port: 2880 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2881 format: int32 2882 type: integer 2883 service: 2884 description: |- 2885 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2886 2887 If this is not specified, the default behavior is defined by gRPC. 2888 type: string 2889 required: 2890 - port 2891 type: object 2892 httpGet: 2893 description: HTTPGet specifies an HTTP GET request to perform. 2894 properties: 2895 host: 2896 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2897 type: string 2898 httpHeaders: 2899 description: Custom headers to set in the request. HTTP allows repeated headers. 2900 items: 2901 properties: 2902 name: 2903 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2904 type: string 2905 value: 2906 description: The header field value 2907 type: string 2908 required: 2909 - name 2910 - value 2911 type: object 2912 type: array 2913 path: 2914 description: Path to access on the HTTP server. 2915 type: string 2916 port: 2917 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2918 format: int-or-string 2919 x-kubernetes-int-or-string: true 2920 scheme: 2921 description: |- 2922 Scheme to use for connecting to the host. Defaults to HTTP. 2923 2924 Possible enum values: 2925 - `"HTTP"` means that the scheme used will be http:// 2926 - `"HTTPS"` means that the scheme used will be https:// 2927 enum: 2928 - HTTP 2929 - HTTPS 2930 type: string 2931 required: 2932 - port 2933 type: object 2934 initialDelaySeconds: 2935 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2936 format: int32 2937 type: integer 2938 periodSeconds: 2939 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2940 format: int32 2941 type: integer 2942 successThreshold: 2943 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2944 format: int32 2945 type: integer 2946 tcpSocket: 2947 description: TCPSocket specifies a connection to a TCP port. 2948 properties: 2949 host: 2950 description: "Optional: Host name to connect to, defaults to the pod IP." 2951 type: string 2952 port: 2953 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2954 format: int-or-string 2955 x-kubernetes-int-or-string: true 2956 required: 2957 - port 2958 type: object 2959 terminationGracePeriodSeconds: 2960 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2961 format: int64 2962 type: integer 2963 timeoutSeconds: 2964 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2965 format: int32 2966 type: integer 2967 type: object 2968 resizePolicy: 2969 description: Resources resize policy for the container. 2970 items: 2971 properties: 2972 resourceName: 2973 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 2974 type: string 2975 restartPolicy: 2976 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 2977 type: string 2978 required: 2979 - resourceName 2980 - restartPolicy 2981 type: object 2982 type: array 2983 resources: 2984 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. 2985 properties: 2986 claims: 2987 description: |- 2988 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 2989 2990 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 2991 2992 This field is immutable. It can only be set for containers. 2993 items: 2994 properties: 2995 name: 2996 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 2997 type: string 2998 request: 2999 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 3000 type: string 3001 required: 3002 - name 3003 type: object 3004 type: array 3005 limits: 3006 additionalProperties: 3007 type: string 3008 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3009 type: object 3010 requests: 3011 additionalProperties: 3012 type: string 3013 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3014 type: object 3015 type: object 3016 restartPolicy: 3017 description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. 3018 type: string 3019 securityContext: 3020 description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." 3021 properties: 3022 allowPrivilegeEscalation: 3023 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 3024 type: boolean 3025 appArmorProfile: 3026 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 3027 properties: 3028 localhostProfile: 3029 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 3030 type: string 3031 type: 3032 description: |- 3033 type indicates which kind of AppArmor profile will be applied. Valid options are: 3034 Localhost - a profile pre-loaded on the node. 3035 RuntimeDefault - the container runtime's default profile. 3036 Unconfined - no AppArmor enforcement. 3037 3038 Possible enum values: 3039 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 3040 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 3041 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 3042 enum: 3043 - Localhost 3044 - RuntimeDefault 3045 - Unconfined 3046 type: string 3047 required: 3048 - type 3049 type: object 3050 capabilities: 3051 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 3052 properties: 3053 add: 3054 description: Added capabilities 3055 items: 3056 type: string 3057 type: array 3058 drop: 3059 description: Removed capabilities 3060 items: 3061 type: string 3062 type: array 3063 type: object 3064 privileged: 3065 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 3066 type: boolean 3067 procMount: 3068 description: |- 3069 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 3070 3071 Possible enum values: 3072 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 3073 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 3074 enum: 3075 - Default 3076 - Unmasked 3077 type: string 3078 readOnlyRootFilesystem: 3079 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 3080 type: boolean 3081 runAsGroup: 3082 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3083 format: int64 3084 type: integer 3085 runAsNonRoot: 3086 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3087 type: boolean 3088 runAsUser: 3089 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3090 format: int64 3091 type: integer 3092 seLinuxOptions: 3093 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3094 properties: 3095 level: 3096 description: Level is SELinux level label that applies to the container. 3097 type: string 3098 role: 3099 description: Role is a SELinux role label that applies to the container. 3100 type: string 3101 type: 3102 description: Type is a SELinux type label that applies to the container. 3103 type: string 3104 user: 3105 description: User is a SELinux user label that applies to the container. 3106 type: string 3107 type: object 3108 seccompProfile: 3109 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 3110 properties: 3111 localhostProfile: 3112 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 3113 type: string 3114 type: 3115 description: |- 3116 type indicates which kind of seccomp profile will be applied. Valid options are: 3117 3118 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 3119 3120 Possible enum values: 3121 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 3122 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 3123 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 3124 enum: 3125 - Localhost 3126 - RuntimeDefault 3127 - Unconfined 3128 type: string 3129 required: 3130 - type 3131 type: object 3132 windowsOptions: 3133 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 3134 properties: 3135 gmsaCredentialSpec: 3136 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 3137 type: string 3138 gmsaCredentialSpecName: 3139 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 3140 type: string 3141 hostProcess: 3142 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 3143 type: boolean 3144 runAsUserName: 3145 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3146 type: string 3147 type: object 3148 type: object 3149 startupProbe: 3150 description: Probes are not allowed for ephemeral containers. 3151 properties: 3152 exec: 3153 description: Exec specifies a command to execute in the container. 3154 properties: 3155 command: 3156 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3157 items: 3158 type: string 3159 type: array 3160 type: object 3161 failureThreshold: 3162 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3163 format: int32 3164 type: integer 3165 grpc: 3166 description: GRPC specifies a GRPC HealthCheckRequest. 3167 properties: 3168 port: 3169 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3170 format: int32 3171 type: integer 3172 service: 3173 description: |- 3174 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3175 3176 If this is not specified, the default behavior is defined by gRPC. 3177 type: string 3178 required: 3179 - port 3180 type: object 3181 httpGet: 3182 description: HTTPGet specifies an HTTP GET request to perform. 3183 properties: 3184 host: 3185 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3186 type: string 3187 httpHeaders: 3188 description: Custom headers to set in the request. HTTP allows repeated headers. 3189 items: 3190 properties: 3191 name: 3192 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3193 type: string 3194 value: 3195 description: The header field value 3196 type: string 3197 required: 3198 - name 3199 - value 3200 type: object 3201 type: array 3202 path: 3203 description: Path to access on the HTTP server. 3204 type: string 3205 port: 3206 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3207 format: int-or-string 3208 x-kubernetes-int-or-string: true 3209 scheme: 3210 description: |- 3211 Scheme to use for connecting to the host. Defaults to HTTP. 3212 3213 Possible enum values: 3214 - `"HTTP"` means that the scheme used will be http:// 3215 - `"HTTPS"` means that the scheme used will be https:// 3216 enum: 3217 - HTTP 3218 - HTTPS 3219 type: string 3220 required: 3221 - port 3222 type: object 3223 initialDelaySeconds: 3224 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3225 format: int32 3226 type: integer 3227 periodSeconds: 3228 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3229 format: int32 3230 type: integer 3231 successThreshold: 3232 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3233 format: int32 3234 type: integer 3235 tcpSocket: 3236 description: TCPSocket specifies a connection to a TCP port. 3237 properties: 3238 host: 3239 description: "Optional: Host name to connect to, defaults to the pod IP." 3240 type: string 3241 port: 3242 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3243 format: int-or-string 3244 x-kubernetes-int-or-string: true 3245 required: 3246 - port 3247 type: object 3248 terminationGracePeriodSeconds: 3249 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3250 format: int64 3251 type: integer 3252 timeoutSeconds: 3253 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3254 format: int32 3255 type: integer 3256 type: object 3257 stdin: 3258 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 3259 type: boolean 3260 stdinOnce: 3261 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 3262 type: boolean 3263 targetContainerName: 3264 description: |- 3265 If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. 3266 3267 The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined. 3268 type: string 3269 terminationMessagePath: 3270 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 3271 type: string 3272 terminationMessagePolicy: 3273 description: |- 3274 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 3275 3276 Possible enum values: 3277 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 3278 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 3279 enum: 3280 - FallbackToLogsOnError 3281 - File 3282 type: string 3283 tty: 3284 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 3285 type: boolean 3286 volumeDevices: 3287 description: volumeDevices is the list of block devices to be used by the container. 3288 items: 3289 properties: 3290 devicePath: 3291 description: devicePath is the path inside of the container that the device will be mapped to. 3292 type: string 3293 name: 3294 description: name must match the name of a persistentVolumeClaim in the pod 3295 type: string 3296 required: 3297 - name 3298 - devicePath 3299 type: object 3300 type: array 3301 volumeMounts: 3302 description: Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. 3303 items: 3304 properties: 3305 mountPath: 3306 description: Path within the container at which the volume should be mounted. Must not contain ':'. 3307 type: string 3308 mountPropagation: 3309 description: |- 3310 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 3311 3312 Possible enum values: 3313 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 3314 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 3315 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 3316 enum: 3317 - Bidirectional 3318 - HostToContainer 3319 - None 3320 type: string 3321 name: 3322 description: This must match the Name of a Volume. 3323 type: string 3324 readOnly: 3325 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 3326 type: boolean 3327 recursiveReadOnly: 3328 description: |- 3329 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 3330 3331 If ReadOnly is false, this field has no meaning and must be unspecified. 3332 3333 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 3334 3335 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 3336 3337 If this field is not specified, it is treated as an equivalent of Disabled. 3338 type: string 3339 subPath: 3340 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 3341 type: string 3342 subPathExpr: 3343 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 3344 type: string 3345 required: 3346 - name 3347 - mountPath 3348 type: object 3349 type: array 3350 workingDir: 3351 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 3352 type: string 3353 required: 3354 - name 3355 type: object 3356 type: array 3357 hostAliases: 3358 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. 3359 items: 3360 properties: 3361 hostnames: 3362 description: Hostnames for the above IP address. 3363 items: 3364 type: string 3365 type: array 3366 ip: 3367 description: IP address of the host file entry. 3368 type: string 3369 required: 3370 - ip 3371 type: object 3372 type: array 3373 hostIPC: 3374 description: "Use the host's ipc namespace. Optional: Default to false." 3375 type: boolean 3376 hostNetwork: 3377 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. 3378 type: boolean 3379 hostPID: 3380 description: "Use the host's pid namespace. Optional: Default to false." 3381 type: boolean 3382 hostUsers: 3383 description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." 3384 type: boolean 3385 hostname: 3386 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. 3387 type: string 3388 imagePullSecrets: 3389 description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" 3390 items: 3391 properties: 3392 name: 3393 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3394 type: string 3395 type: object 3396 x-kubernetes-map-type: atomic 3397 type: array 3398 initContainers: 3399 description: "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" 3400 items: 3401 properties: 3402 args: 3403 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 3404 items: 3405 type: string 3406 type: array 3407 command: 3408 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 3409 items: 3410 type: string 3411 type: array 3412 env: 3413 description: List of environment variables to set in the container. Cannot be updated. 3414 items: 3415 properties: 3416 name: 3417 description: Name of the environment variable. Must be a C_IDENTIFIER. 3418 type: string 3419 value: 3420 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 3421 type: string 3422 valueFrom: 3423 description: Source for the environment variable's value. Cannot be used if value is not empty. 3424 properties: 3425 configMapKeyRef: 3426 description: Selects a key of a ConfigMap. 3427 properties: 3428 key: 3429 description: The key to select. 3430 type: string 3431 name: 3432 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3433 type: string 3434 optional: 3435 description: Specify whether the ConfigMap or its key must be defined 3436 type: boolean 3437 required: 3438 - key 3439 type: object 3440 x-kubernetes-map-type: atomic 3441 fieldRef: 3442 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 3443 properties: 3444 apiVersion: 3445 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 3446 type: string 3447 fieldPath: 3448 description: Path of the field to select in the specified API version. 3449 type: string 3450 required: 3451 - fieldPath 3452 type: object 3453 x-kubernetes-map-type: atomic 3454 resourceFieldRef: 3455 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 3456 properties: 3457 containerName: 3458 description: "Container name: required for volumes, optional for env vars" 3459 type: string 3460 divisor: 3461 description: Specifies the output format of the exposed resources, defaults to "1" 3462 type: string 3463 resource: 3464 description: "Required: resource to select" 3465 type: string 3466 required: 3467 - resource 3468 type: object 3469 x-kubernetes-map-type: atomic 3470 secretKeyRef: 3471 description: Selects a key of a secret in the pod's namespace 3472 properties: 3473 key: 3474 description: The key of the secret to select from. Must be a valid secret key. 3475 type: string 3476 name: 3477 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3478 type: string 3479 optional: 3480 description: Specify whether the Secret or its key must be defined 3481 type: boolean 3482 required: 3483 - key 3484 type: object 3485 x-kubernetes-map-type: atomic 3486 type: object 3487 required: 3488 - name 3489 type: object 3490 type: array 3491 envFrom: 3492 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 3493 items: 3494 properties: 3495 configMapRef: 3496 description: The ConfigMap to select from 3497 properties: 3498 name: 3499 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3500 type: string 3501 optional: 3502 description: Specify whether the ConfigMap must be defined 3503 type: boolean 3504 type: object 3505 prefix: 3506 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 3507 type: string 3508 secretRef: 3509 description: The Secret to select from 3510 properties: 3511 name: 3512 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 3513 type: string 3514 optional: 3515 description: Specify whether the Secret must be defined 3516 type: boolean 3517 type: object 3518 type: object 3519 type: array 3520 image: 3521 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 3522 type: string 3523 imagePullPolicy: 3524 description: |- 3525 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 3526 3527 Possible enum values: 3528 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 3529 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 3530 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 3531 enum: 3532 - Always 3533 - IfNotPresent 3534 - Never 3535 type: string 3536 lifecycle: 3537 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 3538 properties: 3539 postStart: 3540 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 3541 properties: 3542 exec: 3543 description: Exec specifies a command to execute in the container. 3544 properties: 3545 command: 3546 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3547 items: 3548 type: string 3549 type: array 3550 type: object 3551 httpGet: 3552 description: HTTPGet specifies an HTTP GET request to perform. 3553 properties: 3554 host: 3555 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3556 type: string 3557 httpHeaders: 3558 description: Custom headers to set in the request. HTTP allows repeated headers. 3559 items: 3560 properties: 3561 name: 3562 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3563 type: string 3564 value: 3565 description: The header field value 3566 type: string 3567 required: 3568 - name 3569 - value 3570 type: object 3571 type: array 3572 path: 3573 description: Path to access on the HTTP server. 3574 type: string 3575 port: 3576 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3577 format: int-or-string 3578 x-kubernetes-int-or-string: true 3579 scheme: 3580 description: |- 3581 Scheme to use for connecting to the host. Defaults to HTTP. 3582 3583 Possible enum values: 3584 - `"HTTP"` means that the scheme used will be http:// 3585 - `"HTTPS"` means that the scheme used will be https:// 3586 enum: 3587 - HTTP 3588 - HTTPS 3589 type: string 3590 required: 3591 - port 3592 type: object 3593 sleep: 3594 description: Sleep represents a duration that the container should sleep. 3595 properties: 3596 seconds: 3597 description: Seconds is the number of seconds to sleep. 3598 format: int64 3599 type: integer 3600 required: 3601 - seconds 3602 type: object 3603 tcpSocket: 3604 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 3605 properties: 3606 host: 3607 description: "Optional: Host name to connect to, defaults to the pod IP." 3608 type: string 3609 port: 3610 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3611 format: int-or-string 3612 x-kubernetes-int-or-string: true 3613 required: 3614 - port 3615 type: object 3616 type: object 3617 preStop: 3618 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 3619 properties: 3620 exec: 3621 description: Exec specifies a command to execute in the container. 3622 properties: 3623 command: 3624 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3625 items: 3626 type: string 3627 type: array 3628 type: object 3629 httpGet: 3630 description: HTTPGet specifies an HTTP GET request to perform. 3631 properties: 3632 host: 3633 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3634 type: string 3635 httpHeaders: 3636 description: Custom headers to set in the request. HTTP allows repeated headers. 3637 items: 3638 properties: 3639 name: 3640 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3641 type: string 3642 value: 3643 description: The header field value 3644 type: string 3645 required: 3646 - name 3647 - value 3648 type: object 3649 type: array 3650 path: 3651 description: Path to access on the HTTP server. 3652 type: string 3653 port: 3654 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3655 format: int-or-string 3656 x-kubernetes-int-or-string: true 3657 scheme: 3658 description: |- 3659 Scheme to use for connecting to the host. Defaults to HTTP. 3660 3661 Possible enum values: 3662 - `"HTTP"` means that the scheme used will be http:// 3663 - `"HTTPS"` means that the scheme used will be https:// 3664 enum: 3665 - HTTP 3666 - HTTPS 3667 type: string 3668 required: 3669 - port 3670 type: object 3671 sleep: 3672 description: Sleep represents a duration that the container should sleep. 3673 properties: 3674 seconds: 3675 description: Seconds is the number of seconds to sleep. 3676 format: int64 3677 type: integer 3678 required: 3679 - seconds 3680 type: object 3681 tcpSocket: 3682 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 3683 properties: 3684 host: 3685 description: "Optional: Host name to connect to, defaults to the pod IP." 3686 type: string 3687 port: 3688 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3689 format: int-or-string 3690 x-kubernetes-int-or-string: true 3691 required: 3692 - port 3693 type: object 3694 type: object 3695 stopSignal: 3696 description: |- 3697 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 3698 3699 Possible enum values: 3700 - `"SIGABRT"` 3701 - `"SIGALRM"` 3702 - `"SIGBUS"` 3703 - `"SIGCHLD"` 3704 - `"SIGCLD"` 3705 - `"SIGCONT"` 3706 - `"SIGFPE"` 3707 - `"SIGHUP"` 3708 - `"SIGILL"` 3709 - `"SIGINT"` 3710 - `"SIGIO"` 3711 - `"SIGIOT"` 3712 - `"SIGKILL"` 3713 - `"SIGPIPE"` 3714 - `"SIGPOLL"` 3715 - `"SIGPROF"` 3716 - `"SIGPWR"` 3717 - `"SIGQUIT"` 3718 - `"SIGRTMAX"` 3719 - `"SIGRTMAX-1"` 3720 - `"SIGRTMAX-10"` 3721 - `"SIGRTMAX-11"` 3722 - `"SIGRTMAX-12"` 3723 - `"SIGRTMAX-13"` 3724 - `"SIGRTMAX-14"` 3725 - `"SIGRTMAX-2"` 3726 - `"SIGRTMAX-3"` 3727 - `"SIGRTMAX-4"` 3728 - `"SIGRTMAX-5"` 3729 - `"SIGRTMAX-6"` 3730 - `"SIGRTMAX-7"` 3731 - `"SIGRTMAX-8"` 3732 - `"SIGRTMAX-9"` 3733 - `"SIGRTMIN"` 3734 - `"SIGRTMIN+1"` 3735 - `"SIGRTMIN+10"` 3736 - `"SIGRTMIN+11"` 3737 - `"SIGRTMIN+12"` 3738 - `"SIGRTMIN+13"` 3739 - `"SIGRTMIN+14"` 3740 - `"SIGRTMIN+15"` 3741 - `"SIGRTMIN+2"` 3742 - `"SIGRTMIN+3"` 3743 - `"SIGRTMIN+4"` 3744 - `"SIGRTMIN+5"` 3745 - `"SIGRTMIN+6"` 3746 - `"SIGRTMIN+7"` 3747 - `"SIGRTMIN+8"` 3748 - `"SIGRTMIN+9"` 3749 - `"SIGSEGV"` 3750 - `"SIGSTKFLT"` 3751 - `"SIGSTOP"` 3752 - `"SIGSYS"` 3753 - `"SIGTERM"` 3754 - `"SIGTRAP"` 3755 - `"SIGTSTP"` 3756 - `"SIGTTIN"` 3757 - `"SIGTTOU"` 3758 - `"SIGURG"` 3759 - `"SIGUSR1"` 3760 - `"SIGUSR2"` 3761 - `"SIGVTALRM"` 3762 - `"SIGWINCH"` 3763 - `"SIGXCPU"` 3764 - `"SIGXFSZ"` 3765 enum: 3766 - SIGABRT 3767 - SIGALRM 3768 - SIGBUS 3769 - SIGCHLD 3770 - SIGCLD 3771 - SIGCONT 3772 - SIGFPE 3773 - SIGHUP 3774 - SIGILL 3775 - SIGINT 3776 - SIGIO 3777 - SIGIOT 3778 - SIGKILL 3779 - SIGPIPE 3780 - SIGPOLL 3781 - SIGPROF 3782 - SIGPWR 3783 - SIGQUIT 3784 - SIGRTMAX 3785 - SIGRTMAX-1 3786 - SIGRTMAX-10 3787 - SIGRTMAX-11 3788 - SIGRTMAX-12 3789 - SIGRTMAX-13 3790 - SIGRTMAX-14 3791 - SIGRTMAX-2 3792 - SIGRTMAX-3 3793 - SIGRTMAX-4 3794 - SIGRTMAX-5 3795 - SIGRTMAX-6 3796 - SIGRTMAX-7 3797 - SIGRTMAX-8 3798 - SIGRTMAX-9 3799 - SIGRTMIN 3800 - SIGRTMIN+1 3801 - SIGRTMIN+10 3802 - SIGRTMIN+11 3803 - SIGRTMIN+12 3804 - SIGRTMIN+13 3805 - SIGRTMIN+14 3806 - SIGRTMIN+15 3807 - SIGRTMIN+2 3808 - SIGRTMIN+3 3809 - SIGRTMIN+4 3810 - SIGRTMIN+5 3811 - SIGRTMIN+6 3812 - SIGRTMIN+7 3813 - SIGRTMIN+8 3814 - SIGRTMIN+9 3815 - SIGSEGV 3816 - SIGSTKFLT 3817 - SIGSTOP 3818 - SIGSYS 3819 - SIGTERM 3820 - SIGTRAP 3821 - SIGTSTP 3822 - SIGTTIN 3823 - SIGTTOU 3824 - SIGURG 3825 - SIGUSR1 3826 - SIGUSR2 3827 - SIGVTALRM 3828 - SIGWINCH 3829 - SIGXCPU 3830 - SIGXFSZ 3831 type: string 3832 type: object 3833 livenessProbe: 3834 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3835 properties: 3836 exec: 3837 description: Exec specifies a command to execute in the container. 3838 properties: 3839 command: 3840 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3841 items: 3842 type: string 3843 type: array 3844 type: object 3845 failureThreshold: 3846 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3847 format: int32 3848 type: integer 3849 grpc: 3850 description: GRPC specifies a GRPC HealthCheckRequest. 3851 properties: 3852 port: 3853 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3854 format: int32 3855 type: integer 3856 service: 3857 description: |- 3858 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3859 3860 If this is not specified, the default behavior is defined by gRPC. 3861 type: string 3862 required: 3863 - port 3864 type: object 3865 httpGet: 3866 description: HTTPGet specifies an HTTP GET request to perform. 3867 properties: 3868 host: 3869 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3870 type: string 3871 httpHeaders: 3872 description: Custom headers to set in the request. HTTP allows repeated headers. 3873 items: 3874 properties: 3875 name: 3876 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3877 type: string 3878 value: 3879 description: The header field value 3880 type: string 3881 required: 3882 - name 3883 - value 3884 type: object 3885 type: array 3886 path: 3887 description: Path to access on the HTTP server. 3888 type: string 3889 port: 3890 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3891 format: int-or-string 3892 x-kubernetes-int-or-string: true 3893 scheme: 3894 description: |- 3895 Scheme to use for connecting to the host. Defaults to HTTP. 3896 3897 Possible enum values: 3898 - `"HTTP"` means that the scheme used will be http:// 3899 - `"HTTPS"` means that the scheme used will be https:// 3900 enum: 3901 - HTTP 3902 - HTTPS 3903 type: string 3904 required: 3905 - port 3906 type: object 3907 initialDelaySeconds: 3908 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3909 format: int32 3910 type: integer 3911 periodSeconds: 3912 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3913 format: int32 3914 type: integer 3915 successThreshold: 3916 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3917 format: int32 3918 type: integer 3919 tcpSocket: 3920 description: TCPSocket specifies a connection to a TCP port. 3921 properties: 3922 host: 3923 description: "Optional: Host name to connect to, defaults to the pod IP." 3924 type: string 3925 port: 3926 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3927 format: int-or-string 3928 x-kubernetes-int-or-string: true 3929 required: 3930 - port 3931 type: object 3932 terminationGracePeriodSeconds: 3933 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3934 format: int64 3935 type: integer 3936 timeoutSeconds: 3937 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3938 format: int32 3939 type: integer 3940 type: object 3941 name: 3942 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 3943 type: string 3944 ports: 3945 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 3946 items: 3947 properties: 3948 containerPort: 3949 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 3950 format: int32 3951 type: integer 3952 hostIP: 3953 description: What host IP to bind the external port to. 3954 type: string 3955 hostPort: 3956 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 3957 format: int32 3958 type: integer 3959 name: 3960 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 3961 type: string 3962 protocol: 3963 description: |- 3964 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 3965 3966 Possible enum values: 3967 - `"SCTP"` is the SCTP protocol. 3968 - `"TCP"` is the TCP protocol. 3969 - `"UDP"` is the UDP protocol. 3970 enum: 3971 - SCTP 3972 - TCP 3973 - UDP 3974 type: string 3975 required: 3976 - containerPort 3977 type: object 3978 type: array 3979 readinessProbe: 3980 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3981 properties: 3982 exec: 3983 description: Exec specifies a command to execute in the container. 3984 properties: 3985 command: 3986 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3987 items: 3988 type: string 3989 type: array 3990 type: object 3991 failureThreshold: 3992 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3993 format: int32 3994 type: integer 3995 grpc: 3996 description: GRPC specifies a GRPC HealthCheckRequest. 3997 properties: 3998 port: 3999 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 4000 format: int32 4001 type: integer 4002 service: 4003 description: |- 4004 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4005 4006 If this is not specified, the default behavior is defined by gRPC. 4007 type: string 4008 required: 4009 - port 4010 type: object 4011 httpGet: 4012 description: HTTPGet specifies an HTTP GET request to perform. 4013 properties: 4014 host: 4015 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 4016 type: string 4017 httpHeaders: 4018 description: Custom headers to set in the request. HTTP allows repeated headers. 4019 items: 4020 properties: 4021 name: 4022 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 4023 type: string 4024 value: 4025 description: The header field value 4026 type: string 4027 required: 4028 - name 4029 - value 4030 type: object 4031 type: array 4032 path: 4033 description: Path to access on the HTTP server. 4034 type: string 4035 port: 4036 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 4037 format: int-or-string 4038 x-kubernetes-int-or-string: true 4039 scheme: 4040 description: |- 4041 Scheme to use for connecting to the host. Defaults to HTTP. 4042 4043 Possible enum values: 4044 - `"HTTP"` means that the scheme used will be http:// 4045 - `"HTTPS"` means that the scheme used will be https:// 4046 enum: 4047 - HTTP 4048 - HTTPS 4049 type: string 4050 required: 4051 - port 4052 type: object 4053 initialDelaySeconds: 4054 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 4055 format: int32 4056 type: integer 4057 periodSeconds: 4058 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 4059 format: int32 4060 type: integer 4061 successThreshold: 4062 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 4063 format: int32 4064 type: integer 4065 tcpSocket: 4066 description: TCPSocket specifies a connection to a TCP port. 4067 properties: 4068 host: 4069 description: "Optional: Host name to connect to, defaults to the pod IP." 4070 type: string 4071 port: 4072 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 4073 format: int-or-string 4074 x-kubernetes-int-or-string: true 4075 required: 4076 - port 4077 type: object 4078 terminationGracePeriodSeconds: 4079 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 4080 format: int64 4081 type: integer 4082 timeoutSeconds: 4083 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 4084 format: int32 4085 type: integer 4086 type: object 4087 resizePolicy: 4088 description: Resources resize policy for the container. 4089 items: 4090 properties: 4091 resourceName: 4092 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 4093 type: string 4094 restartPolicy: 4095 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 4096 type: string 4097 required: 4098 - resourceName 4099 - restartPolicy 4100 type: object 4101 type: array 4102 resources: 4103 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4104 properties: 4105 claims: 4106 description: |- 4107 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 4108 4109 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 4110 4111 This field is immutable. It can only be set for containers. 4112 items: 4113 properties: 4114 name: 4115 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 4116 type: string 4117 request: 4118 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 4119 type: string 4120 required: 4121 - name 4122 type: object 4123 type: array 4124 limits: 4125 additionalProperties: 4126 type: string 4127 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4128 type: object 4129 requests: 4130 additionalProperties: 4131 type: string 4132 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4133 type: object 4134 type: object 4135 restartPolicy: 4136 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 4137 type: string 4138 securityContext: 4139 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 4140 properties: 4141 allowPrivilegeEscalation: 4142 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 4143 type: boolean 4144 appArmorProfile: 4145 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 4146 properties: 4147 localhostProfile: 4148 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 4149 type: string 4150 type: 4151 description: |- 4152 type indicates which kind of AppArmor profile will be applied. Valid options are: 4153 Localhost - a profile pre-loaded on the node. 4154 RuntimeDefault - the container runtime's default profile. 4155 Unconfined - no AppArmor enforcement. 4156 4157 Possible enum values: 4158 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 4159 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 4160 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 4161 enum: 4162 - Localhost 4163 - RuntimeDefault 4164 - Unconfined 4165 type: string 4166 required: 4167 - type 4168 type: object 4169 capabilities: 4170 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 4171 properties: 4172 add: 4173 description: Added capabilities 4174 items: 4175 type: string 4176 type: array 4177 drop: 4178 description: Removed capabilities 4179 items: 4180 type: string 4181 type: array 4182 type: object 4183 privileged: 4184 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 4185 type: boolean 4186 procMount: 4187 description: |- 4188 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 4189 4190 Possible enum values: 4191 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 4192 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 4193 enum: 4194 - Default 4195 - Unmasked 4196 type: string 4197 readOnlyRootFilesystem: 4198 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 4199 type: boolean 4200 runAsGroup: 4201 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 4202 format: int64 4203 type: integer 4204 runAsNonRoot: 4205 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 4206 type: boolean 4207 runAsUser: 4208 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 4209 format: int64 4210 type: integer 4211 seLinuxOptions: 4212 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 4213 properties: 4214 level: 4215 description: Level is SELinux level label that applies to the container. 4216 type: string 4217 role: 4218 description: Role is a SELinux role label that applies to the container. 4219 type: string 4220 type: 4221 description: Type is a SELinux type label that applies to the container. 4222 type: string 4223 user: 4224 description: User is a SELinux user label that applies to the container. 4225 type: string 4226 type: object 4227 seccompProfile: 4228 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 4229 properties: 4230 localhostProfile: 4231 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 4232 type: string 4233 type: 4234 description: |- 4235 type indicates which kind of seccomp profile will be applied. Valid options are: 4236 4237 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 4238 4239 Possible enum values: 4240 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 4241 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 4242 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 4243 enum: 4244 - Localhost 4245 - RuntimeDefault 4246 - Unconfined 4247 type: string 4248 required: 4249 - type 4250 type: object 4251 windowsOptions: 4252 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 4253 properties: 4254 gmsaCredentialSpec: 4255 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 4256 type: string 4257 gmsaCredentialSpecName: 4258 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 4259 type: string 4260 hostProcess: 4261 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 4262 type: boolean 4263 runAsUserName: 4264 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 4265 type: string 4266 type: object 4267 type: object 4268 startupProbe: 4269 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 4270 properties: 4271 exec: 4272 description: Exec specifies a command to execute in the container. 4273 properties: 4274 command: 4275 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4276 items: 4277 type: string 4278 type: array 4279 type: object 4280 failureThreshold: 4281 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 4282 format: int32 4283 type: integer 4284 grpc: 4285 description: GRPC specifies a GRPC HealthCheckRequest. 4286 properties: 4287 port: 4288 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 4289 format: int32 4290 type: integer 4291 service: 4292 description: |- 4293 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4294 4295 If this is not specified, the default behavior is defined by gRPC. 4296 type: string 4297 required: 4298 - port 4299 type: object 4300 httpGet: 4301 description: HTTPGet specifies an HTTP GET request to perform. 4302 properties: 4303 host: 4304 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 4305 type: string 4306 httpHeaders: 4307 description: Custom headers to set in the request. HTTP allows repeated headers. 4308 items: 4309 properties: 4310 name: 4311 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 4312 type: string 4313 value: 4314 description: The header field value 4315 type: string 4316 required: 4317 - name 4318 - value 4319 type: object 4320 type: array 4321 path: 4322 description: Path to access on the HTTP server. 4323 type: string 4324 port: 4325 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 4326 format: int-or-string 4327 x-kubernetes-int-or-string: true 4328 scheme: 4329 description: |- 4330 Scheme to use for connecting to the host. Defaults to HTTP. 4331 4332 Possible enum values: 4333 - `"HTTP"` means that the scheme used will be http:// 4334 - `"HTTPS"` means that the scheme used will be https:// 4335 enum: 4336 - HTTP 4337 - HTTPS 4338 type: string 4339 required: 4340 - port 4341 type: object 4342 initialDelaySeconds: 4343 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 4344 format: int32 4345 type: integer 4346 periodSeconds: 4347 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 4348 format: int32 4349 type: integer 4350 successThreshold: 4351 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 4352 format: int32 4353 type: integer 4354 tcpSocket: 4355 description: TCPSocket specifies a connection to a TCP port. 4356 properties: 4357 host: 4358 description: "Optional: Host name to connect to, defaults to the pod IP." 4359 type: string 4360 port: 4361 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 4362 format: int-or-string 4363 x-kubernetes-int-or-string: true 4364 required: 4365 - port 4366 type: object 4367 terminationGracePeriodSeconds: 4368 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 4369 format: int64 4370 type: integer 4371 timeoutSeconds: 4372 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 4373 format: int32 4374 type: integer 4375 type: object 4376 stdin: 4377 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 4378 type: boolean 4379 stdinOnce: 4380 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 4381 type: boolean 4382 terminationMessagePath: 4383 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 4384 type: string 4385 terminationMessagePolicy: 4386 description: |- 4387 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 4388 4389 Possible enum values: 4390 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 4391 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 4392 enum: 4393 - FallbackToLogsOnError 4394 - File 4395 type: string 4396 tty: 4397 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 4398 type: boolean 4399 volumeDevices: 4400 description: volumeDevices is the list of block devices to be used by the container. 4401 items: 4402 properties: 4403 devicePath: 4404 description: devicePath is the path inside of the container that the device will be mapped to. 4405 type: string 4406 name: 4407 description: name must match the name of a persistentVolumeClaim in the pod 4408 type: string 4409 required: 4410 - name 4411 - devicePath 4412 type: object 4413 type: array 4414 volumeMounts: 4415 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 4416 items: 4417 properties: 4418 mountPath: 4419 description: Path within the container at which the volume should be mounted. Must not contain ':'. 4420 type: string 4421 mountPropagation: 4422 description: |- 4423 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 4424 4425 Possible enum values: 4426 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 4427 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 4428 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 4429 enum: 4430 - Bidirectional 4431 - HostToContainer 4432 - None 4433 type: string 4434 name: 4435 description: This must match the Name of a Volume. 4436 type: string 4437 readOnly: 4438 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 4439 type: boolean 4440 recursiveReadOnly: 4441 description: |- 4442 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 4443 4444 If ReadOnly is false, this field has no meaning and must be unspecified. 4445 4446 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 4447 4448 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 4449 4450 If this field is not specified, it is treated as an equivalent of Disabled. 4451 type: string 4452 subPath: 4453 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 4454 type: string 4455 subPathExpr: 4456 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 4457 type: string 4458 required: 4459 - name 4460 - mountPath 4461 type: object 4462 type: array 4463 workingDir: 4464 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 4465 type: string 4466 required: 4467 - name 4468 type: object 4469 type: array 4470 nodeName: 4471 description: NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename 4472 type: string 4473 nodeSelector: 4474 additionalProperties: 4475 type: string 4476 description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" 4477 type: object 4478 x-kubernetes-map-type: atomic 4479 os: 4480 description: |- 4481 Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. 4482 4483 If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions 4484 4485 If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup 4486 properties: 4487 name: 4488 description: "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null" 4489 type: string 4490 required: 4491 - name 4492 type: object 4493 overhead: 4494 additionalProperties: 4495 type: string 4496 description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" 4497 type: object 4498 preemptionPolicy: 4499 description: |- 4500 PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. 4501 4502 Possible enum values: 4503 - `"Never"` means that pod never preempts other pods with lower priority. 4504 - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority. 4505 enum: 4506 - Never 4507 - PreemptLowerPriority 4508 type: string 4509 priority: 4510 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. 4511 format: int32 4512 type: integer 4513 priorityClassName: 4514 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. 4515 type: string 4516 readinessGates: 4517 description: "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" 4518 items: 4519 properties: 4520 conditionType: 4521 description: ConditionType refers to a condition in the pod's condition list with matching type. 4522 type: string 4523 required: 4524 - conditionType 4525 type: object 4526 type: array 4527 resourceClaims: 4528 description: |- 4529 ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. 4530 4531 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 4532 4533 This field is immutable. 4534 items: 4535 properties: 4536 name: 4537 description: Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. 4538 type: string 4539 resourceClaimName: 4540 description: |- 4541 ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. 4542 4543 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 4544 type: string 4545 resourceClaimTemplateName: 4546 description: |- 4547 ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. 4548 4549 The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 4550 4551 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. 4552 4553 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 4554 type: string 4555 required: 4556 - name 4557 type: object 4558 type: array 4559 resources: 4560 description: |- 4561 Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for "cpu" and "memory" resource names only. ResourceClaims are not supported. 4562 4563 This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. 4564 4565 This is an alpha field and requires enabling the PodLevelResources feature gate. 4566 properties: 4567 claims: 4568 description: |- 4569 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 4570 4571 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 4572 4573 This field is immutable. It can only be set for containers. 4574 items: 4575 properties: 4576 name: 4577 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 4578 type: string 4579 request: 4580 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 4581 type: string 4582 required: 4583 - name 4584 type: object 4585 type: array 4586 limits: 4587 additionalProperties: 4588 type: string 4589 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4590 type: object 4591 requests: 4592 additionalProperties: 4593 type: string 4594 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4595 type: object 4596 type: object 4597 restartPolicy: 4598 description: |- 4599 Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 4600 4601 Possible enum values: 4602 - `"Always"` 4603 - `"Never"` 4604 - `"OnFailure"` 4605 enum: 4606 - Always 4607 - Never 4608 - OnFailure 4609 type: string 4610 runtimeClassName: 4611 description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" 4612 type: string 4613 schedulerName: 4614 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. 4615 type: string 4616 schedulingGates: 4617 description: |- 4618 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. 4619 4620 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 4621 items: 4622 properties: 4623 name: 4624 description: Name of the scheduling gate. Each scheduling gate must have a unique name field. 4625 type: string 4626 required: 4627 - name 4628 type: object 4629 type: array 4630 securityContext: 4631 description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." 4632 properties: 4633 appArmorProfile: 4634 description: appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 4635 properties: 4636 localhostProfile: 4637 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 4638 type: string 4639 type: 4640 description: |- 4641 type indicates which kind of AppArmor profile will be applied. Valid options are: 4642 Localhost - a profile pre-loaded on the node. 4643 RuntimeDefault - the container runtime's default profile. 4644 Unconfined - no AppArmor enforcement. 4645 4646 Possible enum values: 4647 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 4648 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 4649 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 4650 enum: 4651 - Localhost 4652 - RuntimeDefault 4653 - Unconfined 4654 type: string 4655 required: 4656 - type 4657 type: object 4658 fsGroup: 4659 description: |- 4660 A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 4661 4662 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- 4663 4664 If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. 4665 format: int64 4666 type: integer 4667 fsGroupChangePolicy: 4668 description: |- 4669 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. 4670 4671 Possible enum values: 4672 - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior. 4673 - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume. 4674 enum: 4675 - Always 4676 - OnRootMismatch 4677 type: string 4678 runAsGroup: 4679 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 4680 format: int64 4681 type: integer 4682 runAsNonRoot: 4683 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 4684 type: boolean 4685 runAsUser: 4686 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 4687 format: int64 4688 type: integer 4689 seLinuxChangePolicy: 4690 description: |- 4691 seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". 4692 4693 "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. 4694 4695 "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. 4696 4697 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. 4698 4699 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. 4700 4701 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows. 4702 type: string 4703 seLinuxOptions: 4704 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 4705 properties: 4706 level: 4707 description: Level is SELinux level label that applies to the container. 4708 type: string 4709 role: 4710 description: Role is a SELinux role label that applies to the container. 4711 type: string 4712 type: 4713 description: Type is a SELinux type label that applies to the container. 4714 type: string 4715 user: 4716 description: User is a SELinux user label that applies to the container. 4717 type: string 4718 type: object 4719 seccompProfile: 4720 description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 4721 properties: 4722 localhostProfile: 4723 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 4724 type: string 4725 type: 4726 description: |- 4727 type indicates which kind of seccomp profile will be applied. Valid options are: 4728 4729 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 4730 4731 Possible enum values: 4732 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 4733 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 4734 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 4735 enum: 4736 - Localhost 4737 - RuntimeDefault 4738 - Unconfined 4739 type: string 4740 required: 4741 - type 4742 type: object 4743 supplementalGroups: 4744 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. 4745 items: 4746 format: int64 4747 type: integer 4748 type: array 4749 supplementalGroupsPolicy: 4750 description: |- 4751 Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows. 4752 4753 Possible enum values: 4754 - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group). 4755 - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image. 4756 enum: 4757 - Merge 4758 - Strict 4759 type: string 4760 sysctls: 4761 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. 4762 items: 4763 properties: 4764 name: 4765 description: Name of a property to set 4766 type: string 4767 value: 4768 description: Value of a property to set 4769 type: string 4770 required: 4771 - name 4772 - value 4773 type: object 4774 type: array 4775 windowsOptions: 4776 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 4777 properties: 4778 gmsaCredentialSpec: 4779 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 4780 type: string 4781 gmsaCredentialSpecName: 4782 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 4783 type: string 4784 hostProcess: 4785 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 4786 type: boolean 4787 runAsUserName: 4788 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 4789 type: string 4790 type: object 4791 type: object 4792 serviceAccount: 4793 description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead." 4794 type: string 4795 serviceAccountName: 4796 description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" 4797 type: string 4798 setHostnameAsFQDN: 4799 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. 4800 type: boolean 4801 shareProcessNamespace: 4802 description: "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false." 4803 type: boolean 4804 subdomain: 4805 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all. 4806 type: string 4807 terminationGracePeriodSeconds: 4808 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. 4809 format: int64 4810 type: integer 4811 tolerations: 4812 description: If specified, the pod's tolerations. 4813 items: 4814 properties: 4815 effect: 4816 description: |- 4817 Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 4818 4819 Possible enum values: 4820 - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController. 4821 - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler. 4822 - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler. 4823 enum: 4824 - NoExecute 4825 - NoSchedule 4826 - PreferNoSchedule 4827 type: string 4828 key: 4829 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 4830 type: string 4831 operator: 4832 description: |- 4833 Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 4834 4835 Possible enum values: 4836 - `"Equal"` 4837 - `"Exists"` 4838 enum: 4839 - Equal 4840 - Exists 4841 type: string 4842 tolerationSeconds: 4843 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 4844 format: int64 4845 type: integer 4846 value: 4847 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 4848 type: string 4849 type: object 4850 type: array 4851 topologySpreadConstraints: 4852 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. 4853 items: 4854 properties: 4855 labelSelector: 4856 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 4857 properties: 4858 matchExpressions: 4859 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4860 items: 4861 properties: 4862 key: 4863 description: key is the label key that the selector applies to. 4864 type: string 4865 operator: 4866 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4867 type: string 4868 values: 4869 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4870 items: 4871 type: string 4872 type: array 4873 required: 4874 - key 4875 - operator 4876 type: object 4877 type: array 4878 matchLabels: 4879 additionalProperties: 4880 type: string 4881 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4882 type: object 4883 type: object 4884 x-kubernetes-map-type: atomic 4885 matchLabelKeys: 4886 description: |- 4887 MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 4888 4889 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 4890 items: 4891 type: string 4892 type: array 4893 maxSkew: 4894 description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." 4895 format: int32 4896 type: integer 4897 minDomains: 4898 description: |- 4899 MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 4900 4901 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. 4902 format: int32 4903 type: integer 4904 nodeAffinityPolicy: 4905 description: |- 4906 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 4907 4908 If this value is nil, the behavior is equivalent to the Honor policy. 4909 4910 Possible enum values: 4911 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 4912 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 4913 enum: 4914 - Honor 4915 - Ignore 4916 type: string 4917 nodeTaintsPolicy: 4918 description: |- 4919 NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 4920 4921 If this value is nil, the behavior is equivalent to the Ignore policy. 4922 4923 Possible enum values: 4924 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 4925 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 4926 enum: 4927 - Honor 4928 - Ignore 4929 type: string 4930 topologyKey: 4931 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. 4932 type: string 4933 whenUnsatisfiable: 4934 description: |- 4935 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, 4936 but giving higher precedence to topologies that would help reduce the 4937 skew. 4938 A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. 4939 4940 Possible enum values: 4941 - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied. 4942 - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied. 4943 enum: 4944 - DoNotSchedule 4945 - ScheduleAnyway 4946 type: string 4947 required: 4948 - maxSkew 4949 - topologyKey 4950 - whenUnsatisfiable 4951 type: object 4952 type: array 4953 volumes: 4954 description: "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" 4955 items: 4956 properties: 4957 awsElasticBlockStore: 4958 description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4959 properties: 4960 fsType: 4961 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4962 type: string 4963 partition: 4964 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." 4965 format: int32 4966 type: integer 4967 readOnly: 4968 description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4969 type: boolean 4970 volumeID: 4971 description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4972 type: string 4973 required: 4974 - volumeID 4975 type: object 4976 azureDisk: 4977 description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver." 4978 properties: 4979 cachingMode: 4980 description: |- 4981 cachingMode is the Host Caching mode: None, Read Only, Read Write. 4982 4983 Possible enum values: 4984 - `"None"` 4985 - `"ReadOnly"` 4986 - `"ReadWrite"` 4987 enum: 4988 - None 4989 - ReadOnly 4990 - ReadWrite 4991 type: string 4992 diskName: 4993 description: diskName is the Name of the data disk in the blob storage 4994 type: string 4995 diskURI: 4996 description: diskURI is the URI of data disk in the blob storage 4997 type: string 4998 fsType: 4999 description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5000 type: string 5001 kind: 5002 description: |- 5003 kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared 5004 5005 Possible enum values: 5006 - `"Dedicated"` 5007 - `"Managed"` 5008 - `"Shared"` 5009 enum: 5010 - Dedicated 5011 - Managed 5012 - Shared 5013 type: string 5014 readOnly: 5015 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5016 type: boolean 5017 required: 5018 - diskName 5019 - diskURI 5020 type: object 5021 azureFile: 5022 description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver." 5023 properties: 5024 readOnly: 5025 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5026 type: boolean 5027 secretName: 5028 description: secretName is the name of secret that contains Azure Storage Account Name and Key 5029 type: string 5030 shareName: 5031 description: shareName is the azure share Name 5032 type: string 5033 required: 5034 - secretName 5035 - shareName 5036 type: object 5037 cephfs: 5038 description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported." 5039 properties: 5040 monitors: 5041 description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 5042 items: 5043 type: string 5044 type: array 5045 path: 5046 description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" 5047 type: string 5048 readOnly: 5049 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 5050 type: boolean 5051 secretFile: 5052 description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 5053 type: string 5054 secretRef: 5055 description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 5056 properties: 5057 name: 5058 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5059 type: string 5060 type: object 5061 x-kubernetes-map-type: atomic 5062 user: 5063 description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 5064 type: string 5065 required: 5066 - monitors 5067 type: object 5068 cinder: 5069 description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 5070 properties: 5071 fsType: 5072 description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 5073 type: string 5074 readOnly: 5075 description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 5076 type: boolean 5077 secretRef: 5078 description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." 5079 properties: 5080 name: 5081 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5082 type: string 5083 type: object 5084 x-kubernetes-map-type: atomic 5085 volumeID: 5086 description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 5087 type: string 5088 required: 5089 - volumeID 5090 type: object 5091 configMap: 5092 description: configMap represents a configMap that should populate this volume 5093 properties: 5094 defaultMode: 5095 description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5096 format: int32 5097 type: integer 5098 items: 5099 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5100 items: 5101 properties: 5102 key: 5103 description: key is the key to project. 5104 type: string 5105 mode: 5106 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5107 format: int32 5108 type: integer 5109 path: 5110 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5111 type: string 5112 required: 5113 - key 5114 - path 5115 type: object 5116 type: array 5117 name: 5118 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5119 type: string 5120 optional: 5121 description: optional specify whether the ConfigMap or its keys must be defined 5122 type: boolean 5123 type: object 5124 csi: 5125 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. 5126 properties: 5127 driver: 5128 description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 5129 type: string 5130 fsType: 5131 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 5132 type: string 5133 nodePublishSecretRef: 5134 description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 5135 properties: 5136 name: 5137 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5138 type: string 5139 type: object 5140 x-kubernetes-map-type: atomic 5141 readOnly: 5142 description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). 5143 type: boolean 5144 volumeAttributes: 5145 additionalProperties: 5146 type: string 5147 description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 5148 type: object 5149 required: 5150 - driver 5151 type: object 5152 downwardAPI: 5153 description: downwardAPI represents downward API about the pod that should populate this volume 5154 properties: 5155 defaultMode: 5156 description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5157 format: int32 5158 type: integer 5159 items: 5160 description: Items is a list of downward API volume file 5161 items: 5162 properties: 5163 fieldRef: 5164 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 5165 properties: 5166 apiVersion: 5167 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 5168 type: string 5169 fieldPath: 5170 description: Path of the field to select in the specified API version. 5171 type: string 5172 required: 5173 - fieldPath 5174 type: object 5175 x-kubernetes-map-type: atomic 5176 mode: 5177 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5178 format: int32 5179 type: integer 5180 path: 5181 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 5182 type: string 5183 resourceFieldRef: 5184 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 5185 properties: 5186 containerName: 5187 description: "Container name: required for volumes, optional for env vars" 5188 type: string 5189 divisor: 5190 description: Specifies the output format of the exposed resources, defaults to "1" 5191 type: string 5192 resource: 5193 description: "Required: resource to select" 5194 type: string 5195 required: 5196 - resource 5197 type: object 5198 x-kubernetes-map-type: atomic 5199 required: 5200 - path 5201 type: object 5202 type: array 5203 type: object 5204 emptyDir: 5205 description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 5206 properties: 5207 medium: 5208 description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 5209 type: string 5210 sizeLimit: 5211 description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 5212 type: string 5213 type: object 5214 ephemeral: 5215 description: |- 5216 ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. 5217 5218 Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity 5219 tracking are needed, 5220 c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through 5221 a PersistentVolumeClaim (see EphemeralVolumeSource for more 5222 information on the connection between this volume type 5223 and PersistentVolumeClaim). 5224 5225 Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. 5226 5227 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. 5228 5229 A pod can use both types of ephemeral volumes and persistent volumes at the same time. 5230 properties: 5231 volumeClaimTemplate: 5232 description: |- 5233 Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). 5234 5235 An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. 5236 5237 This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. 5238 5239 Required, must not be nil. 5240 properties: 5241 metadata: 5242 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 5243 properties: 5244 annotations: 5245 additionalProperties: 5246 type: string 5247 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 5248 type: object 5249 creationTimestamp: 5250 description: |- 5251 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 5252 5253 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 5254 format: date-time 5255 nullable: true 5256 type: string 5257 deletionGracePeriodSeconds: 5258 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 5259 format: int64 5260 type: integer 5261 deletionTimestamp: 5262 description: |- 5263 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 5264 5265 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 5266 format: date-time 5267 type: string 5268 finalizers: 5269 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 5270 items: 5271 type: string 5272 type: array 5273 generateName: 5274 description: |- 5275 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 5276 5277 If this field is specified and the generated name exists, the server will return a 409. 5278 5279 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 5280 type: string 5281 generation: 5282 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 5283 format: int64 5284 type: integer 5285 labels: 5286 additionalProperties: 5287 type: string 5288 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 5289 type: object 5290 managedFields: 5291 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 5292 items: 5293 properties: 5294 apiVersion: 5295 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 5296 type: string 5297 fieldsType: 5298 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 5299 type: string 5300 fieldsV1: 5301 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 5302 type: object 5303 manager: 5304 description: Manager is an identifier of the workflow managing these fields. 5305 type: string 5306 operation: 5307 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 5308 type: string 5309 subresource: 5310 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 5311 type: string 5312 time: 5313 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 5314 format: date-time 5315 type: string 5316 type: object 5317 type: array 5318 name: 5319 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 5320 type: string 5321 namespace: 5322 description: |- 5323 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 5324 5325 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 5326 type: string 5327 ownerReferences: 5328 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 5329 items: 5330 properties: 5331 apiVersion: 5332 description: API version of the referent. 5333 type: string 5334 blockOwnerDeletion: 5335 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 5336 type: boolean 5337 controller: 5338 description: If true, this reference points to the managing controller. 5339 type: boolean 5340 kind: 5341 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 5342 type: string 5343 name: 5344 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 5345 type: string 5346 uid: 5347 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 5348 type: string 5349 required: 5350 - apiVersion 5351 - kind 5352 - name 5353 - uid 5354 type: object 5355 x-kubernetes-map-type: atomic 5356 type: array 5357 resourceVersion: 5358 description: |- 5359 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 5360 5361 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 5362 type: string 5363 selfLink: 5364 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 5365 type: string 5366 uid: 5367 description: |- 5368 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 5369 5370 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 5371 type: string 5372 type: object 5373 spec: 5374 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 5375 properties: 5376 accessModes: 5377 description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" 5378 items: 5379 enum: 5380 - ReadOnlyMany 5381 - ReadWriteMany 5382 - ReadWriteOnce 5383 - ReadWriteOncePod 5384 type: string 5385 type: array 5386 dataSource: 5387 description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." 5388 properties: 5389 apiGroup: 5390 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 5391 type: string 5392 kind: 5393 description: Kind is the type of resource being referenced 5394 type: string 5395 name: 5396 description: Name is the name of resource being referenced 5397 type: string 5398 required: 5399 - kind 5400 - name 5401 type: object 5402 x-kubernetes-map-type: atomic 5403 dataSourceRef: 5404 description: |- 5405 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef 5406 allows any non-core object, as well as PersistentVolumeClaim objects. 5407 * While dataSource ignores disallowed values (dropping them), dataSourceRef 5408 preserves all values, and generates an error if a disallowed value is 5409 specified. 5410 * While dataSource only allows local objects, dataSourceRef allows objects 5411 in any namespaces. 5412 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 5413 properties: 5414 apiGroup: 5415 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 5416 type: string 5417 kind: 5418 description: Kind is the type of resource being referenced 5419 type: string 5420 name: 5421 description: Name is the name of resource being referenced 5422 type: string 5423 namespace: 5424 description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 5425 type: string 5426 required: 5427 - kind 5428 - name 5429 type: object 5430 resources: 5431 description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" 5432 properties: 5433 limits: 5434 additionalProperties: 5435 type: string 5436 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 5437 type: object 5438 requests: 5439 additionalProperties: 5440 type: string 5441 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 5442 type: object 5443 type: object 5444 selector: 5445 description: selector is a label query over volumes to consider for binding. 5446 properties: 5447 matchExpressions: 5448 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 5449 items: 5450 properties: 5451 key: 5452 description: key is the label key that the selector applies to. 5453 type: string 5454 operator: 5455 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 5456 type: string 5457 values: 5458 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 5459 items: 5460 type: string 5461 type: array 5462 required: 5463 - key 5464 - operator 5465 type: object 5466 type: array 5467 matchLabels: 5468 additionalProperties: 5469 type: string 5470 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 5471 type: object 5472 type: object 5473 x-kubernetes-map-type: atomic 5474 storageClassName: 5475 description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" 5476 type: string 5477 volumeAttributesClassName: 5478 description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." 5479 type: string 5480 volumeMode: 5481 description: |- 5482 volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 5483 5484 Possible enum values: 5485 - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device. 5486 - `"Filesystem"` means the volume will be or is formatted with a filesystem. 5487 enum: 5488 - Block 5489 - Filesystem 5490 type: string 5491 volumeName: 5492 description: volumeName is the binding reference to the PersistentVolume backing this claim. 5493 type: string 5494 type: object 5495 required: 5496 - spec 5497 type: object 5498 type: object 5499 fc: 5500 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 5501 properties: 5502 fsType: 5503 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5504 type: string 5505 lun: 5506 description: "lun is Optional: FC target lun number" 5507 format: int32 5508 type: integer 5509 readOnly: 5510 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 5511 type: boolean 5512 targetWWNs: 5513 description: "targetWWNs is Optional: FC target worldwide names (WWNs)" 5514 items: 5515 type: string 5516 type: array 5517 wwids: 5518 description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." 5519 items: 5520 type: string 5521 type: array 5522 type: object 5523 flexVolume: 5524 description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead." 5525 properties: 5526 driver: 5527 description: driver is the name of the driver to use for this volume. 5528 type: string 5529 fsType: 5530 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 5531 type: string 5532 options: 5533 additionalProperties: 5534 type: string 5535 description: "options is Optional: this field holds extra command options if any." 5536 type: object 5537 readOnly: 5538 description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 5539 type: boolean 5540 secretRef: 5541 description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." 5542 properties: 5543 name: 5544 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5545 type: string 5546 type: object 5547 x-kubernetes-map-type: atomic 5548 required: 5549 - driver 5550 type: object 5551 flocker: 5552 description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported." 5553 properties: 5554 datasetName: 5555 description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 5556 type: string 5557 datasetUUID: 5558 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset 5559 type: string 5560 type: object 5561 gcePersistentDisk: 5562 description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5563 properties: 5564 fsType: 5565 description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5566 type: string 5567 partition: 5568 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5569 format: int32 5570 type: integer 5571 pdName: 5572 description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5573 type: string 5574 readOnly: 5575 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 5576 type: boolean 5577 required: 5578 - pdName 5579 type: object 5580 gitRepo: 5581 description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." 5582 properties: 5583 directory: 5584 description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 5585 type: string 5586 repository: 5587 description: repository is the URL 5588 type: string 5589 revision: 5590 description: revision is the commit hash for the specified revision. 5591 type: string 5592 required: 5593 - repository 5594 type: object 5595 glusterfs: 5596 description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md" 5597 properties: 5598 endpoints: 5599 description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 5600 type: string 5601 path: 5602 description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 5603 type: string 5604 readOnly: 5605 description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 5606 type: boolean 5607 required: 5608 - endpoints 5609 - path 5610 type: object 5611 hostPath: 5612 description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 5613 properties: 5614 path: 5615 description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 5616 type: string 5617 type: 5618 description: |- 5619 type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 5620 5621 Possible enum values: 5622 - `""` For backwards compatible, leave it empty if unset 5623 - `"BlockDevice"` A block device must exist at the given path 5624 - `"CharDevice"` A character device must exist at the given path 5625 - `"Directory"` A directory must exist at the given path 5626 - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet. 5627 - `"File"` A file must exist at the given path 5628 - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet. 5629 - `"Socket"` A UNIX socket must exist at the given path 5630 enum: 5631 - "" 5632 - BlockDevice 5633 - CharDevice 5634 - Directory 5635 - DirectoryOrCreate 5636 - File 5637 - FileOrCreate 5638 - Socket 5639 type: string 5640 required: 5641 - path 5642 type: object 5643 image: 5644 description: |- 5645 image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: 5646 5647 - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. 5648 5649 The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. 5650 properties: 5651 pullPolicy: 5652 description: |- 5653 Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 5654 5655 Possible enum values: 5656 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 5657 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 5658 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 5659 enum: 5660 - Always 5661 - IfNotPresent 5662 - Never 5663 type: string 5664 reference: 5665 description: "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 5666 type: string 5667 type: object 5668 iscsi: 5669 description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" 5670 properties: 5671 chapAuthDiscovery: 5672 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication 5673 type: boolean 5674 chapAuthSession: 5675 description: chapAuthSession defines whether support iSCSI Session CHAP authentication 5676 type: boolean 5677 fsType: 5678 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" 5679 type: string 5680 initiatorName: 5681 description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 5682 type: string 5683 iqn: 5684 description: iqn is the target iSCSI Qualified Name. 5685 type: string 5686 iscsiInterface: 5687 description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 5688 type: string 5689 lun: 5690 description: lun represents iSCSI Target Lun number. 5691 format: int32 5692 type: integer 5693 portals: 5694 description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 5695 items: 5696 type: string 5697 type: array 5698 readOnly: 5699 description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 5700 type: boolean 5701 secretRef: 5702 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication 5703 properties: 5704 name: 5705 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5706 type: string 5707 type: object 5708 x-kubernetes-map-type: atomic 5709 targetPortal: 5710 description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 5711 type: string 5712 required: 5713 - targetPortal 5714 - iqn 5715 - lun 5716 type: object 5717 name: 5718 description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5719 type: string 5720 nfs: 5721 description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5722 properties: 5723 path: 5724 description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5725 type: string 5726 readOnly: 5727 description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5728 type: boolean 5729 server: 5730 description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 5731 type: string 5732 required: 5733 - server 5734 - path 5735 type: object 5736 persistentVolumeClaim: 5737 description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 5738 properties: 5739 claimName: 5740 description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 5741 type: string 5742 readOnly: 5743 description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. 5744 type: boolean 5745 required: 5746 - claimName 5747 type: object 5748 photonPersistentDisk: 5749 description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported." 5750 properties: 5751 fsType: 5752 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5753 type: string 5754 pdID: 5755 description: pdID is the ID that identifies Photon Controller persistent disk 5756 type: string 5757 required: 5758 - pdID 5759 type: object 5760 portworxVolume: 5761 description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on." 5762 properties: 5763 fsType: 5764 description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 5765 type: string 5766 readOnly: 5767 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5768 type: boolean 5769 volumeID: 5770 description: volumeID uniquely identifies a Portworx volume 5771 type: string 5772 required: 5773 - volumeID 5774 type: object 5775 projected: 5776 description: projected items for all in one resources secrets, configmaps, and downward API 5777 properties: 5778 defaultMode: 5779 description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 5780 format: int32 5781 type: integer 5782 sources: 5783 description: sources is the list of volume projections. Each entry in this list handles one source. 5784 items: 5785 properties: 5786 clusterTrustBundle: 5787 description: |- 5788 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. 5789 5790 Alpha, gated by the ClusterTrustBundleProjection feature gate. 5791 5792 ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. 5793 5794 Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. 5795 properties: 5796 labelSelector: 5797 description: Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". 5798 properties: 5799 matchExpressions: 5800 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 5801 items: 5802 properties: 5803 key: 5804 description: key is the label key that the selector applies to. 5805 type: string 5806 operator: 5807 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 5808 type: string 5809 values: 5810 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 5811 items: 5812 type: string 5813 type: array 5814 required: 5815 - key 5816 - operator 5817 type: object 5818 type: array 5819 matchLabels: 5820 additionalProperties: 5821 type: string 5822 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 5823 type: object 5824 type: object 5825 x-kubernetes-map-type: atomic 5826 name: 5827 description: Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. 5828 type: string 5829 optional: 5830 description: If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. 5831 type: boolean 5832 path: 5833 description: Relative path from the volume root to write the bundle. 5834 type: string 5835 signerName: 5836 description: Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. 5837 type: string 5838 required: 5839 - path 5840 type: object 5841 configMap: 5842 description: configMap information about the configMap data to project 5843 properties: 5844 items: 5845 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5846 items: 5847 properties: 5848 key: 5849 description: key is the key to project. 5850 type: string 5851 mode: 5852 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5853 format: int32 5854 type: integer 5855 path: 5856 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5857 type: string 5858 required: 5859 - key 5860 - path 5861 type: object 5862 type: array 5863 name: 5864 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5865 type: string 5866 optional: 5867 description: optional specify whether the ConfigMap or its keys must be defined 5868 type: boolean 5869 type: object 5870 downwardAPI: 5871 description: downwardAPI information about the downwardAPI data to project 5872 properties: 5873 items: 5874 description: Items is a list of DownwardAPIVolume file 5875 items: 5876 properties: 5877 fieldRef: 5878 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 5879 properties: 5880 apiVersion: 5881 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 5882 type: string 5883 fieldPath: 5884 description: Path of the field to select in the specified API version. 5885 type: string 5886 required: 5887 - fieldPath 5888 type: object 5889 x-kubernetes-map-type: atomic 5890 mode: 5891 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5892 format: int32 5893 type: integer 5894 path: 5895 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 5896 type: string 5897 resourceFieldRef: 5898 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 5899 properties: 5900 containerName: 5901 description: "Container name: required for volumes, optional for env vars" 5902 type: string 5903 divisor: 5904 description: Specifies the output format of the exposed resources, defaults to "1" 5905 type: string 5906 resource: 5907 description: "Required: resource to select" 5908 type: string 5909 required: 5910 - resource 5911 type: object 5912 x-kubernetes-map-type: atomic 5913 required: 5914 - path 5915 type: object 5916 type: array 5917 type: object 5918 secret: 5919 description: secret information about the secret data to project 5920 properties: 5921 items: 5922 description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5923 items: 5924 properties: 5925 key: 5926 description: key is the key to project. 5927 type: string 5928 mode: 5929 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5930 format: int32 5931 type: integer 5932 path: 5933 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5934 type: string 5935 required: 5936 - key 5937 - path 5938 type: object 5939 type: array 5940 name: 5941 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5942 type: string 5943 optional: 5944 description: optional field specify whether the Secret or its key must be defined 5945 type: boolean 5946 type: object 5947 serviceAccountToken: 5948 description: serviceAccountToken is information about the serviceAccountToken data to project 5949 properties: 5950 audience: 5951 description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 5952 type: string 5953 expirationSeconds: 5954 description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 5955 format: int64 5956 type: integer 5957 path: 5958 description: path is the path relative to the mount point of the file to project the token into. 5959 type: string 5960 required: 5961 - path 5962 type: object 5963 type: object 5964 type: array 5965 type: object 5966 quobyte: 5967 description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported." 5968 properties: 5969 group: 5970 description: group to map volume access to Default is no group 5971 type: string 5972 readOnly: 5973 description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 5974 type: boolean 5975 registry: 5976 description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 5977 type: string 5978 tenant: 5979 description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 5980 type: string 5981 user: 5982 description: user to map volume access to Defaults to serivceaccount user 5983 type: string 5984 volume: 5985 description: volume is a string that references an already created Quobyte volume by name. 5986 type: string 5987 required: 5988 - registry 5989 - volume 5990 type: object 5991 rbd: 5992 description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md" 5993 properties: 5994 fsType: 5995 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" 5996 type: string 5997 image: 5998 description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5999 type: string 6000 keyring: 6001 description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 6002 type: string 6003 monitors: 6004 description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 6005 items: 6006 type: string 6007 type: array 6008 pool: 6009 description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 6010 type: string 6011 readOnly: 6012 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 6013 type: boolean 6014 secretRef: 6015 description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 6016 properties: 6017 name: 6018 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 6019 type: string 6020 type: object 6021 x-kubernetes-map-type: atomic 6022 user: 6023 description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 6024 type: string 6025 required: 6026 - monitors 6027 - image 6028 type: object 6029 scaleIO: 6030 description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported." 6031 properties: 6032 fsType: 6033 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 6034 type: string 6035 gateway: 6036 description: gateway is the host address of the ScaleIO API Gateway. 6037 type: string 6038 protectionDomain: 6039 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. 6040 type: string 6041 readOnly: 6042 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 6043 type: boolean 6044 secretRef: 6045 description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 6046 properties: 6047 name: 6048 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 6049 type: string 6050 type: object 6051 x-kubernetes-map-type: atomic 6052 sslEnabled: 6053 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false 6054 type: boolean 6055 storageMode: 6056 description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 6057 type: string 6058 storagePool: 6059 description: storagePool is the ScaleIO Storage Pool associated with the protection domain. 6060 type: string 6061 system: 6062 description: system is the name of the storage system as configured in ScaleIO. 6063 type: string 6064 volumeName: 6065 description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. 6066 type: string 6067 required: 6068 - gateway 6069 - system 6070 - secretRef 6071 type: object 6072 secret: 6073 description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 6074 properties: 6075 defaultMode: 6076 description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 6077 format: int32 6078 type: integer 6079 items: 6080 description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 6081 items: 6082 properties: 6083 key: 6084 description: key is the key to project. 6085 type: string 6086 mode: 6087 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 6088 format: int32 6089 type: integer 6090 path: 6091 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 6092 type: string 6093 required: 6094 - key 6095 - path 6096 type: object 6097 type: array 6098 optional: 6099 description: optional field specify whether the Secret or its keys must be defined 6100 type: boolean 6101 secretName: 6102 description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 6103 type: string 6104 type: object 6105 storageos: 6106 description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported." 6107 properties: 6108 fsType: 6109 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6110 type: string 6111 readOnly: 6112 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 6113 type: boolean 6114 secretRef: 6115 description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 6116 properties: 6117 name: 6118 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 6119 type: string 6120 type: object 6121 x-kubernetes-map-type: atomic 6122 volumeName: 6123 description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 6124 type: string 6125 volumeNamespace: 6126 description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 6127 type: string 6128 type: object 6129 vsphereVolume: 6130 description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver." 6131 properties: 6132 fsType: 6133 description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6134 type: string 6135 storagePolicyID: 6136 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 6137 type: string 6138 storagePolicyName: 6139 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. 6140 type: string 6141 volumePath: 6142 description: volumePath is the path that identifies vSphere volume vmdk 6143 type: string 6144 required: 6145 - volumePath 6146 type: object 6147 required: 6148 - name 6149 type: object 6150 type: array 6151 required: 6152 - containers 6153 type: object 6154 type: object 6155 container: 6156 title: The container name running the gameserver 6157 description: if there is more than one container, specify which one is the game server 6158 type: string 6159 minLength: 0 6160 maxLength: 63 6161 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" 6162 ports: 6163 title: array of ports to expose on the game server container 6164 type: array 6165 nullable: true 6166 items: 6167 type: object 6168 properties: 6169 name: 6170 title: Name is the descriptive name of the port 6171 type: string 6172 range: 6173 title: the port range name from which to select a port when using a 'Dynamic' or 'Passthrough' port policy. Defaults to 'default'. 6174 type: string 6175 portPolicy: 6176 title: the port policy that will be applied to the game server 6177 description: | 6178 portPolicy has four options: 6179 - "Dynamic" (default) the system allocates a random free hostPort for the gameserver, for game clients to connect to 6180 - "Static", user defines the hostPort that the game client will connect to. Then onus is on the user to ensure that the 6181 port is available. When static is the policy specified, `hostPort` is required to be populated 6182 - "Passthrough" dynamically sets the `containerPort` to the same value as the dynamically selected hostPort. 6183 This will mean that users will need to lookup what port has been opened through the server side SDK. 6184 - "None" means the `hostPort` is ignored and if defined, the `containerPort` (optional) is used to set the port on the GameServer instance. 6185 type: string 6186 enum: 6187 - Dynamic 6188 - Static 6189 - Passthrough 6190 - None 6191 protocol: 6192 title: Protocol being used. Defaults to UDP. TCP and TCPUDP are other options. 6193 type: string 6194 enum: 6195 - UDP 6196 - TCP 6197 - TCPUDP 6198 container: 6199 title: | 6200 Container is the name of the container on which to open the port. Defaults to the game server container. 6201 type: string 6202 containerPort: 6203 title: The port that is being opened on the game server process 6204 type: integer 6205 minimum: 1 6206 maximum: 65535 6207 hostPort: 6208 title: The port exposed on the host 6209 description: Only required when `portPolicy` is "Static". Overwritten when portPolicy is "Dynamic" or "Passthrough". 6210 type: integer 6211 minimum: 1 6212 maximum: 65535 6213 sdkServer: 6214 type: object 6215 title: Parameters for the SDK Server (sidecar) 6216 properties: 6217 logLevel: 6218 type: string 6219 description: | 6220 sdkServer log level parameter has three options: 6221 - "Info" (default) The SDK server will output all messages except for debug messages 6222 - "Debug" The SDK server will output all messages including debug messages 6223 - "Error" The SDK server will only output error messages 6224 - "Trace" The SDK server will output all messages, including detailed tracing information 6225 enum: 6226 - Error 6227 - Info 6228 - Debug 6229 - Trace 6230 grpcPort: 6231 title: The port on which the SDK server binds the gRPC server to accept incoming connections 6232 description: | 6233 Starting with Agones 1.2 the default gRPC port is 9357. In earlier releases, the default was 59357. 6234 type: integer 6235 minimum: 1 6236 maximum: 65535 6237 httpPort: 6238 title: The port on which the SDK server binds the HTTP gRPC gateway server to accept incoming connections 6239 description: | 6240 Starting with Agones 1.2 the default HTTP port is 9358. In earlier releases, the default was 59358. 6241 type: integer 6242 minimum: 1 6243 maximum: 65535 6244 scheduling: 6245 type: string 6246 enum: 6247 - Packed 6248 - Distributed 6249 health: 6250 type: object 6251 title: Health checking for the running game server 6252 properties: 6253 disabled: 6254 title: Disable health checking. defaults to false, but can be set to true 6255 type: boolean 6256 initialDelaySeconds: 6257 title: Number of seconds after the container has started before health check is initiated. Defaults to 5 seconds 6258 type: integer 6259 minimum: 0 6260 maximum: 2147483648 6261 periodSeconds: 6262 title: How long before the server is considered not healthy 6263 type: integer 6264 minimum: 0 6265 maximum: 2147483648 6266 failureThreshold: 6267 title: Minimum consecutive failures for the health probe to be considered failed after having succeeded. 6268 type: integer 6269 minimum: 1 6270 maximum: 2147483648 6271 players: 6272 type: object 6273 title: Configuration of player capacity 6274 nullable: true 6275 properties: 6276 initialCapacity: 6277 type: integer 6278 title: The initial player capacity of this Game Server 6279 minimum: 0 6280 counters: 6281 type: object 6282 title: Map of player, room, session, etc. counters 6283 nullable: true 6284 maxProperties: 1000 6285 additionalProperties: 6286 type: object 6287 properties: 6288 count: 6289 title: Initial count value 6290 type: integer 6291 default: 0 6292 minimum: 0 6293 capacity: 6294 title: Max capacity of the counter 6295 type: integer 6296 default: 1000 6297 minimum: 0 6298 lists: 6299 type: object 6300 title: Map of player, room, session, etc. lists 6301 nullable: true 6302 maxProperties: 1000 6303 additionalProperties: 6304 type: object 6305 properties: 6306 capacity: 6307 type: integer 6308 title: Max capacity of the array (can be less than or equal to value of maxItems) 6309 minimum: 0 6310 default: 1000 6311 maximum: 1000 # must be equal to values.maxItems 6312 values: 6313 title: set of all the items in the list 6314 type: array 6315 x-kubernetes-list-type: set # Requires items in the array to be unique 6316 maxItems: 1000 # max possible size of the value array (cannot be updated) 6317 items: # name of the item (player1, session1, room1, etc.) 6318 type: string 6319 default: [] 6320 eviction: 6321 type: object 6322 title: Eviction tolerance of the game server 6323 properties: 6324 safe: 6325 type: string 6326 title: Game server supports termination via SIGTERM 6327 description: | 6328 - Never: The game server should run to completion. Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"` and label `agones.dev/safe-to-evict: "false"`, which matches a restrictive PodDisruptionBudget. 6329 - OnUpgrade: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"`, which blocks evictions by Cluster Autoscaler. Evictions from node upgrades proceed normally. 6330 - Always: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated, typically within 10m; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "true"`, which allows evictions by Cluster Autoscaler. 6331 enum: 6332 - Always 6333 - OnUpgrade 6334 - Never 6335 immutableReplicas: 6336 type: integer 6337 title: Immutable count of Pods to a GameServer. Always 1. (Implementation detail of implementing the Scale subresource.) 6338 default: 1 6339 minimum: 1 6340 maximum: 1 6341 status: 6342 description: 'FleetStatus is the status of a Fleet. More info: 6343 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.Fleet' 6344 type: object 6345 properties: 6346 replicas: 6347 type: integer 6348 minimum: 0 6349 readyReplicas: 6350 type: integer 6351 minimum: 0 6352 reservedReplicas: 6353 type: integer 6354 minimum: 0 6355 allocatedReplicas: 6356 type: integer 6357 minimum: 0 6358 players: 6359 type: object 6360 nullable: true 6361 properties: 6362 count: 6363 type: integer 6364 minimum: 0 6365 capacity: 6366 type: integer 6367 minimum: 0 6368 counters: 6369 type: object 6370 title: Map of player, room, session, etc. counters 6371 nullable: true 6372 maxProperties: 1000 6373 additionalProperties: 6374 type: object 6375 properties: 6376 allocatedCount: # Aggregated count of the Counter across allocated GameServers in the Fleet 6377 type: integer 6378 minimum: 0 6379 allocatedCapacity: # Aggregated maximum capacity of the Counter across allocated GameServers in the Fleet 6380 type: integer 6381 minimum: 0 6382 count: # Aggregated count of the Counter across the Fleet 6383 type: integer 6384 default: 0 6385 minimum: 0 6386 capacity: # Aggregated maximum capacity of the Counter across the Fleet 6387 type: integer 6388 minimum: 0 6389 lists: 6390 type: object 6391 title: Map of player, room, session, etc. lists 6392 nullable: true 6393 maxProperties: 1000 6394 additionalProperties: 6395 type: object 6396 properties: 6397 allocatedCount: # Aggregated number of items in the List across allocated GameServers in the Fleet 6398 type: integer 6399 minimum: 0 6400 allocatedCapacity: # Aggregated maximum capacity of the List across allocated GameServers in the Fleet 6401 type: integer 6402 minimum: 0 6403 count: # Aggregated number of items in the List across the Fleet 6404 type: integer 6405 default: 0 6406 minimum: 0 6407 capacity: # Aggregated maximum capacity of the List across the Fleet 6408 type: integer 6409 minimum: 0 6410 subresources: 6411 # status enables the status subresource. 6412 status: { } 6413 # scale enables the scale subresource. 6414 scale: 6415 # specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas. 6416 specReplicasPath: .spec.replicas 6417 # statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas. 6418 statusReplicasPath: .status.replicas 6419 # labelSelectorPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Selector. 6420 labelSelectorPath: .status.labelSelector 6421 --- 6422 # Source: agones/templates/crds/fleetautoscaler.yaml 6423 # Copyright 2018 Google LLC All Rights Reserved. 6424 # 6425 # Licensed under the Apache License, Version 2.0 (the "License"); 6426 # you may not use this file except in compliance with the License. 6427 # You may obtain a copy of the License at 6428 # 6429 # http://www.apache.org/licenses/LICENSE-2.0 6430 # 6431 # Unless required by applicable law or agreed to in writing, software 6432 # distributed under the License is distributed on an "AS IS" BASIS, 6433 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 6434 # See the License for the specific language governing permissions and 6435 # limitations under the License. 6436 6437 apiVersion: apiextensions.k8s.io/v1 6438 kind: CustomResourceDefinition 6439 metadata: 6440 name: fleetautoscalers.autoscaling.agones.dev 6441 labels: 6442 component: crd 6443 app: agones 6444 chart: agones-1.54.0-dev 6445 release: agones-manual 6446 heritage: Helm 6447 spec: 6448 group: autoscaling.agones.dev 6449 names: 6450 kind: FleetAutoscaler 6451 plural: fleetautoscalers 6452 shortNames: 6453 - fas 6454 singular: fleetautoscaler 6455 scope: Namespaced 6456 versions: 6457 - name: v1 6458 served: true 6459 storage: true 6460 schema: 6461 openAPIV3Schema: 6462 description: 'FleetAutoscaler is the data structure for a FleetAutoscaler resource.' 6463 type: object 6464 properties: 6465 spec: 6466 description: 'FleetAutoscalerSpec is the spec for a Fleet Scaler. More info: 6467 https://agones.dev/site/docs/reference/agones_crd_api_reference/#autoscaling.agones.dev/v1.FleetAutoscaler' 6468 type: object 6469 required: 6470 - fleetName 6471 - policy 6472 properties: 6473 fleetName: 6474 type: string 6475 minLength: 1 6476 maxLength: 63 6477 pattern: "^[a-z0-9]([-\\.a-z0-9]*[a-z0-9])?$" 6478 policy: 6479 type: object 6480 required: 6481 - type 6482 properties: 6483 type: 6484 type: string 6485 enum: 6486 - Buffer 6487 - Webhook 6488 - Counter 6489 - List 6490 - Wasm 6491 - Schedule 6492 - Chain 6493 buffer: 6494 type: object 6495 nullable: true 6496 required: 6497 - maxReplicas 6498 properties: 6499 minReplicas: 6500 type: integer 6501 minimum: 0 6502 maxReplicas: 6503 type: integer 6504 minimum: 1 6505 bufferSize: 6506 x-kubernetes-int-or-string: true 6507 anyOf: 6508 - type: integer 6509 - type: string 6510 webhook: 6511 type: object 6512 nullable: true 6513 properties: 6514 url: 6515 type: string 6516 service: 6517 type: object 6518 required: 6519 - namespace 6520 - name 6521 properties: 6522 namespace: 6523 type: string 6524 name: 6525 type: string 6526 path: 6527 type: string 6528 port: 6529 type: integer 6530 caBundle: 6531 type: string 6532 format: byte 6533 counter: 6534 type: object 6535 nullable: true 6536 required: 6537 - key 6538 - bufferSize 6539 - maxCapacity 6540 properties: 6541 key: # The name of the Counter. 6542 type: string 6543 minCapacity: # Minimum aggregate counter capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6544 type: integer 6545 minimum: 0 6546 maxCapacity: # Maximum aggregate counter capacity that can be provided by this FleetAutoscaler. Required. 6547 type: integer 6548 minimum: 1 6549 bufferSize: # Size of a buffer of counted items that are available in the Fleet (available capacity). It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6550 x-kubernetes-int-or-string: true 6551 anyOf: 6552 - type: integer 6553 - type: string 6554 list: 6555 type: object 6556 nullable: true 6557 required: 6558 - key 6559 - bufferSize 6560 - maxCapacity 6561 properties: 6562 key: # The name of the List. 6563 type: string 6564 minCapacity: # Minimum aggregate list capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6565 type: integer 6566 minimum: 0 6567 maxCapacity: # Maximum aggregate list capacity that can be provided by this FleetAutoscaler. Required. 6568 type: integer 6569 minimum: 1 6570 bufferSize: # Size of a buffer based on the list capacity that is available over the current aggregate list length in the Fleet. It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6571 x-kubernetes-int-or-string: true 6572 anyOf: 6573 - type: integer 6574 - type: string 6575 schedule: # Defines when the policy is applied. 6576 type: object 6577 nullable: true 6578 required: 6579 - policy 6580 properties: 6581 between: 6582 type: object 6583 nullable: true 6584 properties: 6585 start: # Defines when to start evaluating the active period, must conform to RFC3339. 6586 type: string 6587 end: # Defines when to stop evaluating the active period, must conform to RFC3339. 6588 type: string 6589 activePeriod: 6590 type: object 6591 nullable: true 6592 properties: 6593 timezone: # Timezone to be used for the startCron field, must conform with the IANA Time Zone database (e.g. America/New_York). 6594 type: string 6595 startCron: # Cron expression defining when to start applying the policy. All TZ/CRON_TZ specification within startCron will be rejected, please use the timezone field above to specify a timezone. Must conform with UNIX CRON syntax. 6596 type: string 6597 duration: # The length of time the policy should be applied for (e.g. 2h45m). 6598 type: string 6599 policy: 6600 type: object 6601 required: 6602 - type 6603 properties: 6604 type: 6605 type: string 6606 enum: 6607 - Buffer 6608 - Webhook 6609 - Counter 6610 - List 6611 - Wasm 6612 buffer: 6613 type: object 6614 nullable: true 6615 required: 6616 - maxReplicas 6617 properties: 6618 minReplicas: 6619 type: integer 6620 minimum: 0 6621 maxReplicas: 6622 type: integer 6623 minimum: 1 6624 bufferSize: 6625 x-kubernetes-int-or-string: true 6626 anyOf: 6627 - type: integer 6628 - type: string 6629 webhook: 6630 type: object 6631 nullable: true 6632 properties: 6633 url: 6634 type: string 6635 service: 6636 type: object 6637 required: 6638 - namespace 6639 - name 6640 properties: 6641 namespace: 6642 type: string 6643 name: 6644 type: string 6645 path: 6646 type: string 6647 port: 6648 type: integer 6649 caBundle: 6650 type: string 6651 format: byte 6652 counter: 6653 type: object 6654 nullable: true 6655 required: 6656 - key 6657 - bufferSize 6658 - maxCapacity 6659 properties: 6660 key: # The name of the Counter. 6661 type: string 6662 minCapacity: # Minimum aggregate counter capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6663 type: integer 6664 minimum: 0 6665 maxCapacity: # Maximum aggregate counter capacity that can be provided by this FleetAutoscaler. Required. 6666 type: integer 6667 minimum: 1 6668 bufferSize: # Size of a buffer of counted items that are available in the Fleet (available capacity). It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6669 x-kubernetes-int-or-string: true 6670 anyOf: 6671 - type: integer 6672 - type: string 6673 list: 6674 type: object 6675 nullable: true 6676 required: 6677 - key 6678 - bufferSize 6679 - maxCapacity 6680 properties: 6681 key: # The name of the List. 6682 type: string 6683 minCapacity: # Minimum aggregate list capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6684 type: integer 6685 minimum: 0 6686 maxCapacity: # Maximum aggregate list capacity that can be provided by this FleetAutoscaler. Required. 6687 type: integer 6688 minimum: 1 6689 bufferSize: # Size of a buffer based on the list capacity that is available over the current aggregate list length in the Fleet. It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6690 x-kubernetes-int-or-string: true 6691 anyOf: 6692 - type: integer 6693 - type: string 6694 wasm: 6695 type: object 6696 nullable: true 6697 required: 6698 - from 6699 properties: 6700 function: # The exported function to call in the wasm module, defaults to 'scale' 6701 type: string 6702 default: "scale" 6703 config: # Config values to pass to the wasm program on startup 6704 type: object 6705 additionalProperties: 6706 type: string 6707 from: 6708 type: object 6709 required: 6710 - url 6711 properties: 6712 url: 6713 type: object 6714 nullable: true 6715 properties: 6716 url: 6717 type: string 6718 service: 6719 type: object 6720 required: 6721 - namespace 6722 - name 6723 properties: 6724 namespace: 6725 type: string 6726 name: 6727 type: string 6728 path: 6729 type: string 6730 port: 6731 type: integer 6732 caBundle: 6733 type: string 6734 format: byte 6735 hash: # optional sha256 hash to match against wasm file (it's optional, but recommended) 6736 type: string 6737 pattern: "^[a-fA-F0-9]{64}$" 6738 chain: 6739 type: array 6740 nullable: true 6741 items: 6742 type: object 6743 nullable: true 6744 required: 6745 - type 6746 properties: 6747 id: # The Id of a chain entry. 6748 type: string 6749 type: 6750 type: string 6751 enum: 6752 - Buffer 6753 - Webhook 6754 - Counter 6755 - List 6756 - Wasm 6757 - Schedule 6758 buffer: 6759 type: object 6760 nullable: true 6761 required: 6762 - maxReplicas 6763 properties: 6764 minReplicas: 6765 type: integer 6766 minimum: 0 6767 maxReplicas: 6768 type: integer 6769 minimum: 1 6770 bufferSize: 6771 x-kubernetes-int-or-string: true 6772 anyOf: 6773 - type: integer 6774 - type: string 6775 webhook: 6776 type: object 6777 nullable: true 6778 properties: 6779 url: 6780 type: string 6781 service: 6782 type: object 6783 required: 6784 - namespace 6785 - name 6786 properties: 6787 namespace: 6788 type: string 6789 name: 6790 type: string 6791 path: 6792 type: string 6793 port: 6794 type: integer 6795 caBundle: 6796 type: string 6797 format: byte 6798 counter: 6799 type: object 6800 nullable: true 6801 required: 6802 - key 6803 - bufferSize 6804 - maxCapacity 6805 properties: 6806 key: # The name of the Counter. 6807 type: string 6808 minCapacity: # Minimum aggregate counter capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6809 type: integer 6810 minimum: 0 6811 maxCapacity: # Maximum aggregate counter capacity that can be provided by this FleetAutoscaler. Required. 6812 type: integer 6813 minimum: 1 6814 bufferSize: # Size of a buffer of counted items that are available in the Fleet (available capacity). It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6815 x-kubernetes-int-or-string: true 6816 anyOf: 6817 - type: integer 6818 - type: string 6819 list: 6820 type: object 6821 nullable: true 6822 required: 6823 - key 6824 - bufferSize 6825 - maxCapacity 6826 properties: 6827 key: # The name of the List. 6828 type: string 6829 minCapacity: # Minimum aggregate list capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6830 type: integer 6831 minimum: 0 6832 maxCapacity: # Maximum aggregate list capacity that can be provided by this FleetAutoscaler. Required. 6833 type: integer 6834 minimum: 1 6835 bufferSize: # Size of a buffer based on the list capacity that is available over the current aggregate list length in the Fleet. It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6836 x-kubernetes-int-or-string: true 6837 anyOf: 6838 - type: integer 6839 - type: string 6840 schedule: # Defines when the policy is applied. 6841 type: object 6842 nullable: true 6843 required: 6844 - policy 6845 properties: 6846 between: 6847 type: object 6848 nullable: true 6849 properties: 6850 start: # Defines when to start evaluating the active period, must conform to RFC3339. 6851 type: string 6852 end: # Defines when to stop evaluating the active period, must conform to RFC3339. 6853 type: string 6854 activePeriod: 6855 type: object 6856 nullable: true 6857 properties: 6858 timezone: # Timezone to be used for the startCron field, must conform with the IANA Time Zone database (e.g. America/New_York). 6859 type: string 6860 startCron: # Cron expression defining when to start applying the policy. All TZ/CRON_TZ specification within startCron will be rejected, please use the timezone field above to specify a timezone. Must conform with UNIX CRON syntax. 6861 type: string 6862 duration: # The length of time the policy should be applied for (e.g. 2h45m). 6863 type: string 6864 policy: 6865 type: object 6866 required: 6867 - type 6868 properties: 6869 type: 6870 type: string 6871 enum: 6872 - Buffer 6873 - Webhook 6874 - Counter 6875 - List 6876 - Wasm 6877 buffer: 6878 type: object 6879 nullable: true 6880 required: 6881 - maxReplicas 6882 properties: 6883 minReplicas: 6884 type: integer 6885 minimum: 0 6886 maxReplicas: 6887 type: integer 6888 minimum: 1 6889 bufferSize: 6890 x-kubernetes-int-or-string: true 6891 anyOf: 6892 - type: integer 6893 - type: string 6894 webhook: 6895 type: object 6896 nullable: true 6897 properties: 6898 url: 6899 type: string 6900 service: 6901 type: object 6902 required: 6903 - namespace 6904 - name 6905 properties: 6906 namespace: 6907 type: string 6908 name: 6909 type: string 6910 path: 6911 type: string 6912 port: 6913 type: integer 6914 caBundle: 6915 type: string 6916 format: byte 6917 counter: 6918 type: object 6919 nullable: true 6920 required: 6921 - key 6922 - bufferSize 6923 - maxCapacity 6924 properties: 6925 key: # The name of the Counter. 6926 type: string 6927 minCapacity: # Minimum aggregate counter capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6928 type: integer 6929 minimum: 0 6930 maxCapacity: # Maximum aggregate counter capacity that can be provided by this FleetAutoscaler. Required. 6931 type: integer 6932 minimum: 1 6933 bufferSize: # Size of a buffer of counted items that are available in the Fleet (available capacity). It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6934 x-kubernetes-int-or-string: true 6935 anyOf: 6936 - type: integer 6937 - type: string 6938 list: 6939 type: object 6940 nullable: true 6941 required: 6942 - key 6943 - bufferSize 6944 - maxCapacity 6945 properties: 6946 key: # The name of the List. 6947 type: string 6948 minCapacity: # Minimum aggregate list capacity that can be provided by this FleetAutoscaler. If not specified, the actual minimum capacity will be bufferSize. 6949 type: integer 6950 minimum: 0 6951 maxCapacity: # Maximum aggregate list capacity that can be provided by this FleetAutoscaler. Required. 6952 type: integer 6953 minimum: 1 6954 bufferSize: # Size of a buffer based on the list capacity that is available over the current aggregate list length in the Fleet. It can be specified either in absolute (i.e. 5) or percentage format (i.e. 5%). 6955 x-kubernetes-int-or-string: true 6956 anyOf: 6957 - type: integer 6958 - type: string 6959 wasm: 6960 type: object 6961 nullable: true 6962 required: 6963 - from 6964 properties: 6965 function: # The exported function to call in the wasm module, defaults to 'scale' 6966 type: string 6967 default: "scale" 6968 config: # Config values to pass to the wasm program on startup 6969 type: object 6970 additionalProperties: 6971 type: string 6972 from: 6973 type: object 6974 required: 6975 - url 6976 properties: 6977 url: 6978 type: object 6979 nullable: true 6980 properties: 6981 url: 6982 type: string 6983 service: 6984 type: object 6985 required: 6986 - namespace 6987 - name 6988 properties: 6989 namespace: 6990 type: string 6991 name: 6992 type: string 6993 path: 6994 type: string 6995 port: 6996 type: integer 6997 caBundle: 6998 type: string 6999 format: byte 7000 hash: # optional sha256 hash to match against wasm file (it's optional, but recommended) 7001 type: string 7002 pattern: "^[a-fA-F0-9]{64}$" 7003 wasm: 7004 type: object 7005 nullable: true 7006 required: 7007 - from 7008 properties: 7009 function: # The exported function to call in the wasm module, defaults to 'scale' 7010 type: string 7011 default: "scale" 7012 config: # Config values to pass to the wasm program on startup 7013 type: object 7014 additionalProperties: 7015 type: string 7016 from: 7017 type: object 7018 required: 7019 - url 7020 properties: 7021 url: 7022 type: object 7023 nullable: true 7024 properties: 7025 url: 7026 type: string 7027 service: 7028 type: object 7029 required: 7030 - namespace 7031 - name 7032 properties: 7033 namespace: 7034 type: string 7035 name: 7036 type: string 7037 path: 7038 type: string 7039 port: 7040 type: integer 7041 caBundle: 7042 type: string 7043 format: byte 7044 hash: # optional sha256 hash to match against wasm file (it's optional, but recommended) 7045 type: string 7046 pattern: "^[a-fA-F0-9]{64}$" # Defines which policy to apply during the active period. Required. 7047 wasm: 7048 type: object 7049 nullable: true 7050 required: 7051 - from 7052 properties: 7053 function: # The exported function to call in the wasm module, defaults to 'scale' 7054 type: string 7055 default: "scale" 7056 config: # Config values to pass to the wasm program on startup 7057 type: object 7058 additionalProperties: 7059 type: string 7060 from: 7061 type: object 7062 required: 7063 - url 7064 properties: 7065 url: 7066 type: object 7067 nullable: true 7068 properties: 7069 url: 7070 type: string 7071 service: 7072 type: object 7073 required: 7074 - namespace 7075 - name 7076 properties: 7077 namespace: 7078 type: string 7079 name: 7080 type: string 7081 path: 7082 type: string 7083 port: 7084 type: integer 7085 caBundle: 7086 type: string 7087 format: byte 7088 hash: # optional sha256 hash to match against wasm file (it's optional, but recommended) 7089 type: string 7090 pattern: "^[a-fA-F0-9]{64}$" 7091 sync: 7092 type: object 7093 required: 7094 - type 7095 properties: 7096 type: 7097 type: string 7098 enum: 7099 - FixedInterval 7100 fixedInterval: 7101 type: object 7102 nullable: true 7103 required: 7104 - seconds 7105 properties: 7106 seconds: 7107 type: integer 7108 minimum: 0 7109 exclusiveMinimum: true 7110 status: 7111 description: 'FleetAutoscalerStatus defines the current status of a FleetAutoscaler. More info: 7112 https://agones.dev/site/docs/reference/agones_crd_api_reference/#autoscaling.agones.dev/v1.FleetAutoscaler' 7113 type: object 7114 properties: 7115 currentReplicas: 7116 type: integer 7117 desiredReplicas: 7118 type: integer 7119 lastScaleTime: 7120 type: string 7121 format: date-time 7122 nullable: true 7123 ableToScale: 7124 type: boolean 7125 scalingLimited: 7126 type: boolean 7127 lastAppliedPolicy: 7128 type: string 7129 default: "" 7130 subresources: 7131 # status enables the status subresource. 7132 status: {} 7133 --- 7134 # Source: agones/templates/crds/gameserver.yaml 7135 # Copyright 2018 Google LLC All Rights Reserved. 7136 # 7137 # Licensed under the Apache License, Version 2.0 (the "License"); 7138 # you may not use this file except in compliance with the License. 7139 # You may obtain a copy of the License at 7140 # 7141 # http://www.apache.org/licenses/LICENSE-2.0 7142 # 7143 # Unless required by applicable law or agreed to in writing, software 7144 # distributed under the License is distributed on an "AS IS" BASIS, 7145 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 7146 # See the License for the specific language governing permissions and 7147 # limitations under the License. 7148 7149 apiVersion: apiextensions.k8s.io/v1 7150 kind: CustomResourceDefinition 7151 metadata: 7152 name: gameservers.agones.dev 7153 labels: 7154 component: crd 7155 app: agones 7156 chart: agones-1.54.0-dev 7157 release: agones-manual 7158 heritage: Helm 7159 spec: 7160 group: agones.dev 7161 names: 7162 kind: GameServer 7163 plural: gameservers 7164 shortNames: 7165 - gs 7166 singular: gameserver 7167 scope: Namespaced 7168 versions: 7169 - name: v1 7170 served: true 7171 storage: true 7172 additionalPrinterColumns: 7173 - jsonPath: .status.state 7174 name: State 7175 type: string 7176 - jsonPath: .status.address 7177 name: Address 7178 type: string 7179 - jsonPath: .status.ports[0].port 7180 name: Port 7181 type: string 7182 - jsonPath: .status.nodeName 7183 name: Node 7184 type: string 7185 - jsonPath: .metadata.creationTimestamp 7186 name: Age 7187 type: date 7188 schema: 7189 openAPIV3Schema: 7190 description: 'GameServer is the data structure for a GameServer resource.' 7191 type: object 7192 required: 7193 - spec 7194 properties: 7195 spec: 7196 description: 'GameServerSpec is the spec for a GameServer resource. More info: 7197 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServer' 7198 type: object 7199 required: 7200 - template 7201 properties: 7202 template: 7203 description: PodTemplateSpec describes the data a pod should have when created from a template 7204 properties: 7205 metadata: 7206 description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" 7207 properties: 7208 annotations: 7209 additionalProperties: 7210 type: string 7211 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 7212 type: object 7213 creationTimestamp: 7214 description: |- 7215 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 7216 7217 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 7218 format: date-time 7219 nullable: true 7220 type: string 7221 deletionGracePeriodSeconds: 7222 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 7223 format: int64 7224 type: integer 7225 deletionTimestamp: 7226 description: |- 7227 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 7228 7229 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 7230 format: date-time 7231 type: string 7232 finalizers: 7233 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 7234 items: 7235 type: string 7236 type: array 7237 generateName: 7238 description: |- 7239 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 7240 7241 If this field is specified and the generated name exists, the server will return a 409. 7242 7243 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 7244 type: string 7245 generation: 7246 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 7247 format: int64 7248 type: integer 7249 labels: 7250 additionalProperties: 7251 type: string 7252 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 7253 type: object 7254 managedFields: 7255 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 7256 items: 7257 properties: 7258 apiVersion: 7259 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 7260 type: string 7261 fieldsType: 7262 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 7263 type: string 7264 fieldsV1: 7265 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 7266 type: object 7267 manager: 7268 description: Manager is an identifier of the workflow managing these fields. 7269 type: string 7270 operation: 7271 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 7272 type: string 7273 subresource: 7274 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 7275 type: string 7276 time: 7277 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 7278 format: date-time 7279 type: string 7280 type: object 7281 type: array 7282 name: 7283 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 7284 type: string 7285 namespace: 7286 description: |- 7287 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 7288 7289 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 7290 type: string 7291 ownerReferences: 7292 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 7293 items: 7294 properties: 7295 apiVersion: 7296 description: API version of the referent. 7297 type: string 7298 blockOwnerDeletion: 7299 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 7300 type: boolean 7301 controller: 7302 description: If true, this reference points to the managing controller. 7303 type: boolean 7304 kind: 7305 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 7306 type: string 7307 name: 7308 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 7309 type: string 7310 uid: 7311 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 7312 type: string 7313 required: 7314 - apiVersion 7315 - kind 7316 - name 7317 - uid 7318 type: object 7319 x-kubernetes-map-type: atomic 7320 type: array 7321 resourceVersion: 7322 description: |- 7323 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 7324 7325 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 7326 type: string 7327 selfLink: 7328 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 7329 type: string 7330 uid: 7331 description: |- 7332 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 7333 7334 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 7335 type: string 7336 type: object 7337 spec: 7338 description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" 7339 properties: 7340 activeDeadlineSeconds: 7341 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. 7342 format: int64 7343 type: integer 7344 affinity: 7345 description: If specified, the pod's scheduling constraints 7346 properties: 7347 nodeAffinity: 7348 description: Describes node affinity scheduling rules for the pod. 7349 properties: 7350 preferredDuringSchedulingIgnoredDuringExecution: 7351 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 7352 items: 7353 properties: 7354 preference: 7355 description: A node selector term, associated with the corresponding weight. 7356 properties: 7357 matchExpressions: 7358 description: A list of node selector requirements by node's labels. 7359 items: 7360 properties: 7361 key: 7362 description: The label key that the selector applies to. 7363 type: string 7364 operator: 7365 description: |- 7366 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 7367 7368 Possible enum values: 7369 - `"DoesNotExist"` 7370 - `"Exists"` 7371 - `"Gt"` 7372 - `"In"` 7373 - `"Lt"` 7374 - `"NotIn"` 7375 enum: 7376 - DoesNotExist 7377 - Exists 7378 - Gt 7379 - In 7380 - Lt 7381 - NotIn 7382 type: string 7383 values: 7384 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 7385 items: 7386 type: string 7387 type: array 7388 required: 7389 - key 7390 - operator 7391 type: object 7392 type: array 7393 matchFields: 7394 description: A list of node selector requirements by node's fields. 7395 items: 7396 properties: 7397 key: 7398 description: The label key that the selector applies to. 7399 type: string 7400 operator: 7401 description: |- 7402 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 7403 7404 Possible enum values: 7405 - `"DoesNotExist"` 7406 - `"Exists"` 7407 - `"Gt"` 7408 - `"In"` 7409 - `"Lt"` 7410 - `"NotIn"` 7411 enum: 7412 - DoesNotExist 7413 - Exists 7414 - Gt 7415 - In 7416 - Lt 7417 - NotIn 7418 type: string 7419 values: 7420 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 7421 items: 7422 type: string 7423 type: array 7424 required: 7425 - key 7426 - operator 7427 type: object 7428 type: array 7429 type: object 7430 x-kubernetes-map-type: atomic 7431 weight: 7432 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 7433 format: int32 7434 type: integer 7435 required: 7436 - weight 7437 - preference 7438 type: object 7439 type: array 7440 requiredDuringSchedulingIgnoredDuringExecution: 7441 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 7442 properties: 7443 nodeSelectorTerms: 7444 description: Required. A list of node selector terms. The terms are ORed. 7445 items: 7446 properties: 7447 matchExpressions: 7448 description: A list of node selector requirements by node's labels. 7449 items: 7450 properties: 7451 key: 7452 description: The label key that the selector applies to. 7453 type: string 7454 operator: 7455 description: |- 7456 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 7457 7458 Possible enum values: 7459 - `"DoesNotExist"` 7460 - `"Exists"` 7461 - `"Gt"` 7462 - `"In"` 7463 - `"Lt"` 7464 - `"NotIn"` 7465 enum: 7466 - DoesNotExist 7467 - Exists 7468 - Gt 7469 - In 7470 - Lt 7471 - NotIn 7472 type: string 7473 values: 7474 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 7475 items: 7476 type: string 7477 type: array 7478 required: 7479 - key 7480 - operator 7481 type: object 7482 type: array 7483 matchFields: 7484 description: A list of node selector requirements by node's fields. 7485 items: 7486 properties: 7487 key: 7488 description: The label key that the selector applies to. 7489 type: string 7490 operator: 7491 description: |- 7492 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 7493 7494 Possible enum values: 7495 - `"DoesNotExist"` 7496 - `"Exists"` 7497 - `"Gt"` 7498 - `"In"` 7499 - `"Lt"` 7500 - `"NotIn"` 7501 enum: 7502 - DoesNotExist 7503 - Exists 7504 - Gt 7505 - In 7506 - Lt 7507 - NotIn 7508 type: string 7509 values: 7510 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 7511 items: 7512 type: string 7513 type: array 7514 required: 7515 - key 7516 - operator 7517 type: object 7518 type: array 7519 type: object 7520 x-kubernetes-map-type: atomic 7521 type: array 7522 required: 7523 - nodeSelectorTerms 7524 type: object 7525 x-kubernetes-map-type: atomic 7526 type: object 7527 podAffinity: 7528 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 7529 properties: 7530 preferredDuringSchedulingIgnoredDuringExecution: 7531 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 7532 items: 7533 properties: 7534 podAffinityTerm: 7535 description: Required. A pod affinity term, associated with the corresponding weight. 7536 properties: 7537 labelSelector: 7538 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 7539 properties: 7540 matchExpressions: 7541 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7542 items: 7543 properties: 7544 key: 7545 description: key is the label key that the selector applies to. 7546 type: string 7547 operator: 7548 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7549 type: string 7550 values: 7551 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7552 items: 7553 type: string 7554 type: array 7555 required: 7556 - key 7557 - operator 7558 type: object 7559 type: array 7560 matchLabels: 7561 additionalProperties: 7562 type: string 7563 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7564 type: object 7565 type: object 7566 x-kubernetes-map-type: atomic 7567 matchLabelKeys: 7568 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 7569 items: 7570 type: string 7571 type: array 7572 mismatchLabelKeys: 7573 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 7574 items: 7575 type: string 7576 type: array 7577 namespaceSelector: 7578 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 7579 properties: 7580 matchExpressions: 7581 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7582 items: 7583 properties: 7584 key: 7585 description: key is the label key that the selector applies to. 7586 type: string 7587 operator: 7588 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7589 type: string 7590 values: 7591 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7592 items: 7593 type: string 7594 type: array 7595 required: 7596 - key 7597 - operator 7598 type: object 7599 type: array 7600 matchLabels: 7601 additionalProperties: 7602 type: string 7603 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7604 type: object 7605 type: object 7606 x-kubernetes-map-type: atomic 7607 namespaces: 7608 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 7609 items: 7610 type: string 7611 type: array 7612 topologyKey: 7613 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 7614 type: string 7615 required: 7616 - topologyKey 7617 type: object 7618 weight: 7619 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 7620 format: int32 7621 type: integer 7622 required: 7623 - weight 7624 - podAffinityTerm 7625 type: object 7626 type: array 7627 requiredDuringSchedulingIgnoredDuringExecution: 7628 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 7629 items: 7630 properties: 7631 labelSelector: 7632 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 7633 properties: 7634 matchExpressions: 7635 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7636 items: 7637 properties: 7638 key: 7639 description: key is the label key that the selector applies to. 7640 type: string 7641 operator: 7642 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7643 type: string 7644 values: 7645 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7646 items: 7647 type: string 7648 type: array 7649 required: 7650 - key 7651 - operator 7652 type: object 7653 type: array 7654 matchLabels: 7655 additionalProperties: 7656 type: string 7657 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7658 type: object 7659 type: object 7660 x-kubernetes-map-type: atomic 7661 matchLabelKeys: 7662 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 7663 items: 7664 type: string 7665 type: array 7666 mismatchLabelKeys: 7667 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 7668 items: 7669 type: string 7670 type: array 7671 namespaceSelector: 7672 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 7673 properties: 7674 matchExpressions: 7675 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7676 items: 7677 properties: 7678 key: 7679 description: key is the label key that the selector applies to. 7680 type: string 7681 operator: 7682 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7683 type: string 7684 values: 7685 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7686 items: 7687 type: string 7688 type: array 7689 required: 7690 - key 7691 - operator 7692 type: object 7693 type: array 7694 matchLabels: 7695 additionalProperties: 7696 type: string 7697 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7698 type: object 7699 type: object 7700 x-kubernetes-map-type: atomic 7701 namespaces: 7702 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 7703 items: 7704 type: string 7705 type: array 7706 topologyKey: 7707 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 7708 type: string 7709 required: 7710 - topologyKey 7711 type: object 7712 type: array 7713 type: object 7714 podAntiAffinity: 7715 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 7716 properties: 7717 preferredDuringSchedulingIgnoredDuringExecution: 7718 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 7719 items: 7720 properties: 7721 podAffinityTerm: 7722 description: Required. A pod affinity term, associated with the corresponding weight. 7723 properties: 7724 labelSelector: 7725 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 7726 properties: 7727 matchExpressions: 7728 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7729 items: 7730 properties: 7731 key: 7732 description: key is the label key that the selector applies to. 7733 type: string 7734 operator: 7735 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7736 type: string 7737 values: 7738 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7739 items: 7740 type: string 7741 type: array 7742 required: 7743 - key 7744 - operator 7745 type: object 7746 type: array 7747 matchLabels: 7748 additionalProperties: 7749 type: string 7750 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7751 type: object 7752 type: object 7753 x-kubernetes-map-type: atomic 7754 matchLabelKeys: 7755 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 7756 items: 7757 type: string 7758 type: array 7759 mismatchLabelKeys: 7760 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 7761 items: 7762 type: string 7763 type: array 7764 namespaceSelector: 7765 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 7766 properties: 7767 matchExpressions: 7768 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7769 items: 7770 properties: 7771 key: 7772 description: key is the label key that the selector applies to. 7773 type: string 7774 operator: 7775 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7776 type: string 7777 values: 7778 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7779 items: 7780 type: string 7781 type: array 7782 required: 7783 - key 7784 - operator 7785 type: object 7786 type: array 7787 matchLabels: 7788 additionalProperties: 7789 type: string 7790 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7791 type: object 7792 type: object 7793 x-kubernetes-map-type: atomic 7794 namespaces: 7795 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 7796 items: 7797 type: string 7798 type: array 7799 topologyKey: 7800 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 7801 type: string 7802 required: 7803 - topologyKey 7804 type: object 7805 weight: 7806 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 7807 format: int32 7808 type: integer 7809 required: 7810 - weight 7811 - podAffinityTerm 7812 type: object 7813 type: array 7814 requiredDuringSchedulingIgnoredDuringExecution: 7815 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 7816 items: 7817 properties: 7818 labelSelector: 7819 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 7820 properties: 7821 matchExpressions: 7822 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7823 items: 7824 properties: 7825 key: 7826 description: key is the label key that the selector applies to. 7827 type: string 7828 operator: 7829 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7830 type: string 7831 values: 7832 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7833 items: 7834 type: string 7835 type: array 7836 required: 7837 - key 7838 - operator 7839 type: object 7840 type: array 7841 matchLabels: 7842 additionalProperties: 7843 type: string 7844 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7845 type: object 7846 type: object 7847 x-kubernetes-map-type: atomic 7848 matchLabelKeys: 7849 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 7850 items: 7851 type: string 7852 type: array 7853 mismatchLabelKeys: 7854 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 7855 items: 7856 type: string 7857 type: array 7858 namespaceSelector: 7859 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 7860 properties: 7861 matchExpressions: 7862 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7863 items: 7864 properties: 7865 key: 7866 description: key is the label key that the selector applies to. 7867 type: string 7868 operator: 7869 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 7870 type: string 7871 values: 7872 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 7873 items: 7874 type: string 7875 type: array 7876 required: 7877 - key 7878 - operator 7879 type: object 7880 type: array 7881 matchLabels: 7882 additionalProperties: 7883 type: string 7884 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 7885 type: object 7886 type: object 7887 x-kubernetes-map-type: atomic 7888 namespaces: 7889 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 7890 items: 7891 type: string 7892 type: array 7893 topologyKey: 7894 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 7895 type: string 7896 required: 7897 - topologyKey 7898 type: object 7899 type: array 7900 type: object 7901 type: object 7902 automountServiceAccountToken: 7903 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 7904 type: boolean 7905 containers: 7906 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. 7907 items: 7908 properties: 7909 args: 7910 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 7911 items: 7912 type: string 7913 type: array 7914 command: 7915 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 7916 items: 7917 type: string 7918 type: array 7919 env: 7920 description: List of environment variables to set in the container. Cannot be updated. 7921 items: 7922 properties: 7923 name: 7924 description: Name of the environment variable. Must be a C_IDENTIFIER. 7925 type: string 7926 value: 7927 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 7928 type: string 7929 valueFrom: 7930 description: Source for the environment variable's value. Cannot be used if value is not empty. 7931 properties: 7932 configMapKeyRef: 7933 description: Selects a key of a ConfigMap. 7934 properties: 7935 key: 7936 description: The key to select. 7937 type: string 7938 name: 7939 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 7940 type: string 7941 optional: 7942 description: Specify whether the ConfigMap or its key must be defined 7943 type: boolean 7944 required: 7945 - key 7946 type: object 7947 x-kubernetes-map-type: atomic 7948 fieldRef: 7949 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 7950 properties: 7951 apiVersion: 7952 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 7953 type: string 7954 fieldPath: 7955 description: Path of the field to select in the specified API version. 7956 type: string 7957 required: 7958 - fieldPath 7959 type: object 7960 x-kubernetes-map-type: atomic 7961 resourceFieldRef: 7962 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 7963 properties: 7964 containerName: 7965 description: "Container name: required for volumes, optional for env vars" 7966 type: string 7967 divisor: 7968 description: Specifies the output format of the exposed resources, defaults to "1" 7969 type: string 7970 resource: 7971 description: "Required: resource to select" 7972 type: string 7973 required: 7974 - resource 7975 type: object 7976 x-kubernetes-map-type: atomic 7977 secretKeyRef: 7978 description: Selects a key of a secret in the pod's namespace 7979 properties: 7980 key: 7981 description: The key of the secret to select from. Must be a valid secret key. 7982 type: string 7983 name: 7984 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 7985 type: string 7986 optional: 7987 description: Specify whether the Secret or its key must be defined 7988 type: boolean 7989 required: 7990 - key 7991 type: object 7992 x-kubernetes-map-type: atomic 7993 type: object 7994 required: 7995 - name 7996 type: object 7997 type: array 7998 envFrom: 7999 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 8000 items: 8001 properties: 8002 configMapRef: 8003 description: The ConfigMap to select from 8004 properties: 8005 name: 8006 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 8007 type: string 8008 optional: 8009 description: Specify whether the ConfigMap must be defined 8010 type: boolean 8011 type: object 8012 prefix: 8013 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 8014 type: string 8015 secretRef: 8016 description: The Secret to select from 8017 properties: 8018 name: 8019 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 8020 type: string 8021 optional: 8022 description: Specify whether the Secret must be defined 8023 type: boolean 8024 type: object 8025 type: object 8026 type: array 8027 image: 8028 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 8029 type: string 8030 imagePullPolicy: 8031 description: |- 8032 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 8033 8034 Possible enum values: 8035 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 8036 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 8037 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 8038 enum: 8039 - Always 8040 - IfNotPresent 8041 - Never 8042 type: string 8043 lifecycle: 8044 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 8045 properties: 8046 postStart: 8047 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 8048 properties: 8049 exec: 8050 description: Exec specifies a command to execute in the container. 8051 properties: 8052 command: 8053 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 8054 items: 8055 type: string 8056 type: array 8057 type: object 8058 httpGet: 8059 description: HTTPGet specifies an HTTP GET request to perform. 8060 properties: 8061 host: 8062 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 8063 type: string 8064 httpHeaders: 8065 description: Custom headers to set in the request. HTTP allows repeated headers. 8066 items: 8067 properties: 8068 name: 8069 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 8070 type: string 8071 value: 8072 description: The header field value 8073 type: string 8074 required: 8075 - name 8076 - value 8077 type: object 8078 type: array 8079 path: 8080 description: Path to access on the HTTP server. 8081 type: string 8082 port: 8083 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8084 format: int-or-string 8085 x-kubernetes-int-or-string: true 8086 scheme: 8087 description: |- 8088 Scheme to use for connecting to the host. Defaults to HTTP. 8089 8090 Possible enum values: 8091 - `"HTTP"` means that the scheme used will be http:// 8092 - `"HTTPS"` means that the scheme used will be https:// 8093 enum: 8094 - HTTP 8095 - HTTPS 8096 type: string 8097 required: 8098 - port 8099 type: object 8100 sleep: 8101 description: Sleep represents a duration that the container should sleep. 8102 properties: 8103 seconds: 8104 description: Seconds is the number of seconds to sleep. 8105 format: int64 8106 type: integer 8107 required: 8108 - seconds 8109 type: object 8110 tcpSocket: 8111 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 8112 properties: 8113 host: 8114 description: "Optional: Host name to connect to, defaults to the pod IP." 8115 type: string 8116 port: 8117 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8118 format: int-or-string 8119 x-kubernetes-int-or-string: true 8120 required: 8121 - port 8122 type: object 8123 type: object 8124 preStop: 8125 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 8126 properties: 8127 exec: 8128 description: Exec specifies a command to execute in the container. 8129 properties: 8130 command: 8131 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 8132 items: 8133 type: string 8134 type: array 8135 type: object 8136 httpGet: 8137 description: HTTPGet specifies an HTTP GET request to perform. 8138 properties: 8139 host: 8140 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 8141 type: string 8142 httpHeaders: 8143 description: Custom headers to set in the request. HTTP allows repeated headers. 8144 items: 8145 properties: 8146 name: 8147 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 8148 type: string 8149 value: 8150 description: The header field value 8151 type: string 8152 required: 8153 - name 8154 - value 8155 type: object 8156 type: array 8157 path: 8158 description: Path to access on the HTTP server. 8159 type: string 8160 port: 8161 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8162 format: int-or-string 8163 x-kubernetes-int-or-string: true 8164 scheme: 8165 description: |- 8166 Scheme to use for connecting to the host. Defaults to HTTP. 8167 8168 Possible enum values: 8169 - `"HTTP"` means that the scheme used will be http:// 8170 - `"HTTPS"` means that the scheme used will be https:// 8171 enum: 8172 - HTTP 8173 - HTTPS 8174 type: string 8175 required: 8176 - port 8177 type: object 8178 sleep: 8179 description: Sleep represents a duration that the container should sleep. 8180 properties: 8181 seconds: 8182 description: Seconds is the number of seconds to sleep. 8183 format: int64 8184 type: integer 8185 required: 8186 - seconds 8187 type: object 8188 tcpSocket: 8189 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 8190 properties: 8191 host: 8192 description: "Optional: Host name to connect to, defaults to the pod IP." 8193 type: string 8194 port: 8195 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8196 format: int-or-string 8197 x-kubernetes-int-or-string: true 8198 required: 8199 - port 8200 type: object 8201 type: object 8202 stopSignal: 8203 description: |- 8204 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 8205 8206 Possible enum values: 8207 - `"SIGABRT"` 8208 - `"SIGALRM"` 8209 - `"SIGBUS"` 8210 - `"SIGCHLD"` 8211 - `"SIGCLD"` 8212 - `"SIGCONT"` 8213 - `"SIGFPE"` 8214 - `"SIGHUP"` 8215 - `"SIGILL"` 8216 - `"SIGINT"` 8217 - `"SIGIO"` 8218 - `"SIGIOT"` 8219 - `"SIGKILL"` 8220 - `"SIGPIPE"` 8221 - `"SIGPOLL"` 8222 - `"SIGPROF"` 8223 - `"SIGPWR"` 8224 - `"SIGQUIT"` 8225 - `"SIGRTMAX"` 8226 - `"SIGRTMAX-1"` 8227 - `"SIGRTMAX-10"` 8228 - `"SIGRTMAX-11"` 8229 - `"SIGRTMAX-12"` 8230 - `"SIGRTMAX-13"` 8231 - `"SIGRTMAX-14"` 8232 - `"SIGRTMAX-2"` 8233 - `"SIGRTMAX-3"` 8234 - `"SIGRTMAX-4"` 8235 - `"SIGRTMAX-5"` 8236 - `"SIGRTMAX-6"` 8237 - `"SIGRTMAX-7"` 8238 - `"SIGRTMAX-8"` 8239 - `"SIGRTMAX-9"` 8240 - `"SIGRTMIN"` 8241 - `"SIGRTMIN+1"` 8242 - `"SIGRTMIN+10"` 8243 - `"SIGRTMIN+11"` 8244 - `"SIGRTMIN+12"` 8245 - `"SIGRTMIN+13"` 8246 - `"SIGRTMIN+14"` 8247 - `"SIGRTMIN+15"` 8248 - `"SIGRTMIN+2"` 8249 - `"SIGRTMIN+3"` 8250 - `"SIGRTMIN+4"` 8251 - `"SIGRTMIN+5"` 8252 - `"SIGRTMIN+6"` 8253 - `"SIGRTMIN+7"` 8254 - `"SIGRTMIN+8"` 8255 - `"SIGRTMIN+9"` 8256 - `"SIGSEGV"` 8257 - `"SIGSTKFLT"` 8258 - `"SIGSTOP"` 8259 - `"SIGSYS"` 8260 - `"SIGTERM"` 8261 - `"SIGTRAP"` 8262 - `"SIGTSTP"` 8263 - `"SIGTTIN"` 8264 - `"SIGTTOU"` 8265 - `"SIGURG"` 8266 - `"SIGUSR1"` 8267 - `"SIGUSR2"` 8268 - `"SIGVTALRM"` 8269 - `"SIGWINCH"` 8270 - `"SIGXCPU"` 8271 - `"SIGXFSZ"` 8272 enum: 8273 - SIGABRT 8274 - SIGALRM 8275 - SIGBUS 8276 - SIGCHLD 8277 - SIGCLD 8278 - SIGCONT 8279 - SIGFPE 8280 - SIGHUP 8281 - SIGILL 8282 - SIGINT 8283 - SIGIO 8284 - SIGIOT 8285 - SIGKILL 8286 - SIGPIPE 8287 - SIGPOLL 8288 - SIGPROF 8289 - SIGPWR 8290 - SIGQUIT 8291 - SIGRTMAX 8292 - SIGRTMAX-1 8293 - SIGRTMAX-10 8294 - SIGRTMAX-11 8295 - SIGRTMAX-12 8296 - SIGRTMAX-13 8297 - SIGRTMAX-14 8298 - SIGRTMAX-2 8299 - SIGRTMAX-3 8300 - SIGRTMAX-4 8301 - SIGRTMAX-5 8302 - SIGRTMAX-6 8303 - SIGRTMAX-7 8304 - SIGRTMAX-8 8305 - SIGRTMAX-9 8306 - SIGRTMIN 8307 - SIGRTMIN+1 8308 - SIGRTMIN+10 8309 - SIGRTMIN+11 8310 - SIGRTMIN+12 8311 - SIGRTMIN+13 8312 - SIGRTMIN+14 8313 - SIGRTMIN+15 8314 - SIGRTMIN+2 8315 - SIGRTMIN+3 8316 - SIGRTMIN+4 8317 - SIGRTMIN+5 8318 - SIGRTMIN+6 8319 - SIGRTMIN+7 8320 - SIGRTMIN+8 8321 - SIGRTMIN+9 8322 - SIGSEGV 8323 - SIGSTKFLT 8324 - SIGSTOP 8325 - SIGSYS 8326 - SIGTERM 8327 - SIGTRAP 8328 - SIGTSTP 8329 - SIGTTIN 8330 - SIGTTOU 8331 - SIGURG 8332 - SIGUSR1 8333 - SIGUSR2 8334 - SIGVTALRM 8335 - SIGWINCH 8336 - SIGXCPU 8337 - SIGXFSZ 8338 type: string 8339 type: object 8340 livenessProbe: 8341 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8342 properties: 8343 exec: 8344 description: Exec specifies a command to execute in the container. 8345 properties: 8346 command: 8347 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 8348 items: 8349 type: string 8350 type: array 8351 type: object 8352 failureThreshold: 8353 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 8354 format: int32 8355 type: integer 8356 grpc: 8357 description: GRPC specifies a GRPC HealthCheckRequest. 8358 properties: 8359 port: 8360 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 8361 format: int32 8362 type: integer 8363 service: 8364 description: |- 8365 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8366 8367 If this is not specified, the default behavior is defined by gRPC. 8368 type: string 8369 required: 8370 - port 8371 type: object 8372 httpGet: 8373 description: HTTPGet specifies an HTTP GET request to perform. 8374 properties: 8375 host: 8376 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 8377 type: string 8378 httpHeaders: 8379 description: Custom headers to set in the request. HTTP allows repeated headers. 8380 items: 8381 properties: 8382 name: 8383 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 8384 type: string 8385 value: 8386 description: The header field value 8387 type: string 8388 required: 8389 - name 8390 - value 8391 type: object 8392 type: array 8393 path: 8394 description: Path to access on the HTTP server. 8395 type: string 8396 port: 8397 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8398 format: int-or-string 8399 x-kubernetes-int-or-string: true 8400 scheme: 8401 description: |- 8402 Scheme to use for connecting to the host. Defaults to HTTP. 8403 8404 Possible enum values: 8405 - `"HTTP"` means that the scheme used will be http:// 8406 - `"HTTPS"` means that the scheme used will be https:// 8407 enum: 8408 - HTTP 8409 - HTTPS 8410 type: string 8411 required: 8412 - port 8413 type: object 8414 initialDelaySeconds: 8415 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8416 format: int32 8417 type: integer 8418 periodSeconds: 8419 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 8420 format: int32 8421 type: integer 8422 successThreshold: 8423 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 8424 format: int32 8425 type: integer 8426 tcpSocket: 8427 description: TCPSocket specifies a connection to a TCP port. 8428 properties: 8429 host: 8430 description: "Optional: Host name to connect to, defaults to the pod IP." 8431 type: string 8432 port: 8433 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8434 format: int-or-string 8435 x-kubernetes-int-or-string: true 8436 required: 8437 - port 8438 type: object 8439 terminationGracePeriodSeconds: 8440 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 8441 format: int64 8442 type: integer 8443 timeoutSeconds: 8444 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8445 format: int32 8446 type: integer 8447 type: object 8448 name: 8449 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 8450 type: string 8451 ports: 8452 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 8453 items: 8454 properties: 8455 containerPort: 8456 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 8457 format: int32 8458 type: integer 8459 hostIP: 8460 description: What host IP to bind the external port to. 8461 type: string 8462 hostPort: 8463 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 8464 format: int32 8465 type: integer 8466 name: 8467 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 8468 type: string 8469 protocol: 8470 description: |- 8471 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 8472 8473 Possible enum values: 8474 - `"SCTP"` is the SCTP protocol. 8475 - `"TCP"` is the TCP protocol. 8476 - `"UDP"` is the UDP protocol. 8477 enum: 8478 - SCTP 8479 - TCP 8480 - UDP 8481 type: string 8482 required: 8483 - containerPort 8484 type: object 8485 type: array 8486 readinessProbe: 8487 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8488 properties: 8489 exec: 8490 description: Exec specifies a command to execute in the container. 8491 properties: 8492 command: 8493 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 8494 items: 8495 type: string 8496 type: array 8497 type: object 8498 failureThreshold: 8499 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 8500 format: int32 8501 type: integer 8502 grpc: 8503 description: GRPC specifies a GRPC HealthCheckRequest. 8504 properties: 8505 port: 8506 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 8507 format: int32 8508 type: integer 8509 service: 8510 description: |- 8511 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8512 8513 If this is not specified, the default behavior is defined by gRPC. 8514 type: string 8515 required: 8516 - port 8517 type: object 8518 httpGet: 8519 description: HTTPGet specifies an HTTP GET request to perform. 8520 properties: 8521 host: 8522 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 8523 type: string 8524 httpHeaders: 8525 description: Custom headers to set in the request. HTTP allows repeated headers. 8526 items: 8527 properties: 8528 name: 8529 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 8530 type: string 8531 value: 8532 description: The header field value 8533 type: string 8534 required: 8535 - name 8536 - value 8537 type: object 8538 type: array 8539 path: 8540 description: Path to access on the HTTP server. 8541 type: string 8542 port: 8543 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8544 format: int-or-string 8545 x-kubernetes-int-or-string: true 8546 scheme: 8547 description: |- 8548 Scheme to use for connecting to the host. Defaults to HTTP. 8549 8550 Possible enum values: 8551 - `"HTTP"` means that the scheme used will be http:// 8552 - `"HTTPS"` means that the scheme used will be https:// 8553 enum: 8554 - HTTP 8555 - HTTPS 8556 type: string 8557 required: 8558 - port 8559 type: object 8560 initialDelaySeconds: 8561 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8562 format: int32 8563 type: integer 8564 periodSeconds: 8565 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 8566 format: int32 8567 type: integer 8568 successThreshold: 8569 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 8570 format: int32 8571 type: integer 8572 tcpSocket: 8573 description: TCPSocket specifies a connection to a TCP port. 8574 properties: 8575 host: 8576 description: "Optional: Host name to connect to, defaults to the pod IP." 8577 type: string 8578 port: 8579 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8580 format: int-or-string 8581 x-kubernetes-int-or-string: true 8582 required: 8583 - port 8584 type: object 8585 terminationGracePeriodSeconds: 8586 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 8587 format: int64 8588 type: integer 8589 timeoutSeconds: 8590 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8591 format: int32 8592 type: integer 8593 type: object 8594 resizePolicy: 8595 description: Resources resize policy for the container. 8596 items: 8597 properties: 8598 resourceName: 8599 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 8600 type: string 8601 restartPolicy: 8602 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 8603 type: string 8604 required: 8605 - resourceName 8606 - restartPolicy 8607 type: object 8608 type: array 8609 resources: 8610 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 8611 properties: 8612 claims: 8613 description: |- 8614 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 8615 8616 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 8617 8618 This field is immutable. It can only be set for containers. 8619 items: 8620 properties: 8621 name: 8622 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 8623 type: string 8624 request: 8625 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 8626 type: string 8627 required: 8628 - name 8629 type: object 8630 type: array 8631 limits: 8632 additionalProperties: 8633 type: string 8634 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 8635 type: object 8636 requests: 8637 additionalProperties: 8638 type: string 8639 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 8640 type: object 8641 type: object 8642 restartPolicy: 8643 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 8644 type: string 8645 securityContext: 8646 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 8647 properties: 8648 allowPrivilegeEscalation: 8649 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 8650 type: boolean 8651 appArmorProfile: 8652 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 8653 properties: 8654 localhostProfile: 8655 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 8656 type: string 8657 type: 8658 description: |- 8659 type indicates which kind of AppArmor profile will be applied. Valid options are: 8660 Localhost - a profile pre-loaded on the node. 8661 RuntimeDefault - the container runtime's default profile. 8662 Unconfined - no AppArmor enforcement. 8663 8664 Possible enum values: 8665 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 8666 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 8667 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 8668 enum: 8669 - Localhost 8670 - RuntimeDefault 8671 - Unconfined 8672 type: string 8673 required: 8674 - type 8675 type: object 8676 capabilities: 8677 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 8678 properties: 8679 add: 8680 description: Added capabilities 8681 items: 8682 type: string 8683 type: array 8684 drop: 8685 description: Removed capabilities 8686 items: 8687 type: string 8688 type: array 8689 type: object 8690 privileged: 8691 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 8692 type: boolean 8693 procMount: 8694 description: |- 8695 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 8696 8697 Possible enum values: 8698 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 8699 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 8700 enum: 8701 - Default 8702 - Unmasked 8703 type: string 8704 readOnlyRootFilesystem: 8705 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 8706 type: boolean 8707 runAsGroup: 8708 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 8709 format: int64 8710 type: integer 8711 runAsNonRoot: 8712 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 8713 type: boolean 8714 runAsUser: 8715 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 8716 format: int64 8717 type: integer 8718 seLinuxOptions: 8719 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 8720 properties: 8721 level: 8722 description: Level is SELinux level label that applies to the container. 8723 type: string 8724 role: 8725 description: Role is a SELinux role label that applies to the container. 8726 type: string 8727 type: 8728 description: Type is a SELinux type label that applies to the container. 8729 type: string 8730 user: 8731 description: User is a SELinux user label that applies to the container. 8732 type: string 8733 type: object 8734 seccompProfile: 8735 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 8736 properties: 8737 localhostProfile: 8738 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 8739 type: string 8740 type: 8741 description: |- 8742 type indicates which kind of seccomp profile will be applied. Valid options are: 8743 8744 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 8745 8746 Possible enum values: 8747 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 8748 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 8749 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 8750 enum: 8751 - Localhost 8752 - RuntimeDefault 8753 - Unconfined 8754 type: string 8755 required: 8756 - type 8757 type: object 8758 windowsOptions: 8759 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 8760 properties: 8761 gmsaCredentialSpec: 8762 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 8763 type: string 8764 gmsaCredentialSpecName: 8765 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 8766 type: string 8767 hostProcess: 8768 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 8769 type: boolean 8770 runAsUserName: 8771 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 8772 type: string 8773 type: object 8774 type: object 8775 startupProbe: 8776 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8777 properties: 8778 exec: 8779 description: Exec specifies a command to execute in the container. 8780 properties: 8781 command: 8782 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 8783 items: 8784 type: string 8785 type: array 8786 type: object 8787 failureThreshold: 8788 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 8789 format: int32 8790 type: integer 8791 grpc: 8792 description: GRPC specifies a GRPC HealthCheckRequest. 8793 properties: 8794 port: 8795 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 8796 format: int32 8797 type: integer 8798 service: 8799 description: |- 8800 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8801 8802 If this is not specified, the default behavior is defined by gRPC. 8803 type: string 8804 required: 8805 - port 8806 type: object 8807 httpGet: 8808 description: HTTPGet specifies an HTTP GET request to perform. 8809 properties: 8810 host: 8811 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 8812 type: string 8813 httpHeaders: 8814 description: Custom headers to set in the request. HTTP allows repeated headers. 8815 items: 8816 properties: 8817 name: 8818 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 8819 type: string 8820 value: 8821 description: The header field value 8822 type: string 8823 required: 8824 - name 8825 - value 8826 type: object 8827 type: array 8828 path: 8829 description: Path to access on the HTTP server. 8830 type: string 8831 port: 8832 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8833 format: int-or-string 8834 x-kubernetes-int-or-string: true 8835 scheme: 8836 description: |- 8837 Scheme to use for connecting to the host. Defaults to HTTP. 8838 8839 Possible enum values: 8840 - `"HTTP"` means that the scheme used will be http:// 8841 - `"HTTPS"` means that the scheme used will be https:// 8842 enum: 8843 - HTTP 8844 - HTTPS 8845 type: string 8846 required: 8847 - port 8848 type: object 8849 initialDelaySeconds: 8850 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8851 format: int32 8852 type: integer 8853 periodSeconds: 8854 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 8855 format: int32 8856 type: integer 8857 successThreshold: 8858 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 8859 format: int32 8860 type: integer 8861 tcpSocket: 8862 description: TCPSocket specifies a connection to a TCP port. 8863 properties: 8864 host: 8865 description: "Optional: Host name to connect to, defaults to the pod IP." 8866 type: string 8867 port: 8868 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8869 format: int-or-string 8870 x-kubernetes-int-or-string: true 8871 required: 8872 - port 8873 type: object 8874 terminationGracePeriodSeconds: 8875 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 8876 format: int64 8877 type: integer 8878 timeoutSeconds: 8879 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 8880 format: int32 8881 type: integer 8882 type: object 8883 stdin: 8884 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 8885 type: boolean 8886 stdinOnce: 8887 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 8888 type: boolean 8889 terminationMessagePath: 8890 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 8891 type: string 8892 terminationMessagePolicy: 8893 description: |- 8894 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 8895 8896 Possible enum values: 8897 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 8898 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 8899 enum: 8900 - FallbackToLogsOnError 8901 - File 8902 type: string 8903 tty: 8904 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 8905 type: boolean 8906 volumeDevices: 8907 description: volumeDevices is the list of block devices to be used by the container. 8908 items: 8909 properties: 8910 devicePath: 8911 description: devicePath is the path inside of the container that the device will be mapped to. 8912 type: string 8913 name: 8914 description: name must match the name of a persistentVolumeClaim in the pod 8915 type: string 8916 required: 8917 - name 8918 - devicePath 8919 type: object 8920 type: array 8921 volumeMounts: 8922 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 8923 items: 8924 properties: 8925 mountPath: 8926 description: Path within the container at which the volume should be mounted. Must not contain ':'. 8927 type: string 8928 mountPropagation: 8929 description: |- 8930 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 8931 8932 Possible enum values: 8933 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 8934 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 8935 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 8936 enum: 8937 - Bidirectional 8938 - HostToContainer 8939 - None 8940 type: string 8941 name: 8942 description: This must match the Name of a Volume. 8943 type: string 8944 readOnly: 8945 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 8946 type: boolean 8947 recursiveReadOnly: 8948 description: |- 8949 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 8950 8951 If ReadOnly is false, this field has no meaning and must be unspecified. 8952 8953 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 8954 8955 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 8956 8957 If this field is not specified, it is treated as an equivalent of Disabled. 8958 type: string 8959 subPath: 8960 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 8961 type: string 8962 subPathExpr: 8963 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 8964 type: string 8965 required: 8966 - name 8967 - mountPath 8968 type: object 8969 type: array 8970 workingDir: 8971 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 8972 type: string 8973 required: 8974 - name 8975 type: object 8976 type: array 8977 dnsConfig: 8978 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. 8979 properties: 8980 nameservers: 8981 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. 8982 items: 8983 type: string 8984 type: array 8985 options: 8986 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. 8987 items: 8988 properties: 8989 name: 8990 description: Name is this DNS resolver option's name. Required. 8991 type: string 8992 value: 8993 description: Value is this DNS resolver option's value. 8994 type: string 8995 type: object 8996 type: array 8997 searches: 8998 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. 8999 items: 9000 type: string 9001 type: array 9002 type: object 9003 dnsPolicy: 9004 description: |- 9005 Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 9006 9007 Possible enum values: 9008 - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 9009 - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 9010 - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings. 9011 - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig. 9012 enum: 9013 - ClusterFirst 9014 - ClusterFirstWithHostNet 9015 - Default 9016 - None 9017 type: string 9018 enableServiceLinks: 9019 description: "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true." 9020 type: boolean 9021 ephemeralContainers: 9022 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 9023 items: 9024 properties: 9025 args: 9026 description: "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 9027 items: 9028 type: string 9029 type: array 9030 command: 9031 description: "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 9032 items: 9033 type: string 9034 type: array 9035 env: 9036 description: List of environment variables to set in the container. Cannot be updated. 9037 items: 9038 properties: 9039 name: 9040 description: Name of the environment variable. Must be a C_IDENTIFIER. 9041 type: string 9042 value: 9043 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 9044 type: string 9045 valueFrom: 9046 description: Source for the environment variable's value. Cannot be used if value is not empty. 9047 properties: 9048 configMapKeyRef: 9049 description: Selects a key of a ConfigMap. 9050 properties: 9051 key: 9052 description: The key to select. 9053 type: string 9054 name: 9055 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 9056 type: string 9057 optional: 9058 description: Specify whether the ConfigMap or its key must be defined 9059 type: boolean 9060 required: 9061 - key 9062 type: object 9063 x-kubernetes-map-type: atomic 9064 fieldRef: 9065 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 9066 properties: 9067 apiVersion: 9068 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 9069 type: string 9070 fieldPath: 9071 description: Path of the field to select in the specified API version. 9072 type: string 9073 required: 9074 - fieldPath 9075 type: object 9076 x-kubernetes-map-type: atomic 9077 resourceFieldRef: 9078 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 9079 properties: 9080 containerName: 9081 description: "Container name: required for volumes, optional for env vars" 9082 type: string 9083 divisor: 9084 description: Specifies the output format of the exposed resources, defaults to "1" 9085 type: string 9086 resource: 9087 description: "Required: resource to select" 9088 type: string 9089 required: 9090 - resource 9091 type: object 9092 x-kubernetes-map-type: atomic 9093 secretKeyRef: 9094 description: Selects a key of a secret in the pod's namespace 9095 properties: 9096 key: 9097 description: The key of the secret to select from. Must be a valid secret key. 9098 type: string 9099 name: 9100 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 9101 type: string 9102 optional: 9103 description: Specify whether the Secret or its key must be defined 9104 type: boolean 9105 required: 9106 - key 9107 type: object 9108 x-kubernetes-map-type: atomic 9109 type: object 9110 required: 9111 - name 9112 type: object 9113 type: array 9114 envFrom: 9115 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 9116 items: 9117 properties: 9118 configMapRef: 9119 description: The ConfigMap to select from 9120 properties: 9121 name: 9122 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 9123 type: string 9124 optional: 9125 description: Specify whether the ConfigMap must be defined 9126 type: boolean 9127 type: object 9128 prefix: 9129 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 9130 type: string 9131 secretRef: 9132 description: The Secret to select from 9133 properties: 9134 name: 9135 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 9136 type: string 9137 optional: 9138 description: Specify whether the Secret must be defined 9139 type: boolean 9140 type: object 9141 type: object 9142 type: array 9143 image: 9144 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images" 9145 type: string 9146 imagePullPolicy: 9147 description: |- 9148 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 9149 9150 Possible enum values: 9151 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 9152 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 9153 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 9154 enum: 9155 - Always 9156 - IfNotPresent 9157 - Never 9158 type: string 9159 lifecycle: 9160 description: Lifecycle is not allowed for ephemeral containers. 9161 properties: 9162 postStart: 9163 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 9164 properties: 9165 exec: 9166 description: Exec specifies a command to execute in the container. 9167 properties: 9168 command: 9169 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 9170 items: 9171 type: string 9172 type: array 9173 type: object 9174 httpGet: 9175 description: HTTPGet specifies an HTTP GET request to perform. 9176 properties: 9177 host: 9178 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 9179 type: string 9180 httpHeaders: 9181 description: Custom headers to set in the request. HTTP allows repeated headers. 9182 items: 9183 properties: 9184 name: 9185 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 9186 type: string 9187 value: 9188 description: The header field value 9189 type: string 9190 required: 9191 - name 9192 - value 9193 type: object 9194 type: array 9195 path: 9196 description: Path to access on the HTTP server. 9197 type: string 9198 port: 9199 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9200 format: int-or-string 9201 x-kubernetes-int-or-string: true 9202 scheme: 9203 description: |- 9204 Scheme to use for connecting to the host. Defaults to HTTP. 9205 9206 Possible enum values: 9207 - `"HTTP"` means that the scheme used will be http:// 9208 - `"HTTPS"` means that the scheme used will be https:// 9209 enum: 9210 - HTTP 9211 - HTTPS 9212 type: string 9213 required: 9214 - port 9215 type: object 9216 sleep: 9217 description: Sleep represents a duration that the container should sleep. 9218 properties: 9219 seconds: 9220 description: Seconds is the number of seconds to sleep. 9221 format: int64 9222 type: integer 9223 required: 9224 - seconds 9225 type: object 9226 tcpSocket: 9227 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 9228 properties: 9229 host: 9230 description: "Optional: Host name to connect to, defaults to the pod IP." 9231 type: string 9232 port: 9233 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9234 format: int-or-string 9235 x-kubernetes-int-or-string: true 9236 required: 9237 - port 9238 type: object 9239 type: object 9240 preStop: 9241 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 9242 properties: 9243 exec: 9244 description: Exec specifies a command to execute in the container. 9245 properties: 9246 command: 9247 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 9248 items: 9249 type: string 9250 type: array 9251 type: object 9252 httpGet: 9253 description: HTTPGet specifies an HTTP GET request to perform. 9254 properties: 9255 host: 9256 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 9257 type: string 9258 httpHeaders: 9259 description: Custom headers to set in the request. HTTP allows repeated headers. 9260 items: 9261 properties: 9262 name: 9263 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 9264 type: string 9265 value: 9266 description: The header field value 9267 type: string 9268 required: 9269 - name 9270 - value 9271 type: object 9272 type: array 9273 path: 9274 description: Path to access on the HTTP server. 9275 type: string 9276 port: 9277 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9278 format: int-or-string 9279 x-kubernetes-int-or-string: true 9280 scheme: 9281 description: |- 9282 Scheme to use for connecting to the host. Defaults to HTTP. 9283 9284 Possible enum values: 9285 - `"HTTP"` means that the scheme used will be http:// 9286 - `"HTTPS"` means that the scheme used will be https:// 9287 enum: 9288 - HTTP 9289 - HTTPS 9290 type: string 9291 required: 9292 - port 9293 type: object 9294 sleep: 9295 description: Sleep represents a duration that the container should sleep. 9296 properties: 9297 seconds: 9298 description: Seconds is the number of seconds to sleep. 9299 format: int64 9300 type: integer 9301 required: 9302 - seconds 9303 type: object 9304 tcpSocket: 9305 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 9306 properties: 9307 host: 9308 description: "Optional: Host name to connect to, defaults to the pod IP." 9309 type: string 9310 port: 9311 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9312 format: int-or-string 9313 x-kubernetes-int-or-string: true 9314 required: 9315 - port 9316 type: object 9317 type: object 9318 stopSignal: 9319 description: |- 9320 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 9321 9322 Possible enum values: 9323 - `"SIGABRT"` 9324 - `"SIGALRM"` 9325 - `"SIGBUS"` 9326 - `"SIGCHLD"` 9327 - `"SIGCLD"` 9328 - `"SIGCONT"` 9329 - `"SIGFPE"` 9330 - `"SIGHUP"` 9331 - `"SIGILL"` 9332 - `"SIGINT"` 9333 - `"SIGIO"` 9334 - `"SIGIOT"` 9335 - `"SIGKILL"` 9336 - `"SIGPIPE"` 9337 - `"SIGPOLL"` 9338 - `"SIGPROF"` 9339 - `"SIGPWR"` 9340 - `"SIGQUIT"` 9341 - `"SIGRTMAX"` 9342 - `"SIGRTMAX-1"` 9343 - `"SIGRTMAX-10"` 9344 - `"SIGRTMAX-11"` 9345 - `"SIGRTMAX-12"` 9346 - `"SIGRTMAX-13"` 9347 - `"SIGRTMAX-14"` 9348 - `"SIGRTMAX-2"` 9349 - `"SIGRTMAX-3"` 9350 - `"SIGRTMAX-4"` 9351 - `"SIGRTMAX-5"` 9352 - `"SIGRTMAX-6"` 9353 - `"SIGRTMAX-7"` 9354 - `"SIGRTMAX-8"` 9355 - `"SIGRTMAX-9"` 9356 - `"SIGRTMIN"` 9357 - `"SIGRTMIN+1"` 9358 - `"SIGRTMIN+10"` 9359 - `"SIGRTMIN+11"` 9360 - `"SIGRTMIN+12"` 9361 - `"SIGRTMIN+13"` 9362 - `"SIGRTMIN+14"` 9363 - `"SIGRTMIN+15"` 9364 - `"SIGRTMIN+2"` 9365 - `"SIGRTMIN+3"` 9366 - `"SIGRTMIN+4"` 9367 - `"SIGRTMIN+5"` 9368 - `"SIGRTMIN+6"` 9369 - `"SIGRTMIN+7"` 9370 - `"SIGRTMIN+8"` 9371 - `"SIGRTMIN+9"` 9372 - `"SIGSEGV"` 9373 - `"SIGSTKFLT"` 9374 - `"SIGSTOP"` 9375 - `"SIGSYS"` 9376 - `"SIGTERM"` 9377 - `"SIGTRAP"` 9378 - `"SIGTSTP"` 9379 - `"SIGTTIN"` 9380 - `"SIGTTOU"` 9381 - `"SIGURG"` 9382 - `"SIGUSR1"` 9383 - `"SIGUSR2"` 9384 - `"SIGVTALRM"` 9385 - `"SIGWINCH"` 9386 - `"SIGXCPU"` 9387 - `"SIGXFSZ"` 9388 enum: 9389 - SIGABRT 9390 - SIGALRM 9391 - SIGBUS 9392 - SIGCHLD 9393 - SIGCLD 9394 - SIGCONT 9395 - SIGFPE 9396 - SIGHUP 9397 - SIGILL 9398 - SIGINT 9399 - SIGIO 9400 - SIGIOT 9401 - SIGKILL 9402 - SIGPIPE 9403 - SIGPOLL 9404 - SIGPROF 9405 - SIGPWR 9406 - SIGQUIT 9407 - SIGRTMAX 9408 - SIGRTMAX-1 9409 - SIGRTMAX-10 9410 - SIGRTMAX-11 9411 - SIGRTMAX-12 9412 - SIGRTMAX-13 9413 - SIGRTMAX-14 9414 - SIGRTMAX-2 9415 - SIGRTMAX-3 9416 - SIGRTMAX-4 9417 - SIGRTMAX-5 9418 - SIGRTMAX-6 9419 - SIGRTMAX-7 9420 - SIGRTMAX-8 9421 - SIGRTMAX-9 9422 - SIGRTMIN 9423 - SIGRTMIN+1 9424 - SIGRTMIN+10 9425 - SIGRTMIN+11 9426 - SIGRTMIN+12 9427 - SIGRTMIN+13 9428 - SIGRTMIN+14 9429 - SIGRTMIN+15 9430 - SIGRTMIN+2 9431 - SIGRTMIN+3 9432 - SIGRTMIN+4 9433 - SIGRTMIN+5 9434 - SIGRTMIN+6 9435 - SIGRTMIN+7 9436 - SIGRTMIN+8 9437 - SIGRTMIN+9 9438 - SIGSEGV 9439 - SIGSTKFLT 9440 - SIGSTOP 9441 - SIGSYS 9442 - SIGTERM 9443 - SIGTRAP 9444 - SIGTSTP 9445 - SIGTTIN 9446 - SIGTTOU 9447 - SIGURG 9448 - SIGUSR1 9449 - SIGUSR2 9450 - SIGVTALRM 9451 - SIGWINCH 9452 - SIGXCPU 9453 - SIGXFSZ 9454 type: string 9455 type: object 9456 livenessProbe: 9457 description: Probes are not allowed for ephemeral containers. 9458 properties: 9459 exec: 9460 description: Exec specifies a command to execute in the container. 9461 properties: 9462 command: 9463 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 9464 items: 9465 type: string 9466 type: array 9467 type: object 9468 failureThreshold: 9469 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 9470 format: int32 9471 type: integer 9472 grpc: 9473 description: GRPC specifies a GRPC HealthCheckRequest. 9474 properties: 9475 port: 9476 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 9477 format: int32 9478 type: integer 9479 service: 9480 description: |- 9481 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9482 9483 If this is not specified, the default behavior is defined by gRPC. 9484 type: string 9485 required: 9486 - port 9487 type: object 9488 httpGet: 9489 description: HTTPGet specifies an HTTP GET request to perform. 9490 properties: 9491 host: 9492 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 9493 type: string 9494 httpHeaders: 9495 description: Custom headers to set in the request. HTTP allows repeated headers. 9496 items: 9497 properties: 9498 name: 9499 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 9500 type: string 9501 value: 9502 description: The header field value 9503 type: string 9504 required: 9505 - name 9506 - value 9507 type: object 9508 type: array 9509 path: 9510 description: Path to access on the HTTP server. 9511 type: string 9512 port: 9513 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9514 format: int-or-string 9515 x-kubernetes-int-or-string: true 9516 scheme: 9517 description: |- 9518 Scheme to use for connecting to the host. Defaults to HTTP. 9519 9520 Possible enum values: 9521 - `"HTTP"` means that the scheme used will be http:// 9522 - `"HTTPS"` means that the scheme used will be https:// 9523 enum: 9524 - HTTP 9525 - HTTPS 9526 type: string 9527 required: 9528 - port 9529 type: object 9530 initialDelaySeconds: 9531 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9532 format: int32 9533 type: integer 9534 periodSeconds: 9535 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 9536 format: int32 9537 type: integer 9538 successThreshold: 9539 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 9540 format: int32 9541 type: integer 9542 tcpSocket: 9543 description: TCPSocket specifies a connection to a TCP port. 9544 properties: 9545 host: 9546 description: "Optional: Host name to connect to, defaults to the pod IP." 9547 type: string 9548 port: 9549 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9550 format: int-or-string 9551 x-kubernetes-int-or-string: true 9552 required: 9553 - port 9554 type: object 9555 terminationGracePeriodSeconds: 9556 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 9557 format: int64 9558 type: integer 9559 timeoutSeconds: 9560 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9561 format: int32 9562 type: integer 9563 type: object 9564 name: 9565 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. 9566 type: string 9567 ports: 9568 description: Ports are not allowed for ephemeral containers. 9569 items: 9570 properties: 9571 containerPort: 9572 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 9573 format: int32 9574 type: integer 9575 hostIP: 9576 description: What host IP to bind the external port to. 9577 type: string 9578 hostPort: 9579 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 9580 format: int32 9581 type: integer 9582 name: 9583 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 9584 type: string 9585 protocol: 9586 description: |- 9587 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 9588 9589 Possible enum values: 9590 - `"SCTP"` is the SCTP protocol. 9591 - `"TCP"` is the TCP protocol. 9592 - `"UDP"` is the UDP protocol. 9593 enum: 9594 - SCTP 9595 - TCP 9596 - UDP 9597 type: string 9598 required: 9599 - containerPort 9600 type: object 9601 type: array 9602 readinessProbe: 9603 description: Probes are not allowed for ephemeral containers. 9604 properties: 9605 exec: 9606 description: Exec specifies a command to execute in the container. 9607 properties: 9608 command: 9609 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 9610 items: 9611 type: string 9612 type: array 9613 type: object 9614 failureThreshold: 9615 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 9616 format: int32 9617 type: integer 9618 grpc: 9619 description: GRPC specifies a GRPC HealthCheckRequest. 9620 properties: 9621 port: 9622 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 9623 format: int32 9624 type: integer 9625 service: 9626 description: |- 9627 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9628 9629 If this is not specified, the default behavior is defined by gRPC. 9630 type: string 9631 required: 9632 - port 9633 type: object 9634 httpGet: 9635 description: HTTPGet specifies an HTTP GET request to perform. 9636 properties: 9637 host: 9638 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 9639 type: string 9640 httpHeaders: 9641 description: Custom headers to set in the request. HTTP allows repeated headers. 9642 items: 9643 properties: 9644 name: 9645 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 9646 type: string 9647 value: 9648 description: The header field value 9649 type: string 9650 required: 9651 - name 9652 - value 9653 type: object 9654 type: array 9655 path: 9656 description: Path to access on the HTTP server. 9657 type: string 9658 port: 9659 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9660 format: int-or-string 9661 x-kubernetes-int-or-string: true 9662 scheme: 9663 description: |- 9664 Scheme to use for connecting to the host. Defaults to HTTP. 9665 9666 Possible enum values: 9667 - `"HTTP"` means that the scheme used will be http:// 9668 - `"HTTPS"` means that the scheme used will be https:// 9669 enum: 9670 - HTTP 9671 - HTTPS 9672 type: string 9673 required: 9674 - port 9675 type: object 9676 initialDelaySeconds: 9677 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9678 format: int32 9679 type: integer 9680 periodSeconds: 9681 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 9682 format: int32 9683 type: integer 9684 successThreshold: 9685 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 9686 format: int32 9687 type: integer 9688 tcpSocket: 9689 description: TCPSocket specifies a connection to a TCP port. 9690 properties: 9691 host: 9692 description: "Optional: Host name to connect to, defaults to the pod IP." 9693 type: string 9694 port: 9695 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9696 format: int-or-string 9697 x-kubernetes-int-or-string: true 9698 required: 9699 - port 9700 type: object 9701 terminationGracePeriodSeconds: 9702 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 9703 format: int64 9704 type: integer 9705 timeoutSeconds: 9706 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9707 format: int32 9708 type: integer 9709 type: object 9710 resizePolicy: 9711 description: Resources resize policy for the container. 9712 items: 9713 properties: 9714 resourceName: 9715 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 9716 type: string 9717 restartPolicy: 9718 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 9719 type: string 9720 required: 9721 - resourceName 9722 - restartPolicy 9723 type: object 9724 type: array 9725 resources: 9726 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. 9727 properties: 9728 claims: 9729 description: |- 9730 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 9731 9732 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 9733 9734 This field is immutable. It can only be set for containers. 9735 items: 9736 properties: 9737 name: 9738 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 9739 type: string 9740 request: 9741 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 9742 type: string 9743 required: 9744 - name 9745 type: object 9746 type: array 9747 limits: 9748 additionalProperties: 9749 type: string 9750 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 9751 type: object 9752 requests: 9753 additionalProperties: 9754 type: string 9755 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 9756 type: object 9757 type: object 9758 restartPolicy: 9759 description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. 9760 type: string 9761 securityContext: 9762 description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." 9763 properties: 9764 allowPrivilegeEscalation: 9765 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 9766 type: boolean 9767 appArmorProfile: 9768 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 9769 properties: 9770 localhostProfile: 9771 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 9772 type: string 9773 type: 9774 description: |- 9775 type indicates which kind of AppArmor profile will be applied. Valid options are: 9776 Localhost - a profile pre-loaded on the node. 9777 RuntimeDefault - the container runtime's default profile. 9778 Unconfined - no AppArmor enforcement. 9779 9780 Possible enum values: 9781 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 9782 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 9783 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 9784 enum: 9785 - Localhost 9786 - RuntimeDefault 9787 - Unconfined 9788 type: string 9789 required: 9790 - type 9791 type: object 9792 capabilities: 9793 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 9794 properties: 9795 add: 9796 description: Added capabilities 9797 items: 9798 type: string 9799 type: array 9800 drop: 9801 description: Removed capabilities 9802 items: 9803 type: string 9804 type: array 9805 type: object 9806 privileged: 9807 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 9808 type: boolean 9809 procMount: 9810 description: |- 9811 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 9812 9813 Possible enum values: 9814 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 9815 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 9816 enum: 9817 - Default 9818 - Unmasked 9819 type: string 9820 readOnlyRootFilesystem: 9821 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 9822 type: boolean 9823 runAsGroup: 9824 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 9825 format: int64 9826 type: integer 9827 runAsNonRoot: 9828 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 9829 type: boolean 9830 runAsUser: 9831 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 9832 format: int64 9833 type: integer 9834 seLinuxOptions: 9835 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 9836 properties: 9837 level: 9838 description: Level is SELinux level label that applies to the container. 9839 type: string 9840 role: 9841 description: Role is a SELinux role label that applies to the container. 9842 type: string 9843 type: 9844 description: Type is a SELinux type label that applies to the container. 9845 type: string 9846 user: 9847 description: User is a SELinux user label that applies to the container. 9848 type: string 9849 type: object 9850 seccompProfile: 9851 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 9852 properties: 9853 localhostProfile: 9854 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 9855 type: string 9856 type: 9857 description: |- 9858 type indicates which kind of seccomp profile will be applied. Valid options are: 9859 9860 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 9861 9862 Possible enum values: 9863 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 9864 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 9865 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 9866 enum: 9867 - Localhost 9868 - RuntimeDefault 9869 - Unconfined 9870 type: string 9871 required: 9872 - type 9873 type: object 9874 windowsOptions: 9875 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 9876 properties: 9877 gmsaCredentialSpec: 9878 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 9879 type: string 9880 gmsaCredentialSpecName: 9881 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 9882 type: string 9883 hostProcess: 9884 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 9885 type: boolean 9886 runAsUserName: 9887 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 9888 type: string 9889 type: object 9890 type: object 9891 startupProbe: 9892 description: Probes are not allowed for ephemeral containers. 9893 properties: 9894 exec: 9895 description: Exec specifies a command to execute in the container. 9896 properties: 9897 command: 9898 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 9899 items: 9900 type: string 9901 type: array 9902 type: object 9903 failureThreshold: 9904 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 9905 format: int32 9906 type: integer 9907 grpc: 9908 description: GRPC specifies a GRPC HealthCheckRequest. 9909 properties: 9910 port: 9911 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 9912 format: int32 9913 type: integer 9914 service: 9915 description: |- 9916 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9917 9918 If this is not specified, the default behavior is defined by gRPC. 9919 type: string 9920 required: 9921 - port 9922 type: object 9923 httpGet: 9924 description: HTTPGet specifies an HTTP GET request to perform. 9925 properties: 9926 host: 9927 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 9928 type: string 9929 httpHeaders: 9930 description: Custom headers to set in the request. HTTP allows repeated headers. 9931 items: 9932 properties: 9933 name: 9934 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 9935 type: string 9936 value: 9937 description: The header field value 9938 type: string 9939 required: 9940 - name 9941 - value 9942 type: object 9943 type: array 9944 path: 9945 description: Path to access on the HTTP server. 9946 type: string 9947 port: 9948 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9949 format: int-or-string 9950 x-kubernetes-int-or-string: true 9951 scheme: 9952 description: |- 9953 Scheme to use for connecting to the host. Defaults to HTTP. 9954 9955 Possible enum values: 9956 - `"HTTP"` means that the scheme used will be http:// 9957 - `"HTTPS"` means that the scheme used will be https:// 9958 enum: 9959 - HTTP 9960 - HTTPS 9961 type: string 9962 required: 9963 - port 9964 type: object 9965 initialDelaySeconds: 9966 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9967 format: int32 9968 type: integer 9969 periodSeconds: 9970 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 9971 format: int32 9972 type: integer 9973 successThreshold: 9974 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 9975 format: int32 9976 type: integer 9977 tcpSocket: 9978 description: TCPSocket specifies a connection to a TCP port. 9979 properties: 9980 host: 9981 description: "Optional: Host name to connect to, defaults to the pod IP." 9982 type: string 9983 port: 9984 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 9985 format: int-or-string 9986 x-kubernetes-int-or-string: true 9987 required: 9988 - port 9989 type: object 9990 terminationGracePeriodSeconds: 9991 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 9992 format: int64 9993 type: integer 9994 timeoutSeconds: 9995 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 9996 format: int32 9997 type: integer 9998 type: object 9999 stdin: 10000 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 10001 type: boolean 10002 stdinOnce: 10003 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 10004 type: boolean 10005 targetContainerName: 10006 description: |- 10007 If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. 10008 10009 The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined. 10010 type: string 10011 terminationMessagePath: 10012 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 10013 type: string 10014 terminationMessagePolicy: 10015 description: |- 10016 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 10017 10018 Possible enum values: 10019 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 10020 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 10021 enum: 10022 - FallbackToLogsOnError 10023 - File 10024 type: string 10025 tty: 10026 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 10027 type: boolean 10028 volumeDevices: 10029 description: volumeDevices is the list of block devices to be used by the container. 10030 items: 10031 properties: 10032 devicePath: 10033 description: devicePath is the path inside of the container that the device will be mapped to. 10034 type: string 10035 name: 10036 description: name must match the name of a persistentVolumeClaim in the pod 10037 type: string 10038 required: 10039 - name 10040 - devicePath 10041 type: object 10042 type: array 10043 volumeMounts: 10044 description: Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. 10045 items: 10046 properties: 10047 mountPath: 10048 description: Path within the container at which the volume should be mounted. Must not contain ':'. 10049 type: string 10050 mountPropagation: 10051 description: |- 10052 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 10053 10054 Possible enum values: 10055 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 10056 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 10057 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 10058 enum: 10059 - Bidirectional 10060 - HostToContainer 10061 - None 10062 type: string 10063 name: 10064 description: This must match the Name of a Volume. 10065 type: string 10066 readOnly: 10067 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 10068 type: boolean 10069 recursiveReadOnly: 10070 description: |- 10071 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 10072 10073 If ReadOnly is false, this field has no meaning and must be unspecified. 10074 10075 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 10076 10077 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 10078 10079 If this field is not specified, it is treated as an equivalent of Disabled. 10080 type: string 10081 subPath: 10082 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 10083 type: string 10084 subPathExpr: 10085 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 10086 type: string 10087 required: 10088 - name 10089 - mountPath 10090 type: object 10091 type: array 10092 workingDir: 10093 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 10094 type: string 10095 required: 10096 - name 10097 type: object 10098 type: array 10099 hostAliases: 10100 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. 10101 items: 10102 properties: 10103 hostnames: 10104 description: Hostnames for the above IP address. 10105 items: 10106 type: string 10107 type: array 10108 ip: 10109 description: IP address of the host file entry. 10110 type: string 10111 required: 10112 - ip 10113 type: object 10114 type: array 10115 hostIPC: 10116 description: "Use the host's ipc namespace. Optional: Default to false." 10117 type: boolean 10118 hostNetwork: 10119 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. 10120 type: boolean 10121 hostPID: 10122 description: "Use the host's pid namespace. Optional: Default to false." 10123 type: boolean 10124 hostUsers: 10125 description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." 10126 type: boolean 10127 hostname: 10128 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. 10129 type: string 10130 imagePullSecrets: 10131 description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" 10132 items: 10133 properties: 10134 name: 10135 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 10136 type: string 10137 type: object 10138 x-kubernetes-map-type: atomic 10139 type: array 10140 initContainers: 10141 description: "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" 10142 items: 10143 properties: 10144 args: 10145 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 10146 items: 10147 type: string 10148 type: array 10149 command: 10150 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 10151 items: 10152 type: string 10153 type: array 10154 env: 10155 description: List of environment variables to set in the container. Cannot be updated. 10156 items: 10157 properties: 10158 name: 10159 description: Name of the environment variable. Must be a C_IDENTIFIER. 10160 type: string 10161 value: 10162 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 10163 type: string 10164 valueFrom: 10165 description: Source for the environment variable's value. Cannot be used if value is not empty. 10166 properties: 10167 configMapKeyRef: 10168 description: Selects a key of a ConfigMap. 10169 properties: 10170 key: 10171 description: The key to select. 10172 type: string 10173 name: 10174 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 10175 type: string 10176 optional: 10177 description: Specify whether the ConfigMap or its key must be defined 10178 type: boolean 10179 required: 10180 - key 10181 type: object 10182 x-kubernetes-map-type: atomic 10183 fieldRef: 10184 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 10185 properties: 10186 apiVersion: 10187 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 10188 type: string 10189 fieldPath: 10190 description: Path of the field to select in the specified API version. 10191 type: string 10192 required: 10193 - fieldPath 10194 type: object 10195 x-kubernetes-map-type: atomic 10196 resourceFieldRef: 10197 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 10198 properties: 10199 containerName: 10200 description: "Container name: required for volumes, optional for env vars" 10201 type: string 10202 divisor: 10203 description: Specifies the output format of the exposed resources, defaults to "1" 10204 type: string 10205 resource: 10206 description: "Required: resource to select" 10207 type: string 10208 required: 10209 - resource 10210 type: object 10211 x-kubernetes-map-type: atomic 10212 secretKeyRef: 10213 description: Selects a key of a secret in the pod's namespace 10214 properties: 10215 key: 10216 description: The key of the secret to select from. Must be a valid secret key. 10217 type: string 10218 name: 10219 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 10220 type: string 10221 optional: 10222 description: Specify whether the Secret or its key must be defined 10223 type: boolean 10224 required: 10225 - key 10226 type: object 10227 x-kubernetes-map-type: atomic 10228 type: object 10229 required: 10230 - name 10231 type: object 10232 type: array 10233 envFrom: 10234 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 10235 items: 10236 properties: 10237 configMapRef: 10238 description: The ConfigMap to select from 10239 properties: 10240 name: 10241 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 10242 type: string 10243 optional: 10244 description: Specify whether the ConfigMap must be defined 10245 type: boolean 10246 type: object 10247 prefix: 10248 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 10249 type: string 10250 secretRef: 10251 description: The Secret to select from 10252 properties: 10253 name: 10254 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 10255 type: string 10256 optional: 10257 description: Specify whether the Secret must be defined 10258 type: boolean 10259 type: object 10260 type: object 10261 type: array 10262 image: 10263 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 10264 type: string 10265 imagePullPolicy: 10266 description: |- 10267 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 10268 10269 Possible enum values: 10270 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 10271 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 10272 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 10273 enum: 10274 - Always 10275 - IfNotPresent 10276 - Never 10277 type: string 10278 lifecycle: 10279 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 10280 properties: 10281 postStart: 10282 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 10283 properties: 10284 exec: 10285 description: Exec specifies a command to execute in the container. 10286 properties: 10287 command: 10288 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 10289 items: 10290 type: string 10291 type: array 10292 type: object 10293 httpGet: 10294 description: HTTPGet specifies an HTTP GET request to perform. 10295 properties: 10296 host: 10297 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 10298 type: string 10299 httpHeaders: 10300 description: Custom headers to set in the request. HTTP allows repeated headers. 10301 items: 10302 properties: 10303 name: 10304 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 10305 type: string 10306 value: 10307 description: The header field value 10308 type: string 10309 required: 10310 - name 10311 - value 10312 type: object 10313 type: array 10314 path: 10315 description: Path to access on the HTTP server. 10316 type: string 10317 port: 10318 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 10319 format: int-or-string 10320 x-kubernetes-int-or-string: true 10321 scheme: 10322 description: |- 10323 Scheme to use for connecting to the host. Defaults to HTTP. 10324 10325 Possible enum values: 10326 - `"HTTP"` means that the scheme used will be http:// 10327 - `"HTTPS"` means that the scheme used will be https:// 10328 enum: 10329 - HTTP 10330 - HTTPS 10331 type: string 10332 required: 10333 - port 10334 type: object 10335 sleep: 10336 description: Sleep represents a duration that the container should sleep. 10337 properties: 10338 seconds: 10339 description: Seconds is the number of seconds to sleep. 10340 format: int64 10341 type: integer 10342 required: 10343 - seconds 10344 type: object 10345 tcpSocket: 10346 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 10347 properties: 10348 host: 10349 description: "Optional: Host name to connect to, defaults to the pod IP." 10350 type: string 10351 port: 10352 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 10353 format: int-or-string 10354 x-kubernetes-int-or-string: true 10355 required: 10356 - port 10357 type: object 10358 type: object 10359 preStop: 10360 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 10361 properties: 10362 exec: 10363 description: Exec specifies a command to execute in the container. 10364 properties: 10365 command: 10366 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 10367 items: 10368 type: string 10369 type: array 10370 type: object 10371 httpGet: 10372 description: HTTPGet specifies an HTTP GET request to perform. 10373 properties: 10374 host: 10375 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 10376 type: string 10377 httpHeaders: 10378 description: Custom headers to set in the request. HTTP allows repeated headers. 10379 items: 10380 properties: 10381 name: 10382 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 10383 type: string 10384 value: 10385 description: The header field value 10386 type: string 10387 required: 10388 - name 10389 - value 10390 type: object 10391 type: array 10392 path: 10393 description: Path to access on the HTTP server. 10394 type: string 10395 port: 10396 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 10397 format: int-or-string 10398 x-kubernetes-int-or-string: true 10399 scheme: 10400 description: |- 10401 Scheme to use for connecting to the host. Defaults to HTTP. 10402 10403 Possible enum values: 10404 - `"HTTP"` means that the scheme used will be http:// 10405 - `"HTTPS"` means that the scheme used will be https:// 10406 enum: 10407 - HTTP 10408 - HTTPS 10409 type: string 10410 required: 10411 - port 10412 type: object 10413 sleep: 10414 description: Sleep represents a duration that the container should sleep. 10415 properties: 10416 seconds: 10417 description: Seconds is the number of seconds to sleep. 10418 format: int64 10419 type: integer 10420 required: 10421 - seconds 10422 type: object 10423 tcpSocket: 10424 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 10425 properties: 10426 host: 10427 description: "Optional: Host name to connect to, defaults to the pod IP." 10428 type: string 10429 port: 10430 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 10431 format: int-or-string 10432 x-kubernetes-int-or-string: true 10433 required: 10434 - port 10435 type: object 10436 type: object 10437 stopSignal: 10438 description: |- 10439 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 10440 10441 Possible enum values: 10442 - `"SIGABRT"` 10443 - `"SIGALRM"` 10444 - `"SIGBUS"` 10445 - `"SIGCHLD"` 10446 - `"SIGCLD"` 10447 - `"SIGCONT"` 10448 - `"SIGFPE"` 10449 - `"SIGHUP"` 10450 - `"SIGILL"` 10451 - `"SIGINT"` 10452 - `"SIGIO"` 10453 - `"SIGIOT"` 10454 - `"SIGKILL"` 10455 - `"SIGPIPE"` 10456 - `"SIGPOLL"` 10457 - `"SIGPROF"` 10458 - `"SIGPWR"` 10459 - `"SIGQUIT"` 10460 - `"SIGRTMAX"` 10461 - `"SIGRTMAX-1"` 10462 - `"SIGRTMAX-10"` 10463 - `"SIGRTMAX-11"` 10464 - `"SIGRTMAX-12"` 10465 - `"SIGRTMAX-13"` 10466 - `"SIGRTMAX-14"` 10467 - `"SIGRTMAX-2"` 10468 - `"SIGRTMAX-3"` 10469 - `"SIGRTMAX-4"` 10470 - `"SIGRTMAX-5"` 10471 - `"SIGRTMAX-6"` 10472 - `"SIGRTMAX-7"` 10473 - `"SIGRTMAX-8"` 10474 - `"SIGRTMAX-9"` 10475 - `"SIGRTMIN"` 10476 - `"SIGRTMIN+1"` 10477 - `"SIGRTMIN+10"` 10478 - `"SIGRTMIN+11"` 10479 - `"SIGRTMIN+12"` 10480 - `"SIGRTMIN+13"` 10481 - `"SIGRTMIN+14"` 10482 - `"SIGRTMIN+15"` 10483 - `"SIGRTMIN+2"` 10484 - `"SIGRTMIN+3"` 10485 - `"SIGRTMIN+4"` 10486 - `"SIGRTMIN+5"` 10487 - `"SIGRTMIN+6"` 10488 - `"SIGRTMIN+7"` 10489 - `"SIGRTMIN+8"` 10490 - `"SIGRTMIN+9"` 10491 - `"SIGSEGV"` 10492 - `"SIGSTKFLT"` 10493 - `"SIGSTOP"` 10494 - `"SIGSYS"` 10495 - `"SIGTERM"` 10496 - `"SIGTRAP"` 10497 - `"SIGTSTP"` 10498 - `"SIGTTIN"` 10499 - `"SIGTTOU"` 10500 - `"SIGURG"` 10501 - `"SIGUSR1"` 10502 - `"SIGUSR2"` 10503 - `"SIGVTALRM"` 10504 - `"SIGWINCH"` 10505 - `"SIGXCPU"` 10506 - `"SIGXFSZ"` 10507 enum: 10508 - SIGABRT 10509 - SIGALRM 10510 - SIGBUS 10511 - SIGCHLD 10512 - SIGCLD 10513 - SIGCONT 10514 - SIGFPE 10515 - SIGHUP 10516 - SIGILL 10517 - SIGINT 10518 - SIGIO 10519 - SIGIOT 10520 - SIGKILL 10521 - SIGPIPE 10522 - SIGPOLL 10523 - SIGPROF 10524 - SIGPWR 10525 - SIGQUIT 10526 - SIGRTMAX 10527 - SIGRTMAX-1 10528 - SIGRTMAX-10 10529 - SIGRTMAX-11 10530 - SIGRTMAX-12 10531 - SIGRTMAX-13 10532 - SIGRTMAX-14 10533 - SIGRTMAX-2 10534 - SIGRTMAX-3 10535 - SIGRTMAX-4 10536 - SIGRTMAX-5 10537 - SIGRTMAX-6 10538 - SIGRTMAX-7 10539 - SIGRTMAX-8 10540 - SIGRTMAX-9 10541 - SIGRTMIN 10542 - SIGRTMIN+1 10543 - SIGRTMIN+10 10544 - SIGRTMIN+11 10545 - SIGRTMIN+12 10546 - SIGRTMIN+13 10547 - SIGRTMIN+14 10548 - SIGRTMIN+15 10549 - SIGRTMIN+2 10550 - SIGRTMIN+3 10551 - SIGRTMIN+4 10552 - SIGRTMIN+5 10553 - SIGRTMIN+6 10554 - SIGRTMIN+7 10555 - SIGRTMIN+8 10556 - SIGRTMIN+9 10557 - SIGSEGV 10558 - SIGSTKFLT 10559 - SIGSTOP 10560 - SIGSYS 10561 - SIGTERM 10562 - SIGTRAP 10563 - SIGTSTP 10564 - SIGTTIN 10565 - SIGTTOU 10566 - SIGURG 10567 - SIGUSR1 10568 - SIGUSR2 10569 - SIGVTALRM 10570 - SIGWINCH 10571 - SIGXCPU 10572 - SIGXFSZ 10573 type: string 10574 type: object 10575 livenessProbe: 10576 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 10577 properties: 10578 exec: 10579 description: Exec specifies a command to execute in the container. 10580 properties: 10581 command: 10582 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 10583 items: 10584 type: string 10585 type: array 10586 type: object 10587 failureThreshold: 10588 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 10589 format: int32 10590 type: integer 10591 grpc: 10592 description: GRPC specifies a GRPC HealthCheckRequest. 10593 properties: 10594 port: 10595 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 10596 format: int32 10597 type: integer 10598 service: 10599 description: |- 10600 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 10601 10602 If this is not specified, the default behavior is defined by gRPC. 10603 type: string 10604 required: 10605 - port 10606 type: object 10607 httpGet: 10608 description: HTTPGet specifies an HTTP GET request to perform. 10609 properties: 10610 host: 10611 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 10612 type: string 10613 httpHeaders: 10614 description: Custom headers to set in the request. HTTP allows repeated headers. 10615 items: 10616 properties: 10617 name: 10618 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 10619 type: string 10620 value: 10621 description: The header field value 10622 type: string 10623 required: 10624 - name 10625 - value 10626 type: object 10627 type: array 10628 path: 10629 description: Path to access on the HTTP server. 10630 type: string 10631 port: 10632 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 10633 format: int-or-string 10634 x-kubernetes-int-or-string: true 10635 scheme: 10636 description: |- 10637 Scheme to use for connecting to the host. Defaults to HTTP. 10638 10639 Possible enum values: 10640 - `"HTTP"` means that the scheme used will be http:// 10641 - `"HTTPS"` means that the scheme used will be https:// 10642 enum: 10643 - HTTP 10644 - HTTPS 10645 type: string 10646 required: 10647 - port 10648 type: object 10649 initialDelaySeconds: 10650 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 10651 format: int32 10652 type: integer 10653 periodSeconds: 10654 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 10655 format: int32 10656 type: integer 10657 successThreshold: 10658 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 10659 format: int32 10660 type: integer 10661 tcpSocket: 10662 description: TCPSocket specifies a connection to a TCP port. 10663 properties: 10664 host: 10665 description: "Optional: Host name to connect to, defaults to the pod IP." 10666 type: string 10667 port: 10668 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 10669 format: int-or-string 10670 x-kubernetes-int-or-string: true 10671 required: 10672 - port 10673 type: object 10674 terminationGracePeriodSeconds: 10675 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 10676 format: int64 10677 type: integer 10678 timeoutSeconds: 10679 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 10680 format: int32 10681 type: integer 10682 type: object 10683 name: 10684 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 10685 type: string 10686 ports: 10687 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 10688 items: 10689 properties: 10690 containerPort: 10691 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 10692 format: int32 10693 type: integer 10694 hostIP: 10695 description: What host IP to bind the external port to. 10696 type: string 10697 hostPort: 10698 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 10699 format: int32 10700 type: integer 10701 name: 10702 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 10703 type: string 10704 protocol: 10705 description: |- 10706 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 10707 10708 Possible enum values: 10709 - `"SCTP"` is the SCTP protocol. 10710 - `"TCP"` is the TCP protocol. 10711 - `"UDP"` is the UDP protocol. 10712 enum: 10713 - SCTP 10714 - TCP 10715 - UDP 10716 type: string 10717 required: 10718 - containerPort 10719 type: object 10720 type: array 10721 readinessProbe: 10722 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 10723 properties: 10724 exec: 10725 description: Exec specifies a command to execute in the container. 10726 properties: 10727 command: 10728 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 10729 items: 10730 type: string 10731 type: array 10732 type: object 10733 failureThreshold: 10734 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 10735 format: int32 10736 type: integer 10737 grpc: 10738 description: GRPC specifies a GRPC HealthCheckRequest. 10739 properties: 10740 port: 10741 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 10742 format: int32 10743 type: integer 10744 service: 10745 description: |- 10746 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 10747 10748 If this is not specified, the default behavior is defined by gRPC. 10749 type: string 10750 required: 10751 - port 10752 type: object 10753 httpGet: 10754 description: HTTPGet specifies an HTTP GET request to perform. 10755 properties: 10756 host: 10757 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 10758 type: string 10759 httpHeaders: 10760 description: Custom headers to set in the request. HTTP allows repeated headers. 10761 items: 10762 properties: 10763 name: 10764 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 10765 type: string 10766 value: 10767 description: The header field value 10768 type: string 10769 required: 10770 - name 10771 - value 10772 type: object 10773 type: array 10774 path: 10775 description: Path to access on the HTTP server. 10776 type: string 10777 port: 10778 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 10779 format: int-or-string 10780 x-kubernetes-int-or-string: true 10781 scheme: 10782 description: |- 10783 Scheme to use for connecting to the host. Defaults to HTTP. 10784 10785 Possible enum values: 10786 - `"HTTP"` means that the scheme used will be http:// 10787 - `"HTTPS"` means that the scheme used will be https:// 10788 enum: 10789 - HTTP 10790 - HTTPS 10791 type: string 10792 required: 10793 - port 10794 type: object 10795 initialDelaySeconds: 10796 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 10797 format: int32 10798 type: integer 10799 periodSeconds: 10800 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 10801 format: int32 10802 type: integer 10803 successThreshold: 10804 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 10805 format: int32 10806 type: integer 10807 tcpSocket: 10808 description: TCPSocket specifies a connection to a TCP port. 10809 properties: 10810 host: 10811 description: "Optional: Host name to connect to, defaults to the pod IP." 10812 type: string 10813 port: 10814 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 10815 format: int-or-string 10816 x-kubernetes-int-or-string: true 10817 required: 10818 - port 10819 type: object 10820 terminationGracePeriodSeconds: 10821 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 10822 format: int64 10823 type: integer 10824 timeoutSeconds: 10825 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 10826 format: int32 10827 type: integer 10828 type: object 10829 resizePolicy: 10830 description: Resources resize policy for the container. 10831 items: 10832 properties: 10833 resourceName: 10834 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 10835 type: string 10836 restartPolicy: 10837 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 10838 type: string 10839 required: 10840 - resourceName 10841 - restartPolicy 10842 type: object 10843 type: array 10844 resources: 10845 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 10846 properties: 10847 claims: 10848 description: |- 10849 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 10850 10851 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 10852 10853 This field is immutable. It can only be set for containers. 10854 items: 10855 properties: 10856 name: 10857 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 10858 type: string 10859 request: 10860 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 10861 type: string 10862 required: 10863 - name 10864 type: object 10865 type: array 10866 limits: 10867 additionalProperties: 10868 type: string 10869 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 10870 type: object 10871 requests: 10872 additionalProperties: 10873 type: string 10874 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 10875 type: object 10876 type: object 10877 restartPolicy: 10878 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 10879 type: string 10880 securityContext: 10881 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 10882 properties: 10883 allowPrivilegeEscalation: 10884 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 10885 type: boolean 10886 appArmorProfile: 10887 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 10888 properties: 10889 localhostProfile: 10890 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 10891 type: string 10892 type: 10893 description: |- 10894 type indicates which kind of AppArmor profile will be applied. Valid options are: 10895 Localhost - a profile pre-loaded on the node. 10896 RuntimeDefault - the container runtime's default profile. 10897 Unconfined - no AppArmor enforcement. 10898 10899 Possible enum values: 10900 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 10901 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 10902 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 10903 enum: 10904 - Localhost 10905 - RuntimeDefault 10906 - Unconfined 10907 type: string 10908 required: 10909 - type 10910 type: object 10911 capabilities: 10912 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 10913 properties: 10914 add: 10915 description: Added capabilities 10916 items: 10917 type: string 10918 type: array 10919 drop: 10920 description: Removed capabilities 10921 items: 10922 type: string 10923 type: array 10924 type: object 10925 privileged: 10926 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 10927 type: boolean 10928 procMount: 10929 description: |- 10930 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 10931 10932 Possible enum values: 10933 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 10934 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 10935 enum: 10936 - Default 10937 - Unmasked 10938 type: string 10939 readOnlyRootFilesystem: 10940 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 10941 type: boolean 10942 runAsGroup: 10943 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 10944 format: int64 10945 type: integer 10946 runAsNonRoot: 10947 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 10948 type: boolean 10949 runAsUser: 10950 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 10951 format: int64 10952 type: integer 10953 seLinuxOptions: 10954 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 10955 properties: 10956 level: 10957 description: Level is SELinux level label that applies to the container. 10958 type: string 10959 role: 10960 description: Role is a SELinux role label that applies to the container. 10961 type: string 10962 type: 10963 description: Type is a SELinux type label that applies to the container. 10964 type: string 10965 user: 10966 description: User is a SELinux user label that applies to the container. 10967 type: string 10968 type: object 10969 seccompProfile: 10970 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 10971 properties: 10972 localhostProfile: 10973 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 10974 type: string 10975 type: 10976 description: |- 10977 type indicates which kind of seccomp profile will be applied. Valid options are: 10978 10979 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 10980 10981 Possible enum values: 10982 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 10983 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 10984 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 10985 enum: 10986 - Localhost 10987 - RuntimeDefault 10988 - Unconfined 10989 type: string 10990 required: 10991 - type 10992 type: object 10993 windowsOptions: 10994 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 10995 properties: 10996 gmsaCredentialSpec: 10997 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 10998 type: string 10999 gmsaCredentialSpecName: 11000 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 11001 type: string 11002 hostProcess: 11003 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 11004 type: boolean 11005 runAsUserName: 11006 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 11007 type: string 11008 type: object 11009 type: object 11010 startupProbe: 11011 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 11012 properties: 11013 exec: 11014 description: Exec specifies a command to execute in the container. 11015 properties: 11016 command: 11017 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 11018 items: 11019 type: string 11020 type: array 11021 type: object 11022 failureThreshold: 11023 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 11024 format: int32 11025 type: integer 11026 grpc: 11027 description: GRPC specifies a GRPC HealthCheckRequest. 11028 properties: 11029 port: 11030 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 11031 format: int32 11032 type: integer 11033 service: 11034 description: |- 11035 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 11036 11037 If this is not specified, the default behavior is defined by gRPC. 11038 type: string 11039 required: 11040 - port 11041 type: object 11042 httpGet: 11043 description: HTTPGet specifies an HTTP GET request to perform. 11044 properties: 11045 host: 11046 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 11047 type: string 11048 httpHeaders: 11049 description: Custom headers to set in the request. HTTP allows repeated headers. 11050 items: 11051 properties: 11052 name: 11053 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 11054 type: string 11055 value: 11056 description: The header field value 11057 type: string 11058 required: 11059 - name 11060 - value 11061 type: object 11062 type: array 11063 path: 11064 description: Path to access on the HTTP server. 11065 type: string 11066 port: 11067 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 11068 format: int-or-string 11069 x-kubernetes-int-or-string: true 11070 scheme: 11071 description: |- 11072 Scheme to use for connecting to the host. Defaults to HTTP. 11073 11074 Possible enum values: 11075 - `"HTTP"` means that the scheme used will be http:// 11076 - `"HTTPS"` means that the scheme used will be https:// 11077 enum: 11078 - HTTP 11079 - HTTPS 11080 type: string 11081 required: 11082 - port 11083 type: object 11084 initialDelaySeconds: 11085 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 11086 format: int32 11087 type: integer 11088 periodSeconds: 11089 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 11090 format: int32 11091 type: integer 11092 successThreshold: 11093 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 11094 format: int32 11095 type: integer 11096 tcpSocket: 11097 description: TCPSocket specifies a connection to a TCP port. 11098 properties: 11099 host: 11100 description: "Optional: Host name to connect to, defaults to the pod IP." 11101 type: string 11102 port: 11103 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 11104 format: int-or-string 11105 x-kubernetes-int-or-string: true 11106 required: 11107 - port 11108 type: object 11109 terminationGracePeriodSeconds: 11110 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 11111 format: int64 11112 type: integer 11113 timeoutSeconds: 11114 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 11115 format: int32 11116 type: integer 11117 type: object 11118 stdin: 11119 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 11120 type: boolean 11121 stdinOnce: 11122 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 11123 type: boolean 11124 terminationMessagePath: 11125 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 11126 type: string 11127 terminationMessagePolicy: 11128 description: |- 11129 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 11130 11131 Possible enum values: 11132 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 11133 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 11134 enum: 11135 - FallbackToLogsOnError 11136 - File 11137 type: string 11138 tty: 11139 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 11140 type: boolean 11141 volumeDevices: 11142 description: volumeDevices is the list of block devices to be used by the container. 11143 items: 11144 properties: 11145 devicePath: 11146 description: devicePath is the path inside of the container that the device will be mapped to. 11147 type: string 11148 name: 11149 description: name must match the name of a persistentVolumeClaim in the pod 11150 type: string 11151 required: 11152 - name 11153 - devicePath 11154 type: object 11155 type: array 11156 volumeMounts: 11157 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 11158 items: 11159 properties: 11160 mountPath: 11161 description: Path within the container at which the volume should be mounted. Must not contain ':'. 11162 type: string 11163 mountPropagation: 11164 description: |- 11165 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 11166 11167 Possible enum values: 11168 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 11169 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 11170 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 11171 enum: 11172 - Bidirectional 11173 - HostToContainer 11174 - None 11175 type: string 11176 name: 11177 description: This must match the Name of a Volume. 11178 type: string 11179 readOnly: 11180 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 11181 type: boolean 11182 recursiveReadOnly: 11183 description: |- 11184 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 11185 11186 If ReadOnly is false, this field has no meaning and must be unspecified. 11187 11188 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 11189 11190 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 11191 11192 If this field is not specified, it is treated as an equivalent of Disabled. 11193 type: string 11194 subPath: 11195 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 11196 type: string 11197 subPathExpr: 11198 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 11199 type: string 11200 required: 11201 - name 11202 - mountPath 11203 type: object 11204 type: array 11205 workingDir: 11206 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 11207 type: string 11208 required: 11209 - name 11210 type: object 11211 type: array 11212 nodeName: 11213 description: NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename 11214 type: string 11215 nodeSelector: 11216 additionalProperties: 11217 type: string 11218 description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" 11219 type: object 11220 x-kubernetes-map-type: atomic 11221 os: 11222 description: |- 11223 Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. 11224 11225 If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions 11226 11227 If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup 11228 properties: 11229 name: 11230 description: "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null" 11231 type: string 11232 required: 11233 - name 11234 type: object 11235 overhead: 11236 additionalProperties: 11237 type: string 11238 description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" 11239 type: object 11240 preemptionPolicy: 11241 description: |- 11242 PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. 11243 11244 Possible enum values: 11245 - `"Never"` means that pod never preempts other pods with lower priority. 11246 - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority. 11247 enum: 11248 - Never 11249 - PreemptLowerPriority 11250 type: string 11251 priority: 11252 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. 11253 format: int32 11254 type: integer 11255 priorityClassName: 11256 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. 11257 type: string 11258 readinessGates: 11259 description: "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" 11260 items: 11261 properties: 11262 conditionType: 11263 description: ConditionType refers to a condition in the pod's condition list with matching type. 11264 type: string 11265 required: 11266 - conditionType 11267 type: object 11268 type: array 11269 resourceClaims: 11270 description: |- 11271 ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. 11272 11273 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 11274 11275 This field is immutable. 11276 items: 11277 properties: 11278 name: 11279 description: Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. 11280 type: string 11281 resourceClaimName: 11282 description: |- 11283 ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. 11284 11285 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 11286 type: string 11287 resourceClaimTemplateName: 11288 description: |- 11289 ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. 11290 11291 The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 11292 11293 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. 11294 11295 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 11296 type: string 11297 required: 11298 - name 11299 type: object 11300 type: array 11301 resources: 11302 description: |- 11303 Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for "cpu" and "memory" resource names only. ResourceClaims are not supported. 11304 11305 This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. 11306 11307 This is an alpha field and requires enabling the PodLevelResources feature gate. 11308 properties: 11309 claims: 11310 description: |- 11311 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 11312 11313 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 11314 11315 This field is immutable. It can only be set for containers. 11316 items: 11317 properties: 11318 name: 11319 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 11320 type: string 11321 request: 11322 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 11323 type: string 11324 required: 11325 - name 11326 type: object 11327 type: array 11328 limits: 11329 additionalProperties: 11330 type: string 11331 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 11332 type: object 11333 requests: 11334 additionalProperties: 11335 type: string 11336 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 11337 type: object 11338 type: object 11339 restartPolicy: 11340 description: |- 11341 Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 11342 11343 Possible enum values: 11344 - `"Always"` 11345 - `"Never"` 11346 - `"OnFailure"` 11347 enum: 11348 - Always 11349 - Never 11350 - OnFailure 11351 type: string 11352 runtimeClassName: 11353 description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" 11354 type: string 11355 schedulerName: 11356 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. 11357 type: string 11358 schedulingGates: 11359 description: |- 11360 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. 11361 11362 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 11363 items: 11364 properties: 11365 name: 11366 description: Name of the scheduling gate. Each scheduling gate must have a unique name field. 11367 type: string 11368 required: 11369 - name 11370 type: object 11371 type: array 11372 securityContext: 11373 description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." 11374 properties: 11375 appArmorProfile: 11376 description: appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 11377 properties: 11378 localhostProfile: 11379 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 11380 type: string 11381 type: 11382 description: |- 11383 type indicates which kind of AppArmor profile will be applied. Valid options are: 11384 Localhost - a profile pre-loaded on the node. 11385 RuntimeDefault - the container runtime's default profile. 11386 Unconfined - no AppArmor enforcement. 11387 11388 Possible enum values: 11389 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 11390 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 11391 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 11392 enum: 11393 - Localhost 11394 - RuntimeDefault 11395 - Unconfined 11396 type: string 11397 required: 11398 - type 11399 type: object 11400 fsGroup: 11401 description: |- 11402 A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 11403 11404 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- 11405 11406 If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. 11407 format: int64 11408 type: integer 11409 fsGroupChangePolicy: 11410 description: |- 11411 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. 11412 11413 Possible enum values: 11414 - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior. 11415 - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume. 11416 enum: 11417 - Always 11418 - OnRootMismatch 11419 type: string 11420 runAsGroup: 11421 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 11422 format: int64 11423 type: integer 11424 runAsNonRoot: 11425 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 11426 type: boolean 11427 runAsUser: 11428 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 11429 format: int64 11430 type: integer 11431 seLinuxChangePolicy: 11432 description: |- 11433 seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". 11434 11435 "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. 11436 11437 "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. 11438 11439 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. 11440 11441 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. 11442 11443 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows. 11444 type: string 11445 seLinuxOptions: 11446 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 11447 properties: 11448 level: 11449 description: Level is SELinux level label that applies to the container. 11450 type: string 11451 role: 11452 description: Role is a SELinux role label that applies to the container. 11453 type: string 11454 type: 11455 description: Type is a SELinux type label that applies to the container. 11456 type: string 11457 user: 11458 description: User is a SELinux user label that applies to the container. 11459 type: string 11460 type: object 11461 seccompProfile: 11462 description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 11463 properties: 11464 localhostProfile: 11465 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 11466 type: string 11467 type: 11468 description: |- 11469 type indicates which kind of seccomp profile will be applied. Valid options are: 11470 11471 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 11472 11473 Possible enum values: 11474 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 11475 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 11476 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 11477 enum: 11478 - Localhost 11479 - RuntimeDefault 11480 - Unconfined 11481 type: string 11482 required: 11483 - type 11484 type: object 11485 supplementalGroups: 11486 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. 11487 items: 11488 format: int64 11489 type: integer 11490 type: array 11491 supplementalGroupsPolicy: 11492 description: |- 11493 Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows. 11494 11495 Possible enum values: 11496 - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group). 11497 - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image. 11498 enum: 11499 - Merge 11500 - Strict 11501 type: string 11502 sysctls: 11503 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. 11504 items: 11505 properties: 11506 name: 11507 description: Name of a property to set 11508 type: string 11509 value: 11510 description: Value of a property to set 11511 type: string 11512 required: 11513 - name 11514 - value 11515 type: object 11516 type: array 11517 windowsOptions: 11518 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 11519 properties: 11520 gmsaCredentialSpec: 11521 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 11522 type: string 11523 gmsaCredentialSpecName: 11524 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 11525 type: string 11526 hostProcess: 11527 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 11528 type: boolean 11529 runAsUserName: 11530 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 11531 type: string 11532 type: object 11533 type: object 11534 serviceAccount: 11535 description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead." 11536 type: string 11537 serviceAccountName: 11538 description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" 11539 type: string 11540 setHostnameAsFQDN: 11541 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. 11542 type: boolean 11543 shareProcessNamespace: 11544 description: "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false." 11545 type: boolean 11546 subdomain: 11547 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all. 11548 type: string 11549 terminationGracePeriodSeconds: 11550 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. 11551 format: int64 11552 type: integer 11553 tolerations: 11554 description: If specified, the pod's tolerations. 11555 items: 11556 properties: 11557 effect: 11558 description: |- 11559 Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 11560 11561 Possible enum values: 11562 - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController. 11563 - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler. 11564 - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler. 11565 enum: 11566 - NoExecute 11567 - NoSchedule 11568 - PreferNoSchedule 11569 type: string 11570 key: 11571 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 11572 type: string 11573 operator: 11574 description: |- 11575 Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 11576 11577 Possible enum values: 11578 - `"Equal"` 11579 - `"Exists"` 11580 enum: 11581 - Equal 11582 - Exists 11583 type: string 11584 tolerationSeconds: 11585 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 11586 format: int64 11587 type: integer 11588 value: 11589 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 11590 type: string 11591 type: object 11592 type: array 11593 topologySpreadConstraints: 11594 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. 11595 items: 11596 properties: 11597 labelSelector: 11598 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 11599 properties: 11600 matchExpressions: 11601 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 11602 items: 11603 properties: 11604 key: 11605 description: key is the label key that the selector applies to. 11606 type: string 11607 operator: 11608 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 11609 type: string 11610 values: 11611 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 11612 items: 11613 type: string 11614 type: array 11615 required: 11616 - key 11617 - operator 11618 type: object 11619 type: array 11620 matchLabels: 11621 additionalProperties: 11622 type: string 11623 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 11624 type: object 11625 type: object 11626 x-kubernetes-map-type: atomic 11627 matchLabelKeys: 11628 description: |- 11629 MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 11630 11631 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 11632 items: 11633 type: string 11634 type: array 11635 maxSkew: 11636 description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." 11637 format: int32 11638 type: integer 11639 minDomains: 11640 description: |- 11641 MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 11642 11643 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. 11644 format: int32 11645 type: integer 11646 nodeAffinityPolicy: 11647 description: |- 11648 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 11649 11650 If this value is nil, the behavior is equivalent to the Honor policy. 11651 11652 Possible enum values: 11653 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 11654 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 11655 enum: 11656 - Honor 11657 - Ignore 11658 type: string 11659 nodeTaintsPolicy: 11660 description: |- 11661 NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 11662 11663 If this value is nil, the behavior is equivalent to the Ignore policy. 11664 11665 Possible enum values: 11666 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 11667 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 11668 enum: 11669 - Honor 11670 - Ignore 11671 type: string 11672 topologyKey: 11673 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. 11674 type: string 11675 whenUnsatisfiable: 11676 description: |- 11677 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, 11678 but giving higher precedence to topologies that would help reduce the 11679 skew. 11680 A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. 11681 11682 Possible enum values: 11683 - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied. 11684 - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied. 11685 enum: 11686 - DoNotSchedule 11687 - ScheduleAnyway 11688 type: string 11689 required: 11690 - maxSkew 11691 - topologyKey 11692 - whenUnsatisfiable 11693 type: object 11694 type: array 11695 volumes: 11696 description: "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" 11697 items: 11698 properties: 11699 awsElasticBlockStore: 11700 description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 11701 properties: 11702 fsType: 11703 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 11704 type: string 11705 partition: 11706 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." 11707 format: int32 11708 type: integer 11709 readOnly: 11710 description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 11711 type: boolean 11712 volumeID: 11713 description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 11714 type: string 11715 required: 11716 - volumeID 11717 type: object 11718 azureDisk: 11719 description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver." 11720 properties: 11721 cachingMode: 11722 description: |- 11723 cachingMode is the Host Caching mode: None, Read Only, Read Write. 11724 11725 Possible enum values: 11726 - `"None"` 11727 - `"ReadOnly"` 11728 - `"ReadWrite"` 11729 enum: 11730 - None 11731 - ReadOnly 11732 - ReadWrite 11733 type: string 11734 diskName: 11735 description: diskName is the Name of the data disk in the blob storage 11736 type: string 11737 diskURI: 11738 description: diskURI is the URI of data disk in the blob storage 11739 type: string 11740 fsType: 11741 description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 11742 type: string 11743 kind: 11744 description: |- 11745 kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared 11746 11747 Possible enum values: 11748 - `"Dedicated"` 11749 - `"Managed"` 11750 - `"Shared"` 11751 enum: 11752 - Dedicated 11753 - Managed 11754 - Shared 11755 type: string 11756 readOnly: 11757 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 11758 type: boolean 11759 required: 11760 - diskName 11761 - diskURI 11762 type: object 11763 azureFile: 11764 description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver." 11765 properties: 11766 readOnly: 11767 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 11768 type: boolean 11769 secretName: 11770 description: secretName is the name of secret that contains Azure Storage Account Name and Key 11771 type: string 11772 shareName: 11773 description: shareName is the azure share Name 11774 type: string 11775 required: 11776 - secretName 11777 - shareName 11778 type: object 11779 cephfs: 11780 description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported." 11781 properties: 11782 monitors: 11783 description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 11784 items: 11785 type: string 11786 type: array 11787 path: 11788 description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" 11789 type: string 11790 readOnly: 11791 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 11792 type: boolean 11793 secretFile: 11794 description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 11795 type: string 11796 secretRef: 11797 description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 11798 properties: 11799 name: 11800 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11801 type: string 11802 type: object 11803 x-kubernetes-map-type: atomic 11804 user: 11805 description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 11806 type: string 11807 required: 11808 - monitors 11809 type: object 11810 cinder: 11811 description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 11812 properties: 11813 fsType: 11814 description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 11815 type: string 11816 readOnly: 11817 description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 11818 type: boolean 11819 secretRef: 11820 description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." 11821 properties: 11822 name: 11823 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11824 type: string 11825 type: object 11826 x-kubernetes-map-type: atomic 11827 volumeID: 11828 description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 11829 type: string 11830 required: 11831 - volumeID 11832 type: object 11833 configMap: 11834 description: configMap represents a configMap that should populate this volume 11835 properties: 11836 defaultMode: 11837 description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11838 format: int32 11839 type: integer 11840 items: 11841 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 11842 items: 11843 properties: 11844 key: 11845 description: key is the key to project. 11846 type: string 11847 mode: 11848 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11849 format: int32 11850 type: integer 11851 path: 11852 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 11853 type: string 11854 required: 11855 - key 11856 - path 11857 type: object 11858 type: array 11859 name: 11860 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11861 type: string 11862 optional: 11863 description: optional specify whether the ConfigMap or its keys must be defined 11864 type: boolean 11865 type: object 11866 csi: 11867 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. 11868 properties: 11869 driver: 11870 description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 11871 type: string 11872 fsType: 11873 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 11874 type: string 11875 nodePublishSecretRef: 11876 description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 11877 properties: 11878 name: 11879 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 11880 type: string 11881 type: object 11882 x-kubernetes-map-type: atomic 11883 readOnly: 11884 description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). 11885 type: boolean 11886 volumeAttributes: 11887 additionalProperties: 11888 type: string 11889 description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 11890 type: object 11891 required: 11892 - driver 11893 type: object 11894 downwardAPI: 11895 description: downwardAPI represents downward API about the pod that should populate this volume 11896 properties: 11897 defaultMode: 11898 description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11899 format: int32 11900 type: integer 11901 items: 11902 description: Items is a list of downward API volume file 11903 items: 11904 properties: 11905 fieldRef: 11906 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 11907 properties: 11908 apiVersion: 11909 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 11910 type: string 11911 fieldPath: 11912 description: Path of the field to select in the specified API version. 11913 type: string 11914 required: 11915 - fieldPath 11916 type: object 11917 x-kubernetes-map-type: atomic 11918 mode: 11919 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 11920 format: int32 11921 type: integer 11922 path: 11923 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 11924 type: string 11925 resourceFieldRef: 11926 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 11927 properties: 11928 containerName: 11929 description: "Container name: required for volumes, optional for env vars" 11930 type: string 11931 divisor: 11932 description: Specifies the output format of the exposed resources, defaults to "1" 11933 type: string 11934 resource: 11935 description: "Required: resource to select" 11936 type: string 11937 required: 11938 - resource 11939 type: object 11940 x-kubernetes-map-type: atomic 11941 required: 11942 - path 11943 type: object 11944 type: array 11945 type: object 11946 emptyDir: 11947 description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 11948 properties: 11949 medium: 11950 description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 11951 type: string 11952 sizeLimit: 11953 description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 11954 type: string 11955 type: object 11956 ephemeral: 11957 description: |- 11958 ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. 11959 11960 Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity 11961 tracking are needed, 11962 c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through 11963 a PersistentVolumeClaim (see EphemeralVolumeSource for more 11964 information on the connection between this volume type 11965 and PersistentVolumeClaim). 11966 11967 Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. 11968 11969 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. 11970 11971 A pod can use both types of ephemeral volumes and persistent volumes at the same time. 11972 properties: 11973 volumeClaimTemplate: 11974 description: |- 11975 Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). 11976 11977 An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. 11978 11979 This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. 11980 11981 Required, must not be nil. 11982 properties: 11983 metadata: 11984 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 11985 properties: 11986 annotations: 11987 additionalProperties: 11988 type: string 11989 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 11990 type: object 11991 creationTimestamp: 11992 description: |- 11993 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 11994 11995 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 11996 format: date-time 11997 nullable: true 11998 type: string 11999 deletionGracePeriodSeconds: 12000 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 12001 format: int64 12002 type: integer 12003 deletionTimestamp: 12004 description: |- 12005 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 12006 12007 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 12008 format: date-time 12009 type: string 12010 finalizers: 12011 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 12012 items: 12013 type: string 12014 type: array 12015 generateName: 12016 description: |- 12017 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 12018 12019 If this field is specified and the generated name exists, the server will return a 409. 12020 12021 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 12022 type: string 12023 generation: 12024 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 12025 format: int64 12026 type: integer 12027 labels: 12028 additionalProperties: 12029 type: string 12030 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 12031 type: object 12032 managedFields: 12033 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 12034 items: 12035 properties: 12036 apiVersion: 12037 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 12038 type: string 12039 fieldsType: 12040 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 12041 type: string 12042 fieldsV1: 12043 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 12044 type: object 12045 manager: 12046 description: Manager is an identifier of the workflow managing these fields. 12047 type: string 12048 operation: 12049 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 12050 type: string 12051 subresource: 12052 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 12053 type: string 12054 time: 12055 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 12056 format: date-time 12057 type: string 12058 type: object 12059 type: array 12060 name: 12061 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 12062 type: string 12063 namespace: 12064 description: |- 12065 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 12066 12067 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 12068 type: string 12069 ownerReferences: 12070 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 12071 items: 12072 properties: 12073 apiVersion: 12074 description: API version of the referent. 12075 type: string 12076 blockOwnerDeletion: 12077 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 12078 type: boolean 12079 controller: 12080 description: If true, this reference points to the managing controller. 12081 type: boolean 12082 kind: 12083 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 12084 type: string 12085 name: 12086 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 12087 type: string 12088 uid: 12089 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 12090 type: string 12091 required: 12092 - apiVersion 12093 - kind 12094 - name 12095 - uid 12096 type: object 12097 x-kubernetes-map-type: atomic 12098 type: array 12099 resourceVersion: 12100 description: |- 12101 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 12102 12103 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 12104 type: string 12105 selfLink: 12106 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 12107 type: string 12108 uid: 12109 description: |- 12110 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 12111 12112 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 12113 type: string 12114 type: object 12115 spec: 12116 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 12117 properties: 12118 accessModes: 12119 description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" 12120 items: 12121 enum: 12122 - ReadOnlyMany 12123 - ReadWriteMany 12124 - ReadWriteOnce 12125 - ReadWriteOncePod 12126 type: string 12127 type: array 12128 dataSource: 12129 description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." 12130 properties: 12131 apiGroup: 12132 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 12133 type: string 12134 kind: 12135 description: Kind is the type of resource being referenced 12136 type: string 12137 name: 12138 description: Name is the name of resource being referenced 12139 type: string 12140 required: 12141 - kind 12142 - name 12143 type: object 12144 x-kubernetes-map-type: atomic 12145 dataSourceRef: 12146 description: |- 12147 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef 12148 allows any non-core object, as well as PersistentVolumeClaim objects. 12149 * While dataSource ignores disallowed values (dropping them), dataSourceRef 12150 preserves all values, and generates an error if a disallowed value is 12151 specified. 12152 * While dataSource only allows local objects, dataSourceRef allows objects 12153 in any namespaces. 12154 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 12155 properties: 12156 apiGroup: 12157 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 12158 type: string 12159 kind: 12160 description: Kind is the type of resource being referenced 12161 type: string 12162 name: 12163 description: Name is the name of resource being referenced 12164 type: string 12165 namespace: 12166 description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 12167 type: string 12168 required: 12169 - kind 12170 - name 12171 type: object 12172 resources: 12173 description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" 12174 properties: 12175 limits: 12176 additionalProperties: 12177 type: string 12178 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 12179 type: object 12180 requests: 12181 additionalProperties: 12182 type: string 12183 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 12184 type: object 12185 type: object 12186 selector: 12187 description: selector is a label query over volumes to consider for binding. 12188 properties: 12189 matchExpressions: 12190 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 12191 items: 12192 properties: 12193 key: 12194 description: key is the label key that the selector applies to. 12195 type: string 12196 operator: 12197 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 12198 type: string 12199 values: 12200 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 12201 items: 12202 type: string 12203 type: array 12204 required: 12205 - key 12206 - operator 12207 type: object 12208 type: array 12209 matchLabels: 12210 additionalProperties: 12211 type: string 12212 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 12213 type: object 12214 type: object 12215 x-kubernetes-map-type: atomic 12216 storageClassName: 12217 description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" 12218 type: string 12219 volumeAttributesClassName: 12220 description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." 12221 type: string 12222 volumeMode: 12223 description: |- 12224 volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 12225 12226 Possible enum values: 12227 - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device. 12228 - `"Filesystem"` means the volume will be or is formatted with a filesystem. 12229 enum: 12230 - Block 12231 - Filesystem 12232 type: string 12233 volumeName: 12234 description: volumeName is the binding reference to the PersistentVolume backing this claim. 12235 type: string 12236 type: object 12237 required: 12238 - spec 12239 type: object 12240 type: object 12241 fc: 12242 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 12243 properties: 12244 fsType: 12245 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 12246 type: string 12247 lun: 12248 description: "lun is Optional: FC target lun number" 12249 format: int32 12250 type: integer 12251 readOnly: 12252 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 12253 type: boolean 12254 targetWWNs: 12255 description: "targetWWNs is Optional: FC target worldwide names (WWNs)" 12256 items: 12257 type: string 12258 type: array 12259 wwids: 12260 description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." 12261 items: 12262 type: string 12263 type: array 12264 type: object 12265 flexVolume: 12266 description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead." 12267 properties: 12268 driver: 12269 description: driver is the name of the driver to use for this volume. 12270 type: string 12271 fsType: 12272 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 12273 type: string 12274 options: 12275 additionalProperties: 12276 type: string 12277 description: "options is Optional: this field holds extra command options if any." 12278 type: object 12279 readOnly: 12280 description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 12281 type: boolean 12282 secretRef: 12283 description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." 12284 properties: 12285 name: 12286 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 12287 type: string 12288 type: object 12289 x-kubernetes-map-type: atomic 12290 required: 12291 - driver 12292 type: object 12293 flocker: 12294 description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported." 12295 properties: 12296 datasetName: 12297 description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 12298 type: string 12299 datasetUUID: 12300 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset 12301 type: string 12302 type: object 12303 gcePersistentDisk: 12304 description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 12305 properties: 12306 fsType: 12307 description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 12308 type: string 12309 partition: 12310 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 12311 format: int32 12312 type: integer 12313 pdName: 12314 description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 12315 type: string 12316 readOnly: 12317 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 12318 type: boolean 12319 required: 12320 - pdName 12321 type: object 12322 gitRepo: 12323 description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." 12324 properties: 12325 directory: 12326 description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 12327 type: string 12328 repository: 12329 description: repository is the URL 12330 type: string 12331 revision: 12332 description: revision is the commit hash for the specified revision. 12333 type: string 12334 required: 12335 - repository 12336 type: object 12337 glusterfs: 12338 description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md" 12339 properties: 12340 endpoints: 12341 description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 12342 type: string 12343 path: 12344 description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 12345 type: string 12346 readOnly: 12347 description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 12348 type: boolean 12349 required: 12350 - endpoints 12351 - path 12352 type: object 12353 hostPath: 12354 description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 12355 properties: 12356 path: 12357 description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 12358 type: string 12359 type: 12360 description: |- 12361 type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 12362 12363 Possible enum values: 12364 - `""` For backwards compatible, leave it empty if unset 12365 - `"BlockDevice"` A block device must exist at the given path 12366 - `"CharDevice"` A character device must exist at the given path 12367 - `"Directory"` A directory must exist at the given path 12368 - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet. 12369 - `"File"` A file must exist at the given path 12370 - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet. 12371 - `"Socket"` A UNIX socket must exist at the given path 12372 enum: 12373 - "" 12374 - BlockDevice 12375 - CharDevice 12376 - Directory 12377 - DirectoryOrCreate 12378 - File 12379 - FileOrCreate 12380 - Socket 12381 type: string 12382 required: 12383 - path 12384 type: object 12385 image: 12386 description: |- 12387 image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: 12388 12389 - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. 12390 12391 The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. 12392 properties: 12393 pullPolicy: 12394 description: |- 12395 Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 12396 12397 Possible enum values: 12398 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 12399 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 12400 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 12401 enum: 12402 - Always 12403 - IfNotPresent 12404 - Never 12405 type: string 12406 reference: 12407 description: "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 12408 type: string 12409 type: object 12410 iscsi: 12411 description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" 12412 properties: 12413 chapAuthDiscovery: 12414 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication 12415 type: boolean 12416 chapAuthSession: 12417 description: chapAuthSession defines whether support iSCSI Session CHAP authentication 12418 type: boolean 12419 fsType: 12420 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" 12421 type: string 12422 initiatorName: 12423 description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 12424 type: string 12425 iqn: 12426 description: iqn is the target iSCSI Qualified Name. 12427 type: string 12428 iscsiInterface: 12429 description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 12430 type: string 12431 lun: 12432 description: lun represents iSCSI Target Lun number. 12433 format: int32 12434 type: integer 12435 portals: 12436 description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 12437 items: 12438 type: string 12439 type: array 12440 readOnly: 12441 description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 12442 type: boolean 12443 secretRef: 12444 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication 12445 properties: 12446 name: 12447 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 12448 type: string 12449 type: object 12450 x-kubernetes-map-type: atomic 12451 targetPortal: 12452 description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 12453 type: string 12454 required: 12455 - targetPortal 12456 - iqn 12457 - lun 12458 type: object 12459 name: 12460 description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 12461 type: string 12462 nfs: 12463 description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 12464 properties: 12465 path: 12466 description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 12467 type: string 12468 readOnly: 12469 description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 12470 type: boolean 12471 server: 12472 description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 12473 type: string 12474 required: 12475 - server 12476 - path 12477 type: object 12478 persistentVolumeClaim: 12479 description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 12480 properties: 12481 claimName: 12482 description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 12483 type: string 12484 readOnly: 12485 description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. 12486 type: boolean 12487 required: 12488 - claimName 12489 type: object 12490 photonPersistentDisk: 12491 description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported." 12492 properties: 12493 fsType: 12494 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 12495 type: string 12496 pdID: 12497 description: pdID is the ID that identifies Photon Controller persistent disk 12498 type: string 12499 required: 12500 - pdID 12501 type: object 12502 portworxVolume: 12503 description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on." 12504 properties: 12505 fsType: 12506 description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 12507 type: string 12508 readOnly: 12509 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 12510 type: boolean 12511 volumeID: 12512 description: volumeID uniquely identifies a Portworx volume 12513 type: string 12514 required: 12515 - volumeID 12516 type: object 12517 projected: 12518 description: projected items for all in one resources secrets, configmaps, and downward API 12519 properties: 12520 defaultMode: 12521 description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 12522 format: int32 12523 type: integer 12524 sources: 12525 description: sources is the list of volume projections. Each entry in this list handles one source. 12526 items: 12527 properties: 12528 clusterTrustBundle: 12529 description: |- 12530 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. 12531 12532 Alpha, gated by the ClusterTrustBundleProjection feature gate. 12533 12534 ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. 12535 12536 Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. 12537 properties: 12538 labelSelector: 12539 description: Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". 12540 properties: 12541 matchExpressions: 12542 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 12543 items: 12544 properties: 12545 key: 12546 description: key is the label key that the selector applies to. 12547 type: string 12548 operator: 12549 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 12550 type: string 12551 values: 12552 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 12553 items: 12554 type: string 12555 type: array 12556 required: 12557 - key 12558 - operator 12559 type: object 12560 type: array 12561 matchLabels: 12562 additionalProperties: 12563 type: string 12564 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 12565 type: object 12566 type: object 12567 x-kubernetes-map-type: atomic 12568 name: 12569 description: Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. 12570 type: string 12571 optional: 12572 description: If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. 12573 type: boolean 12574 path: 12575 description: Relative path from the volume root to write the bundle. 12576 type: string 12577 signerName: 12578 description: Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. 12579 type: string 12580 required: 12581 - path 12582 type: object 12583 configMap: 12584 description: configMap information about the configMap data to project 12585 properties: 12586 items: 12587 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 12588 items: 12589 properties: 12590 key: 12591 description: key is the key to project. 12592 type: string 12593 mode: 12594 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 12595 format: int32 12596 type: integer 12597 path: 12598 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 12599 type: string 12600 required: 12601 - key 12602 - path 12603 type: object 12604 type: array 12605 name: 12606 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 12607 type: string 12608 optional: 12609 description: optional specify whether the ConfigMap or its keys must be defined 12610 type: boolean 12611 type: object 12612 downwardAPI: 12613 description: downwardAPI information about the downwardAPI data to project 12614 properties: 12615 items: 12616 description: Items is a list of DownwardAPIVolume file 12617 items: 12618 properties: 12619 fieldRef: 12620 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 12621 properties: 12622 apiVersion: 12623 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 12624 type: string 12625 fieldPath: 12626 description: Path of the field to select in the specified API version. 12627 type: string 12628 required: 12629 - fieldPath 12630 type: object 12631 x-kubernetes-map-type: atomic 12632 mode: 12633 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 12634 format: int32 12635 type: integer 12636 path: 12637 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 12638 type: string 12639 resourceFieldRef: 12640 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 12641 properties: 12642 containerName: 12643 description: "Container name: required for volumes, optional for env vars" 12644 type: string 12645 divisor: 12646 description: Specifies the output format of the exposed resources, defaults to "1" 12647 type: string 12648 resource: 12649 description: "Required: resource to select" 12650 type: string 12651 required: 12652 - resource 12653 type: object 12654 x-kubernetes-map-type: atomic 12655 required: 12656 - path 12657 type: object 12658 type: array 12659 type: object 12660 secret: 12661 description: secret information about the secret data to project 12662 properties: 12663 items: 12664 description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 12665 items: 12666 properties: 12667 key: 12668 description: key is the key to project. 12669 type: string 12670 mode: 12671 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 12672 format: int32 12673 type: integer 12674 path: 12675 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 12676 type: string 12677 required: 12678 - key 12679 - path 12680 type: object 12681 type: array 12682 name: 12683 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 12684 type: string 12685 optional: 12686 description: optional field specify whether the Secret or its key must be defined 12687 type: boolean 12688 type: object 12689 serviceAccountToken: 12690 description: serviceAccountToken is information about the serviceAccountToken data to project 12691 properties: 12692 audience: 12693 description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 12694 type: string 12695 expirationSeconds: 12696 description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 12697 format: int64 12698 type: integer 12699 path: 12700 description: path is the path relative to the mount point of the file to project the token into. 12701 type: string 12702 required: 12703 - path 12704 type: object 12705 type: object 12706 type: array 12707 type: object 12708 quobyte: 12709 description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported." 12710 properties: 12711 group: 12712 description: group to map volume access to Default is no group 12713 type: string 12714 readOnly: 12715 description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 12716 type: boolean 12717 registry: 12718 description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 12719 type: string 12720 tenant: 12721 description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 12722 type: string 12723 user: 12724 description: user to map volume access to Defaults to serivceaccount user 12725 type: string 12726 volume: 12727 description: volume is a string that references an already created Quobyte volume by name. 12728 type: string 12729 required: 12730 - registry 12731 - volume 12732 type: object 12733 rbd: 12734 description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md" 12735 properties: 12736 fsType: 12737 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" 12738 type: string 12739 image: 12740 description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 12741 type: string 12742 keyring: 12743 description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 12744 type: string 12745 monitors: 12746 description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 12747 items: 12748 type: string 12749 type: array 12750 pool: 12751 description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 12752 type: string 12753 readOnly: 12754 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 12755 type: boolean 12756 secretRef: 12757 description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 12758 properties: 12759 name: 12760 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 12761 type: string 12762 type: object 12763 x-kubernetes-map-type: atomic 12764 user: 12765 description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 12766 type: string 12767 required: 12768 - monitors 12769 - image 12770 type: object 12771 scaleIO: 12772 description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported." 12773 properties: 12774 fsType: 12775 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 12776 type: string 12777 gateway: 12778 description: gateway is the host address of the ScaleIO API Gateway. 12779 type: string 12780 protectionDomain: 12781 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. 12782 type: string 12783 readOnly: 12784 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 12785 type: boolean 12786 secretRef: 12787 description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 12788 properties: 12789 name: 12790 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 12791 type: string 12792 type: object 12793 x-kubernetes-map-type: atomic 12794 sslEnabled: 12795 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false 12796 type: boolean 12797 storageMode: 12798 description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 12799 type: string 12800 storagePool: 12801 description: storagePool is the ScaleIO Storage Pool associated with the protection domain. 12802 type: string 12803 system: 12804 description: system is the name of the storage system as configured in ScaleIO. 12805 type: string 12806 volumeName: 12807 description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. 12808 type: string 12809 required: 12810 - gateway 12811 - system 12812 - secretRef 12813 type: object 12814 secret: 12815 description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 12816 properties: 12817 defaultMode: 12818 description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 12819 format: int32 12820 type: integer 12821 items: 12822 description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 12823 items: 12824 properties: 12825 key: 12826 description: key is the key to project. 12827 type: string 12828 mode: 12829 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 12830 format: int32 12831 type: integer 12832 path: 12833 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 12834 type: string 12835 required: 12836 - key 12837 - path 12838 type: object 12839 type: array 12840 optional: 12841 description: optional field specify whether the Secret or its keys must be defined 12842 type: boolean 12843 secretName: 12844 description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 12845 type: string 12846 type: object 12847 storageos: 12848 description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported." 12849 properties: 12850 fsType: 12851 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 12852 type: string 12853 readOnly: 12854 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 12855 type: boolean 12856 secretRef: 12857 description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 12858 properties: 12859 name: 12860 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 12861 type: string 12862 type: object 12863 x-kubernetes-map-type: atomic 12864 volumeName: 12865 description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 12866 type: string 12867 volumeNamespace: 12868 description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 12869 type: string 12870 type: object 12871 vsphereVolume: 12872 description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver." 12873 properties: 12874 fsType: 12875 description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 12876 type: string 12877 storagePolicyID: 12878 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 12879 type: string 12880 storagePolicyName: 12881 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. 12882 type: string 12883 volumePath: 12884 description: volumePath is the path that identifies vSphere volume vmdk 12885 type: string 12886 required: 12887 - volumePath 12888 type: object 12889 required: 12890 - name 12891 type: object 12892 type: array 12893 required: 12894 - containers 12895 type: object 12896 type: object 12897 container: 12898 title: The container name running the gameserver 12899 description: if there is more than one container, specify which one is the game server 12900 type: string 12901 minLength: 0 12902 maxLength: 63 12903 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" 12904 ports: 12905 title: array of ports to expose on the game server container 12906 type: array 12907 nullable: true 12908 items: 12909 type: object 12910 properties: 12911 name: 12912 title: Name is the descriptive name of the port 12913 type: string 12914 range: 12915 title: the port range name from which to select a port when using a 'Dynamic' or 'Passthrough' port policy. Defaults to 'default'. 12916 type: string 12917 portPolicy: 12918 title: the port policy that will be applied to the game server 12919 description: | 12920 portPolicy has four options: 12921 - "Dynamic" (default) the system allocates a random free hostPort for the gameserver, for game clients to connect to 12922 - "Static", user defines the hostPort that the game client will connect to. Then onus is on the user to ensure that the 12923 port is available. When static is the policy specified, `hostPort` is required to be populated 12924 - "Passthrough" dynamically sets the `containerPort` to the same value as the dynamically selected hostPort. 12925 This will mean that users will need to lookup what port has been opened through the server side SDK. 12926 - "None" means the `hostPort` is ignored and if defined, the `containerPort` (optional) is used to set the port on the GameServer instance. 12927 type: string 12928 enum: 12929 - Dynamic 12930 - Static 12931 - Passthrough 12932 - None 12933 protocol: 12934 title: Protocol being used. Defaults to UDP. TCP and TCPUDP are other options. 12935 type: string 12936 enum: 12937 - UDP 12938 - TCP 12939 - TCPUDP 12940 container: 12941 title: | 12942 Container is the name of the container on which to open the port. Defaults to the game server container. 12943 type: string 12944 containerPort: 12945 title: The port that is being opened on the game server process 12946 type: integer 12947 minimum: 1 12948 maximum: 65535 12949 hostPort: 12950 title: The port exposed on the host 12951 description: Only required when `portPolicy` is "Static". Overwritten when portPolicy is "Dynamic" or "Passthrough". 12952 type: integer 12953 minimum: 1 12954 maximum: 65535 12955 sdkServer: 12956 type: object 12957 title: Parameters for the SDK Server (sidecar) 12958 properties: 12959 logLevel: 12960 type: string 12961 description: | 12962 sdkServer log level parameter has three options: 12963 - "Info" (default) The SDK server will output all messages except for debug messages 12964 - "Debug" The SDK server will output all messages including debug messages 12965 - "Error" The SDK server will only output error messages 12966 - "Trace" The SDK server will output all messages, including detailed tracing information 12967 enum: 12968 - Error 12969 - Info 12970 - Debug 12971 - Trace 12972 grpcPort: 12973 title: The port on which the SDK server binds the gRPC server to accept incoming connections 12974 description: | 12975 Starting with Agones 1.2 the default gRPC port is 9357. In earlier releases, the default was 59357. 12976 type: integer 12977 minimum: 1 12978 maximum: 65535 12979 httpPort: 12980 title: The port on which the SDK server binds the HTTP gRPC gateway server to accept incoming connections 12981 description: | 12982 Starting with Agones 1.2 the default HTTP port is 9358. In earlier releases, the default was 59358. 12983 type: integer 12984 minimum: 1 12985 maximum: 65535 12986 scheduling: 12987 type: string 12988 enum: 12989 - Packed 12990 - Distributed 12991 health: 12992 type: object 12993 title: Health checking for the running game server 12994 properties: 12995 disabled: 12996 title: Disable health checking. defaults to false, but can be set to true 12997 type: boolean 12998 initialDelaySeconds: 12999 title: Number of seconds after the container has started before health check is initiated. Defaults to 5 seconds 13000 type: integer 13001 minimum: 0 13002 maximum: 2147483648 13003 periodSeconds: 13004 title: How long before the server is considered not healthy 13005 type: integer 13006 minimum: 0 13007 maximum: 2147483648 13008 failureThreshold: 13009 title: Minimum consecutive failures for the health probe to be considered failed after having succeeded. 13010 type: integer 13011 minimum: 1 13012 maximum: 2147483648 13013 players: 13014 type: object 13015 title: Configuration of player capacity 13016 nullable: true 13017 properties: 13018 initialCapacity: 13019 type: integer 13020 title: The initial player capacity of this Game Server 13021 minimum: 0 13022 counters: 13023 type: object 13024 title: Map of player, room, session, etc. counters 13025 nullable: true 13026 maxProperties: 1000 13027 additionalProperties: 13028 type: object 13029 properties: 13030 count: 13031 title: Initial count value 13032 type: integer 13033 default: 0 13034 minimum: 0 13035 capacity: 13036 title: Max capacity of the counter 13037 type: integer 13038 default: 1000 13039 minimum: 0 13040 lists: 13041 type: object 13042 title: Map of player, room, session, etc. lists 13043 nullable: true 13044 maxProperties: 1000 13045 additionalProperties: 13046 type: object 13047 properties: 13048 capacity: 13049 type: integer 13050 title: Max capacity of the array (can be less than or equal to value of maxItems) 13051 minimum: 0 13052 default: 1000 13053 maximum: 1000 # must be equal to values.maxItems 13054 values: 13055 title: set of all the items in the list 13056 type: array 13057 x-kubernetes-list-type: set # Requires items in the array to be unique 13058 maxItems: 1000 # max possible size of the value array (cannot be updated) 13059 items: # name of the item (player1, session1, room1, etc.) 13060 type: string 13061 default: [] 13062 eviction: 13063 type: object 13064 title: Eviction tolerance of the game server 13065 properties: 13066 safe: 13067 type: string 13068 title: Game server supports termination via SIGTERM 13069 description: | 13070 - Never: The game server should run to completion. Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"` and label `agones.dev/safe-to-evict: "false"`, which matches a restrictive PodDisruptionBudget. 13071 - OnUpgrade: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"`, which blocks evictions by Cluster Autoscaler. Evictions from node upgrades proceed normally. 13072 - Always: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated, typically within 10m; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "true"`, which allows evictions by Cluster Autoscaler. 13073 enum: 13074 - Always 13075 - OnUpgrade 13076 - Never 13077 immutableReplicas: 13078 type: integer 13079 title: Immutable count of Pods to a GameServer. Always 1. (Implementation detail of implementing the Scale subresource.) 13080 default: 1 13081 minimum: 1 13082 maximum: 1 13083 status: 13084 description: 'GameServerStatus is the status for a GameServer resource. More info: 13085 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServer' 13086 type: object 13087 title: The status values for the GameServer 13088 properties: 13089 state: 13090 type: string 13091 enum: 13092 - PortAllocation 13093 - Creating 13094 - Starting 13095 - Scheduled 13096 - RequestReady 13097 - Ready 13098 - Shutdown 13099 - Error 13100 - Unhealthy 13101 - Reserved 13102 - Allocated 13103 ports: 13104 type: array 13105 nullable: true 13106 items: 13107 type: object 13108 properties: 13109 name: 13110 type: string 13111 port: 13112 type: integer 13113 address: 13114 type: string 13115 addresses: 13116 type: array 13117 title: Array of addresses at which the GameServer can be reached; copy of Node.Status.addresses 13118 nullable: true 13119 items: 13120 type: object 13121 properties: 13122 address: 13123 type: string 13124 type: 13125 type: string 13126 nodeName: 13127 type: string 13128 reservedUntil: 13129 type: string 13130 nullable: true 13131 format: date-time 13132 players: 13133 type: object 13134 nullable: true 13135 properties: 13136 count: 13137 type: integer 13138 capacity: 13139 type: integer 13140 ids: 13141 type: array 13142 nullable: true 13143 items: 13144 type: string 13145 counters: 13146 type: object 13147 title: Map of player, room, session, etc. counters 13148 nullable: true 13149 maxProperties: 1000 13150 additionalProperties: 13151 type: object 13152 properties: 13153 count: 13154 title: The current count 13155 type: integer 13156 default: 0 13157 minimum: 0 13158 capacity: 13159 type: integer 13160 default: 1000 13161 minimum: 0 13162 lists: 13163 type: object 13164 title: Map of player, room, session, etc. lists 13165 nullable: true 13166 maxProperties: 1000 13167 additionalProperties: 13168 type: object 13169 properties: 13170 capacity: 13171 title: Max capacity of the array (can be less than or equal to value of values.maxItems) 13172 type: integer 13173 minimum: 0 13174 default: 1000 13175 maximum: 1000 # must be equal to values.maxItems 13176 values: 13177 title: Set of all the items in the list 13178 type: array 13179 x-kubernetes-list-type: set # Requires items in the array to be unique 13180 maxItems: 1000 # max possible size of the value array (cannot be updated) 13181 items: # name of the item (player1, session1, room1, etc.) 13182 type: string 13183 default: [] 13184 eviction: 13185 type: object 13186 properties: 13187 safe: 13188 type: string 13189 enum: 13190 - Always 13191 - OnUpgrade 13192 - Never 13193 immutableReplicas: 13194 type: integer 13195 title: Immutable count of Pods to a GameServer. Always 1. (Implementation detail of implementing the Scale subresource.) 13196 default: 1 13197 minimum: 1 13198 maximum: 1 13199 subresources: 13200 # scale enables the scale subresource. We can't actually scale GameServers, but this allows 13201 # for the use of PodDisruptionBudget (PDB) without having to use a PDB per Pod. 13202 scale: 13203 # specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas. 13204 specReplicasPath: .spec.immutableReplicas 13205 # statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas. 13206 statusReplicasPath: .status.immutableReplicas 13207 --- 13208 # Source: agones/templates/crds/gameserverallocationpolicy.yaml 13209 # Copyright 2019 Google LLC All Rights Reserved. 13210 # 13211 # Licensed under the Apache License, Version 2.0 (the "License"); 13212 # you may not use this file except in compliance with the License. 13213 # You may obtain a copy of the License at 13214 # 13215 # http://www.apache.org/licenses/LICENSE-2.0 13216 # 13217 # Unless required by applicable law or agreed to in writing, software 13218 # distributed under the License is distributed on an "AS IS" BASIS, 13219 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13220 # See the License for the specific language governing permissions and 13221 # limitations under the License. 13222 13223 apiVersion: apiextensions.k8s.io/v1 13224 kind: CustomResourceDefinition 13225 metadata: 13226 labels: 13227 component: crd 13228 app: agones 13229 chart: agones-1.54.0-dev 13230 release: agones-manual 13231 heritage: Helm 13232 name: gameserverallocationpolicies.multicluster.agones.dev 13233 spec: 13234 group: multicluster.agones.dev 13235 names: 13236 kind: GameServerAllocationPolicy 13237 plural: gameserverallocationpolicies 13238 shortNames: 13239 - gsap 13240 scope: Namespaced 13241 versions: 13242 - name: v1 13243 served: true 13244 storage: true 13245 schema: 13246 openAPIV3Schema: 13247 description: 'GameServerAllocationPolicy is the Schema for the gameserverallocationpolicies API.' 13248 type: object 13249 properties: 13250 spec: 13251 description: 'GameServerAllocationPolicySpec defines the desired state of GameServerAllocationPolicy. More info: 13252 https://agones.dev/site/docs/reference/agones_crd_api_reference/#multicluster.agones.dev/v1.GameServerAllocationPolicy' 13253 type: object 13254 required: 13255 - priority 13256 - weight 13257 properties: 13258 priority: 13259 format: int32 13260 minimum: 0 13261 type: integer 13262 weight: 13263 format: int64 13264 minimum: 0 13265 type: integer 13266 connectionInfo: 13267 type: object 13268 required: 13269 - namespace 13270 properties: 13271 clusterName: 13272 type: string 13273 allocationEndpoints: 13274 items: 13275 type: string 13276 type: array 13277 minItems: 1 13278 secretName: 13279 type: string 13280 namespace: 13281 type: string 13282 serverCa: 13283 type: string 13284 format: byte 13285 --- 13286 # Source: agones/templates/crds/gameserverset.yaml 13287 # Copyright 2018 Google LLC All Rights Reserved. 13288 # 13289 # Licensed under the Apache License, Version 2.0 (the "License"); 13290 # you may not use this file except in compliance with the License. 13291 # You may obtain a copy of the License at 13292 # 13293 # http://www.apache.org/licenses/LICENSE-2.0 13294 # 13295 # Unless required by applicable law or agreed to in writing, software 13296 # distributed under the License is distributed on an "AS IS" BASIS, 13297 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13298 # See the License for the specific language governing permissions and 13299 # limitations under the License. 13300 13301 apiVersion: apiextensions.k8s.io/v1 13302 kind: CustomResourceDefinition 13303 metadata: 13304 name: gameserversets.agones.dev 13305 labels: 13306 component: crd 13307 app: agones 13308 chart: agones-1.54.0-dev 13309 release: agones-manual 13310 heritage: Helm 13311 spec: 13312 group: agones.dev 13313 names: 13314 kind: GameServerSet 13315 plural: gameserversets 13316 shortNames: 13317 - gss 13318 - gsset 13319 singular: gameserverset 13320 scope: Namespaced 13321 versions: 13322 - name: v1 13323 served: true 13324 storage: true 13325 additionalPrinterColumns: 13326 - jsonPath: .spec.scheduling 13327 name: Scheduling 13328 type: string 13329 - jsonPath: .spec.replicas 13330 name: Desired 13331 type: integer 13332 - jsonPath: .status.replicas 13333 name: Current 13334 type: integer 13335 - jsonPath: .status.allocatedReplicas 13336 name: Allocated 13337 type: integer 13338 - jsonPath: .status.readyReplicas 13339 name: Ready 13340 type: integer 13341 - jsonPath: .metadata.creationTimestamp 13342 name: Age 13343 type: date 13344 schema: 13345 openAPIV3Schema: 13346 description: 'GameServerSet is the data structure for a set of GameServers.' 13347 type: object 13348 properties: 13349 spec: 13350 description: 'GameServerSetSpec the specification for GameServerSet. More info: 13351 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServerSet' 13352 type: object 13353 required: 13354 - replicas 13355 - template 13356 properties: 13357 replicas: 13358 type: integer 13359 minimum: 0 13360 allocationOverflow: 13361 type: object 13362 nullable: true 13363 properties: 13364 labels: 13365 type: object 13366 additionalProperties: 13367 type: string 13368 annotations: 13369 type: object 13370 additionalProperties: 13371 type: string 13372 scheduling: 13373 type: string 13374 enum: 13375 - Packed 13376 - Distributed 13377 priorities: 13378 type: array 13379 description: Configuration of Counters and Lists scale down logic. Priorities in the gameserverset.yaml file must be identical to the structure of priorities in fleet.yaml. 13380 nullable: true 13381 items: 13382 type: object 13383 properties: 13384 type: 13385 type: string 13386 description: Whether a Counter or a List. 13387 enum: 13388 - Counter 13389 - List 13390 key: 13391 type: string 13392 description: The name of the Counter or List 13393 order: 13394 type: string 13395 description: Ascending or Descending sort order 13396 enum: 13397 - Ascending 13398 - Descending 13399 template: 13400 description: 'GameServer is the data structure for a GameServer resource.' 13401 type: object 13402 required: 13403 - spec 13404 properties: 13405 metadata: 13406 description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. 13407 properties: 13408 annotations: 13409 additionalProperties: 13410 type: string 13411 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 13412 type: object 13413 creationTimestamp: 13414 description: |- 13415 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 13416 13417 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 13418 format: date-time 13419 nullable: true 13420 type: string 13421 deletionGracePeriodSeconds: 13422 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 13423 format: int64 13424 type: integer 13425 deletionTimestamp: 13426 description: |- 13427 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 13428 13429 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 13430 format: date-time 13431 type: string 13432 finalizers: 13433 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 13434 items: 13435 type: string 13436 type: array 13437 generateName: 13438 description: |- 13439 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 13440 13441 If this field is specified and the generated name exists, the server will return a 409. 13442 13443 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 13444 type: string 13445 generation: 13446 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 13447 format: int64 13448 type: integer 13449 labels: 13450 additionalProperties: 13451 type: string 13452 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 13453 type: object 13454 managedFields: 13455 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 13456 items: 13457 properties: 13458 apiVersion: 13459 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 13460 type: string 13461 fieldsType: 13462 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 13463 type: string 13464 fieldsV1: 13465 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 13466 type: object 13467 manager: 13468 description: Manager is an identifier of the workflow managing these fields. 13469 type: string 13470 operation: 13471 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 13472 type: string 13473 subresource: 13474 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 13475 type: string 13476 time: 13477 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 13478 format: date-time 13479 type: string 13480 type: object 13481 type: array 13482 name: 13483 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 13484 type: string 13485 namespace: 13486 description: |- 13487 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 13488 13489 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 13490 type: string 13491 ownerReferences: 13492 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 13493 items: 13494 properties: 13495 apiVersion: 13496 description: API version of the referent. 13497 type: string 13498 blockOwnerDeletion: 13499 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 13500 type: boolean 13501 controller: 13502 description: If true, this reference points to the managing controller. 13503 type: boolean 13504 kind: 13505 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 13506 type: string 13507 name: 13508 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 13509 type: string 13510 uid: 13511 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 13512 type: string 13513 required: 13514 - apiVersion 13515 - kind 13516 - name 13517 - uid 13518 type: object 13519 x-kubernetes-map-type: atomic 13520 type: array 13521 resourceVersion: 13522 description: |- 13523 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 13524 13525 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 13526 type: string 13527 selfLink: 13528 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 13529 type: string 13530 uid: 13531 description: |- 13532 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 13533 13534 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 13535 type: string 13536 type: object 13537 spec: 13538 description: 'GameServerSpec is the spec for a GameServer resource. More info: 13539 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServer' 13540 type: object 13541 required: 13542 - template 13543 properties: 13544 template: 13545 description: PodTemplateSpec describes the data a pod should have when created from a template 13546 properties: 13547 metadata: 13548 description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" 13549 properties: 13550 annotations: 13551 additionalProperties: 13552 type: string 13553 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 13554 type: object 13555 creationTimestamp: 13556 description: |- 13557 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 13558 13559 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 13560 format: date-time 13561 nullable: true 13562 type: string 13563 deletionGracePeriodSeconds: 13564 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 13565 format: int64 13566 type: integer 13567 deletionTimestamp: 13568 description: |- 13569 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 13570 13571 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 13572 format: date-time 13573 type: string 13574 finalizers: 13575 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 13576 items: 13577 type: string 13578 type: array 13579 generateName: 13580 description: |- 13581 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 13582 13583 If this field is specified and the generated name exists, the server will return a 409. 13584 13585 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 13586 type: string 13587 generation: 13588 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 13589 format: int64 13590 type: integer 13591 labels: 13592 additionalProperties: 13593 type: string 13594 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 13595 type: object 13596 managedFields: 13597 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 13598 items: 13599 properties: 13600 apiVersion: 13601 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 13602 type: string 13603 fieldsType: 13604 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 13605 type: string 13606 fieldsV1: 13607 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 13608 type: object 13609 manager: 13610 description: Manager is an identifier of the workflow managing these fields. 13611 type: string 13612 operation: 13613 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 13614 type: string 13615 subresource: 13616 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 13617 type: string 13618 time: 13619 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 13620 format: date-time 13621 type: string 13622 type: object 13623 type: array 13624 name: 13625 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 13626 type: string 13627 namespace: 13628 description: |- 13629 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 13630 13631 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 13632 type: string 13633 ownerReferences: 13634 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 13635 items: 13636 properties: 13637 apiVersion: 13638 description: API version of the referent. 13639 type: string 13640 blockOwnerDeletion: 13641 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 13642 type: boolean 13643 controller: 13644 description: If true, this reference points to the managing controller. 13645 type: boolean 13646 kind: 13647 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 13648 type: string 13649 name: 13650 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 13651 type: string 13652 uid: 13653 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 13654 type: string 13655 required: 13656 - apiVersion 13657 - kind 13658 - name 13659 - uid 13660 type: object 13661 x-kubernetes-map-type: atomic 13662 type: array 13663 resourceVersion: 13664 description: |- 13665 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 13666 13667 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 13668 type: string 13669 selfLink: 13670 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 13671 type: string 13672 uid: 13673 description: |- 13674 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 13675 13676 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 13677 type: string 13678 type: object 13679 spec: 13680 description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" 13681 properties: 13682 activeDeadlineSeconds: 13683 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. 13684 format: int64 13685 type: integer 13686 affinity: 13687 description: If specified, the pod's scheduling constraints 13688 properties: 13689 nodeAffinity: 13690 description: Describes node affinity scheduling rules for the pod. 13691 properties: 13692 preferredDuringSchedulingIgnoredDuringExecution: 13693 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 13694 items: 13695 properties: 13696 preference: 13697 description: A node selector term, associated with the corresponding weight. 13698 properties: 13699 matchExpressions: 13700 description: A list of node selector requirements by node's labels. 13701 items: 13702 properties: 13703 key: 13704 description: The label key that the selector applies to. 13705 type: string 13706 operator: 13707 description: |- 13708 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 13709 13710 Possible enum values: 13711 - `"DoesNotExist"` 13712 - `"Exists"` 13713 - `"Gt"` 13714 - `"In"` 13715 - `"Lt"` 13716 - `"NotIn"` 13717 enum: 13718 - DoesNotExist 13719 - Exists 13720 - Gt 13721 - In 13722 - Lt 13723 - NotIn 13724 type: string 13725 values: 13726 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 13727 items: 13728 type: string 13729 type: array 13730 required: 13731 - key 13732 - operator 13733 type: object 13734 type: array 13735 matchFields: 13736 description: A list of node selector requirements by node's fields. 13737 items: 13738 properties: 13739 key: 13740 description: The label key that the selector applies to. 13741 type: string 13742 operator: 13743 description: |- 13744 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 13745 13746 Possible enum values: 13747 - `"DoesNotExist"` 13748 - `"Exists"` 13749 - `"Gt"` 13750 - `"In"` 13751 - `"Lt"` 13752 - `"NotIn"` 13753 enum: 13754 - DoesNotExist 13755 - Exists 13756 - Gt 13757 - In 13758 - Lt 13759 - NotIn 13760 type: string 13761 values: 13762 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 13763 items: 13764 type: string 13765 type: array 13766 required: 13767 - key 13768 - operator 13769 type: object 13770 type: array 13771 type: object 13772 x-kubernetes-map-type: atomic 13773 weight: 13774 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 13775 format: int32 13776 type: integer 13777 required: 13778 - weight 13779 - preference 13780 type: object 13781 type: array 13782 requiredDuringSchedulingIgnoredDuringExecution: 13783 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 13784 properties: 13785 nodeSelectorTerms: 13786 description: Required. A list of node selector terms. The terms are ORed. 13787 items: 13788 properties: 13789 matchExpressions: 13790 description: A list of node selector requirements by node's labels. 13791 items: 13792 properties: 13793 key: 13794 description: The label key that the selector applies to. 13795 type: string 13796 operator: 13797 description: |- 13798 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 13799 13800 Possible enum values: 13801 - `"DoesNotExist"` 13802 - `"Exists"` 13803 - `"Gt"` 13804 - `"In"` 13805 - `"Lt"` 13806 - `"NotIn"` 13807 enum: 13808 - DoesNotExist 13809 - Exists 13810 - Gt 13811 - In 13812 - Lt 13813 - NotIn 13814 type: string 13815 values: 13816 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 13817 items: 13818 type: string 13819 type: array 13820 required: 13821 - key 13822 - operator 13823 type: object 13824 type: array 13825 matchFields: 13826 description: A list of node selector requirements by node's fields. 13827 items: 13828 properties: 13829 key: 13830 description: The label key that the selector applies to. 13831 type: string 13832 operator: 13833 description: |- 13834 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 13835 13836 Possible enum values: 13837 - `"DoesNotExist"` 13838 - `"Exists"` 13839 - `"Gt"` 13840 - `"In"` 13841 - `"Lt"` 13842 - `"NotIn"` 13843 enum: 13844 - DoesNotExist 13845 - Exists 13846 - Gt 13847 - In 13848 - Lt 13849 - NotIn 13850 type: string 13851 values: 13852 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 13853 items: 13854 type: string 13855 type: array 13856 required: 13857 - key 13858 - operator 13859 type: object 13860 type: array 13861 type: object 13862 x-kubernetes-map-type: atomic 13863 type: array 13864 required: 13865 - nodeSelectorTerms 13866 type: object 13867 x-kubernetes-map-type: atomic 13868 type: object 13869 podAffinity: 13870 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 13871 properties: 13872 preferredDuringSchedulingIgnoredDuringExecution: 13873 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 13874 items: 13875 properties: 13876 podAffinityTerm: 13877 description: Required. A pod affinity term, associated with the corresponding weight. 13878 properties: 13879 labelSelector: 13880 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 13881 properties: 13882 matchExpressions: 13883 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13884 items: 13885 properties: 13886 key: 13887 description: key is the label key that the selector applies to. 13888 type: string 13889 operator: 13890 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13891 type: string 13892 values: 13893 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13894 items: 13895 type: string 13896 type: array 13897 required: 13898 - key 13899 - operator 13900 type: object 13901 type: array 13902 matchLabels: 13903 additionalProperties: 13904 type: string 13905 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 13906 type: object 13907 type: object 13908 x-kubernetes-map-type: atomic 13909 matchLabelKeys: 13910 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 13911 items: 13912 type: string 13913 type: array 13914 mismatchLabelKeys: 13915 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 13916 items: 13917 type: string 13918 type: array 13919 namespaceSelector: 13920 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 13921 properties: 13922 matchExpressions: 13923 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13924 items: 13925 properties: 13926 key: 13927 description: key is the label key that the selector applies to. 13928 type: string 13929 operator: 13930 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13931 type: string 13932 values: 13933 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13934 items: 13935 type: string 13936 type: array 13937 required: 13938 - key 13939 - operator 13940 type: object 13941 type: array 13942 matchLabels: 13943 additionalProperties: 13944 type: string 13945 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 13946 type: object 13947 type: object 13948 x-kubernetes-map-type: atomic 13949 namespaces: 13950 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 13951 items: 13952 type: string 13953 type: array 13954 topologyKey: 13955 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 13956 type: string 13957 required: 13958 - topologyKey 13959 type: object 13960 weight: 13961 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 13962 format: int32 13963 type: integer 13964 required: 13965 - weight 13966 - podAffinityTerm 13967 type: object 13968 type: array 13969 requiredDuringSchedulingIgnoredDuringExecution: 13970 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 13971 items: 13972 properties: 13973 labelSelector: 13974 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 13975 properties: 13976 matchExpressions: 13977 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 13978 items: 13979 properties: 13980 key: 13981 description: key is the label key that the selector applies to. 13982 type: string 13983 operator: 13984 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 13985 type: string 13986 values: 13987 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 13988 items: 13989 type: string 13990 type: array 13991 required: 13992 - key 13993 - operator 13994 type: object 13995 type: array 13996 matchLabels: 13997 additionalProperties: 13998 type: string 13999 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 14000 type: object 14001 type: object 14002 x-kubernetes-map-type: atomic 14003 matchLabelKeys: 14004 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 14005 items: 14006 type: string 14007 type: array 14008 mismatchLabelKeys: 14009 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 14010 items: 14011 type: string 14012 type: array 14013 namespaceSelector: 14014 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 14015 properties: 14016 matchExpressions: 14017 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 14018 items: 14019 properties: 14020 key: 14021 description: key is the label key that the selector applies to. 14022 type: string 14023 operator: 14024 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 14025 type: string 14026 values: 14027 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 14028 items: 14029 type: string 14030 type: array 14031 required: 14032 - key 14033 - operator 14034 type: object 14035 type: array 14036 matchLabels: 14037 additionalProperties: 14038 type: string 14039 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 14040 type: object 14041 type: object 14042 x-kubernetes-map-type: atomic 14043 namespaces: 14044 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 14045 items: 14046 type: string 14047 type: array 14048 topologyKey: 14049 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 14050 type: string 14051 required: 14052 - topologyKey 14053 type: object 14054 type: array 14055 type: object 14056 podAntiAffinity: 14057 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 14058 properties: 14059 preferredDuringSchedulingIgnoredDuringExecution: 14060 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 14061 items: 14062 properties: 14063 podAffinityTerm: 14064 description: Required. A pod affinity term, associated with the corresponding weight. 14065 properties: 14066 labelSelector: 14067 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 14068 properties: 14069 matchExpressions: 14070 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 14071 items: 14072 properties: 14073 key: 14074 description: key is the label key that the selector applies to. 14075 type: string 14076 operator: 14077 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 14078 type: string 14079 values: 14080 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 14081 items: 14082 type: string 14083 type: array 14084 required: 14085 - key 14086 - operator 14087 type: object 14088 type: array 14089 matchLabels: 14090 additionalProperties: 14091 type: string 14092 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 14093 type: object 14094 type: object 14095 x-kubernetes-map-type: atomic 14096 matchLabelKeys: 14097 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 14098 items: 14099 type: string 14100 type: array 14101 mismatchLabelKeys: 14102 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 14103 items: 14104 type: string 14105 type: array 14106 namespaceSelector: 14107 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 14108 properties: 14109 matchExpressions: 14110 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 14111 items: 14112 properties: 14113 key: 14114 description: key is the label key that the selector applies to. 14115 type: string 14116 operator: 14117 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 14118 type: string 14119 values: 14120 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 14121 items: 14122 type: string 14123 type: array 14124 required: 14125 - key 14126 - operator 14127 type: object 14128 type: array 14129 matchLabels: 14130 additionalProperties: 14131 type: string 14132 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 14133 type: object 14134 type: object 14135 x-kubernetes-map-type: atomic 14136 namespaces: 14137 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 14138 items: 14139 type: string 14140 type: array 14141 topologyKey: 14142 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 14143 type: string 14144 required: 14145 - topologyKey 14146 type: object 14147 weight: 14148 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 14149 format: int32 14150 type: integer 14151 required: 14152 - weight 14153 - podAffinityTerm 14154 type: object 14155 type: array 14156 requiredDuringSchedulingIgnoredDuringExecution: 14157 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 14158 items: 14159 properties: 14160 labelSelector: 14161 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 14162 properties: 14163 matchExpressions: 14164 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 14165 items: 14166 properties: 14167 key: 14168 description: key is the label key that the selector applies to. 14169 type: string 14170 operator: 14171 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 14172 type: string 14173 values: 14174 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 14175 items: 14176 type: string 14177 type: array 14178 required: 14179 - key 14180 - operator 14181 type: object 14182 type: array 14183 matchLabels: 14184 additionalProperties: 14185 type: string 14186 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 14187 type: object 14188 type: object 14189 x-kubernetes-map-type: atomic 14190 matchLabelKeys: 14191 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. 14192 items: 14193 type: string 14194 type: array 14195 mismatchLabelKeys: 14196 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 14197 items: 14198 type: string 14199 type: array 14200 namespaceSelector: 14201 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 14202 properties: 14203 matchExpressions: 14204 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 14205 items: 14206 properties: 14207 key: 14208 description: key is the label key that the selector applies to. 14209 type: string 14210 operator: 14211 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 14212 type: string 14213 values: 14214 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 14215 items: 14216 type: string 14217 type: array 14218 required: 14219 - key 14220 - operator 14221 type: object 14222 type: array 14223 matchLabels: 14224 additionalProperties: 14225 type: string 14226 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 14227 type: object 14228 type: object 14229 x-kubernetes-map-type: atomic 14230 namespaces: 14231 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 14232 items: 14233 type: string 14234 type: array 14235 topologyKey: 14236 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 14237 type: string 14238 required: 14239 - topologyKey 14240 type: object 14241 type: array 14242 type: object 14243 type: object 14244 automountServiceAccountToken: 14245 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 14246 type: boolean 14247 containers: 14248 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. 14249 items: 14250 properties: 14251 args: 14252 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 14253 items: 14254 type: string 14255 type: array 14256 command: 14257 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 14258 items: 14259 type: string 14260 type: array 14261 env: 14262 description: List of environment variables to set in the container. Cannot be updated. 14263 items: 14264 properties: 14265 name: 14266 description: Name of the environment variable. Must be a C_IDENTIFIER. 14267 type: string 14268 value: 14269 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 14270 type: string 14271 valueFrom: 14272 description: Source for the environment variable's value. Cannot be used if value is not empty. 14273 properties: 14274 configMapKeyRef: 14275 description: Selects a key of a ConfigMap. 14276 properties: 14277 key: 14278 description: The key to select. 14279 type: string 14280 name: 14281 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 14282 type: string 14283 optional: 14284 description: Specify whether the ConfigMap or its key must be defined 14285 type: boolean 14286 required: 14287 - key 14288 type: object 14289 x-kubernetes-map-type: atomic 14290 fieldRef: 14291 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 14292 properties: 14293 apiVersion: 14294 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 14295 type: string 14296 fieldPath: 14297 description: Path of the field to select in the specified API version. 14298 type: string 14299 required: 14300 - fieldPath 14301 type: object 14302 x-kubernetes-map-type: atomic 14303 resourceFieldRef: 14304 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 14305 properties: 14306 containerName: 14307 description: "Container name: required for volumes, optional for env vars" 14308 type: string 14309 divisor: 14310 description: Specifies the output format of the exposed resources, defaults to "1" 14311 type: string 14312 resource: 14313 description: "Required: resource to select" 14314 type: string 14315 required: 14316 - resource 14317 type: object 14318 x-kubernetes-map-type: atomic 14319 secretKeyRef: 14320 description: Selects a key of a secret in the pod's namespace 14321 properties: 14322 key: 14323 description: The key of the secret to select from. Must be a valid secret key. 14324 type: string 14325 name: 14326 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 14327 type: string 14328 optional: 14329 description: Specify whether the Secret or its key must be defined 14330 type: boolean 14331 required: 14332 - key 14333 type: object 14334 x-kubernetes-map-type: atomic 14335 type: object 14336 required: 14337 - name 14338 type: object 14339 type: array 14340 envFrom: 14341 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 14342 items: 14343 properties: 14344 configMapRef: 14345 description: The ConfigMap to select from 14346 properties: 14347 name: 14348 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 14349 type: string 14350 optional: 14351 description: Specify whether the ConfigMap must be defined 14352 type: boolean 14353 type: object 14354 prefix: 14355 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 14356 type: string 14357 secretRef: 14358 description: The Secret to select from 14359 properties: 14360 name: 14361 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 14362 type: string 14363 optional: 14364 description: Specify whether the Secret must be defined 14365 type: boolean 14366 type: object 14367 type: object 14368 type: array 14369 image: 14370 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 14371 type: string 14372 imagePullPolicy: 14373 description: |- 14374 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 14375 14376 Possible enum values: 14377 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 14378 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 14379 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 14380 enum: 14381 - Always 14382 - IfNotPresent 14383 - Never 14384 type: string 14385 lifecycle: 14386 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 14387 properties: 14388 postStart: 14389 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 14390 properties: 14391 exec: 14392 description: Exec specifies a command to execute in the container. 14393 properties: 14394 command: 14395 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 14396 items: 14397 type: string 14398 type: array 14399 type: object 14400 httpGet: 14401 description: HTTPGet specifies an HTTP GET request to perform. 14402 properties: 14403 host: 14404 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 14405 type: string 14406 httpHeaders: 14407 description: Custom headers to set in the request. HTTP allows repeated headers. 14408 items: 14409 properties: 14410 name: 14411 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 14412 type: string 14413 value: 14414 description: The header field value 14415 type: string 14416 required: 14417 - name 14418 - value 14419 type: object 14420 type: array 14421 path: 14422 description: Path to access on the HTTP server. 14423 type: string 14424 port: 14425 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14426 format: int-or-string 14427 x-kubernetes-int-or-string: true 14428 scheme: 14429 description: |- 14430 Scheme to use for connecting to the host. Defaults to HTTP. 14431 14432 Possible enum values: 14433 - `"HTTP"` means that the scheme used will be http:// 14434 - `"HTTPS"` means that the scheme used will be https:// 14435 enum: 14436 - HTTP 14437 - HTTPS 14438 type: string 14439 required: 14440 - port 14441 type: object 14442 sleep: 14443 description: Sleep represents a duration that the container should sleep. 14444 properties: 14445 seconds: 14446 description: Seconds is the number of seconds to sleep. 14447 format: int64 14448 type: integer 14449 required: 14450 - seconds 14451 type: object 14452 tcpSocket: 14453 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 14454 properties: 14455 host: 14456 description: "Optional: Host name to connect to, defaults to the pod IP." 14457 type: string 14458 port: 14459 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14460 format: int-or-string 14461 x-kubernetes-int-or-string: true 14462 required: 14463 - port 14464 type: object 14465 type: object 14466 preStop: 14467 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 14468 properties: 14469 exec: 14470 description: Exec specifies a command to execute in the container. 14471 properties: 14472 command: 14473 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 14474 items: 14475 type: string 14476 type: array 14477 type: object 14478 httpGet: 14479 description: HTTPGet specifies an HTTP GET request to perform. 14480 properties: 14481 host: 14482 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 14483 type: string 14484 httpHeaders: 14485 description: Custom headers to set in the request. HTTP allows repeated headers. 14486 items: 14487 properties: 14488 name: 14489 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 14490 type: string 14491 value: 14492 description: The header field value 14493 type: string 14494 required: 14495 - name 14496 - value 14497 type: object 14498 type: array 14499 path: 14500 description: Path to access on the HTTP server. 14501 type: string 14502 port: 14503 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14504 format: int-or-string 14505 x-kubernetes-int-or-string: true 14506 scheme: 14507 description: |- 14508 Scheme to use for connecting to the host. Defaults to HTTP. 14509 14510 Possible enum values: 14511 - `"HTTP"` means that the scheme used will be http:// 14512 - `"HTTPS"` means that the scheme used will be https:// 14513 enum: 14514 - HTTP 14515 - HTTPS 14516 type: string 14517 required: 14518 - port 14519 type: object 14520 sleep: 14521 description: Sleep represents a duration that the container should sleep. 14522 properties: 14523 seconds: 14524 description: Seconds is the number of seconds to sleep. 14525 format: int64 14526 type: integer 14527 required: 14528 - seconds 14529 type: object 14530 tcpSocket: 14531 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 14532 properties: 14533 host: 14534 description: "Optional: Host name to connect to, defaults to the pod IP." 14535 type: string 14536 port: 14537 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14538 format: int-or-string 14539 x-kubernetes-int-or-string: true 14540 required: 14541 - port 14542 type: object 14543 type: object 14544 stopSignal: 14545 description: |- 14546 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 14547 14548 Possible enum values: 14549 - `"SIGABRT"` 14550 - `"SIGALRM"` 14551 - `"SIGBUS"` 14552 - `"SIGCHLD"` 14553 - `"SIGCLD"` 14554 - `"SIGCONT"` 14555 - `"SIGFPE"` 14556 - `"SIGHUP"` 14557 - `"SIGILL"` 14558 - `"SIGINT"` 14559 - `"SIGIO"` 14560 - `"SIGIOT"` 14561 - `"SIGKILL"` 14562 - `"SIGPIPE"` 14563 - `"SIGPOLL"` 14564 - `"SIGPROF"` 14565 - `"SIGPWR"` 14566 - `"SIGQUIT"` 14567 - `"SIGRTMAX"` 14568 - `"SIGRTMAX-1"` 14569 - `"SIGRTMAX-10"` 14570 - `"SIGRTMAX-11"` 14571 - `"SIGRTMAX-12"` 14572 - `"SIGRTMAX-13"` 14573 - `"SIGRTMAX-14"` 14574 - `"SIGRTMAX-2"` 14575 - `"SIGRTMAX-3"` 14576 - `"SIGRTMAX-4"` 14577 - `"SIGRTMAX-5"` 14578 - `"SIGRTMAX-6"` 14579 - `"SIGRTMAX-7"` 14580 - `"SIGRTMAX-8"` 14581 - `"SIGRTMAX-9"` 14582 - `"SIGRTMIN"` 14583 - `"SIGRTMIN+1"` 14584 - `"SIGRTMIN+10"` 14585 - `"SIGRTMIN+11"` 14586 - `"SIGRTMIN+12"` 14587 - `"SIGRTMIN+13"` 14588 - `"SIGRTMIN+14"` 14589 - `"SIGRTMIN+15"` 14590 - `"SIGRTMIN+2"` 14591 - `"SIGRTMIN+3"` 14592 - `"SIGRTMIN+4"` 14593 - `"SIGRTMIN+5"` 14594 - `"SIGRTMIN+6"` 14595 - `"SIGRTMIN+7"` 14596 - `"SIGRTMIN+8"` 14597 - `"SIGRTMIN+9"` 14598 - `"SIGSEGV"` 14599 - `"SIGSTKFLT"` 14600 - `"SIGSTOP"` 14601 - `"SIGSYS"` 14602 - `"SIGTERM"` 14603 - `"SIGTRAP"` 14604 - `"SIGTSTP"` 14605 - `"SIGTTIN"` 14606 - `"SIGTTOU"` 14607 - `"SIGURG"` 14608 - `"SIGUSR1"` 14609 - `"SIGUSR2"` 14610 - `"SIGVTALRM"` 14611 - `"SIGWINCH"` 14612 - `"SIGXCPU"` 14613 - `"SIGXFSZ"` 14614 enum: 14615 - SIGABRT 14616 - SIGALRM 14617 - SIGBUS 14618 - SIGCHLD 14619 - SIGCLD 14620 - SIGCONT 14621 - SIGFPE 14622 - SIGHUP 14623 - SIGILL 14624 - SIGINT 14625 - SIGIO 14626 - SIGIOT 14627 - SIGKILL 14628 - SIGPIPE 14629 - SIGPOLL 14630 - SIGPROF 14631 - SIGPWR 14632 - SIGQUIT 14633 - SIGRTMAX 14634 - SIGRTMAX-1 14635 - SIGRTMAX-10 14636 - SIGRTMAX-11 14637 - SIGRTMAX-12 14638 - SIGRTMAX-13 14639 - SIGRTMAX-14 14640 - SIGRTMAX-2 14641 - SIGRTMAX-3 14642 - SIGRTMAX-4 14643 - SIGRTMAX-5 14644 - SIGRTMAX-6 14645 - SIGRTMAX-7 14646 - SIGRTMAX-8 14647 - SIGRTMAX-9 14648 - SIGRTMIN 14649 - SIGRTMIN+1 14650 - SIGRTMIN+10 14651 - SIGRTMIN+11 14652 - SIGRTMIN+12 14653 - SIGRTMIN+13 14654 - SIGRTMIN+14 14655 - SIGRTMIN+15 14656 - SIGRTMIN+2 14657 - SIGRTMIN+3 14658 - SIGRTMIN+4 14659 - SIGRTMIN+5 14660 - SIGRTMIN+6 14661 - SIGRTMIN+7 14662 - SIGRTMIN+8 14663 - SIGRTMIN+9 14664 - SIGSEGV 14665 - SIGSTKFLT 14666 - SIGSTOP 14667 - SIGSYS 14668 - SIGTERM 14669 - SIGTRAP 14670 - SIGTSTP 14671 - SIGTTIN 14672 - SIGTTOU 14673 - SIGURG 14674 - SIGUSR1 14675 - SIGUSR2 14676 - SIGVTALRM 14677 - SIGWINCH 14678 - SIGXCPU 14679 - SIGXFSZ 14680 type: string 14681 type: object 14682 livenessProbe: 14683 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14684 properties: 14685 exec: 14686 description: Exec specifies a command to execute in the container. 14687 properties: 14688 command: 14689 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 14690 items: 14691 type: string 14692 type: array 14693 type: object 14694 failureThreshold: 14695 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 14696 format: int32 14697 type: integer 14698 grpc: 14699 description: GRPC specifies a GRPC HealthCheckRequest. 14700 properties: 14701 port: 14702 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 14703 format: int32 14704 type: integer 14705 service: 14706 description: |- 14707 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 14708 14709 If this is not specified, the default behavior is defined by gRPC. 14710 type: string 14711 required: 14712 - port 14713 type: object 14714 httpGet: 14715 description: HTTPGet specifies an HTTP GET request to perform. 14716 properties: 14717 host: 14718 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 14719 type: string 14720 httpHeaders: 14721 description: Custom headers to set in the request. HTTP allows repeated headers. 14722 items: 14723 properties: 14724 name: 14725 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 14726 type: string 14727 value: 14728 description: The header field value 14729 type: string 14730 required: 14731 - name 14732 - value 14733 type: object 14734 type: array 14735 path: 14736 description: Path to access on the HTTP server. 14737 type: string 14738 port: 14739 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14740 format: int-or-string 14741 x-kubernetes-int-or-string: true 14742 scheme: 14743 description: |- 14744 Scheme to use for connecting to the host. Defaults to HTTP. 14745 14746 Possible enum values: 14747 - `"HTTP"` means that the scheme used will be http:// 14748 - `"HTTPS"` means that the scheme used will be https:// 14749 enum: 14750 - HTTP 14751 - HTTPS 14752 type: string 14753 required: 14754 - port 14755 type: object 14756 initialDelaySeconds: 14757 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14758 format: int32 14759 type: integer 14760 periodSeconds: 14761 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 14762 format: int32 14763 type: integer 14764 successThreshold: 14765 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 14766 format: int32 14767 type: integer 14768 tcpSocket: 14769 description: TCPSocket specifies a connection to a TCP port. 14770 properties: 14771 host: 14772 description: "Optional: Host name to connect to, defaults to the pod IP." 14773 type: string 14774 port: 14775 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14776 format: int-or-string 14777 x-kubernetes-int-or-string: true 14778 required: 14779 - port 14780 type: object 14781 terminationGracePeriodSeconds: 14782 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 14783 format: int64 14784 type: integer 14785 timeoutSeconds: 14786 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14787 format: int32 14788 type: integer 14789 type: object 14790 name: 14791 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 14792 type: string 14793 ports: 14794 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 14795 items: 14796 properties: 14797 containerPort: 14798 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 14799 format: int32 14800 type: integer 14801 hostIP: 14802 description: What host IP to bind the external port to. 14803 type: string 14804 hostPort: 14805 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 14806 format: int32 14807 type: integer 14808 name: 14809 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 14810 type: string 14811 protocol: 14812 description: |- 14813 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 14814 14815 Possible enum values: 14816 - `"SCTP"` is the SCTP protocol. 14817 - `"TCP"` is the TCP protocol. 14818 - `"UDP"` is the UDP protocol. 14819 enum: 14820 - SCTP 14821 - TCP 14822 - UDP 14823 type: string 14824 required: 14825 - containerPort 14826 type: object 14827 type: array 14828 readinessProbe: 14829 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14830 properties: 14831 exec: 14832 description: Exec specifies a command to execute in the container. 14833 properties: 14834 command: 14835 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 14836 items: 14837 type: string 14838 type: array 14839 type: object 14840 failureThreshold: 14841 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 14842 format: int32 14843 type: integer 14844 grpc: 14845 description: GRPC specifies a GRPC HealthCheckRequest. 14846 properties: 14847 port: 14848 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 14849 format: int32 14850 type: integer 14851 service: 14852 description: |- 14853 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 14854 14855 If this is not specified, the default behavior is defined by gRPC. 14856 type: string 14857 required: 14858 - port 14859 type: object 14860 httpGet: 14861 description: HTTPGet specifies an HTTP GET request to perform. 14862 properties: 14863 host: 14864 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 14865 type: string 14866 httpHeaders: 14867 description: Custom headers to set in the request. HTTP allows repeated headers. 14868 items: 14869 properties: 14870 name: 14871 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 14872 type: string 14873 value: 14874 description: The header field value 14875 type: string 14876 required: 14877 - name 14878 - value 14879 type: object 14880 type: array 14881 path: 14882 description: Path to access on the HTTP server. 14883 type: string 14884 port: 14885 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14886 format: int-or-string 14887 x-kubernetes-int-or-string: true 14888 scheme: 14889 description: |- 14890 Scheme to use for connecting to the host. Defaults to HTTP. 14891 14892 Possible enum values: 14893 - `"HTTP"` means that the scheme used will be http:// 14894 - `"HTTPS"` means that the scheme used will be https:// 14895 enum: 14896 - HTTP 14897 - HTTPS 14898 type: string 14899 required: 14900 - port 14901 type: object 14902 initialDelaySeconds: 14903 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14904 format: int32 14905 type: integer 14906 periodSeconds: 14907 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 14908 format: int32 14909 type: integer 14910 successThreshold: 14911 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 14912 format: int32 14913 type: integer 14914 tcpSocket: 14915 description: TCPSocket specifies a connection to a TCP port. 14916 properties: 14917 host: 14918 description: "Optional: Host name to connect to, defaults to the pod IP." 14919 type: string 14920 port: 14921 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 14922 format: int-or-string 14923 x-kubernetes-int-or-string: true 14924 required: 14925 - port 14926 type: object 14927 terminationGracePeriodSeconds: 14928 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 14929 format: int64 14930 type: integer 14931 timeoutSeconds: 14932 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 14933 format: int32 14934 type: integer 14935 type: object 14936 resizePolicy: 14937 description: Resources resize policy for the container. 14938 items: 14939 properties: 14940 resourceName: 14941 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 14942 type: string 14943 restartPolicy: 14944 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 14945 type: string 14946 required: 14947 - resourceName 14948 - restartPolicy 14949 type: object 14950 type: array 14951 resources: 14952 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 14953 properties: 14954 claims: 14955 description: |- 14956 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 14957 14958 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 14959 14960 This field is immutable. It can only be set for containers. 14961 items: 14962 properties: 14963 name: 14964 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 14965 type: string 14966 request: 14967 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 14968 type: string 14969 required: 14970 - name 14971 type: object 14972 type: array 14973 limits: 14974 additionalProperties: 14975 type: string 14976 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 14977 type: object 14978 requests: 14979 additionalProperties: 14980 type: string 14981 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 14982 type: object 14983 type: object 14984 restartPolicy: 14985 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 14986 type: string 14987 securityContext: 14988 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 14989 properties: 14990 allowPrivilegeEscalation: 14991 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 14992 type: boolean 14993 appArmorProfile: 14994 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 14995 properties: 14996 localhostProfile: 14997 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 14998 type: string 14999 type: 15000 description: |- 15001 type indicates which kind of AppArmor profile will be applied. Valid options are: 15002 Localhost - a profile pre-loaded on the node. 15003 RuntimeDefault - the container runtime's default profile. 15004 Unconfined - no AppArmor enforcement. 15005 15006 Possible enum values: 15007 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 15008 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 15009 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 15010 enum: 15011 - Localhost 15012 - RuntimeDefault 15013 - Unconfined 15014 type: string 15015 required: 15016 - type 15017 type: object 15018 capabilities: 15019 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 15020 properties: 15021 add: 15022 description: Added capabilities 15023 items: 15024 type: string 15025 type: array 15026 drop: 15027 description: Removed capabilities 15028 items: 15029 type: string 15030 type: array 15031 type: object 15032 privileged: 15033 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 15034 type: boolean 15035 procMount: 15036 description: |- 15037 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 15038 15039 Possible enum values: 15040 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 15041 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 15042 enum: 15043 - Default 15044 - Unmasked 15045 type: string 15046 readOnlyRootFilesystem: 15047 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 15048 type: boolean 15049 runAsGroup: 15050 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 15051 format: int64 15052 type: integer 15053 runAsNonRoot: 15054 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 15055 type: boolean 15056 runAsUser: 15057 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 15058 format: int64 15059 type: integer 15060 seLinuxOptions: 15061 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 15062 properties: 15063 level: 15064 description: Level is SELinux level label that applies to the container. 15065 type: string 15066 role: 15067 description: Role is a SELinux role label that applies to the container. 15068 type: string 15069 type: 15070 description: Type is a SELinux type label that applies to the container. 15071 type: string 15072 user: 15073 description: User is a SELinux user label that applies to the container. 15074 type: string 15075 type: object 15076 seccompProfile: 15077 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 15078 properties: 15079 localhostProfile: 15080 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 15081 type: string 15082 type: 15083 description: |- 15084 type indicates which kind of seccomp profile will be applied. Valid options are: 15085 15086 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 15087 15088 Possible enum values: 15089 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 15090 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 15091 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 15092 enum: 15093 - Localhost 15094 - RuntimeDefault 15095 - Unconfined 15096 type: string 15097 required: 15098 - type 15099 type: object 15100 windowsOptions: 15101 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 15102 properties: 15103 gmsaCredentialSpec: 15104 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 15105 type: string 15106 gmsaCredentialSpecName: 15107 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 15108 type: string 15109 hostProcess: 15110 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 15111 type: boolean 15112 runAsUserName: 15113 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 15114 type: string 15115 type: object 15116 type: object 15117 startupProbe: 15118 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15119 properties: 15120 exec: 15121 description: Exec specifies a command to execute in the container. 15122 properties: 15123 command: 15124 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 15125 items: 15126 type: string 15127 type: array 15128 type: object 15129 failureThreshold: 15130 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 15131 format: int32 15132 type: integer 15133 grpc: 15134 description: GRPC specifies a GRPC HealthCheckRequest. 15135 properties: 15136 port: 15137 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 15138 format: int32 15139 type: integer 15140 service: 15141 description: |- 15142 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 15143 15144 If this is not specified, the default behavior is defined by gRPC. 15145 type: string 15146 required: 15147 - port 15148 type: object 15149 httpGet: 15150 description: HTTPGet specifies an HTTP GET request to perform. 15151 properties: 15152 host: 15153 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 15154 type: string 15155 httpHeaders: 15156 description: Custom headers to set in the request. HTTP allows repeated headers. 15157 items: 15158 properties: 15159 name: 15160 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 15161 type: string 15162 value: 15163 description: The header field value 15164 type: string 15165 required: 15166 - name 15167 - value 15168 type: object 15169 type: array 15170 path: 15171 description: Path to access on the HTTP server. 15172 type: string 15173 port: 15174 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15175 format: int-or-string 15176 x-kubernetes-int-or-string: true 15177 scheme: 15178 description: |- 15179 Scheme to use for connecting to the host. Defaults to HTTP. 15180 15181 Possible enum values: 15182 - `"HTTP"` means that the scheme used will be http:// 15183 - `"HTTPS"` means that the scheme used will be https:// 15184 enum: 15185 - HTTP 15186 - HTTPS 15187 type: string 15188 required: 15189 - port 15190 type: object 15191 initialDelaySeconds: 15192 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15193 format: int32 15194 type: integer 15195 periodSeconds: 15196 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 15197 format: int32 15198 type: integer 15199 successThreshold: 15200 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 15201 format: int32 15202 type: integer 15203 tcpSocket: 15204 description: TCPSocket specifies a connection to a TCP port. 15205 properties: 15206 host: 15207 description: "Optional: Host name to connect to, defaults to the pod IP." 15208 type: string 15209 port: 15210 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15211 format: int-or-string 15212 x-kubernetes-int-or-string: true 15213 required: 15214 - port 15215 type: object 15216 terminationGracePeriodSeconds: 15217 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 15218 format: int64 15219 type: integer 15220 timeoutSeconds: 15221 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15222 format: int32 15223 type: integer 15224 type: object 15225 stdin: 15226 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 15227 type: boolean 15228 stdinOnce: 15229 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 15230 type: boolean 15231 terminationMessagePath: 15232 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 15233 type: string 15234 terminationMessagePolicy: 15235 description: |- 15236 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 15237 15238 Possible enum values: 15239 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 15240 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 15241 enum: 15242 - FallbackToLogsOnError 15243 - File 15244 type: string 15245 tty: 15246 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 15247 type: boolean 15248 volumeDevices: 15249 description: volumeDevices is the list of block devices to be used by the container. 15250 items: 15251 properties: 15252 devicePath: 15253 description: devicePath is the path inside of the container that the device will be mapped to. 15254 type: string 15255 name: 15256 description: name must match the name of a persistentVolumeClaim in the pod 15257 type: string 15258 required: 15259 - name 15260 - devicePath 15261 type: object 15262 type: array 15263 volumeMounts: 15264 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 15265 items: 15266 properties: 15267 mountPath: 15268 description: Path within the container at which the volume should be mounted. Must not contain ':'. 15269 type: string 15270 mountPropagation: 15271 description: |- 15272 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 15273 15274 Possible enum values: 15275 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 15276 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 15277 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 15278 enum: 15279 - Bidirectional 15280 - HostToContainer 15281 - None 15282 type: string 15283 name: 15284 description: This must match the Name of a Volume. 15285 type: string 15286 readOnly: 15287 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 15288 type: boolean 15289 recursiveReadOnly: 15290 description: |- 15291 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 15292 15293 If ReadOnly is false, this field has no meaning and must be unspecified. 15294 15295 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 15296 15297 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 15298 15299 If this field is not specified, it is treated as an equivalent of Disabled. 15300 type: string 15301 subPath: 15302 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 15303 type: string 15304 subPathExpr: 15305 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 15306 type: string 15307 required: 15308 - name 15309 - mountPath 15310 type: object 15311 type: array 15312 workingDir: 15313 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 15314 type: string 15315 required: 15316 - name 15317 type: object 15318 type: array 15319 dnsConfig: 15320 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. 15321 properties: 15322 nameservers: 15323 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. 15324 items: 15325 type: string 15326 type: array 15327 options: 15328 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. 15329 items: 15330 properties: 15331 name: 15332 description: Name is this DNS resolver option's name. Required. 15333 type: string 15334 value: 15335 description: Value is this DNS resolver option's value. 15336 type: string 15337 type: object 15338 type: array 15339 searches: 15340 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. 15341 items: 15342 type: string 15343 type: array 15344 type: object 15345 dnsPolicy: 15346 description: |- 15347 Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 15348 15349 Possible enum values: 15350 - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 15351 - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 15352 - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings. 15353 - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig. 15354 enum: 15355 - ClusterFirst 15356 - ClusterFirstWithHostNet 15357 - Default 15358 - None 15359 type: string 15360 enableServiceLinks: 15361 description: "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true." 15362 type: boolean 15363 ephemeralContainers: 15364 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 15365 items: 15366 properties: 15367 args: 15368 description: "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 15369 items: 15370 type: string 15371 type: array 15372 command: 15373 description: "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 15374 items: 15375 type: string 15376 type: array 15377 env: 15378 description: List of environment variables to set in the container. Cannot be updated. 15379 items: 15380 properties: 15381 name: 15382 description: Name of the environment variable. Must be a C_IDENTIFIER. 15383 type: string 15384 value: 15385 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 15386 type: string 15387 valueFrom: 15388 description: Source for the environment variable's value. Cannot be used if value is not empty. 15389 properties: 15390 configMapKeyRef: 15391 description: Selects a key of a ConfigMap. 15392 properties: 15393 key: 15394 description: The key to select. 15395 type: string 15396 name: 15397 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 15398 type: string 15399 optional: 15400 description: Specify whether the ConfigMap or its key must be defined 15401 type: boolean 15402 required: 15403 - key 15404 type: object 15405 x-kubernetes-map-type: atomic 15406 fieldRef: 15407 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 15408 properties: 15409 apiVersion: 15410 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 15411 type: string 15412 fieldPath: 15413 description: Path of the field to select in the specified API version. 15414 type: string 15415 required: 15416 - fieldPath 15417 type: object 15418 x-kubernetes-map-type: atomic 15419 resourceFieldRef: 15420 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 15421 properties: 15422 containerName: 15423 description: "Container name: required for volumes, optional for env vars" 15424 type: string 15425 divisor: 15426 description: Specifies the output format of the exposed resources, defaults to "1" 15427 type: string 15428 resource: 15429 description: "Required: resource to select" 15430 type: string 15431 required: 15432 - resource 15433 type: object 15434 x-kubernetes-map-type: atomic 15435 secretKeyRef: 15436 description: Selects a key of a secret in the pod's namespace 15437 properties: 15438 key: 15439 description: The key of the secret to select from. Must be a valid secret key. 15440 type: string 15441 name: 15442 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 15443 type: string 15444 optional: 15445 description: Specify whether the Secret or its key must be defined 15446 type: boolean 15447 required: 15448 - key 15449 type: object 15450 x-kubernetes-map-type: atomic 15451 type: object 15452 required: 15453 - name 15454 type: object 15455 type: array 15456 envFrom: 15457 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 15458 items: 15459 properties: 15460 configMapRef: 15461 description: The ConfigMap to select from 15462 properties: 15463 name: 15464 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 15465 type: string 15466 optional: 15467 description: Specify whether the ConfigMap must be defined 15468 type: boolean 15469 type: object 15470 prefix: 15471 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 15472 type: string 15473 secretRef: 15474 description: The Secret to select from 15475 properties: 15476 name: 15477 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 15478 type: string 15479 optional: 15480 description: Specify whether the Secret must be defined 15481 type: boolean 15482 type: object 15483 type: object 15484 type: array 15485 image: 15486 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images" 15487 type: string 15488 imagePullPolicy: 15489 description: |- 15490 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 15491 15492 Possible enum values: 15493 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 15494 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 15495 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 15496 enum: 15497 - Always 15498 - IfNotPresent 15499 - Never 15500 type: string 15501 lifecycle: 15502 description: Lifecycle is not allowed for ephemeral containers. 15503 properties: 15504 postStart: 15505 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 15506 properties: 15507 exec: 15508 description: Exec specifies a command to execute in the container. 15509 properties: 15510 command: 15511 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 15512 items: 15513 type: string 15514 type: array 15515 type: object 15516 httpGet: 15517 description: HTTPGet specifies an HTTP GET request to perform. 15518 properties: 15519 host: 15520 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 15521 type: string 15522 httpHeaders: 15523 description: Custom headers to set in the request. HTTP allows repeated headers. 15524 items: 15525 properties: 15526 name: 15527 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 15528 type: string 15529 value: 15530 description: The header field value 15531 type: string 15532 required: 15533 - name 15534 - value 15535 type: object 15536 type: array 15537 path: 15538 description: Path to access on the HTTP server. 15539 type: string 15540 port: 15541 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15542 format: int-or-string 15543 x-kubernetes-int-or-string: true 15544 scheme: 15545 description: |- 15546 Scheme to use for connecting to the host. Defaults to HTTP. 15547 15548 Possible enum values: 15549 - `"HTTP"` means that the scheme used will be http:// 15550 - `"HTTPS"` means that the scheme used will be https:// 15551 enum: 15552 - HTTP 15553 - HTTPS 15554 type: string 15555 required: 15556 - port 15557 type: object 15558 sleep: 15559 description: Sleep represents a duration that the container should sleep. 15560 properties: 15561 seconds: 15562 description: Seconds is the number of seconds to sleep. 15563 format: int64 15564 type: integer 15565 required: 15566 - seconds 15567 type: object 15568 tcpSocket: 15569 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 15570 properties: 15571 host: 15572 description: "Optional: Host name to connect to, defaults to the pod IP." 15573 type: string 15574 port: 15575 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15576 format: int-or-string 15577 x-kubernetes-int-or-string: true 15578 required: 15579 - port 15580 type: object 15581 type: object 15582 preStop: 15583 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 15584 properties: 15585 exec: 15586 description: Exec specifies a command to execute in the container. 15587 properties: 15588 command: 15589 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 15590 items: 15591 type: string 15592 type: array 15593 type: object 15594 httpGet: 15595 description: HTTPGet specifies an HTTP GET request to perform. 15596 properties: 15597 host: 15598 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 15599 type: string 15600 httpHeaders: 15601 description: Custom headers to set in the request. HTTP allows repeated headers. 15602 items: 15603 properties: 15604 name: 15605 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 15606 type: string 15607 value: 15608 description: The header field value 15609 type: string 15610 required: 15611 - name 15612 - value 15613 type: object 15614 type: array 15615 path: 15616 description: Path to access on the HTTP server. 15617 type: string 15618 port: 15619 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15620 format: int-or-string 15621 x-kubernetes-int-or-string: true 15622 scheme: 15623 description: |- 15624 Scheme to use for connecting to the host. Defaults to HTTP. 15625 15626 Possible enum values: 15627 - `"HTTP"` means that the scheme used will be http:// 15628 - `"HTTPS"` means that the scheme used will be https:// 15629 enum: 15630 - HTTP 15631 - HTTPS 15632 type: string 15633 required: 15634 - port 15635 type: object 15636 sleep: 15637 description: Sleep represents a duration that the container should sleep. 15638 properties: 15639 seconds: 15640 description: Seconds is the number of seconds to sleep. 15641 format: int64 15642 type: integer 15643 required: 15644 - seconds 15645 type: object 15646 tcpSocket: 15647 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 15648 properties: 15649 host: 15650 description: "Optional: Host name to connect to, defaults to the pod IP." 15651 type: string 15652 port: 15653 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15654 format: int-or-string 15655 x-kubernetes-int-or-string: true 15656 required: 15657 - port 15658 type: object 15659 type: object 15660 stopSignal: 15661 description: |- 15662 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 15663 15664 Possible enum values: 15665 - `"SIGABRT"` 15666 - `"SIGALRM"` 15667 - `"SIGBUS"` 15668 - `"SIGCHLD"` 15669 - `"SIGCLD"` 15670 - `"SIGCONT"` 15671 - `"SIGFPE"` 15672 - `"SIGHUP"` 15673 - `"SIGILL"` 15674 - `"SIGINT"` 15675 - `"SIGIO"` 15676 - `"SIGIOT"` 15677 - `"SIGKILL"` 15678 - `"SIGPIPE"` 15679 - `"SIGPOLL"` 15680 - `"SIGPROF"` 15681 - `"SIGPWR"` 15682 - `"SIGQUIT"` 15683 - `"SIGRTMAX"` 15684 - `"SIGRTMAX-1"` 15685 - `"SIGRTMAX-10"` 15686 - `"SIGRTMAX-11"` 15687 - `"SIGRTMAX-12"` 15688 - `"SIGRTMAX-13"` 15689 - `"SIGRTMAX-14"` 15690 - `"SIGRTMAX-2"` 15691 - `"SIGRTMAX-3"` 15692 - `"SIGRTMAX-4"` 15693 - `"SIGRTMAX-5"` 15694 - `"SIGRTMAX-6"` 15695 - `"SIGRTMAX-7"` 15696 - `"SIGRTMAX-8"` 15697 - `"SIGRTMAX-9"` 15698 - `"SIGRTMIN"` 15699 - `"SIGRTMIN+1"` 15700 - `"SIGRTMIN+10"` 15701 - `"SIGRTMIN+11"` 15702 - `"SIGRTMIN+12"` 15703 - `"SIGRTMIN+13"` 15704 - `"SIGRTMIN+14"` 15705 - `"SIGRTMIN+15"` 15706 - `"SIGRTMIN+2"` 15707 - `"SIGRTMIN+3"` 15708 - `"SIGRTMIN+4"` 15709 - `"SIGRTMIN+5"` 15710 - `"SIGRTMIN+6"` 15711 - `"SIGRTMIN+7"` 15712 - `"SIGRTMIN+8"` 15713 - `"SIGRTMIN+9"` 15714 - `"SIGSEGV"` 15715 - `"SIGSTKFLT"` 15716 - `"SIGSTOP"` 15717 - `"SIGSYS"` 15718 - `"SIGTERM"` 15719 - `"SIGTRAP"` 15720 - `"SIGTSTP"` 15721 - `"SIGTTIN"` 15722 - `"SIGTTOU"` 15723 - `"SIGURG"` 15724 - `"SIGUSR1"` 15725 - `"SIGUSR2"` 15726 - `"SIGVTALRM"` 15727 - `"SIGWINCH"` 15728 - `"SIGXCPU"` 15729 - `"SIGXFSZ"` 15730 enum: 15731 - SIGABRT 15732 - SIGALRM 15733 - SIGBUS 15734 - SIGCHLD 15735 - SIGCLD 15736 - SIGCONT 15737 - SIGFPE 15738 - SIGHUP 15739 - SIGILL 15740 - SIGINT 15741 - SIGIO 15742 - SIGIOT 15743 - SIGKILL 15744 - SIGPIPE 15745 - SIGPOLL 15746 - SIGPROF 15747 - SIGPWR 15748 - SIGQUIT 15749 - SIGRTMAX 15750 - SIGRTMAX-1 15751 - SIGRTMAX-10 15752 - SIGRTMAX-11 15753 - SIGRTMAX-12 15754 - SIGRTMAX-13 15755 - SIGRTMAX-14 15756 - SIGRTMAX-2 15757 - SIGRTMAX-3 15758 - SIGRTMAX-4 15759 - SIGRTMAX-5 15760 - SIGRTMAX-6 15761 - SIGRTMAX-7 15762 - SIGRTMAX-8 15763 - SIGRTMAX-9 15764 - SIGRTMIN 15765 - SIGRTMIN+1 15766 - SIGRTMIN+10 15767 - SIGRTMIN+11 15768 - SIGRTMIN+12 15769 - SIGRTMIN+13 15770 - SIGRTMIN+14 15771 - SIGRTMIN+15 15772 - SIGRTMIN+2 15773 - SIGRTMIN+3 15774 - SIGRTMIN+4 15775 - SIGRTMIN+5 15776 - SIGRTMIN+6 15777 - SIGRTMIN+7 15778 - SIGRTMIN+8 15779 - SIGRTMIN+9 15780 - SIGSEGV 15781 - SIGSTKFLT 15782 - SIGSTOP 15783 - SIGSYS 15784 - SIGTERM 15785 - SIGTRAP 15786 - SIGTSTP 15787 - SIGTTIN 15788 - SIGTTOU 15789 - SIGURG 15790 - SIGUSR1 15791 - SIGUSR2 15792 - SIGVTALRM 15793 - SIGWINCH 15794 - SIGXCPU 15795 - SIGXFSZ 15796 type: string 15797 type: object 15798 livenessProbe: 15799 description: Probes are not allowed for ephemeral containers. 15800 properties: 15801 exec: 15802 description: Exec specifies a command to execute in the container. 15803 properties: 15804 command: 15805 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 15806 items: 15807 type: string 15808 type: array 15809 type: object 15810 failureThreshold: 15811 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 15812 format: int32 15813 type: integer 15814 grpc: 15815 description: GRPC specifies a GRPC HealthCheckRequest. 15816 properties: 15817 port: 15818 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 15819 format: int32 15820 type: integer 15821 service: 15822 description: |- 15823 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 15824 15825 If this is not specified, the default behavior is defined by gRPC. 15826 type: string 15827 required: 15828 - port 15829 type: object 15830 httpGet: 15831 description: HTTPGet specifies an HTTP GET request to perform. 15832 properties: 15833 host: 15834 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 15835 type: string 15836 httpHeaders: 15837 description: Custom headers to set in the request. HTTP allows repeated headers. 15838 items: 15839 properties: 15840 name: 15841 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 15842 type: string 15843 value: 15844 description: The header field value 15845 type: string 15846 required: 15847 - name 15848 - value 15849 type: object 15850 type: array 15851 path: 15852 description: Path to access on the HTTP server. 15853 type: string 15854 port: 15855 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15856 format: int-or-string 15857 x-kubernetes-int-or-string: true 15858 scheme: 15859 description: |- 15860 Scheme to use for connecting to the host. Defaults to HTTP. 15861 15862 Possible enum values: 15863 - `"HTTP"` means that the scheme used will be http:// 15864 - `"HTTPS"` means that the scheme used will be https:// 15865 enum: 15866 - HTTP 15867 - HTTPS 15868 type: string 15869 required: 15870 - port 15871 type: object 15872 initialDelaySeconds: 15873 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15874 format: int32 15875 type: integer 15876 periodSeconds: 15877 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 15878 format: int32 15879 type: integer 15880 successThreshold: 15881 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 15882 format: int32 15883 type: integer 15884 tcpSocket: 15885 description: TCPSocket specifies a connection to a TCP port. 15886 properties: 15887 host: 15888 description: "Optional: Host name to connect to, defaults to the pod IP." 15889 type: string 15890 port: 15891 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 15892 format: int-or-string 15893 x-kubernetes-int-or-string: true 15894 required: 15895 - port 15896 type: object 15897 terminationGracePeriodSeconds: 15898 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 15899 format: int64 15900 type: integer 15901 timeoutSeconds: 15902 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 15903 format: int32 15904 type: integer 15905 type: object 15906 name: 15907 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. 15908 type: string 15909 ports: 15910 description: Ports are not allowed for ephemeral containers. 15911 items: 15912 properties: 15913 containerPort: 15914 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 15915 format: int32 15916 type: integer 15917 hostIP: 15918 description: What host IP to bind the external port to. 15919 type: string 15920 hostPort: 15921 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 15922 format: int32 15923 type: integer 15924 name: 15925 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 15926 type: string 15927 protocol: 15928 description: |- 15929 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 15930 15931 Possible enum values: 15932 - `"SCTP"` is the SCTP protocol. 15933 - `"TCP"` is the TCP protocol. 15934 - `"UDP"` is the UDP protocol. 15935 enum: 15936 - SCTP 15937 - TCP 15938 - UDP 15939 type: string 15940 required: 15941 - containerPort 15942 type: object 15943 type: array 15944 readinessProbe: 15945 description: Probes are not allowed for ephemeral containers. 15946 properties: 15947 exec: 15948 description: Exec specifies a command to execute in the container. 15949 properties: 15950 command: 15951 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 15952 items: 15953 type: string 15954 type: array 15955 type: object 15956 failureThreshold: 15957 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 15958 format: int32 15959 type: integer 15960 grpc: 15961 description: GRPC specifies a GRPC HealthCheckRequest. 15962 properties: 15963 port: 15964 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 15965 format: int32 15966 type: integer 15967 service: 15968 description: |- 15969 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 15970 15971 If this is not specified, the default behavior is defined by gRPC. 15972 type: string 15973 required: 15974 - port 15975 type: object 15976 httpGet: 15977 description: HTTPGet specifies an HTTP GET request to perform. 15978 properties: 15979 host: 15980 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 15981 type: string 15982 httpHeaders: 15983 description: Custom headers to set in the request. HTTP allows repeated headers. 15984 items: 15985 properties: 15986 name: 15987 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 15988 type: string 15989 value: 15990 description: The header field value 15991 type: string 15992 required: 15993 - name 15994 - value 15995 type: object 15996 type: array 15997 path: 15998 description: Path to access on the HTTP server. 15999 type: string 16000 port: 16001 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16002 format: int-or-string 16003 x-kubernetes-int-or-string: true 16004 scheme: 16005 description: |- 16006 Scheme to use for connecting to the host. Defaults to HTTP. 16007 16008 Possible enum values: 16009 - `"HTTP"` means that the scheme used will be http:// 16010 - `"HTTPS"` means that the scheme used will be https:// 16011 enum: 16012 - HTTP 16013 - HTTPS 16014 type: string 16015 required: 16016 - port 16017 type: object 16018 initialDelaySeconds: 16019 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 16020 format: int32 16021 type: integer 16022 periodSeconds: 16023 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 16024 format: int32 16025 type: integer 16026 successThreshold: 16027 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 16028 format: int32 16029 type: integer 16030 tcpSocket: 16031 description: TCPSocket specifies a connection to a TCP port. 16032 properties: 16033 host: 16034 description: "Optional: Host name to connect to, defaults to the pod IP." 16035 type: string 16036 port: 16037 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16038 format: int-or-string 16039 x-kubernetes-int-or-string: true 16040 required: 16041 - port 16042 type: object 16043 terminationGracePeriodSeconds: 16044 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 16045 format: int64 16046 type: integer 16047 timeoutSeconds: 16048 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 16049 format: int32 16050 type: integer 16051 type: object 16052 resizePolicy: 16053 description: Resources resize policy for the container. 16054 items: 16055 properties: 16056 resourceName: 16057 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 16058 type: string 16059 restartPolicy: 16060 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 16061 type: string 16062 required: 16063 - resourceName 16064 - restartPolicy 16065 type: object 16066 type: array 16067 resources: 16068 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. 16069 properties: 16070 claims: 16071 description: |- 16072 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 16073 16074 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 16075 16076 This field is immutable. It can only be set for containers. 16077 items: 16078 properties: 16079 name: 16080 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 16081 type: string 16082 request: 16083 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 16084 type: string 16085 required: 16086 - name 16087 type: object 16088 type: array 16089 limits: 16090 additionalProperties: 16091 type: string 16092 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 16093 type: object 16094 requests: 16095 additionalProperties: 16096 type: string 16097 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 16098 type: object 16099 type: object 16100 restartPolicy: 16101 description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. 16102 type: string 16103 securityContext: 16104 description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." 16105 properties: 16106 allowPrivilegeEscalation: 16107 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 16108 type: boolean 16109 appArmorProfile: 16110 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 16111 properties: 16112 localhostProfile: 16113 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 16114 type: string 16115 type: 16116 description: |- 16117 type indicates which kind of AppArmor profile will be applied. Valid options are: 16118 Localhost - a profile pre-loaded on the node. 16119 RuntimeDefault - the container runtime's default profile. 16120 Unconfined - no AppArmor enforcement. 16121 16122 Possible enum values: 16123 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 16124 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 16125 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 16126 enum: 16127 - Localhost 16128 - RuntimeDefault 16129 - Unconfined 16130 type: string 16131 required: 16132 - type 16133 type: object 16134 capabilities: 16135 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 16136 properties: 16137 add: 16138 description: Added capabilities 16139 items: 16140 type: string 16141 type: array 16142 drop: 16143 description: Removed capabilities 16144 items: 16145 type: string 16146 type: array 16147 type: object 16148 privileged: 16149 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 16150 type: boolean 16151 procMount: 16152 description: |- 16153 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 16154 16155 Possible enum values: 16156 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 16157 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 16158 enum: 16159 - Default 16160 - Unmasked 16161 type: string 16162 readOnlyRootFilesystem: 16163 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 16164 type: boolean 16165 runAsGroup: 16166 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 16167 format: int64 16168 type: integer 16169 runAsNonRoot: 16170 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 16171 type: boolean 16172 runAsUser: 16173 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 16174 format: int64 16175 type: integer 16176 seLinuxOptions: 16177 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 16178 properties: 16179 level: 16180 description: Level is SELinux level label that applies to the container. 16181 type: string 16182 role: 16183 description: Role is a SELinux role label that applies to the container. 16184 type: string 16185 type: 16186 description: Type is a SELinux type label that applies to the container. 16187 type: string 16188 user: 16189 description: User is a SELinux user label that applies to the container. 16190 type: string 16191 type: object 16192 seccompProfile: 16193 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 16194 properties: 16195 localhostProfile: 16196 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 16197 type: string 16198 type: 16199 description: |- 16200 type indicates which kind of seccomp profile will be applied. Valid options are: 16201 16202 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 16203 16204 Possible enum values: 16205 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 16206 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 16207 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 16208 enum: 16209 - Localhost 16210 - RuntimeDefault 16211 - Unconfined 16212 type: string 16213 required: 16214 - type 16215 type: object 16216 windowsOptions: 16217 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 16218 properties: 16219 gmsaCredentialSpec: 16220 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 16221 type: string 16222 gmsaCredentialSpecName: 16223 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 16224 type: string 16225 hostProcess: 16226 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 16227 type: boolean 16228 runAsUserName: 16229 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 16230 type: string 16231 type: object 16232 type: object 16233 startupProbe: 16234 description: Probes are not allowed for ephemeral containers. 16235 properties: 16236 exec: 16237 description: Exec specifies a command to execute in the container. 16238 properties: 16239 command: 16240 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 16241 items: 16242 type: string 16243 type: array 16244 type: object 16245 failureThreshold: 16246 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 16247 format: int32 16248 type: integer 16249 grpc: 16250 description: GRPC specifies a GRPC HealthCheckRequest. 16251 properties: 16252 port: 16253 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 16254 format: int32 16255 type: integer 16256 service: 16257 description: |- 16258 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 16259 16260 If this is not specified, the default behavior is defined by gRPC. 16261 type: string 16262 required: 16263 - port 16264 type: object 16265 httpGet: 16266 description: HTTPGet specifies an HTTP GET request to perform. 16267 properties: 16268 host: 16269 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 16270 type: string 16271 httpHeaders: 16272 description: Custom headers to set in the request. HTTP allows repeated headers. 16273 items: 16274 properties: 16275 name: 16276 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 16277 type: string 16278 value: 16279 description: The header field value 16280 type: string 16281 required: 16282 - name 16283 - value 16284 type: object 16285 type: array 16286 path: 16287 description: Path to access on the HTTP server. 16288 type: string 16289 port: 16290 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16291 format: int-or-string 16292 x-kubernetes-int-or-string: true 16293 scheme: 16294 description: |- 16295 Scheme to use for connecting to the host. Defaults to HTTP. 16296 16297 Possible enum values: 16298 - `"HTTP"` means that the scheme used will be http:// 16299 - `"HTTPS"` means that the scheme used will be https:// 16300 enum: 16301 - HTTP 16302 - HTTPS 16303 type: string 16304 required: 16305 - port 16306 type: object 16307 initialDelaySeconds: 16308 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 16309 format: int32 16310 type: integer 16311 periodSeconds: 16312 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 16313 format: int32 16314 type: integer 16315 successThreshold: 16316 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 16317 format: int32 16318 type: integer 16319 tcpSocket: 16320 description: TCPSocket specifies a connection to a TCP port. 16321 properties: 16322 host: 16323 description: "Optional: Host name to connect to, defaults to the pod IP." 16324 type: string 16325 port: 16326 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16327 format: int-or-string 16328 x-kubernetes-int-or-string: true 16329 required: 16330 - port 16331 type: object 16332 terminationGracePeriodSeconds: 16333 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 16334 format: int64 16335 type: integer 16336 timeoutSeconds: 16337 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 16338 format: int32 16339 type: integer 16340 type: object 16341 stdin: 16342 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 16343 type: boolean 16344 stdinOnce: 16345 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 16346 type: boolean 16347 targetContainerName: 16348 description: |- 16349 If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. 16350 16351 The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined. 16352 type: string 16353 terminationMessagePath: 16354 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 16355 type: string 16356 terminationMessagePolicy: 16357 description: |- 16358 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 16359 16360 Possible enum values: 16361 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 16362 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 16363 enum: 16364 - FallbackToLogsOnError 16365 - File 16366 type: string 16367 tty: 16368 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 16369 type: boolean 16370 volumeDevices: 16371 description: volumeDevices is the list of block devices to be used by the container. 16372 items: 16373 properties: 16374 devicePath: 16375 description: devicePath is the path inside of the container that the device will be mapped to. 16376 type: string 16377 name: 16378 description: name must match the name of a persistentVolumeClaim in the pod 16379 type: string 16380 required: 16381 - name 16382 - devicePath 16383 type: object 16384 type: array 16385 volumeMounts: 16386 description: Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. 16387 items: 16388 properties: 16389 mountPath: 16390 description: Path within the container at which the volume should be mounted. Must not contain ':'. 16391 type: string 16392 mountPropagation: 16393 description: |- 16394 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 16395 16396 Possible enum values: 16397 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 16398 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 16399 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 16400 enum: 16401 - Bidirectional 16402 - HostToContainer 16403 - None 16404 type: string 16405 name: 16406 description: This must match the Name of a Volume. 16407 type: string 16408 readOnly: 16409 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 16410 type: boolean 16411 recursiveReadOnly: 16412 description: |- 16413 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 16414 16415 If ReadOnly is false, this field has no meaning and must be unspecified. 16416 16417 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 16418 16419 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 16420 16421 If this field is not specified, it is treated as an equivalent of Disabled. 16422 type: string 16423 subPath: 16424 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 16425 type: string 16426 subPathExpr: 16427 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 16428 type: string 16429 required: 16430 - name 16431 - mountPath 16432 type: object 16433 type: array 16434 workingDir: 16435 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 16436 type: string 16437 required: 16438 - name 16439 type: object 16440 type: array 16441 hostAliases: 16442 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. 16443 items: 16444 properties: 16445 hostnames: 16446 description: Hostnames for the above IP address. 16447 items: 16448 type: string 16449 type: array 16450 ip: 16451 description: IP address of the host file entry. 16452 type: string 16453 required: 16454 - ip 16455 type: object 16456 type: array 16457 hostIPC: 16458 description: "Use the host's ipc namespace. Optional: Default to false." 16459 type: boolean 16460 hostNetwork: 16461 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. 16462 type: boolean 16463 hostPID: 16464 description: "Use the host's pid namespace. Optional: Default to false." 16465 type: boolean 16466 hostUsers: 16467 description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." 16468 type: boolean 16469 hostname: 16470 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. 16471 type: string 16472 imagePullSecrets: 16473 description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" 16474 items: 16475 properties: 16476 name: 16477 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 16478 type: string 16479 type: object 16480 x-kubernetes-map-type: atomic 16481 type: array 16482 initContainers: 16483 description: "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" 16484 items: 16485 properties: 16486 args: 16487 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 16488 items: 16489 type: string 16490 type: array 16491 command: 16492 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 16493 items: 16494 type: string 16495 type: array 16496 env: 16497 description: List of environment variables to set in the container. Cannot be updated. 16498 items: 16499 properties: 16500 name: 16501 description: Name of the environment variable. Must be a C_IDENTIFIER. 16502 type: string 16503 value: 16504 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 16505 type: string 16506 valueFrom: 16507 description: Source for the environment variable's value. Cannot be used if value is not empty. 16508 properties: 16509 configMapKeyRef: 16510 description: Selects a key of a ConfigMap. 16511 properties: 16512 key: 16513 description: The key to select. 16514 type: string 16515 name: 16516 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 16517 type: string 16518 optional: 16519 description: Specify whether the ConfigMap or its key must be defined 16520 type: boolean 16521 required: 16522 - key 16523 type: object 16524 x-kubernetes-map-type: atomic 16525 fieldRef: 16526 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 16527 properties: 16528 apiVersion: 16529 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 16530 type: string 16531 fieldPath: 16532 description: Path of the field to select in the specified API version. 16533 type: string 16534 required: 16535 - fieldPath 16536 type: object 16537 x-kubernetes-map-type: atomic 16538 resourceFieldRef: 16539 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 16540 properties: 16541 containerName: 16542 description: "Container name: required for volumes, optional for env vars" 16543 type: string 16544 divisor: 16545 description: Specifies the output format of the exposed resources, defaults to "1" 16546 type: string 16547 resource: 16548 description: "Required: resource to select" 16549 type: string 16550 required: 16551 - resource 16552 type: object 16553 x-kubernetes-map-type: atomic 16554 secretKeyRef: 16555 description: Selects a key of a secret in the pod's namespace 16556 properties: 16557 key: 16558 description: The key of the secret to select from. Must be a valid secret key. 16559 type: string 16560 name: 16561 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 16562 type: string 16563 optional: 16564 description: Specify whether the Secret or its key must be defined 16565 type: boolean 16566 required: 16567 - key 16568 type: object 16569 x-kubernetes-map-type: atomic 16570 type: object 16571 required: 16572 - name 16573 type: object 16574 type: array 16575 envFrom: 16576 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 16577 items: 16578 properties: 16579 configMapRef: 16580 description: The ConfigMap to select from 16581 properties: 16582 name: 16583 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 16584 type: string 16585 optional: 16586 description: Specify whether the ConfigMap must be defined 16587 type: boolean 16588 type: object 16589 prefix: 16590 description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. 16591 type: string 16592 secretRef: 16593 description: The Secret to select from 16594 properties: 16595 name: 16596 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 16597 type: string 16598 optional: 16599 description: Specify whether the Secret must be defined 16600 type: boolean 16601 type: object 16602 type: object 16603 type: array 16604 image: 16605 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 16606 type: string 16607 imagePullPolicy: 16608 description: |- 16609 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 16610 16611 Possible enum values: 16612 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 16613 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 16614 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 16615 enum: 16616 - Always 16617 - IfNotPresent 16618 - Never 16619 type: string 16620 lifecycle: 16621 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 16622 properties: 16623 postStart: 16624 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 16625 properties: 16626 exec: 16627 description: Exec specifies a command to execute in the container. 16628 properties: 16629 command: 16630 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 16631 items: 16632 type: string 16633 type: array 16634 type: object 16635 httpGet: 16636 description: HTTPGet specifies an HTTP GET request to perform. 16637 properties: 16638 host: 16639 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 16640 type: string 16641 httpHeaders: 16642 description: Custom headers to set in the request. HTTP allows repeated headers. 16643 items: 16644 properties: 16645 name: 16646 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 16647 type: string 16648 value: 16649 description: The header field value 16650 type: string 16651 required: 16652 - name 16653 - value 16654 type: object 16655 type: array 16656 path: 16657 description: Path to access on the HTTP server. 16658 type: string 16659 port: 16660 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16661 format: int-or-string 16662 x-kubernetes-int-or-string: true 16663 scheme: 16664 description: |- 16665 Scheme to use for connecting to the host. Defaults to HTTP. 16666 16667 Possible enum values: 16668 - `"HTTP"` means that the scheme used will be http:// 16669 - `"HTTPS"` means that the scheme used will be https:// 16670 enum: 16671 - HTTP 16672 - HTTPS 16673 type: string 16674 required: 16675 - port 16676 type: object 16677 sleep: 16678 description: Sleep represents a duration that the container should sleep. 16679 properties: 16680 seconds: 16681 description: Seconds is the number of seconds to sleep. 16682 format: int64 16683 type: integer 16684 required: 16685 - seconds 16686 type: object 16687 tcpSocket: 16688 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 16689 properties: 16690 host: 16691 description: "Optional: Host name to connect to, defaults to the pod IP." 16692 type: string 16693 port: 16694 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16695 format: int-or-string 16696 x-kubernetes-int-or-string: true 16697 required: 16698 - port 16699 type: object 16700 type: object 16701 preStop: 16702 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 16703 properties: 16704 exec: 16705 description: Exec specifies a command to execute in the container. 16706 properties: 16707 command: 16708 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 16709 items: 16710 type: string 16711 type: array 16712 type: object 16713 httpGet: 16714 description: HTTPGet specifies an HTTP GET request to perform. 16715 properties: 16716 host: 16717 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 16718 type: string 16719 httpHeaders: 16720 description: Custom headers to set in the request. HTTP allows repeated headers. 16721 items: 16722 properties: 16723 name: 16724 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 16725 type: string 16726 value: 16727 description: The header field value 16728 type: string 16729 required: 16730 - name 16731 - value 16732 type: object 16733 type: array 16734 path: 16735 description: Path to access on the HTTP server. 16736 type: string 16737 port: 16738 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16739 format: int-or-string 16740 x-kubernetes-int-or-string: true 16741 scheme: 16742 description: |- 16743 Scheme to use for connecting to the host. Defaults to HTTP. 16744 16745 Possible enum values: 16746 - `"HTTP"` means that the scheme used will be http:// 16747 - `"HTTPS"` means that the scheme used will be https:// 16748 enum: 16749 - HTTP 16750 - HTTPS 16751 type: string 16752 required: 16753 - port 16754 type: object 16755 sleep: 16756 description: Sleep represents a duration that the container should sleep. 16757 properties: 16758 seconds: 16759 description: Seconds is the number of seconds to sleep. 16760 format: int64 16761 type: integer 16762 required: 16763 - seconds 16764 type: object 16765 tcpSocket: 16766 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 16767 properties: 16768 host: 16769 description: "Optional: Host name to connect to, defaults to the pod IP." 16770 type: string 16771 port: 16772 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16773 format: int-or-string 16774 x-kubernetes-int-or-string: true 16775 required: 16776 - port 16777 type: object 16778 type: object 16779 stopSignal: 16780 description: |- 16781 StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name 16782 16783 Possible enum values: 16784 - `"SIGABRT"` 16785 - `"SIGALRM"` 16786 - `"SIGBUS"` 16787 - `"SIGCHLD"` 16788 - `"SIGCLD"` 16789 - `"SIGCONT"` 16790 - `"SIGFPE"` 16791 - `"SIGHUP"` 16792 - `"SIGILL"` 16793 - `"SIGINT"` 16794 - `"SIGIO"` 16795 - `"SIGIOT"` 16796 - `"SIGKILL"` 16797 - `"SIGPIPE"` 16798 - `"SIGPOLL"` 16799 - `"SIGPROF"` 16800 - `"SIGPWR"` 16801 - `"SIGQUIT"` 16802 - `"SIGRTMAX"` 16803 - `"SIGRTMAX-1"` 16804 - `"SIGRTMAX-10"` 16805 - `"SIGRTMAX-11"` 16806 - `"SIGRTMAX-12"` 16807 - `"SIGRTMAX-13"` 16808 - `"SIGRTMAX-14"` 16809 - `"SIGRTMAX-2"` 16810 - `"SIGRTMAX-3"` 16811 - `"SIGRTMAX-4"` 16812 - `"SIGRTMAX-5"` 16813 - `"SIGRTMAX-6"` 16814 - `"SIGRTMAX-7"` 16815 - `"SIGRTMAX-8"` 16816 - `"SIGRTMAX-9"` 16817 - `"SIGRTMIN"` 16818 - `"SIGRTMIN+1"` 16819 - `"SIGRTMIN+10"` 16820 - `"SIGRTMIN+11"` 16821 - `"SIGRTMIN+12"` 16822 - `"SIGRTMIN+13"` 16823 - `"SIGRTMIN+14"` 16824 - `"SIGRTMIN+15"` 16825 - `"SIGRTMIN+2"` 16826 - `"SIGRTMIN+3"` 16827 - `"SIGRTMIN+4"` 16828 - `"SIGRTMIN+5"` 16829 - `"SIGRTMIN+6"` 16830 - `"SIGRTMIN+7"` 16831 - `"SIGRTMIN+8"` 16832 - `"SIGRTMIN+9"` 16833 - `"SIGSEGV"` 16834 - `"SIGSTKFLT"` 16835 - `"SIGSTOP"` 16836 - `"SIGSYS"` 16837 - `"SIGTERM"` 16838 - `"SIGTRAP"` 16839 - `"SIGTSTP"` 16840 - `"SIGTTIN"` 16841 - `"SIGTTOU"` 16842 - `"SIGURG"` 16843 - `"SIGUSR1"` 16844 - `"SIGUSR2"` 16845 - `"SIGVTALRM"` 16846 - `"SIGWINCH"` 16847 - `"SIGXCPU"` 16848 - `"SIGXFSZ"` 16849 enum: 16850 - SIGABRT 16851 - SIGALRM 16852 - SIGBUS 16853 - SIGCHLD 16854 - SIGCLD 16855 - SIGCONT 16856 - SIGFPE 16857 - SIGHUP 16858 - SIGILL 16859 - SIGINT 16860 - SIGIO 16861 - SIGIOT 16862 - SIGKILL 16863 - SIGPIPE 16864 - SIGPOLL 16865 - SIGPROF 16866 - SIGPWR 16867 - SIGQUIT 16868 - SIGRTMAX 16869 - SIGRTMAX-1 16870 - SIGRTMAX-10 16871 - SIGRTMAX-11 16872 - SIGRTMAX-12 16873 - SIGRTMAX-13 16874 - SIGRTMAX-14 16875 - SIGRTMAX-2 16876 - SIGRTMAX-3 16877 - SIGRTMAX-4 16878 - SIGRTMAX-5 16879 - SIGRTMAX-6 16880 - SIGRTMAX-7 16881 - SIGRTMAX-8 16882 - SIGRTMAX-9 16883 - SIGRTMIN 16884 - SIGRTMIN+1 16885 - SIGRTMIN+10 16886 - SIGRTMIN+11 16887 - SIGRTMIN+12 16888 - SIGRTMIN+13 16889 - SIGRTMIN+14 16890 - SIGRTMIN+15 16891 - SIGRTMIN+2 16892 - SIGRTMIN+3 16893 - SIGRTMIN+4 16894 - SIGRTMIN+5 16895 - SIGRTMIN+6 16896 - SIGRTMIN+7 16897 - SIGRTMIN+8 16898 - SIGRTMIN+9 16899 - SIGSEGV 16900 - SIGSTKFLT 16901 - SIGSTOP 16902 - SIGSYS 16903 - SIGTERM 16904 - SIGTRAP 16905 - SIGTSTP 16906 - SIGTTIN 16907 - SIGTTOU 16908 - SIGURG 16909 - SIGUSR1 16910 - SIGUSR2 16911 - SIGVTALRM 16912 - SIGWINCH 16913 - SIGXCPU 16914 - SIGXFSZ 16915 type: string 16916 type: object 16917 livenessProbe: 16918 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 16919 properties: 16920 exec: 16921 description: Exec specifies a command to execute in the container. 16922 properties: 16923 command: 16924 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 16925 items: 16926 type: string 16927 type: array 16928 type: object 16929 failureThreshold: 16930 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 16931 format: int32 16932 type: integer 16933 grpc: 16934 description: GRPC specifies a GRPC HealthCheckRequest. 16935 properties: 16936 port: 16937 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 16938 format: int32 16939 type: integer 16940 service: 16941 description: |- 16942 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 16943 16944 If this is not specified, the default behavior is defined by gRPC. 16945 type: string 16946 required: 16947 - port 16948 type: object 16949 httpGet: 16950 description: HTTPGet specifies an HTTP GET request to perform. 16951 properties: 16952 host: 16953 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 16954 type: string 16955 httpHeaders: 16956 description: Custom headers to set in the request. HTTP allows repeated headers. 16957 items: 16958 properties: 16959 name: 16960 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 16961 type: string 16962 value: 16963 description: The header field value 16964 type: string 16965 required: 16966 - name 16967 - value 16968 type: object 16969 type: array 16970 path: 16971 description: Path to access on the HTTP server. 16972 type: string 16973 port: 16974 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 16975 format: int-or-string 16976 x-kubernetes-int-or-string: true 16977 scheme: 16978 description: |- 16979 Scheme to use for connecting to the host. Defaults to HTTP. 16980 16981 Possible enum values: 16982 - `"HTTP"` means that the scheme used will be http:// 16983 - `"HTTPS"` means that the scheme used will be https:// 16984 enum: 16985 - HTTP 16986 - HTTPS 16987 type: string 16988 required: 16989 - port 16990 type: object 16991 initialDelaySeconds: 16992 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 16993 format: int32 16994 type: integer 16995 periodSeconds: 16996 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 16997 format: int32 16998 type: integer 16999 successThreshold: 17000 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 17001 format: int32 17002 type: integer 17003 tcpSocket: 17004 description: TCPSocket specifies a connection to a TCP port. 17005 properties: 17006 host: 17007 description: "Optional: Host name to connect to, defaults to the pod IP." 17008 type: string 17009 port: 17010 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 17011 format: int-or-string 17012 x-kubernetes-int-or-string: true 17013 required: 17014 - port 17015 type: object 17016 terminationGracePeriodSeconds: 17017 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 17018 format: int64 17019 type: integer 17020 timeoutSeconds: 17021 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 17022 format: int32 17023 type: integer 17024 type: object 17025 name: 17026 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 17027 type: string 17028 ports: 17029 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 17030 items: 17031 properties: 17032 containerPort: 17033 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 17034 format: int32 17035 type: integer 17036 hostIP: 17037 description: What host IP to bind the external port to. 17038 type: string 17039 hostPort: 17040 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 17041 format: int32 17042 type: integer 17043 name: 17044 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 17045 type: string 17046 protocol: 17047 description: |- 17048 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 17049 17050 Possible enum values: 17051 - `"SCTP"` is the SCTP protocol. 17052 - `"TCP"` is the TCP protocol. 17053 - `"UDP"` is the UDP protocol. 17054 enum: 17055 - SCTP 17056 - TCP 17057 - UDP 17058 type: string 17059 required: 17060 - containerPort 17061 type: object 17062 type: array 17063 readinessProbe: 17064 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 17065 properties: 17066 exec: 17067 description: Exec specifies a command to execute in the container. 17068 properties: 17069 command: 17070 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 17071 items: 17072 type: string 17073 type: array 17074 type: object 17075 failureThreshold: 17076 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 17077 format: int32 17078 type: integer 17079 grpc: 17080 description: GRPC specifies a GRPC HealthCheckRequest. 17081 properties: 17082 port: 17083 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 17084 format: int32 17085 type: integer 17086 service: 17087 description: |- 17088 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 17089 17090 If this is not specified, the default behavior is defined by gRPC. 17091 type: string 17092 required: 17093 - port 17094 type: object 17095 httpGet: 17096 description: HTTPGet specifies an HTTP GET request to perform. 17097 properties: 17098 host: 17099 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 17100 type: string 17101 httpHeaders: 17102 description: Custom headers to set in the request. HTTP allows repeated headers. 17103 items: 17104 properties: 17105 name: 17106 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 17107 type: string 17108 value: 17109 description: The header field value 17110 type: string 17111 required: 17112 - name 17113 - value 17114 type: object 17115 type: array 17116 path: 17117 description: Path to access on the HTTP server. 17118 type: string 17119 port: 17120 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 17121 format: int-or-string 17122 x-kubernetes-int-or-string: true 17123 scheme: 17124 description: |- 17125 Scheme to use for connecting to the host. Defaults to HTTP. 17126 17127 Possible enum values: 17128 - `"HTTP"` means that the scheme used will be http:// 17129 - `"HTTPS"` means that the scheme used will be https:// 17130 enum: 17131 - HTTP 17132 - HTTPS 17133 type: string 17134 required: 17135 - port 17136 type: object 17137 initialDelaySeconds: 17138 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 17139 format: int32 17140 type: integer 17141 periodSeconds: 17142 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 17143 format: int32 17144 type: integer 17145 successThreshold: 17146 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 17147 format: int32 17148 type: integer 17149 tcpSocket: 17150 description: TCPSocket specifies a connection to a TCP port. 17151 properties: 17152 host: 17153 description: "Optional: Host name to connect to, defaults to the pod IP." 17154 type: string 17155 port: 17156 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 17157 format: int-or-string 17158 x-kubernetes-int-or-string: true 17159 required: 17160 - port 17161 type: object 17162 terminationGracePeriodSeconds: 17163 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 17164 format: int64 17165 type: integer 17166 timeoutSeconds: 17167 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 17168 format: int32 17169 type: integer 17170 type: object 17171 resizePolicy: 17172 description: Resources resize policy for the container. 17173 items: 17174 properties: 17175 resourceName: 17176 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 17177 type: string 17178 restartPolicy: 17179 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 17180 type: string 17181 required: 17182 - resourceName 17183 - restartPolicy 17184 type: object 17185 type: array 17186 resources: 17187 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 17188 properties: 17189 claims: 17190 description: |- 17191 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 17192 17193 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 17194 17195 This field is immutable. It can only be set for containers. 17196 items: 17197 properties: 17198 name: 17199 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 17200 type: string 17201 request: 17202 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 17203 type: string 17204 required: 17205 - name 17206 type: object 17207 type: array 17208 limits: 17209 additionalProperties: 17210 type: string 17211 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 17212 type: object 17213 requests: 17214 additionalProperties: 17215 type: string 17216 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 17217 type: object 17218 type: object 17219 restartPolicy: 17220 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 17221 type: string 17222 securityContext: 17223 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 17224 properties: 17225 allowPrivilegeEscalation: 17226 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 17227 type: boolean 17228 appArmorProfile: 17229 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 17230 properties: 17231 localhostProfile: 17232 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 17233 type: string 17234 type: 17235 description: |- 17236 type indicates which kind of AppArmor profile will be applied. Valid options are: 17237 Localhost - a profile pre-loaded on the node. 17238 RuntimeDefault - the container runtime's default profile. 17239 Unconfined - no AppArmor enforcement. 17240 17241 Possible enum values: 17242 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 17243 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 17244 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 17245 enum: 17246 - Localhost 17247 - RuntimeDefault 17248 - Unconfined 17249 type: string 17250 required: 17251 - type 17252 type: object 17253 capabilities: 17254 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 17255 properties: 17256 add: 17257 description: Added capabilities 17258 items: 17259 type: string 17260 type: array 17261 drop: 17262 description: Removed capabilities 17263 items: 17264 type: string 17265 type: array 17266 type: object 17267 privileged: 17268 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 17269 type: boolean 17270 procMount: 17271 description: |- 17272 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 17273 17274 Possible enum values: 17275 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 17276 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 17277 enum: 17278 - Default 17279 - Unmasked 17280 type: string 17281 readOnlyRootFilesystem: 17282 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 17283 type: boolean 17284 runAsGroup: 17285 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 17286 format: int64 17287 type: integer 17288 runAsNonRoot: 17289 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 17290 type: boolean 17291 runAsUser: 17292 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 17293 format: int64 17294 type: integer 17295 seLinuxOptions: 17296 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 17297 properties: 17298 level: 17299 description: Level is SELinux level label that applies to the container. 17300 type: string 17301 role: 17302 description: Role is a SELinux role label that applies to the container. 17303 type: string 17304 type: 17305 description: Type is a SELinux type label that applies to the container. 17306 type: string 17307 user: 17308 description: User is a SELinux user label that applies to the container. 17309 type: string 17310 type: object 17311 seccompProfile: 17312 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 17313 properties: 17314 localhostProfile: 17315 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 17316 type: string 17317 type: 17318 description: |- 17319 type indicates which kind of seccomp profile will be applied. Valid options are: 17320 17321 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 17322 17323 Possible enum values: 17324 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 17325 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 17326 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 17327 enum: 17328 - Localhost 17329 - RuntimeDefault 17330 - Unconfined 17331 type: string 17332 required: 17333 - type 17334 type: object 17335 windowsOptions: 17336 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 17337 properties: 17338 gmsaCredentialSpec: 17339 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 17340 type: string 17341 gmsaCredentialSpecName: 17342 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 17343 type: string 17344 hostProcess: 17345 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 17346 type: boolean 17347 runAsUserName: 17348 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 17349 type: string 17350 type: object 17351 type: object 17352 startupProbe: 17353 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 17354 properties: 17355 exec: 17356 description: Exec specifies a command to execute in the container. 17357 properties: 17358 command: 17359 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 17360 items: 17361 type: string 17362 type: array 17363 type: object 17364 failureThreshold: 17365 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 17366 format: int32 17367 type: integer 17368 grpc: 17369 description: GRPC specifies a GRPC HealthCheckRequest. 17370 properties: 17371 port: 17372 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 17373 format: int32 17374 type: integer 17375 service: 17376 description: |- 17377 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 17378 17379 If this is not specified, the default behavior is defined by gRPC. 17380 type: string 17381 required: 17382 - port 17383 type: object 17384 httpGet: 17385 description: HTTPGet specifies an HTTP GET request to perform. 17386 properties: 17387 host: 17388 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 17389 type: string 17390 httpHeaders: 17391 description: Custom headers to set in the request. HTTP allows repeated headers. 17392 items: 17393 properties: 17394 name: 17395 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 17396 type: string 17397 value: 17398 description: The header field value 17399 type: string 17400 required: 17401 - name 17402 - value 17403 type: object 17404 type: array 17405 path: 17406 description: Path to access on the HTTP server. 17407 type: string 17408 port: 17409 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 17410 format: int-or-string 17411 x-kubernetes-int-or-string: true 17412 scheme: 17413 description: |- 17414 Scheme to use for connecting to the host. Defaults to HTTP. 17415 17416 Possible enum values: 17417 - `"HTTP"` means that the scheme used will be http:// 17418 - `"HTTPS"` means that the scheme used will be https:// 17419 enum: 17420 - HTTP 17421 - HTTPS 17422 type: string 17423 required: 17424 - port 17425 type: object 17426 initialDelaySeconds: 17427 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 17428 format: int32 17429 type: integer 17430 periodSeconds: 17431 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 17432 format: int32 17433 type: integer 17434 successThreshold: 17435 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 17436 format: int32 17437 type: integer 17438 tcpSocket: 17439 description: TCPSocket specifies a connection to a TCP port. 17440 properties: 17441 host: 17442 description: "Optional: Host name to connect to, defaults to the pod IP." 17443 type: string 17444 port: 17445 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 17446 format: int-or-string 17447 x-kubernetes-int-or-string: true 17448 required: 17449 - port 17450 type: object 17451 terminationGracePeriodSeconds: 17452 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 17453 format: int64 17454 type: integer 17455 timeoutSeconds: 17456 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 17457 format: int32 17458 type: integer 17459 type: object 17460 stdin: 17461 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 17462 type: boolean 17463 stdinOnce: 17464 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 17465 type: boolean 17466 terminationMessagePath: 17467 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 17468 type: string 17469 terminationMessagePolicy: 17470 description: |- 17471 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 17472 17473 Possible enum values: 17474 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 17475 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 17476 enum: 17477 - FallbackToLogsOnError 17478 - File 17479 type: string 17480 tty: 17481 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 17482 type: boolean 17483 volumeDevices: 17484 description: volumeDevices is the list of block devices to be used by the container. 17485 items: 17486 properties: 17487 devicePath: 17488 description: devicePath is the path inside of the container that the device will be mapped to. 17489 type: string 17490 name: 17491 description: name must match the name of a persistentVolumeClaim in the pod 17492 type: string 17493 required: 17494 - name 17495 - devicePath 17496 type: object 17497 type: array 17498 volumeMounts: 17499 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 17500 items: 17501 properties: 17502 mountPath: 17503 description: Path within the container at which the volume should be mounted. Must not contain ':'. 17504 type: string 17505 mountPropagation: 17506 description: |- 17507 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 17508 17509 Possible enum values: 17510 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 17511 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 17512 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 17513 enum: 17514 - Bidirectional 17515 - HostToContainer 17516 - None 17517 type: string 17518 name: 17519 description: This must match the Name of a Volume. 17520 type: string 17521 readOnly: 17522 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 17523 type: boolean 17524 recursiveReadOnly: 17525 description: |- 17526 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 17527 17528 If ReadOnly is false, this field has no meaning and must be unspecified. 17529 17530 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 17531 17532 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 17533 17534 If this field is not specified, it is treated as an equivalent of Disabled. 17535 type: string 17536 subPath: 17537 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 17538 type: string 17539 subPathExpr: 17540 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 17541 type: string 17542 required: 17543 - name 17544 - mountPath 17545 type: object 17546 type: array 17547 workingDir: 17548 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 17549 type: string 17550 required: 17551 - name 17552 type: object 17553 type: array 17554 nodeName: 17555 description: NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename 17556 type: string 17557 nodeSelector: 17558 additionalProperties: 17559 type: string 17560 description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" 17561 type: object 17562 x-kubernetes-map-type: atomic 17563 os: 17564 description: |- 17565 Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. 17566 17567 If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions 17568 17569 If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup 17570 properties: 17571 name: 17572 description: "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null" 17573 type: string 17574 required: 17575 - name 17576 type: object 17577 overhead: 17578 additionalProperties: 17579 type: string 17580 description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" 17581 type: object 17582 preemptionPolicy: 17583 description: |- 17584 PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. 17585 17586 Possible enum values: 17587 - `"Never"` means that pod never preempts other pods with lower priority. 17588 - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority. 17589 enum: 17590 - Never 17591 - PreemptLowerPriority 17592 type: string 17593 priority: 17594 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. 17595 format: int32 17596 type: integer 17597 priorityClassName: 17598 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. 17599 type: string 17600 readinessGates: 17601 description: "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" 17602 items: 17603 properties: 17604 conditionType: 17605 description: ConditionType refers to a condition in the pod's condition list with matching type. 17606 type: string 17607 required: 17608 - conditionType 17609 type: object 17610 type: array 17611 resourceClaims: 17612 description: |- 17613 ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. 17614 17615 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 17616 17617 This field is immutable. 17618 items: 17619 properties: 17620 name: 17621 description: Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. 17622 type: string 17623 resourceClaimName: 17624 description: |- 17625 ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. 17626 17627 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 17628 type: string 17629 resourceClaimTemplateName: 17630 description: |- 17631 ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. 17632 17633 The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 17634 17635 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. 17636 17637 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 17638 type: string 17639 required: 17640 - name 17641 type: object 17642 type: array 17643 resources: 17644 description: |- 17645 Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for "cpu" and "memory" resource names only. ResourceClaims are not supported. 17646 17647 This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. 17648 17649 This is an alpha field and requires enabling the PodLevelResources feature gate. 17650 properties: 17651 claims: 17652 description: |- 17653 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 17654 17655 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 17656 17657 This field is immutable. It can only be set for containers. 17658 items: 17659 properties: 17660 name: 17661 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 17662 type: string 17663 request: 17664 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 17665 type: string 17666 required: 17667 - name 17668 type: object 17669 type: array 17670 limits: 17671 additionalProperties: 17672 type: string 17673 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 17674 type: object 17675 requests: 17676 additionalProperties: 17677 type: string 17678 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 17679 type: object 17680 type: object 17681 restartPolicy: 17682 description: |- 17683 Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 17684 17685 Possible enum values: 17686 - `"Always"` 17687 - `"Never"` 17688 - `"OnFailure"` 17689 enum: 17690 - Always 17691 - Never 17692 - OnFailure 17693 type: string 17694 runtimeClassName: 17695 description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" 17696 type: string 17697 schedulerName: 17698 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. 17699 type: string 17700 schedulingGates: 17701 description: |- 17702 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. 17703 17704 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 17705 items: 17706 properties: 17707 name: 17708 description: Name of the scheduling gate. Each scheduling gate must have a unique name field. 17709 type: string 17710 required: 17711 - name 17712 type: object 17713 type: array 17714 securityContext: 17715 description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." 17716 properties: 17717 appArmorProfile: 17718 description: appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 17719 properties: 17720 localhostProfile: 17721 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 17722 type: string 17723 type: 17724 description: |- 17725 type indicates which kind of AppArmor profile will be applied. Valid options are: 17726 Localhost - a profile pre-loaded on the node. 17727 RuntimeDefault - the container runtime's default profile. 17728 Unconfined - no AppArmor enforcement. 17729 17730 Possible enum values: 17731 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 17732 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 17733 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 17734 enum: 17735 - Localhost 17736 - RuntimeDefault 17737 - Unconfined 17738 type: string 17739 required: 17740 - type 17741 type: object 17742 fsGroup: 17743 description: |- 17744 A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 17745 17746 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- 17747 17748 If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. 17749 format: int64 17750 type: integer 17751 fsGroupChangePolicy: 17752 description: |- 17753 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. 17754 17755 Possible enum values: 17756 - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior. 17757 - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume. 17758 enum: 17759 - Always 17760 - OnRootMismatch 17761 type: string 17762 runAsGroup: 17763 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 17764 format: int64 17765 type: integer 17766 runAsNonRoot: 17767 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 17768 type: boolean 17769 runAsUser: 17770 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 17771 format: int64 17772 type: integer 17773 seLinuxChangePolicy: 17774 description: |- 17775 seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". 17776 17777 "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. 17778 17779 "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. 17780 17781 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. 17782 17783 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. 17784 17785 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows. 17786 type: string 17787 seLinuxOptions: 17788 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 17789 properties: 17790 level: 17791 description: Level is SELinux level label that applies to the container. 17792 type: string 17793 role: 17794 description: Role is a SELinux role label that applies to the container. 17795 type: string 17796 type: 17797 description: Type is a SELinux type label that applies to the container. 17798 type: string 17799 user: 17800 description: User is a SELinux user label that applies to the container. 17801 type: string 17802 type: object 17803 seccompProfile: 17804 description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 17805 properties: 17806 localhostProfile: 17807 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 17808 type: string 17809 type: 17810 description: |- 17811 type indicates which kind of seccomp profile will be applied. Valid options are: 17812 17813 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 17814 17815 Possible enum values: 17816 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 17817 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 17818 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 17819 enum: 17820 - Localhost 17821 - RuntimeDefault 17822 - Unconfined 17823 type: string 17824 required: 17825 - type 17826 type: object 17827 supplementalGroups: 17828 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. 17829 items: 17830 format: int64 17831 type: integer 17832 type: array 17833 supplementalGroupsPolicy: 17834 description: |- 17835 Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows. 17836 17837 Possible enum values: 17838 - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group). 17839 - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image. 17840 enum: 17841 - Merge 17842 - Strict 17843 type: string 17844 sysctls: 17845 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. 17846 items: 17847 properties: 17848 name: 17849 description: Name of a property to set 17850 type: string 17851 value: 17852 description: Value of a property to set 17853 type: string 17854 required: 17855 - name 17856 - value 17857 type: object 17858 type: array 17859 windowsOptions: 17860 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 17861 properties: 17862 gmsaCredentialSpec: 17863 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 17864 type: string 17865 gmsaCredentialSpecName: 17866 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 17867 type: string 17868 hostProcess: 17869 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 17870 type: boolean 17871 runAsUserName: 17872 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 17873 type: string 17874 type: object 17875 type: object 17876 serviceAccount: 17877 description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead." 17878 type: string 17879 serviceAccountName: 17880 description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" 17881 type: string 17882 setHostnameAsFQDN: 17883 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. 17884 type: boolean 17885 shareProcessNamespace: 17886 description: "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false." 17887 type: boolean 17888 subdomain: 17889 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all. 17890 type: string 17891 terminationGracePeriodSeconds: 17892 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. 17893 format: int64 17894 type: integer 17895 tolerations: 17896 description: If specified, the pod's tolerations. 17897 items: 17898 properties: 17899 effect: 17900 description: |- 17901 Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 17902 17903 Possible enum values: 17904 - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController. 17905 - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler. 17906 - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler. 17907 enum: 17908 - NoExecute 17909 - NoSchedule 17910 - PreferNoSchedule 17911 type: string 17912 key: 17913 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 17914 type: string 17915 operator: 17916 description: |- 17917 Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 17918 17919 Possible enum values: 17920 - `"Equal"` 17921 - `"Exists"` 17922 enum: 17923 - Equal 17924 - Exists 17925 type: string 17926 tolerationSeconds: 17927 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 17928 format: int64 17929 type: integer 17930 value: 17931 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 17932 type: string 17933 type: object 17934 type: array 17935 topologySpreadConstraints: 17936 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. 17937 items: 17938 properties: 17939 labelSelector: 17940 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 17941 properties: 17942 matchExpressions: 17943 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 17944 items: 17945 properties: 17946 key: 17947 description: key is the label key that the selector applies to. 17948 type: string 17949 operator: 17950 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 17951 type: string 17952 values: 17953 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 17954 items: 17955 type: string 17956 type: array 17957 required: 17958 - key 17959 - operator 17960 type: object 17961 type: array 17962 matchLabels: 17963 additionalProperties: 17964 type: string 17965 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 17966 type: object 17967 type: object 17968 x-kubernetes-map-type: atomic 17969 matchLabelKeys: 17970 description: |- 17971 MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 17972 17973 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 17974 items: 17975 type: string 17976 type: array 17977 maxSkew: 17978 description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." 17979 format: int32 17980 type: integer 17981 minDomains: 17982 description: |- 17983 MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 17984 17985 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. 17986 format: int32 17987 type: integer 17988 nodeAffinityPolicy: 17989 description: |- 17990 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 17991 17992 If this value is nil, the behavior is equivalent to the Honor policy. 17993 17994 Possible enum values: 17995 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 17996 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 17997 enum: 17998 - Honor 17999 - Ignore 18000 type: string 18001 nodeTaintsPolicy: 18002 description: |- 18003 NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 18004 18005 If this value is nil, the behavior is equivalent to the Ignore policy. 18006 18007 Possible enum values: 18008 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 18009 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 18010 enum: 18011 - Honor 18012 - Ignore 18013 type: string 18014 topologyKey: 18015 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. 18016 type: string 18017 whenUnsatisfiable: 18018 description: |- 18019 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, 18020 but giving higher precedence to topologies that would help reduce the 18021 skew. 18022 A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. 18023 18024 Possible enum values: 18025 - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied. 18026 - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied. 18027 enum: 18028 - DoNotSchedule 18029 - ScheduleAnyway 18030 type: string 18031 required: 18032 - maxSkew 18033 - topologyKey 18034 - whenUnsatisfiable 18035 type: object 18036 type: array 18037 volumes: 18038 description: "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" 18039 items: 18040 properties: 18041 awsElasticBlockStore: 18042 description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 18043 properties: 18044 fsType: 18045 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 18046 type: string 18047 partition: 18048 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." 18049 format: int32 18050 type: integer 18051 readOnly: 18052 description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 18053 type: boolean 18054 volumeID: 18055 description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 18056 type: string 18057 required: 18058 - volumeID 18059 type: object 18060 azureDisk: 18061 description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver." 18062 properties: 18063 cachingMode: 18064 description: |- 18065 cachingMode is the Host Caching mode: None, Read Only, Read Write. 18066 18067 Possible enum values: 18068 - `"None"` 18069 - `"ReadOnly"` 18070 - `"ReadWrite"` 18071 enum: 18072 - None 18073 - ReadOnly 18074 - ReadWrite 18075 type: string 18076 diskName: 18077 description: diskName is the Name of the data disk in the blob storage 18078 type: string 18079 diskURI: 18080 description: diskURI is the URI of data disk in the blob storage 18081 type: string 18082 fsType: 18083 description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 18084 type: string 18085 kind: 18086 description: |- 18087 kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared 18088 18089 Possible enum values: 18090 - `"Dedicated"` 18091 - `"Managed"` 18092 - `"Shared"` 18093 enum: 18094 - Dedicated 18095 - Managed 18096 - Shared 18097 type: string 18098 readOnly: 18099 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 18100 type: boolean 18101 required: 18102 - diskName 18103 - diskURI 18104 type: object 18105 azureFile: 18106 description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver." 18107 properties: 18108 readOnly: 18109 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 18110 type: boolean 18111 secretName: 18112 description: secretName is the name of secret that contains Azure Storage Account Name and Key 18113 type: string 18114 shareName: 18115 description: shareName is the azure share Name 18116 type: string 18117 required: 18118 - secretName 18119 - shareName 18120 type: object 18121 cephfs: 18122 description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported." 18123 properties: 18124 monitors: 18125 description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 18126 items: 18127 type: string 18128 type: array 18129 path: 18130 description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" 18131 type: string 18132 readOnly: 18133 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 18134 type: boolean 18135 secretFile: 18136 description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 18137 type: string 18138 secretRef: 18139 description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 18140 properties: 18141 name: 18142 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 18143 type: string 18144 type: object 18145 x-kubernetes-map-type: atomic 18146 user: 18147 description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 18148 type: string 18149 required: 18150 - monitors 18151 type: object 18152 cinder: 18153 description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 18154 properties: 18155 fsType: 18156 description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 18157 type: string 18158 readOnly: 18159 description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 18160 type: boolean 18161 secretRef: 18162 description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." 18163 properties: 18164 name: 18165 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 18166 type: string 18167 type: object 18168 x-kubernetes-map-type: atomic 18169 volumeID: 18170 description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 18171 type: string 18172 required: 18173 - volumeID 18174 type: object 18175 configMap: 18176 description: configMap represents a configMap that should populate this volume 18177 properties: 18178 defaultMode: 18179 description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 18180 format: int32 18181 type: integer 18182 items: 18183 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 18184 items: 18185 properties: 18186 key: 18187 description: key is the key to project. 18188 type: string 18189 mode: 18190 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 18191 format: int32 18192 type: integer 18193 path: 18194 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 18195 type: string 18196 required: 18197 - key 18198 - path 18199 type: object 18200 type: array 18201 name: 18202 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 18203 type: string 18204 optional: 18205 description: optional specify whether the ConfigMap or its keys must be defined 18206 type: boolean 18207 type: object 18208 csi: 18209 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. 18210 properties: 18211 driver: 18212 description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 18213 type: string 18214 fsType: 18215 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 18216 type: string 18217 nodePublishSecretRef: 18218 description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 18219 properties: 18220 name: 18221 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 18222 type: string 18223 type: object 18224 x-kubernetes-map-type: atomic 18225 readOnly: 18226 description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). 18227 type: boolean 18228 volumeAttributes: 18229 additionalProperties: 18230 type: string 18231 description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 18232 type: object 18233 required: 18234 - driver 18235 type: object 18236 downwardAPI: 18237 description: downwardAPI represents downward API about the pod that should populate this volume 18238 properties: 18239 defaultMode: 18240 description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 18241 format: int32 18242 type: integer 18243 items: 18244 description: Items is a list of downward API volume file 18245 items: 18246 properties: 18247 fieldRef: 18248 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 18249 properties: 18250 apiVersion: 18251 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 18252 type: string 18253 fieldPath: 18254 description: Path of the field to select in the specified API version. 18255 type: string 18256 required: 18257 - fieldPath 18258 type: object 18259 x-kubernetes-map-type: atomic 18260 mode: 18261 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 18262 format: int32 18263 type: integer 18264 path: 18265 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 18266 type: string 18267 resourceFieldRef: 18268 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 18269 properties: 18270 containerName: 18271 description: "Container name: required for volumes, optional for env vars" 18272 type: string 18273 divisor: 18274 description: Specifies the output format of the exposed resources, defaults to "1" 18275 type: string 18276 resource: 18277 description: "Required: resource to select" 18278 type: string 18279 required: 18280 - resource 18281 type: object 18282 x-kubernetes-map-type: atomic 18283 required: 18284 - path 18285 type: object 18286 type: array 18287 type: object 18288 emptyDir: 18289 description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 18290 properties: 18291 medium: 18292 description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 18293 type: string 18294 sizeLimit: 18295 description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 18296 type: string 18297 type: object 18298 ephemeral: 18299 description: |- 18300 ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. 18301 18302 Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity 18303 tracking are needed, 18304 c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through 18305 a PersistentVolumeClaim (see EphemeralVolumeSource for more 18306 information on the connection between this volume type 18307 and PersistentVolumeClaim). 18308 18309 Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. 18310 18311 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. 18312 18313 A pod can use both types of ephemeral volumes and persistent volumes at the same time. 18314 properties: 18315 volumeClaimTemplate: 18316 description: |- 18317 Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). 18318 18319 An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. 18320 18321 This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. 18322 18323 Required, must not be nil. 18324 properties: 18325 metadata: 18326 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 18327 properties: 18328 annotations: 18329 additionalProperties: 18330 type: string 18331 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 18332 type: object 18333 creationTimestamp: 18334 description: |- 18335 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 18336 18337 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 18338 format: date-time 18339 nullable: true 18340 type: string 18341 deletionGracePeriodSeconds: 18342 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 18343 format: int64 18344 type: integer 18345 deletionTimestamp: 18346 description: |- 18347 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 18348 18349 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 18350 format: date-time 18351 type: string 18352 finalizers: 18353 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 18354 items: 18355 type: string 18356 type: array 18357 generateName: 18358 description: |- 18359 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 18360 18361 If this field is specified and the generated name exists, the server will return a 409. 18362 18363 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 18364 type: string 18365 generation: 18366 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 18367 format: int64 18368 type: integer 18369 labels: 18370 additionalProperties: 18371 type: string 18372 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 18373 type: object 18374 managedFields: 18375 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 18376 items: 18377 properties: 18378 apiVersion: 18379 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 18380 type: string 18381 fieldsType: 18382 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 18383 type: string 18384 fieldsV1: 18385 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 18386 type: object 18387 manager: 18388 description: Manager is an identifier of the workflow managing these fields. 18389 type: string 18390 operation: 18391 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 18392 type: string 18393 subresource: 18394 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 18395 type: string 18396 time: 18397 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 18398 format: date-time 18399 type: string 18400 type: object 18401 type: array 18402 name: 18403 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 18404 type: string 18405 namespace: 18406 description: |- 18407 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 18408 18409 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 18410 type: string 18411 ownerReferences: 18412 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 18413 items: 18414 properties: 18415 apiVersion: 18416 description: API version of the referent. 18417 type: string 18418 blockOwnerDeletion: 18419 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 18420 type: boolean 18421 controller: 18422 description: If true, this reference points to the managing controller. 18423 type: boolean 18424 kind: 18425 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 18426 type: string 18427 name: 18428 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 18429 type: string 18430 uid: 18431 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 18432 type: string 18433 required: 18434 - apiVersion 18435 - kind 18436 - name 18437 - uid 18438 type: object 18439 x-kubernetes-map-type: atomic 18440 type: array 18441 resourceVersion: 18442 description: |- 18443 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 18444 18445 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 18446 type: string 18447 selfLink: 18448 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 18449 type: string 18450 uid: 18451 description: |- 18452 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 18453 18454 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 18455 type: string 18456 type: object 18457 spec: 18458 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 18459 properties: 18460 accessModes: 18461 description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" 18462 items: 18463 enum: 18464 - ReadOnlyMany 18465 - ReadWriteMany 18466 - ReadWriteOnce 18467 - ReadWriteOncePod 18468 type: string 18469 type: array 18470 dataSource: 18471 description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." 18472 properties: 18473 apiGroup: 18474 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 18475 type: string 18476 kind: 18477 description: Kind is the type of resource being referenced 18478 type: string 18479 name: 18480 description: Name is the name of resource being referenced 18481 type: string 18482 required: 18483 - kind 18484 - name 18485 type: object 18486 x-kubernetes-map-type: atomic 18487 dataSourceRef: 18488 description: |- 18489 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef 18490 allows any non-core object, as well as PersistentVolumeClaim objects. 18491 * While dataSource ignores disallowed values (dropping them), dataSourceRef 18492 preserves all values, and generates an error if a disallowed value is 18493 specified. 18494 * While dataSource only allows local objects, dataSourceRef allows objects 18495 in any namespaces. 18496 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 18497 properties: 18498 apiGroup: 18499 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 18500 type: string 18501 kind: 18502 description: Kind is the type of resource being referenced 18503 type: string 18504 name: 18505 description: Name is the name of resource being referenced 18506 type: string 18507 namespace: 18508 description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 18509 type: string 18510 required: 18511 - kind 18512 - name 18513 type: object 18514 resources: 18515 description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" 18516 properties: 18517 limits: 18518 additionalProperties: 18519 type: string 18520 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 18521 type: object 18522 requests: 18523 additionalProperties: 18524 type: string 18525 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 18526 type: object 18527 type: object 18528 selector: 18529 description: selector is a label query over volumes to consider for binding. 18530 properties: 18531 matchExpressions: 18532 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 18533 items: 18534 properties: 18535 key: 18536 description: key is the label key that the selector applies to. 18537 type: string 18538 operator: 18539 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 18540 type: string 18541 values: 18542 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 18543 items: 18544 type: string 18545 type: array 18546 required: 18547 - key 18548 - operator 18549 type: object 18550 type: array 18551 matchLabels: 18552 additionalProperties: 18553 type: string 18554 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 18555 type: object 18556 type: object 18557 x-kubernetes-map-type: atomic 18558 storageClassName: 18559 description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" 18560 type: string 18561 volumeAttributesClassName: 18562 description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." 18563 type: string 18564 volumeMode: 18565 description: |- 18566 volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 18567 18568 Possible enum values: 18569 - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device. 18570 - `"Filesystem"` means the volume will be or is formatted with a filesystem. 18571 enum: 18572 - Block 18573 - Filesystem 18574 type: string 18575 volumeName: 18576 description: volumeName is the binding reference to the PersistentVolume backing this claim. 18577 type: string 18578 type: object 18579 required: 18580 - spec 18581 type: object 18582 type: object 18583 fc: 18584 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 18585 properties: 18586 fsType: 18587 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 18588 type: string 18589 lun: 18590 description: "lun is Optional: FC target lun number" 18591 format: int32 18592 type: integer 18593 readOnly: 18594 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 18595 type: boolean 18596 targetWWNs: 18597 description: "targetWWNs is Optional: FC target worldwide names (WWNs)" 18598 items: 18599 type: string 18600 type: array 18601 wwids: 18602 description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." 18603 items: 18604 type: string 18605 type: array 18606 type: object 18607 flexVolume: 18608 description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead." 18609 properties: 18610 driver: 18611 description: driver is the name of the driver to use for this volume. 18612 type: string 18613 fsType: 18614 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 18615 type: string 18616 options: 18617 additionalProperties: 18618 type: string 18619 description: "options is Optional: this field holds extra command options if any." 18620 type: object 18621 readOnly: 18622 description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 18623 type: boolean 18624 secretRef: 18625 description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." 18626 properties: 18627 name: 18628 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 18629 type: string 18630 type: object 18631 x-kubernetes-map-type: atomic 18632 required: 18633 - driver 18634 type: object 18635 flocker: 18636 description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported." 18637 properties: 18638 datasetName: 18639 description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 18640 type: string 18641 datasetUUID: 18642 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset 18643 type: string 18644 type: object 18645 gcePersistentDisk: 18646 description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 18647 properties: 18648 fsType: 18649 description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 18650 type: string 18651 partition: 18652 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 18653 format: int32 18654 type: integer 18655 pdName: 18656 description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 18657 type: string 18658 readOnly: 18659 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 18660 type: boolean 18661 required: 18662 - pdName 18663 type: object 18664 gitRepo: 18665 description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." 18666 properties: 18667 directory: 18668 description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 18669 type: string 18670 repository: 18671 description: repository is the URL 18672 type: string 18673 revision: 18674 description: revision is the commit hash for the specified revision. 18675 type: string 18676 required: 18677 - repository 18678 type: object 18679 glusterfs: 18680 description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md" 18681 properties: 18682 endpoints: 18683 description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 18684 type: string 18685 path: 18686 description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 18687 type: string 18688 readOnly: 18689 description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 18690 type: boolean 18691 required: 18692 - endpoints 18693 - path 18694 type: object 18695 hostPath: 18696 description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 18697 properties: 18698 path: 18699 description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 18700 type: string 18701 type: 18702 description: |- 18703 type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 18704 18705 Possible enum values: 18706 - `""` For backwards compatible, leave it empty if unset 18707 - `"BlockDevice"` A block device must exist at the given path 18708 - `"CharDevice"` A character device must exist at the given path 18709 - `"Directory"` A directory must exist at the given path 18710 - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet. 18711 - `"File"` A file must exist at the given path 18712 - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet. 18713 - `"Socket"` A UNIX socket must exist at the given path 18714 enum: 18715 - "" 18716 - BlockDevice 18717 - CharDevice 18718 - Directory 18719 - DirectoryOrCreate 18720 - File 18721 - FileOrCreate 18722 - Socket 18723 type: string 18724 required: 18725 - path 18726 type: object 18727 image: 18728 description: |- 18729 image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: 18730 18731 - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. 18732 18733 The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. 18734 properties: 18735 pullPolicy: 18736 description: |- 18737 Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 18738 18739 Possible enum values: 18740 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 18741 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 18742 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 18743 enum: 18744 - Always 18745 - IfNotPresent 18746 - Never 18747 type: string 18748 reference: 18749 description: "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 18750 type: string 18751 type: object 18752 iscsi: 18753 description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" 18754 properties: 18755 chapAuthDiscovery: 18756 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication 18757 type: boolean 18758 chapAuthSession: 18759 description: chapAuthSession defines whether support iSCSI Session CHAP authentication 18760 type: boolean 18761 fsType: 18762 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" 18763 type: string 18764 initiatorName: 18765 description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 18766 type: string 18767 iqn: 18768 description: iqn is the target iSCSI Qualified Name. 18769 type: string 18770 iscsiInterface: 18771 description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 18772 type: string 18773 lun: 18774 description: lun represents iSCSI Target Lun number. 18775 format: int32 18776 type: integer 18777 portals: 18778 description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 18779 items: 18780 type: string 18781 type: array 18782 readOnly: 18783 description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 18784 type: boolean 18785 secretRef: 18786 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication 18787 properties: 18788 name: 18789 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 18790 type: string 18791 type: object 18792 x-kubernetes-map-type: atomic 18793 targetPortal: 18794 description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 18795 type: string 18796 required: 18797 - targetPortal 18798 - iqn 18799 - lun 18800 type: object 18801 name: 18802 description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 18803 type: string 18804 nfs: 18805 description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 18806 properties: 18807 path: 18808 description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 18809 type: string 18810 readOnly: 18811 description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 18812 type: boolean 18813 server: 18814 description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 18815 type: string 18816 required: 18817 - server 18818 - path 18819 type: object 18820 persistentVolumeClaim: 18821 description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 18822 properties: 18823 claimName: 18824 description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 18825 type: string 18826 readOnly: 18827 description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. 18828 type: boolean 18829 required: 18830 - claimName 18831 type: object 18832 photonPersistentDisk: 18833 description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported." 18834 properties: 18835 fsType: 18836 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 18837 type: string 18838 pdID: 18839 description: pdID is the ID that identifies Photon Controller persistent disk 18840 type: string 18841 required: 18842 - pdID 18843 type: object 18844 portworxVolume: 18845 description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on." 18846 properties: 18847 fsType: 18848 description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 18849 type: string 18850 readOnly: 18851 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 18852 type: boolean 18853 volumeID: 18854 description: volumeID uniquely identifies a Portworx volume 18855 type: string 18856 required: 18857 - volumeID 18858 type: object 18859 projected: 18860 description: projected items for all in one resources secrets, configmaps, and downward API 18861 properties: 18862 defaultMode: 18863 description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 18864 format: int32 18865 type: integer 18866 sources: 18867 description: sources is the list of volume projections. Each entry in this list handles one source. 18868 items: 18869 properties: 18870 clusterTrustBundle: 18871 description: |- 18872 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. 18873 18874 Alpha, gated by the ClusterTrustBundleProjection feature gate. 18875 18876 ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. 18877 18878 Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. 18879 properties: 18880 labelSelector: 18881 description: Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". 18882 properties: 18883 matchExpressions: 18884 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 18885 items: 18886 properties: 18887 key: 18888 description: key is the label key that the selector applies to. 18889 type: string 18890 operator: 18891 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 18892 type: string 18893 values: 18894 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 18895 items: 18896 type: string 18897 type: array 18898 required: 18899 - key 18900 - operator 18901 type: object 18902 type: array 18903 matchLabels: 18904 additionalProperties: 18905 type: string 18906 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 18907 type: object 18908 type: object 18909 x-kubernetes-map-type: atomic 18910 name: 18911 description: Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. 18912 type: string 18913 optional: 18914 description: If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. 18915 type: boolean 18916 path: 18917 description: Relative path from the volume root to write the bundle. 18918 type: string 18919 signerName: 18920 description: Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. 18921 type: string 18922 required: 18923 - path 18924 type: object 18925 configMap: 18926 description: configMap information about the configMap data to project 18927 properties: 18928 items: 18929 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 18930 items: 18931 properties: 18932 key: 18933 description: key is the key to project. 18934 type: string 18935 mode: 18936 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 18937 format: int32 18938 type: integer 18939 path: 18940 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 18941 type: string 18942 required: 18943 - key 18944 - path 18945 type: object 18946 type: array 18947 name: 18948 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 18949 type: string 18950 optional: 18951 description: optional specify whether the ConfigMap or its keys must be defined 18952 type: boolean 18953 type: object 18954 downwardAPI: 18955 description: downwardAPI information about the downwardAPI data to project 18956 properties: 18957 items: 18958 description: Items is a list of DownwardAPIVolume file 18959 items: 18960 properties: 18961 fieldRef: 18962 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 18963 properties: 18964 apiVersion: 18965 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 18966 type: string 18967 fieldPath: 18968 description: Path of the field to select in the specified API version. 18969 type: string 18970 required: 18971 - fieldPath 18972 type: object 18973 x-kubernetes-map-type: atomic 18974 mode: 18975 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 18976 format: int32 18977 type: integer 18978 path: 18979 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 18980 type: string 18981 resourceFieldRef: 18982 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 18983 properties: 18984 containerName: 18985 description: "Container name: required for volumes, optional for env vars" 18986 type: string 18987 divisor: 18988 description: Specifies the output format of the exposed resources, defaults to "1" 18989 type: string 18990 resource: 18991 description: "Required: resource to select" 18992 type: string 18993 required: 18994 - resource 18995 type: object 18996 x-kubernetes-map-type: atomic 18997 required: 18998 - path 18999 type: object 19000 type: array 19001 type: object 19002 secret: 19003 description: secret information about the secret data to project 19004 properties: 19005 items: 19006 description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 19007 items: 19008 properties: 19009 key: 19010 description: key is the key to project. 19011 type: string 19012 mode: 19013 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 19014 format: int32 19015 type: integer 19016 path: 19017 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 19018 type: string 19019 required: 19020 - key 19021 - path 19022 type: object 19023 type: array 19024 name: 19025 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 19026 type: string 19027 optional: 19028 description: optional field specify whether the Secret or its key must be defined 19029 type: boolean 19030 type: object 19031 serviceAccountToken: 19032 description: serviceAccountToken is information about the serviceAccountToken data to project 19033 properties: 19034 audience: 19035 description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 19036 type: string 19037 expirationSeconds: 19038 description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 19039 format: int64 19040 type: integer 19041 path: 19042 description: path is the path relative to the mount point of the file to project the token into. 19043 type: string 19044 required: 19045 - path 19046 type: object 19047 type: object 19048 type: array 19049 type: object 19050 quobyte: 19051 description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported." 19052 properties: 19053 group: 19054 description: group to map volume access to Default is no group 19055 type: string 19056 readOnly: 19057 description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 19058 type: boolean 19059 registry: 19060 description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 19061 type: string 19062 tenant: 19063 description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 19064 type: string 19065 user: 19066 description: user to map volume access to Defaults to serivceaccount user 19067 type: string 19068 volume: 19069 description: volume is a string that references an already created Quobyte volume by name. 19070 type: string 19071 required: 19072 - registry 19073 - volume 19074 type: object 19075 rbd: 19076 description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md" 19077 properties: 19078 fsType: 19079 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" 19080 type: string 19081 image: 19082 description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 19083 type: string 19084 keyring: 19085 description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 19086 type: string 19087 monitors: 19088 description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 19089 items: 19090 type: string 19091 type: array 19092 pool: 19093 description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 19094 type: string 19095 readOnly: 19096 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 19097 type: boolean 19098 secretRef: 19099 description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 19100 properties: 19101 name: 19102 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 19103 type: string 19104 type: object 19105 x-kubernetes-map-type: atomic 19106 user: 19107 description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 19108 type: string 19109 required: 19110 - monitors 19111 - image 19112 type: object 19113 scaleIO: 19114 description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported." 19115 properties: 19116 fsType: 19117 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 19118 type: string 19119 gateway: 19120 description: gateway is the host address of the ScaleIO API Gateway. 19121 type: string 19122 protectionDomain: 19123 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. 19124 type: string 19125 readOnly: 19126 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 19127 type: boolean 19128 secretRef: 19129 description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 19130 properties: 19131 name: 19132 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 19133 type: string 19134 type: object 19135 x-kubernetes-map-type: atomic 19136 sslEnabled: 19137 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false 19138 type: boolean 19139 storageMode: 19140 description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 19141 type: string 19142 storagePool: 19143 description: storagePool is the ScaleIO Storage Pool associated with the protection domain. 19144 type: string 19145 system: 19146 description: system is the name of the storage system as configured in ScaleIO. 19147 type: string 19148 volumeName: 19149 description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. 19150 type: string 19151 required: 19152 - gateway 19153 - system 19154 - secretRef 19155 type: object 19156 secret: 19157 description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 19158 properties: 19159 defaultMode: 19160 description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 19161 format: int32 19162 type: integer 19163 items: 19164 description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 19165 items: 19166 properties: 19167 key: 19168 description: key is the key to project. 19169 type: string 19170 mode: 19171 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 19172 format: int32 19173 type: integer 19174 path: 19175 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 19176 type: string 19177 required: 19178 - key 19179 - path 19180 type: object 19181 type: array 19182 optional: 19183 description: optional field specify whether the Secret or its keys must be defined 19184 type: boolean 19185 secretName: 19186 description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 19187 type: string 19188 type: object 19189 storageos: 19190 description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported." 19191 properties: 19192 fsType: 19193 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 19194 type: string 19195 readOnly: 19196 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 19197 type: boolean 19198 secretRef: 19199 description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 19200 properties: 19201 name: 19202 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 19203 type: string 19204 type: object 19205 x-kubernetes-map-type: atomic 19206 volumeName: 19207 description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 19208 type: string 19209 volumeNamespace: 19210 description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 19211 type: string 19212 type: object 19213 vsphereVolume: 19214 description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver." 19215 properties: 19216 fsType: 19217 description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 19218 type: string 19219 storagePolicyID: 19220 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 19221 type: string 19222 storagePolicyName: 19223 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. 19224 type: string 19225 volumePath: 19226 description: volumePath is the path that identifies vSphere volume vmdk 19227 type: string 19228 required: 19229 - volumePath 19230 type: object 19231 required: 19232 - name 19233 type: object 19234 type: array 19235 required: 19236 - containers 19237 type: object 19238 type: object 19239 container: 19240 title: The container name running the gameserver 19241 description: if there is more than one container, specify which one is the game server 19242 type: string 19243 minLength: 0 19244 maxLength: 63 19245 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" 19246 ports: 19247 title: array of ports to expose on the game server container 19248 type: array 19249 nullable: true 19250 items: 19251 type: object 19252 properties: 19253 name: 19254 title: Name is the descriptive name of the port 19255 type: string 19256 range: 19257 title: the port range name from which to select a port when using a 'Dynamic' or 'Passthrough' port policy. Defaults to 'default'. 19258 type: string 19259 portPolicy: 19260 title: the port policy that will be applied to the game server 19261 description: | 19262 portPolicy has four options: 19263 - "Dynamic" (default) the system allocates a random free hostPort for the gameserver, for game clients to connect to 19264 - "Static", user defines the hostPort that the game client will connect to. Then onus is on the user to ensure that the 19265 port is available. When static is the policy specified, `hostPort` is required to be populated 19266 - "Passthrough" dynamically sets the `containerPort` to the same value as the dynamically selected hostPort. 19267 This will mean that users will need to lookup what port has been opened through the server side SDK. 19268 - "None" means the `hostPort` is ignored and if defined, the `containerPort` (optional) is used to set the port on the GameServer instance. 19269 type: string 19270 enum: 19271 - Dynamic 19272 - Static 19273 - Passthrough 19274 - None 19275 protocol: 19276 title: Protocol being used. Defaults to UDP. TCP and TCPUDP are other options. 19277 type: string 19278 enum: 19279 - UDP 19280 - TCP 19281 - TCPUDP 19282 container: 19283 title: | 19284 Container is the name of the container on which to open the port. Defaults to the game server container. 19285 type: string 19286 containerPort: 19287 title: The port that is being opened on the game server process 19288 type: integer 19289 minimum: 1 19290 maximum: 65535 19291 hostPort: 19292 title: The port exposed on the host 19293 description: Only required when `portPolicy` is "Static". Overwritten when portPolicy is "Dynamic" or "Passthrough". 19294 type: integer 19295 minimum: 1 19296 maximum: 65535 19297 sdkServer: 19298 type: object 19299 title: Parameters for the SDK Server (sidecar) 19300 properties: 19301 logLevel: 19302 type: string 19303 description: | 19304 sdkServer log level parameter has three options: 19305 - "Info" (default) The SDK server will output all messages except for debug messages 19306 - "Debug" The SDK server will output all messages including debug messages 19307 - "Error" The SDK server will only output error messages 19308 - "Trace" The SDK server will output all messages, including detailed tracing information 19309 enum: 19310 - Error 19311 - Info 19312 - Debug 19313 - Trace 19314 grpcPort: 19315 title: The port on which the SDK server binds the gRPC server to accept incoming connections 19316 description: | 19317 Starting with Agones 1.2 the default gRPC port is 9357. In earlier releases, the default was 59357. 19318 type: integer 19319 minimum: 1 19320 maximum: 65535 19321 httpPort: 19322 title: The port on which the SDK server binds the HTTP gRPC gateway server to accept incoming connections 19323 description: | 19324 Starting with Agones 1.2 the default HTTP port is 9358. In earlier releases, the default was 59358. 19325 type: integer 19326 minimum: 1 19327 maximum: 65535 19328 scheduling: 19329 type: string 19330 enum: 19331 - Packed 19332 - Distributed 19333 health: 19334 type: object 19335 title: Health checking for the running game server 19336 properties: 19337 disabled: 19338 title: Disable health checking. defaults to false, but can be set to true 19339 type: boolean 19340 initialDelaySeconds: 19341 title: Number of seconds after the container has started before health check is initiated. Defaults to 5 seconds 19342 type: integer 19343 minimum: 0 19344 maximum: 2147483648 19345 periodSeconds: 19346 title: How long before the server is considered not healthy 19347 type: integer 19348 minimum: 0 19349 maximum: 2147483648 19350 failureThreshold: 19351 title: Minimum consecutive failures for the health probe to be considered failed after having succeeded. 19352 type: integer 19353 minimum: 1 19354 maximum: 2147483648 19355 players: 19356 type: object 19357 title: Configuration of player capacity 19358 nullable: true 19359 properties: 19360 initialCapacity: 19361 type: integer 19362 title: The initial player capacity of this Game Server 19363 minimum: 0 19364 counters: 19365 type: object 19366 title: Map of player, room, session, etc. counters 19367 nullable: true 19368 maxProperties: 1000 19369 additionalProperties: 19370 type: object 19371 properties: 19372 count: 19373 title: Initial count value 19374 type: integer 19375 default: 0 19376 minimum: 0 19377 capacity: 19378 title: Max capacity of the counter 19379 type: integer 19380 default: 1000 19381 minimum: 0 19382 lists: 19383 type: object 19384 title: Map of player, room, session, etc. lists 19385 nullable: true 19386 maxProperties: 1000 19387 additionalProperties: 19388 type: object 19389 properties: 19390 capacity: 19391 type: integer 19392 title: Max capacity of the array (can be less than or equal to value of maxItems) 19393 minimum: 0 19394 default: 1000 19395 maximum: 1000 # must be equal to values.maxItems 19396 values: 19397 title: set of all the items in the list 19398 type: array 19399 x-kubernetes-list-type: set # Requires items in the array to be unique 19400 maxItems: 1000 # max possible size of the value array (cannot be updated) 19401 items: # name of the item (player1, session1, room1, etc.) 19402 type: string 19403 default: [] 19404 eviction: 19405 type: object 19406 title: Eviction tolerance of the game server 19407 properties: 19408 safe: 19409 type: string 19410 title: Game server supports termination via SIGTERM 19411 description: | 19412 - Never: The game server should run to completion. Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"` and label `agones.dev/safe-to-evict: "false"`, which matches a restrictive PodDisruptionBudget. 19413 - OnUpgrade: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "false"`, which blocks evictions by Cluster Autoscaler. Evictions from node upgrades proceed normally. 19414 - Always: On SIGTERM, the game server will exit within `terminationGracePeriodSeconds` or be terminated, typically within 10m; Agones sets Pod annotation `cluster-autoscaler.kubernetes.io/safe-to-evict: "true"`, which allows evictions by Cluster Autoscaler. 19415 enum: 19416 - Always 19417 - OnUpgrade 19418 - Never 19419 immutableReplicas: 19420 type: integer 19421 title: Immutable count of Pods to a GameServer. Always 1. (Implementation detail of implementing the Scale subresource.) 19422 default: 1 19423 minimum: 1 19424 maximum: 1 19425 status: 19426 description: 'GameServerSetStatus is the status of a GameServerSet. More info: 19427 https://agones.dev/site/docs/reference/agones_crd_api_reference/#agones.dev/v1.GameServerSet' 19428 type: object 19429 properties: 19430 replicas: 19431 type: integer 19432 minimum: 0 19433 readyReplicas: 19434 type: integer 19435 minimum: 0 19436 reservedReplicas: 19437 type: integer 19438 minimum: 0 19439 allocatedReplicas: 19440 type: integer 19441 minimum: 0 19442 shutdownReplicas: 19443 type: integer 19444 minimum: 0 19445 players: 19446 type: object 19447 nullable: true 19448 properties: 19449 count: 19450 type: integer 19451 minimum: 0 19452 capacity: 19453 type: integer 19454 minimum: 0 19455 counters: 19456 type: object 19457 title: Map of player, room, session, etc. counters 19458 nullable: true 19459 maxProperties: 1000 19460 additionalProperties: 19461 type: object 19462 properties: 19463 allocatedCount: # Aggregated count of the Counter across allocated GameServers in the GameServerSet 19464 type: integer 19465 minimum: 0 19466 allocatedCapacity: # Aggregated maximum capacity of the Counter across allocated GameServers in the GameServerSet 19467 type: integer 19468 minimum: 0 19469 count: # Aggregated count of the Counter across the GameServerSet 19470 type: integer 19471 default: 0 19472 minimum: 0 19473 capacity: # Aggregated maximum capacity of the Counter across the GameServerSet 19474 type: integer 19475 minimum: 0 19476 lists: 19477 type: object 19478 title: Map of player, room, session, etc. lists 19479 nullable: true 19480 maxProperties: 1000 19481 additionalProperties: 19482 type: object 19483 properties: 19484 allocatedCount: # Aggregated number of items in the List across allocated GameServers in the GameServerSet 19485 type: integer 19486 minimum: 0 19487 allocatedCapacity: # Aggregated maximum capacity of the List across allocated GameServers in the GameServerSet 19488 type: integer 19489 minimum: 0 19490 count: # Aggregated number of items in the List across the GameServerSet 19491 type: integer 19492 default: 0 19493 minimum: 0 19494 capacity: # Aggregated maximum capacity of the List across the GameServerSet 19495 type: integer 19496 minimum: 0 19497 subresources: 19498 # status enables the status subresource. 19499 status: { } 19500 # scale enables the scale subresource. 19501 scale: 19502 # specReplicasPath defines the jsonPath inside of a custom resource that corresponds to Scale.Spec.Replicas. 19503 specReplicasPath: .spec.replicas 19504 # statusReplicasPath defines the jsonPath inside of a custom resource that corresponds to Scale.Status.Replicas. 19505 statusReplicasPath: .status.replicas 19506 # labelSelectorPath defines the jsonPath inside of a custom resource that corresponds to Scale.Status.Selector. 19507 labelSelectorPath: .status.labelSelector 19508 --- 19509 # Source: agones/templates/service/allocation.yaml 19510 # Create a ClusterRole in that grants access to the agones allocation api 19511 apiVersion: rbac.authorization.k8s.io/v1 19512 kind: ClusterRole 19513 metadata: 19514 name: agones-allocator 19515 labels: 19516 app: agones 19517 chart: agones-1.54.0-dev 19518 release: agones-manual 19519 heritage: Helm 19520 rules: 19521 - apiGroups: [""] 19522 resources: ["events"] 19523 verbs: ["create", "patch"] 19524 - apiGroups: ["allocation.agones.dev"] 19525 resources: ["gameserverallocations"] 19526 verbs: ["create"] 19527 - apiGroups: [""] 19528 resources: ["nodes", "secrets"] 19529 verbs: ["get", "list", "watch"] 19530 - apiGroups: ["agones.dev"] 19531 resources: ["gameservers", "gameserversets"] 19532 verbs: ["get", "list", "update", "watch"] 19533 - apiGroups: ["agones.dev"] 19534 resources: ["gameservers"] 19535 verbs: ["patch"] 19536 - apiGroups: ["multicluster.agones.dev"] 19537 resources: ["gameserverallocationpolicies"] 19538 verbs: ["get", "list", "watch"] 19539 --- 19540 # Source: agones/templates/serviceaccounts/controller.yaml 19541 apiVersion: rbac.authorization.k8s.io/v1 19542 kind: ClusterRole 19543 metadata: 19544 name: agones-controller 19545 labels: 19546 app: agones 19547 chart: agones-1.54.0-dev 19548 release: agones-manual 19549 heritage: Helm 19550 rules: 19551 - apiGroups: [""] 19552 resources: ["events"] 19553 verbs: ["create", "patch"] 19554 - apiGroups: [""] 19555 resources: ["pods"] 19556 verbs: ["create", "update", "delete", "list", "watch"] 19557 - apiGroups: [""] 19558 resources: ["nodes", "secrets"] 19559 verbs: ["list", "watch"] 19560 - apiGroups: ["admissionregistration.k8s.io"] # only needed for cloudProduct detection 19561 resources: ["mutatingwebhookconfigurations"] 19562 verbs: ["get"] 19563 - apiGroups: ["apiextensions.k8s.io"] 19564 resources: ["customresourcedefinitions"] 19565 verbs: ["get"] 19566 - apiGroups: ["agones.dev"] 19567 resources: ["gameservers", "gameserversets"] 19568 verbs: ["create", "delete", "get", "list", "update", "watch"] 19569 - apiGroups: ["agones.dev"] 19570 resources: ["gameservers"] 19571 verbs: ["patch"] 19572 - apiGroups: ["agones.dev"] 19573 resources: ["fleets"] 19574 verbs: ["get", "list", "update", "watch"] 19575 - apiGroups: ["agones.dev"] 19576 resources: ["fleets/status", "gameserversets/status"] 19577 verbs: ["update"] 19578 - apiGroups: ["agones.dev"] 19579 resources: ["fleets/finalizers", "gameserversets/finalizers", "gameservers/finalizers"] 19580 verbs: ["update"] 19581 - apiGroups: ["multicluster.agones.dev"] 19582 resources: ["gameserverallocationpolicies"] 19583 verbs: ["create", "delete", "get", "list", "update", "watch"] 19584 - apiGroups: ["autoscaling.agones.dev"] 19585 resources: ["fleetautoscalers"] 19586 verbs: ["get", "list", "update", "watch"] 19587 - apiGroups: ["autoscaling.agones.dev"] 19588 resources: ["fleetautoscalers/status"] 19589 verbs: ["update"] 19590 - apiGroups: ["coordination.k8s.io"] 19591 resources: ["leases"] 19592 verbs: ["create", "delete", "get", "list", "update", "watch"] 19593 --- 19594 # Source: agones/templates/serviceaccounts/sdk.yaml 19595 apiVersion: rbac.authorization.k8s.io/v1 19596 kind: ClusterRole 19597 metadata: 19598 name: agones-sdk 19599 labels: 19600 app: agones 19601 chart: agones-1.54.0-dev 19602 release: agones-manual 19603 heritage: Helm 19604 rules: 19605 - apiGroups: [""] 19606 resources: ["events"] 19607 verbs: ["create", "patch"] 19608 - apiGroups: ["agones.dev"] 19609 resources: ["gameservers"] 19610 verbs: ["list", "patch", "watch"] 19611 --- 19612 # Source: agones/templates/service/allocation.yaml 19613 # Bind the agones-allocator ServiceAccount to the agones-allocator ClusterRole 19614 apiVersion: rbac.authorization.k8s.io/v1 19615 kind: ClusterRoleBinding 19616 metadata: 19617 name: agones-allocator 19618 labels: 19619 app: agones 19620 chart: agones-1.54.0-dev 19621 release: agones-manual 19622 heritage: Helm 19623 subjects: 19624 - kind: ServiceAccount 19625 name: agones-allocator 19626 namespace: agones-system 19627 roleRef: 19628 apiGroup: rbac.authorization.k8s.io 19629 kind: ClusterRole 19630 name: agones-allocator 19631 --- 19632 # Source: agones/templates/serviceaccounts/controller.yaml 19633 apiVersion: rbac.authorization.k8s.io/v1 19634 kind: ClusterRoleBinding 19635 metadata: 19636 name: agones-controller-access 19637 labels: 19638 app: agones 19639 chart: agones-1.54.0-dev 19640 release: agones-manual 19641 heritage: Helm 19642 subjects: 19643 - kind: User 19644 name: system:serviceaccount:agones-system:agones-controller 19645 apiGroup: rbac.authorization.k8s.io 19646 roleRef: 19647 apiGroup: rbac.authorization.k8s.io 19648 kind: ClusterRole 19649 name: agones-controller 19650 --- 19651 # Source: agones/templates/serviceaccounts/controller.yaml 19652 # 19653 # RBACs for APIService 19654 # 19655 apiVersion: rbac.authorization.k8s.io/v1 19656 kind: ClusterRoleBinding 19657 metadata: 19658 name: agones-controller:system:auth-delegator 19659 roleRef: 19660 apiGroup: rbac.authorization.k8s.io 19661 kind: ClusterRole 19662 name: system:auth-delegator 19663 subjects: 19664 - kind: ServiceAccount 19665 name: agones-controller 19666 namespace: agones-system 19667 --- 19668 # Source: agones/templates/serviceaccounts/controller.yaml 19669 apiVersion: rbac.authorization.k8s.io/v1 19670 kind: RoleBinding 19671 metadata: 19672 name: agones-controller-auth-reader 19673 namespace: kube-system 19674 roleRef: 19675 apiGroup: rbac.authorization.k8s.io 19676 kind: Role 19677 name: extension-apiserver-authentication-reader 19678 subjects: 19679 - kind: ServiceAccount 19680 name: agones-controller 19681 namespace: agones-system 19682 --- 19683 # Source: agones/templates/serviceaccounts/sdk.yaml 19684 apiVersion: rbac.authorization.k8s.io/v1 19685 kind: RoleBinding 19686 metadata: 19687 name: agones-sdk-access 19688 namespace: default 19689 labels: 19690 app: agones 19691 chart: agones-1.54.0-dev 19692 release: agones-manual 19693 heritage: Helm 19694 subjects: 19695 - kind: User 19696 name: system:serviceaccount:default:agones-sdk 19697 apiGroup: rbac.authorization.k8s.io 19698 roleRef: 19699 apiGroup: rbac.authorization.k8s.io 19700 kind: ClusterRole 19701 name: agones-sdk 19702 --- 19703 # Source: agones/templates/controller-metrics-service.yaml 19704 # Copyright 2023 Google LLC All Rights Reserved. 19705 # 19706 # Licensed under the Apache License, Version 2.0 (the "License"); 19707 # you may not use this file except in compliance with the License. 19708 # You may obtain a copy of the License at 19709 # 19710 # http://www.apache.org/licenses/LICENSE-2.0 19711 # 19712 # Unless required by applicable law or agreed to in writing, software 19713 # distributed under the License is distributed on an "AS IS" BASIS, 19714 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19715 # See the License for the specific language governing permissions and 19716 # limitations under the License. 19717 apiVersion: v1 19718 kind: Service 19719 metadata: 19720 name: agones-controller-metrics-service 19721 namespace: agones-system 19722 labels: 19723 agones.dev/role: controller 19724 app: agones 19725 chart: agones-1.54.0-dev 19726 release: agones-manual 19727 heritage: Helm 19728 spec: 19729 selector: 19730 agones.dev/role: controller 19731 ports: 19732 - name: metrics 19733 port: 8080 19734 targetPort: http 19735 --- 19736 # Source: agones/templates/extensions-metrics-service.yaml 19737 # Copyright 2023 Google LLC All Rights Reserved. 19738 # 19739 # Licensed under the Apache License, Version 2.0 (the "License"); 19740 # you may not use this file except in compliance with the License. 19741 # You may obtain a copy of the License at 19742 # 19743 # http://www.apache.org/licenses/LICENSE-2.0 19744 # 19745 # Unless required by applicable law or agreed to in writing, software 19746 # distributed under the License is distributed on an "AS IS" BASIS, 19747 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19748 # See the License for the specific language governing permissions and 19749 # limitations under the License. 19750 19751 apiVersion: v1 19752 kind: Service 19753 metadata: 19754 name: agones-extensions-metrics-service 19755 namespace: agones-system 19756 labels: 19757 agones.dev/role: extensions 19758 app: agones 19759 chart: agones-1.54.0-dev 19760 release: agones-manual 19761 heritage: Helm 19762 spec: 19763 selector: 19764 agones.dev/role: extensions 19765 ports: 19766 - name: metrics 19767 port: 8080 19768 targetPort: http 19769 --- 19770 # Source: agones/templates/ping.yaml 19771 apiVersion: v1 19772 kind: Service 19773 metadata: 19774 name: agones-ping-http-service 19775 namespace: agones-system 19776 labels: 19777 component: ping 19778 app: agones 19779 chart: agones-1.54.0-dev 19780 release: agones-manual 19781 heritage: Helm 19782 spec: 19783 selector: 19784 agones.dev/role: ping 19785 ports: 19786 - port: 80 19787 name: http 19788 targetPort: 8080 19789 protocol: TCP 19790 type: LoadBalancer 19791 externalTrafficPolicy: Cluster 19792 --- 19793 # Source: agones/templates/ping.yaml 19794 apiVersion: v1 19795 kind: Service 19796 metadata: 19797 name: agones-ping-udp-service 19798 namespace: agones-system 19799 labels: 19800 component: ping 19801 app: agones 19802 chart: agones-1.54.0-dev 19803 release: agones-manual 19804 heritage: Helm 19805 spec: 19806 selector: 19807 agones.dev/role: ping 19808 ports: 19809 - port: 50000 19810 name: udp 19811 targetPort: 8080 19812 protocol: UDP 19813 type: LoadBalancer 19814 externalTrafficPolicy: Cluster 19815 --- 19816 # Source: agones/templates/service.yaml 19817 # Copyright 2018 Google LLC All Rights Reserved. 19818 # 19819 # Licensed under the Apache License, Version 2.0 (the "License"); 19820 # you may not use this file except in compliance with the License. 19821 # You may obtain a copy of the License at 19822 # 19823 # http://www.apache.org/licenses/LICENSE-2.0 19824 # 19825 # Unless required by applicable law or agreed to in writing, software 19826 # distributed under the License is distributed on an "AS IS" BASIS, 19827 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19828 # See the License for the specific language governing permissions and 19829 # limitations under the License. 19830 19831 apiVersion: v1 19832 kind: Service 19833 metadata: 19834 name: agones-controller-service 19835 namespace: agones-system 19836 labels: 19837 agones.dev/role: extensions 19838 app: agones 19839 chart: agones-1.54.0-dev 19840 release: agones-manual 19841 heritage: Helm 19842 spec: 19843 selector: 19844 agones.dev/role: extensions 19845 ports: 19846 - name: webhooks 19847 port: 443 19848 targetPort: webhooks 19849 - name: web 19850 port: 8080 19851 targetPort: http 19852 --- 19853 # Source: agones/templates/service/allocation.yaml 19854 # Copyright 2019 Google LLC All Rights Reserved. 19855 # 19856 # Licensed under the Apache License, Version 2.0 (the "License"); 19857 # you may not use this file except in compliance with the License. 19858 # You may obtain a copy of the License at 19859 # 19860 # http://www.apache.org/licenses/LICENSE-2.0 19861 # 19862 # Unless required by applicable law or agreed to in writing, software 19863 # distributed under the License is distributed on an "AS IS" BASIS, 19864 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19865 # See the License for the specific language governing permissions and 19866 # limitations under the License. 19867 # Define a Service for the agones-allocator 19868 apiVersion: v1 19869 kind: Service 19870 metadata: 19871 name: agones-allocator 19872 namespace: agones-system 19873 labels: 19874 component: allocator 19875 app: agones 19876 chart: agones-1.54.0-dev 19877 release: agones-manual 19878 heritage: Helm 19879 spec: 19880 selector: 19881 multicluster.agones.dev/role: allocator 19882 ports: 19883 - port: 443 19884 name: https 19885 targetPort: 8443 19886 protocol: TCP 19887 type: LoadBalancer 19888 externalTrafficPolicy: Cluster 19889 --- 19890 # Source: agones/templates/service/allocation.yaml 19891 apiVersion: v1 19892 kind: Service 19893 metadata: 19894 name: agones-allocator-metrics-service 19895 namespace: agones-system 19896 labels: 19897 multicluster.agones.dev/role: allocator 19898 app: agones 19899 chart: agones-1.54.0-dev 19900 release: agones-manual 19901 heritage: Helm 19902 spec: 19903 selector: 19904 multicluster.agones.dev/role: allocator 19905 ports: 19906 - port: 8080 19907 name: http 19908 targetPort: 8080 19909 protocol: TCP 19910 --- 19911 # Source: agones/templates/controller.yaml 19912 # Copyright 2018 Google LLC All Rights Reserved. 19913 # 19914 # Licensed under the Apache License, Version 2.0 (the "License"); 19915 # you may not use this file except in compliance with the License. 19916 # You may obtain a copy of the License at 19917 # 19918 # http://www.apache.org/licenses/LICENSE-2.0 19919 # 19920 # Unless required by applicable law or agreed to in writing, software 19921 # distributed under the License is distributed on an "AS IS" BASIS, 19922 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19923 # See the License for the specific language governing permissions and 19924 # limitations under the License. 19925 apiVersion: apps/v1 19926 kind: Deployment 19927 metadata: 19928 name: agones-controller 19929 namespace: agones-system 19930 labels: 19931 component: controller 19932 app: agones 19933 chart: agones-1.54.0-dev 19934 release: agones-manual 19935 heritage: Helm 19936 spec: 19937 selector: 19938 matchLabels: 19939 agones.dev/role: controller 19940 app: agones 19941 release: agones-manual 19942 heritage: Helm 19943 replicas: 2 19944 strategy: 19945 type: Recreate 19946 template: 19947 metadata: 19948 annotations: 19949 prometheus.io/scrape: "true" 19950 prometheus.io/port: "8080" 19951 prometheus.io/path: "/metrics" 19952 labels: 19953 agones.dev/role: controller 19954 app: agones 19955 release: agones-manual 19956 heritage: Helm 19957 spec: 19958 affinity: 19959 nodeAffinity: 19960 preferredDuringSchedulingIgnoredDuringExecution: 19961 - weight: 1 19962 preference: 19963 matchExpressions: 19964 - key: agones.dev/agones-system 19965 operator: Exists 19966 tolerations: 19967 - effect: NoExecute 19968 key: agones.dev/agones-system 19969 operator: Equal 19970 value: "true" 19971 priorityClassName: agones-system 19972 serviceAccountName: agones-controller 19973 containers: 19974 - name: agones-controller 19975 image: "us-docker.pkg.dev/agones-images/release/agones-controller:1.54.0-dev" 19976 imagePullPolicy: IfNotPresent 19977 securityContext: 19978 runAsNonRoot: true 19979 runAsUser: 1000 19980 allowPrivilegeEscalation: false 19981 env: 19982 # minimum port that can be exposed to GameServer traffic 19983 - name: MIN_PORT 19984 value: "7000" 19985 # maximum port that can be exposed to GameServer traffic 19986 - name: MAX_PORT 19987 value: "8000" 19988 - name: SIDECAR_IMAGE # overwrite the GameServer sidecar image that is used 19989 value: "us-docker.pkg.dev/agones-images/release/agones-sdk:1.54.0-dev" 19990 - name: ALWAYS_PULL_SIDECAR # set the sidecar imagePullPolicy to Always 19991 value: "false" 19992 - name: SIDECAR_CPU_REQUEST 19993 value: "30m" 19994 - name: SIDECAR_CPU_LIMIT 19995 value: "0" 19996 - name: SIDECAR_MEMORY_REQUEST 19997 value: "0" 19998 - name: SIDECAR_MEMORY_LIMIT 19999 value: "0" 20000 - name: SIDECAR_RUN_AS_USER 20001 value: "1000" 20002 - name: SIDECAR_REQUESTS_RATE_LIMIT 20003 value: "500ms" 20004 - name: SDK_SERVICE_ACCOUNT 20005 value: "agones-sdk" 20006 - name: PROMETHEUS_EXPORTER 20007 value: "true" 20008 - name: STACKDRIVER_EXPORTER 20009 value: "false" 20010 - name: STACKDRIVER_LABELS 20011 value: "" 20012 - name: GCP_PROJECT_ID 20013 value: "" 20014 - name: NUM_WORKERS 20015 value: "100" 20016 - name: MAX_CREATION_PARALLELISM 20017 value: "16" 20018 - name: MAX_GAME_SERVER_CREATIONS_PER_BATCH 20019 value: "64" 20020 - name: MAX_DELETION_PARALLELISM 20021 value: "64" 20022 - name: MAX_GAME_SERVER_DELETIONS_PER_BATCH 20023 value: "64" 20024 - name: MAX_POD_PENDING_COUNT 20025 value: "5000" 20026 - name: API_SERVER_QPS 20027 value: "400" 20028 - name: API_SERVER_QPS_BURST 20029 value: "500" 20030 - name: LOG_LEVEL 20031 value: "info" 20032 - name: FEATURE_GATES 20033 value: "" 20034 - name: ALLOCATION_BATCH_WAIT_TIME 20035 value: "500ms" 20036 - name: CLOUD_PRODUCT 20037 value: "auto" 20038 - name: LOG_DIR 20039 value: "/logs" 20040 - name: LOG_SIZE_LIMIT_MB 20041 value: "10000" 20042 - name: POD_NAME 20043 valueFrom: 20044 fieldRef: 20045 fieldPath: metadata.name 20046 - name: POD_NAMESPACE 20047 valueFrom: 20048 fieldRef: 20049 fieldPath: metadata.namespace 20050 - name: CONTAINER_NAME 20051 value: "agones-controller" 20052 - name: LEADER_ELECTION 20053 value: "true" 20054 ports: 20055 - name: webhooks 20056 containerPort: 8081 20057 - name: http 20058 containerPort: 8080 20059 livenessProbe: 20060 httpGet: 20061 path: /live 20062 port: http 20063 initialDelaySeconds: 3 20064 periodSeconds: 3 20065 failureThreshold: 3 20066 timeoutSeconds: 1 20067 resources: 20068 limits: 20069 ephemeral-storage: 10100Mi 20070 requests: 20071 ephemeral-storage: 10100Mi 20072 volumeMounts: 20073 - name: certs 20074 mountPath: /certs 20075 readOnly: true 20076 - name: logs 20077 mountPath: /logs 20078 readOnly: false 20079 volumes: 20080 - name: certs 20081 secret: 20082 secretName: agones-manual-cert 20083 - name: logs 20084 emptyDir: {} 20085 --- 20086 # Source: agones/templates/extensions-deployment.yaml 20087 # Copyright 2022 Google LLC All Rights Reserved. 20088 # 20089 # Licensed under the Apache License, Version 2.0 (the "License"); 20090 # you may not use this file except in compliance with the License. 20091 # You may obtain a copy of the License at 20092 # 20093 # http://www.apache.org/licenses/LICENSE-2.0 20094 # 20095 # Unless required by applicable law or agreed to in writing, software 20096 # distributed under the License is distributed on an "AS IS" BASIS, 20097 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20098 # See the License for the specific language governing permissions and 20099 # limitations under the License. 20100 20101 apiVersion: apps/v1 20102 kind: Deployment 20103 metadata: 20104 name: agones-extensions 20105 namespace: agones-system 20106 labels: 20107 component: extensions 20108 app: agones 20109 chart: agones-1.54.0-dev 20110 release: agones-manual 20111 heritage: Helm 20112 spec: 20113 selector: 20114 matchLabels: 20115 agones.dev/role: extensions 20116 app: agones 20117 release: agones-manual 20118 heritage: Helm 20119 replicas: 2 20120 strategy: 20121 type: Recreate 20122 template: 20123 metadata: 20124 annotations: 20125 revision/tls-cert: "1" 20126 prometheus.io/scrape: "true" 20127 prometheus.io/port: "8080" 20128 prometheus.io/path: "/metrics" 20129 labels: 20130 agones.dev/role: extensions 20131 app: agones 20132 release: agones-manual 20133 heritage: Helm 20134 spec: 20135 affinity: 20136 nodeAffinity: 20137 preferredDuringSchedulingIgnoredDuringExecution: 20138 - weight: 1 20139 preference: 20140 matchExpressions: 20141 - key: agones.dev/agones-system 20142 operator: Exists 20143 tolerations: 20144 - effect: NoExecute 20145 key: agones.dev/agones-system 20146 operator: Equal 20147 value: "true" 20148 priorityClassName: agones-system 20149 serviceAccountName: agones-controller 20150 terminationGracePeriodSeconds: 27 20151 containers: 20152 - name: agones-extensions 20153 image: "us-docker.pkg.dev/agones-images/release/agones-extensions:1.54.0-dev" 20154 imagePullPolicy: IfNotPresent 20155 securityContext: 20156 runAsNonRoot: true 20157 runAsUser: 1000 20158 allowPrivilegeEscalation: false 20159 env: 20160 - name: PROMETHEUS_EXPORTER 20161 value: "true" 20162 - name: STACKDRIVER_EXPORTER 20163 value: "false" 20164 - name: STACKDRIVER_LABELS 20165 value: "" 20166 - name: GCP_PROJECT_ID 20167 value: "" 20168 - name: NUM_WORKERS 20169 value: "100" 20170 - name: API_SERVER_QPS 20171 value: "400" 20172 - name: API_SERVER_QPS_BURST 20173 value: "500" 20174 - name: LOG_LEVEL 20175 value: "info" 20176 - name: FEATURE_GATES 20177 value: "" 20178 - name: ALLOCATION_BATCH_WAIT_TIME 20179 value: "500ms" 20180 - name: CLOUD_PRODUCT 20181 value: "auto" 20182 - name: LOG_DIR 20183 value: "/logs" 20184 - name: LOG_SIZE_LIMIT_MB 20185 value: "10000" 20186 - name: POD_NAME 20187 valueFrom: 20188 fieldRef: 20189 fieldPath: metadata.name 20190 - name: POD_NAMESPACE 20191 valueFrom: 20192 fieldRef: 20193 fieldPath: metadata.namespace 20194 - name: CONTAINER_NAME 20195 value: "agones-extensions" 20196 - name: READINESS_SHUTDOWN_DURATION 20197 value: 18s 20198 - name: WEBHOOK_PORT 20199 value: "8081" 20200 - name: HTTP_PORT 20201 value: "8080" 20202 ports: 20203 - name: webhooks 20204 containerPort: 8081 20205 - name: http 20206 containerPort: 8080 20207 livenessProbe: 20208 httpGet: 20209 path: /live 20210 port: http 20211 initialDelaySeconds: 3 20212 periodSeconds: 3 20213 failureThreshold: 3 20214 timeoutSeconds: 1 20215 readinessProbe: 20216 httpGet: 20217 path: /ready 20218 port: 8080 20219 initialDelaySeconds: 3 20220 periodSeconds: 3 20221 failureThreshold: 3 20222 resources: 20223 limits: 20224 ephemeral-storage: 10100Mi 20225 requests: 20226 ephemeral-storage: 10100Mi 20227 volumeMounts: 20228 - name: certs 20229 mountPath: /certs 20230 readOnly: true 20231 - name: logs 20232 mountPath: /logs 20233 readOnly: false 20234 volumes: 20235 - name: certs 20236 secret: 20237 secretName: agones-manual-cert 20238 - name: logs 20239 emptyDir: {} 20240 --- 20241 # Source: agones/templates/ping.yaml 20242 # Copyright 2018 Google LLC All Rights Reserved. 20243 # 20244 # Licensed under the Apache License, Version 2.0 (the "License"); 20245 # you may not use this file except in compliance with the License. 20246 # You may obtain a copy of the License at 20247 # 20248 # http://www.apache.org/licenses/LICENSE-2.0 20249 # 20250 # Unless required by applicable law or agreed to in writing, software 20251 # distributed under the License is distributed on an "AS IS" BASIS, 20252 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20253 # See the License for the specific language governing permissions and 20254 # limitations under the License. 20255 apiVersion: apps/v1 20256 kind: Deployment 20257 metadata: 20258 name: agones-ping 20259 namespace: agones-system 20260 labels: 20261 component: ping 20262 app: agones 20263 chart: agones-1.54.0-dev 20264 release: agones-manual 20265 heritage: Helm 20266 spec: 20267 selector: 20268 matchLabels: 20269 agones.dev/role: ping 20270 app: agones 20271 release: agones-manual 20272 heritage: Helm 20273 replicas: 2 20274 template: 20275 metadata: 20276 labels: 20277 agones.dev/role: ping 20278 app: agones 20279 release: agones-manual 20280 heritage: Helm 20281 spec: 20282 affinity: 20283 nodeAffinity: 20284 preferredDuringSchedulingIgnoredDuringExecution: 20285 - weight: 1 20286 preference: 20287 matchExpressions: 20288 - key: agones.dev/agones-system 20289 operator: Exists 20290 tolerations: 20291 - effect: NoExecute 20292 key: agones.dev/agones-system 20293 operator: Equal 20294 value: "true" 20295 priorityClassName: agones-system 20296 containers: 20297 - name: agones-ping 20298 image: "us-docker.pkg.dev/agones-images/release/agones-ping:1.54.0-dev" 20299 imagePullPolicy: IfNotPresent 20300 securityContext: 20301 runAsNonRoot: true 20302 runAsUser: 1000 20303 allowPrivilegeEscalation: false 20304 livenessProbe: 20305 httpGet: 20306 port: 8080 20307 path: /live 20308 initialDelaySeconds: 3 20309 periodSeconds: 3 20310 failureThreshold: 3 20311 timeoutSeconds: 1 20312 env: 20313 - name: HTTP_RESPONSE 20314 value: "ok" 20315 - name: UDP_RATE_LIMIT 20316 value: "20" 20317 - name: FEATURE_GATES 20318 value: "" 20319 --- 20320 # Source: agones/templates/service/allocation.yaml 20321 # Deploy pods to run the agones-allocator code 20322 apiVersion: apps/v1 20323 kind: Deployment 20324 metadata: 20325 name: agones-allocator 20326 namespace: agones-system 20327 labels: 20328 multicluster.agones.dev/role: allocator 20329 app: agones 20330 release: agones-manual 20331 heritage: Helm 20332 spec: 20333 replicas: 3 20334 selector: 20335 matchLabels: 20336 multicluster.agones.dev/role: allocator 20337 app: agones 20338 release: agones-manual 20339 heritage: Helm 20340 template: 20341 metadata: 20342 labels: 20343 multicluster.agones.dev/role: allocator 20344 app: agones 20345 release: agones-manual 20346 heritage: Helm 20347 annotations: 20348 prometheus.io/scrape: "true" 20349 prometheus.io/port: "8080" 20350 prometheus.io/path: "/metrics" 20351 spec: 20352 affinity: 20353 nodeAffinity: 20354 preferredDuringSchedulingIgnoredDuringExecution: 20355 - weight: 1 20356 preference: 20357 matchExpressions: 20358 - key: agones.dev/agones-system 20359 operator: Exists 20360 tolerations: 20361 - effect: NoExecute 20362 key: agones.dev/agones-system 20363 operator: Equal 20364 value: "true" 20365 serviceAccountName: agones-allocator 20366 terminationGracePeriodSeconds: 27 20367 volumes: 20368 - name: tls 20369 secret: 20370 secretName: allocator-tls 20371 - name: client-ca 20372 secret: 20373 secretName: allocator-client-ca 20374 containers: 20375 - name: agones-allocator 20376 image: "us-docker.pkg.dev/agones-images/release/agones-allocator:1.54.0-dev" 20377 imagePullPolicy: IfNotPresent 20378 securityContext: 20379 runAsNonRoot: true 20380 runAsUser: 1000 20381 allowPrivilegeEscalation: false 20382 livenessProbe: 20383 httpGet: 20384 path: /live 20385 port: 8080 20386 initialDelaySeconds: 3 20387 periodSeconds: 3 20388 failureThreshold: 3 20389 timeoutSeconds: 1 20390 readinessProbe: 20391 httpGet: 20392 path: /ready 20393 port: 8080 20394 initialDelaySeconds: 3 20395 periodSeconds: 3 20396 failureThreshold: 3 20397 env: 20398 - name: HTTP_PORT 20399 value: "8443" 20400 - name: GRPC_PORT 20401 value: "8443" 20402 - name: HTTP_UNALLOCATED_STATUS_CODE 20403 value: "429" 20404 - name: API_SERVER_QPS 20405 value: "400" 20406 - name: API_SERVER_QPS_BURST 20407 value: "500" 20408 - name: PROMETHEUS_EXPORTER 20409 value: "true" 20410 - name: STACKDRIVER_EXPORTER 20411 value: "false" 20412 - name: GCP_PROJECT_ID 20413 value: "" 20414 - name: STACKDRIVER_LABELS 20415 value: "" 20416 - name: DISABLE_MTLS 20417 value: "false" 20418 - name: DISABLE_TLS 20419 value: "false" 20420 - name: REMOTE_ALLOCATION_TIMEOUT 20421 value: "10s" 20422 - name: TOTAL_REMOTE_ALLOCATION_TIMEOUT 20423 value: "30s" 20424 - name: POD_NAME 20425 valueFrom: 20426 fieldRef: 20427 fieldPath: metadata.name 20428 - name: POD_NAMESPACE 20429 valueFrom: 20430 fieldRef: 20431 fieldPath: metadata.namespace 20432 - name: CONTAINER_NAME 20433 value: "agones-allocator" 20434 - name: LOG_LEVEL 20435 value: "info" 20436 - name: FEATURE_GATES 20437 value: "" 20438 - name: ALLOCATION_BATCH_WAIT_TIME 20439 value: "500ms" 20440 - name: READINESS_SHUTDOWN_DURATION 20441 value: 18s 20442 ports: 20443 - name: https 20444 containerPort: 8443 20445 - name: http 20446 containerPort: 8080 20447 volumeMounts: 20448 - mountPath: /home/allocator/tls 20449 name: tls 20450 readOnly: true 20451 - mountPath: /home/allocator/client-ca 20452 name: client-ca 20453 readOnly: true 20454 --- 20455 # Source: agones/templates/extensions.yaml 20456 apiVersion: apiregistration.k8s.io/v1 20457 kind: APIService 20458 metadata: 20459 name: v1.allocation.agones.dev 20460 labels: 20461 component: controller 20462 app: agones 20463 chart: agones-1.54.0-dev 20464 release: agones-manual 20465 heritage: Helm 20466 spec: 20467 group: allocation.agones.dev 20468 groupPriorityMinimum: 1000 20469 versionPriority: 15 20470 service: 20471 name: agones-controller-service 20472 namespace: agones-system 20473 caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVRm5DOUsxT1kzRnFNaWhqN3RWbXh5R3hwUVdzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dhb3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1ROHdEUVlEVlFRSwpEQVpCWjI5dVpYTXhEekFOQmdOVkJBc01Ca0ZuYjI1bGN6RTBNRElHQTFVRUF3d3JZV2R2Ym1WekxXTnZiblJ5CmIyeHNaWEl0YzJWeWRtbGpaUzVoWjI5dVpYTXRjM2x6ZEdWdExuTjJZekV1TUN3R0NTcUdTSWIzRFFFSkFSWWYKWVdkdmJtVnpMV1JwYzJOMWMzTkFaMjl2WjJ4bFozSnZkWEJ6TG1OdmJUQWVGdzB5TVRBMk16QXhPVFUyTWpGYQpGdzB6TVRBMk1qZ3hPVFUyTWpGYU1JR3FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1UyOXRaUzFUCmRHRjBaVEVQTUEwR0ExVUVDZ3dHUVdkdmJtVnpNUTh3RFFZRFZRUUxEQVpCWjI5dVpYTXhOREF5QmdOVkJBTU0KSzJGbmIyNWxjeTFqYjI1MGNtOXNiR1Z5TFhObGNuWnBZMlV1WVdkdmJtVnpMWE41YzNSbGJTNXpkbU14TGpBcwpCZ2txaGtpRzl3MEJDUUVXSDJGbmIyNWxjeTFrYVhOamRYTnpRR2R2YjJkc1pXZHliM1Z3Y3k1amIyMHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dka0xPS0NINThLSkJpdEJqeVlyTDArRTkKdEl0TFhGVGdxQU9TMGdBQitSVXNZMGhicmVWRHd0SExKYXBnMG55Ni9UYTcvMEc1Wm9kaGR4RlFtS2JWMUxmWQpmZGR0Qm4vOGd4Wi9JQ2dRblU3N3RqY1pLV3JxaW4vZ3h3ZUJua3hjWEtrT3Z1MldoRHdZZVFLN3ZHNEljOGhzClZHb1hTZWo4US94d2M4a0FCRG04YVRSU1RUYmsyWi9kem9mUmswU2xrc1BrVWV5b0NwRGVGbERqY0tTcDAzWnUKV2dBUTNpVy83c1AxVFV5WEtnblZ5M2ZpWm1RQUZreEtOQkxVV0gvVEJJeWtMdUVCMmRYYUd0L0VpZzQ4SWpVOQpMYUxyM3JWSW1Dcmt6dlB5V3VEZTd6MmVKdDE3WEhoTFVHcnE4YTFUSFp3d1NSWUZRc29tQ09ORVNBSTdBZ01CCkFBR2pnWXd3Z1lrd0hRWURWUjBPQkJZRUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQjhHQTFVZEl3UVkKTUJhQUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUgpCQzh3TFlJcllXZHZibVZ6TFdOdmJuUnliMnhzWlhJdGMyVnlkbWxqWlM1aFoyOXVaWE10YzNsemRHVnRMbk4yCll6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWQTUxU3dNcEhZY20zUnRuc2I5MkgwUTZYT1ZndEJzSWRaY1QKbFBuSmFBSGdybEt2SnhiMU0rdTdQYllDZkZOTWlUTStyWGZ5cWtJRXY3VU1aN0dWeS9CYm9zTk1sb2M0UHJjaAo3RnVlai9zVnArcW1GT1c0VzlPVTFwcytqWm5vcHJ4Z3R1OVgzbmpBZjZiWWVqQWMzaVo0Q0xpem8vMDd2Qk94CnA5L3J4R0FjSVVjQW04Y3hXa01kaEduNnZOYkNFcXJoVTRJdnZSYlMwVnlrckhPY3RGM25raC9GbnRHQU80RDEKUEgrUThSQXBNK2xBeGtXcFIvNXlHTXdLM05WcS9kc2JaclQ5RHhId0hUU2tqL3JXZVRrWmxIN042MHpZL3JqbwpNUjBJNEtOWHl3WElTcGdNbE93dkxPdGY2aUNYeHJDNyt1RjdyQmxCei9tSUNxYnR0dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 20474 version: v1 20475 --- 20476 # Source: agones/templates/extensions.yaml 20477 # Copyright 2018 Google LLC All Rights Reserved. 20478 # 20479 # Licensed under the Apache License, Version 2.0 (the "License"); 20480 # you may not use this file except in compliance with the License. 20481 # You may obtain a copy of the License at 20482 # 20483 # http://www.apache.org/licenses/LICENSE-2.0 20484 # 20485 # Unless required by applicable law or agreed to in writing, software 20486 # distributed under the License is distributed on an "AS IS" BASIS, 20487 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20488 # See the License for the specific language governing permissions and 20489 # limitations under the License. 20490 --- 20491 # Source: agones/templates/pdb.yaml 20492 # Copyright 2022 Google LLC All Rights Reserved. 20493 # 20494 # Licensed under the Apache License, Version 2.0 (the "License"); 20495 # you may not use this file except in compliance with the License. 20496 # You may obtain a copy of the License at 20497 # 20498 # http://www.apache.org/licenses/LICENSE-2.0 20499 # 20500 # Unless required by applicable law or agreed to in writing, software 20501 # distributed under the License is distributed on an "AS IS" BASIS, 20502 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20503 # See the License for the specific language governing permissions and 20504 # limitations under the License. 20505 --- 20506 # Source: agones/templates/processor.yaml 20507 # Copyright 2025 Google LLC All Rights Reserved. 20508 # 20509 # Licensed under the Apache License, Version 2.0 (the "License"); 20510 # you may not use this file except in compliance with the License. 20511 # You may obtain a copy of the License at 20512 # 20513 # http://www.apache.org/licenses/LICENSE-2.0 20514 # 20515 # Unless required by applicable law or agreed to in writing, software 20516 # distributed under the License is distributed on an "AS IS" BASIS, 20517 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20518 # See the License for the specific language governing permissions and 20519 # limitations under the License. 20520 --- 20521 # Source: agones/templates/extensions.yaml 20522 apiVersion: admissionregistration.k8s.io/v1 20523 kind: MutatingWebhookConfiguration 20524 metadata: 20525 name: agones-mutation-webhook 20526 labels: 20527 component: controller 20528 app: agones 20529 chart: agones-1.54.0-dev 20530 release: agones-manual 20531 heritage: Helm 20532 webhooks: 20533 - name: mutations.agones.dev 20534 admissionReviewVersions: 20535 - v1 20536 sideEffects: None 20537 failurePolicy: Fail 20538 clientConfig: 20539 service: 20540 name: agones-controller-service 20541 namespace: agones-system 20542 path: /mutate 20543 caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVRm5DOUsxT1kzRnFNaWhqN3RWbXh5R3hwUVdzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dhb3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1ROHdEUVlEVlFRSwpEQVpCWjI5dVpYTXhEekFOQmdOVkJBc01Ca0ZuYjI1bGN6RTBNRElHQTFVRUF3d3JZV2R2Ym1WekxXTnZiblJ5CmIyeHNaWEl0YzJWeWRtbGpaUzVoWjI5dVpYTXRjM2x6ZEdWdExuTjJZekV1TUN3R0NTcUdTSWIzRFFFSkFSWWYKWVdkdmJtVnpMV1JwYzJOMWMzTkFaMjl2WjJ4bFozSnZkWEJ6TG1OdmJUQWVGdzB5TVRBMk16QXhPVFUyTWpGYQpGdzB6TVRBMk1qZ3hPVFUyTWpGYU1JR3FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1UyOXRaUzFUCmRHRjBaVEVQTUEwR0ExVUVDZ3dHUVdkdmJtVnpNUTh3RFFZRFZRUUxEQVpCWjI5dVpYTXhOREF5QmdOVkJBTU0KSzJGbmIyNWxjeTFqYjI1MGNtOXNiR1Z5TFhObGNuWnBZMlV1WVdkdmJtVnpMWE41YzNSbGJTNXpkbU14TGpBcwpCZ2txaGtpRzl3MEJDUUVXSDJGbmIyNWxjeTFrYVhOamRYTnpRR2R2YjJkc1pXZHliM1Z3Y3k1amIyMHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dka0xPS0NINThLSkJpdEJqeVlyTDArRTkKdEl0TFhGVGdxQU9TMGdBQitSVXNZMGhicmVWRHd0SExKYXBnMG55Ni9UYTcvMEc1Wm9kaGR4RlFtS2JWMUxmWQpmZGR0Qm4vOGd4Wi9JQ2dRblU3N3RqY1pLV3JxaW4vZ3h3ZUJua3hjWEtrT3Z1MldoRHdZZVFLN3ZHNEljOGhzClZHb1hTZWo4US94d2M4a0FCRG04YVRSU1RUYmsyWi9kem9mUmswU2xrc1BrVWV5b0NwRGVGbERqY0tTcDAzWnUKV2dBUTNpVy83c1AxVFV5WEtnblZ5M2ZpWm1RQUZreEtOQkxVV0gvVEJJeWtMdUVCMmRYYUd0L0VpZzQ4SWpVOQpMYUxyM3JWSW1Dcmt6dlB5V3VEZTd6MmVKdDE3WEhoTFVHcnE4YTFUSFp3d1NSWUZRc29tQ09ORVNBSTdBZ01CCkFBR2pnWXd3Z1lrd0hRWURWUjBPQkJZRUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQjhHQTFVZEl3UVkKTUJhQUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUgpCQzh3TFlJcllXZHZibVZ6TFdOdmJuUnliMnhzWlhJdGMyVnlkbWxqWlM1aFoyOXVaWE10YzNsemRHVnRMbk4yCll6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWQTUxU3dNcEhZY20zUnRuc2I5MkgwUTZYT1ZndEJzSWRaY1QKbFBuSmFBSGdybEt2SnhiMU0rdTdQYllDZkZOTWlUTStyWGZ5cWtJRXY3VU1aN0dWeS9CYm9zTk1sb2M0UHJjaAo3RnVlai9zVnArcW1GT1c0VzlPVTFwcytqWm5vcHJ4Z3R1OVgzbmpBZjZiWWVqQWMzaVo0Q0xpem8vMDd2Qk94CnA5L3J4R0FjSVVjQW04Y3hXa01kaEduNnZOYkNFcXJoVTRJdnZSYlMwVnlrckhPY3RGM25raC9GbnRHQU80RDEKUEgrUThSQXBNK2xBeGtXcFIvNXlHTXdLM05WcS9kc2JaclQ5RHhId0hUU2tqL3JXZVRrWmxIN042MHpZL3JqbwpNUjBJNEtOWHl3WElTcGdNbE93dkxPdGY2aUNYeHJDNyt1RjdyQmxCei9tSUNxYnR0dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 20544 rules: 20545 - apiGroups: 20546 - agones.dev 20547 resources: 20548 - "gameservers" 20549 - "fleets" 20550 apiVersions: 20551 - "v1" 20552 operations: 20553 - CREATE 20554 - apiGroups: 20555 - autoscaling.agones.dev 20556 resources: 20557 - "fleetautoscalers" 20558 apiVersions: 20559 - "v1" 20560 operations: 20561 - CREATE 20562 - UPDATE 20563 --- 20564 # Source: agones/templates/extensions.yaml 20565 apiVersion: admissionregistration.k8s.io/v1 20566 kind: MutatingWebhookConfiguration 20567 metadata: 20568 name: zzz-agones-mutation-webhook 20569 labels: 20570 component: controller 20571 app: agones 20572 chart: agones-1.54.0-dev 20573 release: agones-manual 20574 heritage: Helm 20575 webhooks: 20576 - name: mutations.agones.dev 20577 admissionReviewVersions: 20578 - v1 20579 sideEffects: None 20580 failurePolicy: Fail 20581 clientConfig: 20582 service: 20583 name: agones-controller-service 20584 namespace: agones-system 20585 path: /mutate 20586 caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVRm5DOUsxT1kzRnFNaWhqN3RWbXh5R3hwUVdzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dhb3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1ROHdEUVlEVlFRSwpEQVpCWjI5dVpYTXhEekFOQmdOVkJBc01Ca0ZuYjI1bGN6RTBNRElHQTFVRUF3d3JZV2R2Ym1WekxXTnZiblJ5CmIyeHNaWEl0YzJWeWRtbGpaUzVoWjI5dVpYTXRjM2x6ZEdWdExuTjJZekV1TUN3R0NTcUdTSWIzRFFFSkFSWWYKWVdkdmJtVnpMV1JwYzJOMWMzTkFaMjl2WjJ4bFozSnZkWEJ6TG1OdmJUQWVGdzB5TVRBMk16QXhPVFUyTWpGYQpGdzB6TVRBMk1qZ3hPVFUyTWpGYU1JR3FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1UyOXRaUzFUCmRHRjBaVEVQTUEwR0ExVUVDZ3dHUVdkdmJtVnpNUTh3RFFZRFZRUUxEQVpCWjI5dVpYTXhOREF5QmdOVkJBTU0KSzJGbmIyNWxjeTFqYjI1MGNtOXNiR1Z5TFhObGNuWnBZMlV1WVdkdmJtVnpMWE41YzNSbGJTNXpkbU14TGpBcwpCZ2txaGtpRzl3MEJDUUVXSDJGbmIyNWxjeTFrYVhOamRYTnpRR2R2YjJkc1pXZHliM1Z3Y3k1amIyMHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dka0xPS0NINThLSkJpdEJqeVlyTDArRTkKdEl0TFhGVGdxQU9TMGdBQitSVXNZMGhicmVWRHd0SExKYXBnMG55Ni9UYTcvMEc1Wm9kaGR4RlFtS2JWMUxmWQpmZGR0Qm4vOGd4Wi9JQ2dRblU3N3RqY1pLV3JxaW4vZ3h3ZUJua3hjWEtrT3Z1MldoRHdZZVFLN3ZHNEljOGhzClZHb1hTZWo4US94d2M4a0FCRG04YVRSU1RUYmsyWi9kem9mUmswU2xrc1BrVWV5b0NwRGVGbERqY0tTcDAzWnUKV2dBUTNpVy83c1AxVFV5WEtnblZ5M2ZpWm1RQUZreEtOQkxVV0gvVEJJeWtMdUVCMmRYYUd0L0VpZzQ4SWpVOQpMYUxyM3JWSW1Dcmt6dlB5V3VEZTd6MmVKdDE3WEhoTFVHcnE4YTFUSFp3d1NSWUZRc29tQ09ORVNBSTdBZ01CCkFBR2pnWXd3Z1lrd0hRWURWUjBPQkJZRUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQjhHQTFVZEl3UVkKTUJhQUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUgpCQzh3TFlJcllXZHZibVZ6TFdOdmJuUnliMnhzWlhJdGMyVnlkbWxqWlM1aFoyOXVaWE10YzNsemRHVnRMbk4yCll6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWQTUxU3dNcEhZY20zUnRuc2I5MkgwUTZYT1ZndEJzSWRaY1QKbFBuSmFBSGdybEt2SnhiMU0rdTdQYllDZkZOTWlUTStyWGZ5cWtJRXY3VU1aN0dWeS9CYm9zTk1sb2M0UHJjaAo3RnVlai9zVnArcW1GT1c0VzlPVTFwcytqWm5vcHJ4Z3R1OVgzbmpBZjZiWWVqQWMzaVo0Q0xpem8vMDd2Qk94CnA5L3J4R0FjSVVjQW04Y3hXa01kaEduNnZOYkNFcXJoVTRJdnZSYlMwVnlrckhPY3RGM25raC9GbnRHQU80RDEKUEgrUThSQXBNK2xBeGtXcFIvNXlHTXdLM05WcS9kc2JaclQ5RHhId0hUU2tqL3JXZVRrWmxIN042MHpZL3JqbwpNUjBJNEtOWHl3WElTcGdNbE93dkxPdGY2aUNYeHJDNyt1RjdyQmxCei9tSUNxYnR0dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 20587 objectSelector: 20588 matchLabels: 20589 agones.dev/port: "autopilot-passthrough" 20590 rules: 20591 - apiGroups: 20592 - "" 20593 resources: 20594 - "pods" 20595 apiVersions: 20596 - "v1" 20597 operations: 20598 - CREATE 20599 --- 20600 # Source: agones/templates/extensions.yaml 20601 apiVersion: admissionregistration.k8s.io/v1 20602 kind: ValidatingWebhookConfiguration 20603 metadata: 20604 name: agones-validation-webhook 20605 labels: 20606 component: controller 20607 app: agones 20608 chart: agones-1.54.0-dev 20609 release: agones-manual 20610 heritage: Helm 20611 webhooks: 20612 - name: validations.agones.dev 20613 admissionReviewVersions: 20614 - v1 20615 sideEffects: None 20616 failurePolicy: Fail 20617 clientConfig: 20618 service: 20619 name: agones-controller-service 20620 namespace: agones-system 20621 path: /validate 20622 caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVRm5DOUsxT1kzRnFNaWhqN3RWbXh5R3hwUVdzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dhb3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1ROHdEUVlEVlFRSwpEQVpCWjI5dVpYTXhEekFOQmdOVkJBc01Ca0ZuYjI1bGN6RTBNRElHQTFVRUF3d3JZV2R2Ym1WekxXTnZiblJ5CmIyeHNaWEl0YzJWeWRtbGpaUzVoWjI5dVpYTXRjM2x6ZEdWdExuTjJZekV1TUN3R0NTcUdTSWIzRFFFSkFSWWYKWVdkdmJtVnpMV1JwYzJOMWMzTkFaMjl2WjJ4bFozSnZkWEJ6TG1OdmJUQWVGdzB5TVRBMk16QXhPVFUyTWpGYQpGdzB6TVRBMk1qZ3hPVFUyTWpGYU1JR3FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1UyOXRaUzFUCmRHRjBaVEVQTUEwR0ExVUVDZ3dHUVdkdmJtVnpNUTh3RFFZRFZRUUxEQVpCWjI5dVpYTXhOREF5QmdOVkJBTU0KSzJGbmIyNWxjeTFqYjI1MGNtOXNiR1Z5TFhObGNuWnBZMlV1WVdkdmJtVnpMWE41YzNSbGJTNXpkbU14TGpBcwpCZ2txaGtpRzl3MEJDUUVXSDJGbmIyNWxjeTFrYVhOamRYTnpRR2R2YjJkc1pXZHliM1Z3Y3k1amIyMHdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dka0xPS0NINThLSkJpdEJqeVlyTDArRTkKdEl0TFhGVGdxQU9TMGdBQitSVXNZMGhicmVWRHd0SExKYXBnMG55Ni9UYTcvMEc1Wm9kaGR4RlFtS2JWMUxmWQpmZGR0Qm4vOGd4Wi9JQ2dRblU3N3RqY1pLV3JxaW4vZ3h3ZUJua3hjWEtrT3Z1MldoRHdZZVFLN3ZHNEljOGhzClZHb1hTZWo4US94d2M4a0FCRG04YVRSU1RUYmsyWi9kem9mUmswU2xrc1BrVWV5b0NwRGVGbERqY0tTcDAzWnUKV2dBUTNpVy83c1AxVFV5WEtnblZ5M2ZpWm1RQUZreEtOQkxVV0gvVEJJeWtMdUVCMmRYYUd0L0VpZzQ4SWpVOQpMYUxyM3JWSW1Dcmt6dlB5V3VEZTd6MmVKdDE3WEhoTFVHcnE4YTFUSFp3d1NSWUZRc29tQ09ORVNBSTdBZ01CCkFBR2pnWXd3Z1lrd0hRWURWUjBPQkJZRUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQjhHQTFVZEl3UVkKTUJhQUZMa3FUUWNMQloyMUlWc3BGbkNiaS9TbGtUbzlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUgpCQzh3TFlJcllXZHZibVZ6TFdOdmJuUnliMnhzWlhJdGMyVnlkbWxqWlM1aFoyOXVaWE10YzNsemRHVnRMbk4yCll6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWQTUxU3dNcEhZY20zUnRuc2I5MkgwUTZYT1ZndEJzSWRaY1QKbFBuSmFBSGdybEt2SnhiMU0rdTdQYllDZkZOTWlUTStyWGZ5cWtJRXY3VU1aN0dWeS9CYm9zTk1sb2M0UHJjaAo3RnVlai9zVnArcW1GT1c0VzlPVTFwcytqWm5vcHJ4Z3R1OVgzbmpBZjZiWWVqQWMzaVo0Q0xpem8vMDd2Qk94CnA5L3J4R0FjSVVjQW04Y3hXa01kaEduNnZOYkNFcXJoVTRJdnZSYlMwVnlrckhPY3RGM25raC9GbnRHQU80RDEKUEgrUThSQXBNK2xBeGtXcFIvNXlHTXdLM05WcS9kc2JaclQ5RHhId0hUU2tqL3JXZVRrWmxIN042MHpZL3JqbwpNUjBJNEtOWHl3WElTcGdNbE93dkxPdGY2aUNYeHJDNyt1RjdyQmxCei9tSUNxYnR0dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 20623 rules: 20624 - apiGroups: 20625 - agones.dev 20626 resources: 20627 - "fleets" 20628 - "gameservers" 20629 - "gameserversets" 20630 apiVersions: 20631 - "v1" 20632 operations: 20633 - CREATE 20634 - apiGroups: 20635 - agones.dev 20636 resources: 20637 - "fleets" 20638 - "gameserversets" 20639 apiVersions: 20640 - "v1" 20641 operations: 20642 - UPDATE 20643 - apiGroups: 20644 - autoscaling.agones.dev 20645 resources: 20646 - "fleetautoscalers" 20647 apiVersions: 20648 - "v1" 20649 operations: 20650 - CREATE 20651 - UPDATE