github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/helm/crds/apps.kubeblocks.io_clusterdefinitions.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 controller-gen.kubebuilder.io/version: v0.12.1 6 labels: 7 app.kubernetes.io/name: kubeblocks 8 name: clusterdefinitions.apps.kubeblocks.io 9 spec: 10 group: apps.kubeblocks.io 11 names: 12 categories: 13 - kubeblocks 14 kind: ClusterDefinition 15 listKind: ClusterDefinitionList 16 plural: clusterdefinitions 17 shortNames: 18 - cd 19 singular: clusterdefinition 20 scope: Cluster 21 versions: 22 - additionalPrinterColumns: 23 - description: main component names 24 jsonPath: .spec.componentDefs[0].name 25 name: MAIN-COMPONENT-NAME 26 type: string 27 - description: status phase 28 jsonPath: .status.phase 29 name: STATUS 30 type: string 31 - jsonPath: .metadata.creationTimestamp 32 name: AGE 33 type: date 34 name: v1alpha1 35 schema: 36 openAPIV3Schema: 37 description: ClusterDefinition is the Schema for the clusterdefinitions API 38 properties: 39 apiVersion: 40 description: 'APIVersion defines the versioned schema of this representation 41 of an object. Servers should convert recognized schemas to the latest 42 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 43 type: string 44 kind: 45 description: 'Kind is a string value representing the REST resource this 46 object represents. Servers may infer this from the endpoint the client 47 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 48 type: string 49 metadata: 50 type: object 51 spec: 52 description: ClusterDefinitionSpec defines the desired state of ClusterDefinition 53 properties: 54 componentDefs: 55 description: componentDefs provides cluster components definitions. 56 items: 57 description: ClusterComponentDefinition provides a workload component 58 specification template, with attributes that strongly work with 59 stateful workloads and day-2 operations behaviors. 60 properties: 61 characterType: 62 description: "characterType defines well-known database component 63 name, such as mongos(mongodb), proxy(redis), mariadb(mysql) 64 KubeBlocks will generate proper monitor configs for well-known 65 characterType when builtIn is true. \n CharacterType will 66 also be used in role probe to decide which probe engine to 67 use. current available candidates are: mysql, postgres, mongodb, 68 redis, etcd, kafka." 69 type: string 70 componentDefRef: 71 description: componentDefRef is used to inject values from other 72 components into the current component. values will be saved 73 and updated in a configmap and mounted to the current component. 74 items: 75 description: ComponentDefRef is used to select the component 76 and its fields to be referenced. 77 properties: 78 componentDefName: 79 description: componentDefName is the name of the componentDef 80 to select. 81 type: string 82 componentRefEnv: 83 description: componentRefEnv specifies a list of values 84 to be injected as env variables to each component. 85 items: 86 description: ComponentRefEnv specifies name and value 87 of an env. 88 properties: 89 name: 90 description: name is the name of the env to be injected, 91 and it must be a C identifier. 92 pattern: ^[A-Za-z_][A-Za-z0-9_]*$ 93 type: string 94 value: 95 description: value is the value of the env to be 96 injected. 97 type: string 98 valueFrom: 99 description: valueFrom specifies the source of the 100 env to be injected. 101 properties: 102 fieldPath: 103 description: 'fieldRef is the jsonpath of the 104 source to select when type is `FieldRef`. 105 there are two objects registered in the jsonpath: 106 `componentDef` and `components`. componentDef 107 is the component definition object specified 108 in `componentRef.componentDefName`. components 109 is the component list objects referring to 110 the component definition object.' 111 type: string 112 format: 113 default: ="$POD_FQDN" 114 description: 'format is the format of each headless 115 service address. there are three builtin variables 116 can be used as placeholder: $POD_ORDINAL, 117 $POD_FQDN, $POD_NAME $POD_ORDINAL is the ordinal 118 of the pod. $POD_FQDN is the fully qualified 119 domain name of the pod. $POD_NAME is the name 120 of the pod' 121 type: string 122 joinWith: 123 default: ',' 124 description: joinWith is the string to join 125 the values of headless service addresses. 126 type: string 127 type: 128 allOf: 129 - enum: 130 - FieldRef 131 - ServiceRef 132 - HeadlessServiceRef 133 - enum: 134 - FieldRef 135 - ServiceRef 136 - HeadlessServiceRef 137 description: 'type is the type of the source 138 to select. There are three types: `FieldRef`, 139 `ServiceRef`, `HeadlessServiceRef`.' 140 type: string 141 required: 142 - type 143 type: object 144 required: 145 - name 146 type: object 147 type: array 148 x-kubernetes-list-map-keys: 149 - name 150 x-kubernetes-list-type: map 151 failurePolicy: 152 allOf: 153 - enum: 154 - Ignore 155 - Fail 156 - enum: 157 - Ignore 158 - Fail 159 description: failurePolicy is the failure policy of the 160 component. If failed to find the component, the failure 161 policy will be used. 162 type: string 163 required: 164 - componentDefName 165 type: object 166 type: array 167 x-kubernetes-list-map-keys: 168 - componentDefName 169 x-kubernetes-list-type: map 170 configSpecs: 171 description: The configSpec field provided by provider, and 172 finally this configTemplateRefs will be rendered into the 173 user's own configuration file according to the user's cluster. 174 items: 175 properties: 176 asEnvFrom: 177 description: 'asEnvFrom is optional: the list of containers 178 will be injected into EnvFrom.' 179 items: 180 type: string 181 type: array 182 x-kubernetes-list-type: set 183 constraintRef: 184 description: Specify the name of the referenced the configuration 185 constraints object. 186 maxLength: 63 187 pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ 188 type: string 189 defaultMode: 190 description: 'defaultMode is optional: mode bits used 191 to set permissions on created files by default. Must 192 be an octal value between 0000 and 0777 or a decimal 193 value between 0 and 511. YAML accepts both octal and 194 decimal values, JSON requires decimal values for mode 195 bits. Defaults to 0644. Directories within the path 196 are not affected by this setting. This might be in conflict 197 with other options that affect the file mode, like fsGroup, 198 and the result can be other mode bits set.' 199 format: int32 200 type: integer 201 keys: 202 description: Specify a list of keys. If empty, ConfigConstraint 203 takes effect for all keys in configmap. 204 items: 205 type: string 206 type: array 207 x-kubernetes-list-type: set 208 legacyRenderedConfigSpec: 209 description: 'lazyRenderedConfigSpec is optional: specify 210 the secondary rendered config spec.' 211 properties: 212 namespace: 213 default: default 214 description: Specify the namespace of the referenced 215 the configuration template ConfigMap object. An 216 empty namespace is equivalent to the "default" namespace. 217 maxLength: 63 218 pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ 219 type: string 220 policy: 221 default: none 222 description: policy defines how to merge external 223 imported templates into component templates. 224 enum: 225 - patch 226 - replace 227 - none 228 type: string 229 templateRef: 230 description: Specify the name of the referenced the 231 configuration template ConfigMap object. 232 maxLength: 63 233 pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ 234 type: string 235 required: 236 - templateRef 237 type: object 238 name: 239 description: Specify the name of configuration template. 240 maxLength: 63 241 pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ 242 type: string 243 namespace: 244 default: default 245 description: Specify the namespace of the referenced the 246 configuration template ConfigMap object. An empty namespace 247 is equivalent to the "default" namespace. 248 maxLength: 63 249 pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ 250 type: string 251 templateRef: 252 description: Specify the name of the referenced the configuration 253 template ConfigMap object. 254 maxLength: 63 255 pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ 256 type: string 257 volumeName: 258 description: volumeName is the volume name of PodTemplate, 259 which the configuration file produced through the configuration 260 template will be mounted to the corresponding volume. 261 Must be a DNS_LABEL name. The volume name must be defined 262 in podSpec.containers[*].volumeMounts. 263 maxLength: 63 264 pattern: ^[a-z]([a-z0-9\-]*[a-z0-9])?$ 265 type: string 266 required: 267 - name 268 - templateRef 269 - volumeName 270 type: object 271 type: array 272 x-kubernetes-list-map-keys: 273 - name 274 x-kubernetes-list-type: map 275 consensusSpec: 276 description: consensusSpec defines consensus related spec if 277 workloadType is Consensus, required if workloadType is Consensus. 278 properties: 279 followers: 280 description: followers, has voting right but not Leader. 281 items: 282 properties: 283 accessMode: 284 default: ReadWrite 285 description: accessMode, what service this member 286 capable. 287 enum: 288 - None 289 - Readonly 290 - ReadWrite 291 type: string 292 name: 293 default: leader 294 description: name, role name. 295 type: string 296 replicas: 297 default: 0 298 description: replicas, number of Pods of this role. 299 default 1 for Leader default 0 for Learner default 300 Cluster.spec.componentSpec[*].Replicas - Leader.Replicas 301 - Learner.Replicas for Followers 302 format: int32 303 minimum: 0 304 type: integer 305 required: 306 - accessMode 307 - name 308 type: object 309 type: array 310 leader: 311 description: leader, one single leader. 312 properties: 313 accessMode: 314 default: ReadWrite 315 description: accessMode, what service this member capable. 316 enum: 317 - None 318 - Readonly 319 - ReadWrite 320 type: string 321 name: 322 default: leader 323 description: name, role name. 324 type: string 325 replicas: 326 default: 0 327 description: replicas, number of Pods of this role. 328 default 1 for Leader default 0 for Learner default 329 Cluster.spec.componentSpec[*].Replicas - Leader.Replicas 330 - Learner.Replicas for Followers 331 format: int32 332 minimum: 0 333 type: integer 334 required: 335 - accessMode 336 - name 337 type: object 338 learner: 339 description: learner, no voting right. 340 properties: 341 accessMode: 342 default: ReadWrite 343 description: accessMode, what service this member capable. 344 enum: 345 - None 346 - Readonly 347 - ReadWrite 348 type: string 349 name: 350 default: leader 351 description: name, role name. 352 type: string 353 replicas: 354 default: 0 355 description: replicas, number of Pods of this role. 356 default 1 for Leader default 0 for Learner default 357 Cluster.spec.componentSpec[*].Replicas - Leader.Replicas 358 - Learner.Replicas for Followers 359 format: int32 360 minimum: 0 361 type: integer 362 required: 363 - accessMode 364 - name 365 type: object 366 llPodManagementPolicy: 367 description: llPodManagementPolicy is the low-level controls 368 how pods are created during initial scale up, when replacing 369 pods on nodes, or when scaling down. `OrderedReady` policy 370 specify where pods are created in increasing order (pod-0, 371 then pod-1, etc) and the controller will wait until each 372 pod is ready before continuing. When scaling down, the 373 pods are removed in the opposite order. `Parallel` policy 374 specify create pods in parallel to match the desired scale 375 without waiting, and on scale down will delete all pods 376 at once. 377 type: string 378 llUpdateStrategy: 379 description: llUpdateStrategy indicates the low-level StatefulSetUpdateStrategy 380 that will be employed to update Pods in the StatefulSet 381 when a revision is made to Template. Will ignore `updateStrategy` 382 attribute if provided. 383 properties: 384 rollingUpdate: 385 description: RollingUpdate is used to communicate parameters 386 when Type is RollingUpdateStatefulSetStrategyType. 387 properties: 388 maxUnavailable: 389 anyOf: 390 - type: integer 391 - type: string 392 description: 'The maximum number of pods that can 393 be unavailable during the update. Value can be 394 an absolute number (ex: 5) or a percentage of 395 desired pods (ex: 10%). Absolute number is calculated 396 from percentage by rounding up. This can not be 397 0. Defaults to 1. This field is alpha-level and 398 is only honored by servers that enable the MaxUnavailableStatefulSet 399 feature. The field applies to all pods in the 400 range 0 to Replicas-1. That means if there is 401 any unavailable pod in the range 0 to Replicas-1, 402 it will be counted towards MaxUnavailable.' 403 x-kubernetes-int-or-string: true 404 partition: 405 description: Partition indicates the ordinal at 406 which the StatefulSet should be partitioned for 407 updates. During a rolling update, all pods from 408 ordinal Replicas-1 to Partition are updated. All 409 pods from ordinal Partition-1 to 0 remain untouched. 410 This is helpful in being able to do a canary based 411 deployment. The default value is 0. 412 format: int32 413 type: integer 414 type: object 415 type: 416 description: Type indicates the type of the StatefulSetUpdateStrategy. 417 Default is RollingUpdate. 418 type: string 419 type: object 420 updateStrategy: 421 default: Serial 422 description: "updateStrategy, Pods update strategy. In case 423 of workloadType=Consensus the update strategy will be 424 following: \n serial: update Pods one by one that guarantee 425 minimum component unavailable time. Learner -> Follower(with 426 AccessMode=none) -> Follower(with AccessMode=readonly) 427 -> Follower(with AccessMode=readWrite) -> Leader bestEffortParallel: 428 update Pods in parallel that guarantee minimum component 429 un-writable time. Learner, Follower(minority) in parallel 430 -> Follower(majority) -> Leader, keep majority online 431 all the time. parallel: force parallel" 432 enum: 433 - Serial 434 - BestEffortParallel 435 - Parallel 436 type: string 437 required: 438 - leader 439 type: object 440 customLabelSpecs: 441 description: customLabelSpecs is used for custom label tags 442 which you want to add to the component resources. 443 items: 444 properties: 445 key: 446 description: key name of label 447 type: string 448 resources: 449 description: resources defines the resources to be labeled. 450 items: 451 properties: 452 gvk: 453 description: gvk is Group/Version/Kind, for example 454 "v1/Pod", "apps/v1/StatefulSet", etc. when the 455 gvk resource filtered by the selector already 456 exists, if there is no corresponding custom label, 457 it will be added, and if label already exists, 458 it will be updated. 459 type: string 460 selector: 461 additionalProperties: 462 type: string 463 description: selector is a label query over a set 464 of resources. 465 type: object 466 required: 467 - gvk 468 type: object 469 type: array 470 value: 471 description: value of label 472 type: string 473 required: 474 - key 475 - value 476 type: object 477 type: array 478 x-kubernetes-list-map-keys: 479 - key 480 x-kubernetes-list-type: map 481 description: 482 description: The description of component definition. 483 type: string 484 horizontalScalePolicy: 485 description: horizontalScalePolicy controls the behavior of 486 horizontal scale. 487 properties: 488 backupPolicyTemplateName: 489 description: BackupPolicyTemplateName reference the backup 490 policy template. 491 type: string 492 type: 493 default: None 494 description: 'type controls what kind of data synchronization 495 do when component scale out. Policy is in enum of {None, 496 CloneVolume}. The default policy is `None`. None: Default 497 policy, create empty volume and no data clone. CloneVolume: 498 Do data clone to newly scaled pods. Prefer to use volume 499 snapshot first, and will try backup tool if volume snapshot 500 is not enabled, finally report error if both above cannot 501 work. Snapshot: Deprecated, alias for CloneVolume.' 502 enum: 503 - None 504 - CloneVolume 505 - Snapshot 506 type: string 507 volumeMountsName: 508 description: volumeMountsName defines which volumeMount 509 of the container to do backup, only work if Type is not 510 None if not specified, the 1st volumeMount will be chosen 511 type: string 512 type: object 513 logConfigs: 514 description: logConfigs is detail log file config which provided 515 by provider. 516 items: 517 properties: 518 filePathPattern: 519 description: filePathPattern log file path pattern which 520 indicate how to find this file corresponding to variable 521 (log path) in database kernel. please don't set this 522 casually. 523 maxLength: 4096 524 type: string 525 name: 526 description: name log type name, such as slow for MySQL 527 slow log file. 528 maxLength: 128 529 type: string 530 required: 531 - filePathPattern 532 - name 533 type: object 534 type: array 535 x-kubernetes-list-map-keys: 536 - name 537 x-kubernetes-list-type: map 538 monitor: 539 description: monitor is monitoring config which provided by 540 provider. 541 properties: 542 builtIn: 543 default: false 544 description: builtIn is a switch to enable KubeBlocks builtIn 545 monitoring. If BuiltIn is set to true, monitor metrics 546 will be scraped automatically. If BuiltIn is set to false, 547 the provider should set ExporterConfig and Sidecar container 548 own. 549 type: boolean 550 exporterConfig: 551 description: exporterConfig provided by provider, which 552 specify necessary information to Time Series Database. 553 exporterConfig is valid when builtIn is false. 554 properties: 555 scrapePath: 556 default: /metrics 557 description: scrapePath is exporter url path for Time 558 Series Database to scrape metrics. 559 maxLength: 128 560 type: string 561 scrapePort: 562 anyOf: 563 - type: integer 564 - type: string 565 description: scrapePort is exporter port for Time Series 566 Database to scrape metrics. 567 x-kubernetes-int-or-string: true 568 required: 569 - scrapePort 570 type: object 571 type: object 572 name: 573 description: A component definition name, this name could be 574 used as default name of `Cluster.spec.componentSpecs.name`, 575 and so this name is need to conform with same validation rules 576 as `Cluster.spec.componentSpecs.name`, that is currently comply 577 with IANA Service Naming rule. This name will apply to "apps.kubeblocks.io/component-name" 578 object label value. 579 maxLength: 22 580 pattern: ^[a-z]([a-z0-9\-]*[a-z0-9])?$ 581 type: string 582 podSpec: 583 description: podSpec define pod spec template of the cluster 584 component. 585 properties: 586 activeDeadlineSeconds: 587 description: Optional duration in seconds the pod may be 588 active on the node relative to StartTime before the system 589 will actively try to mark it failed and kill associated 590 containers. Value must be a positive integer. 591 format: int64 592 type: integer 593 affinity: 594 description: If specified, the pod's scheduling constraints 595 properties: 596 nodeAffinity: 597 description: Describes node affinity scheduling rules 598 for the pod. 599 properties: 600 preferredDuringSchedulingIgnoredDuringExecution: 601 description: The scheduler will prefer to schedule 602 pods to nodes that satisfy the affinity expressions 603 specified by this field, but it may choose a node 604 that violates one or more of the expressions. 605 The node that is most preferred is the one with 606 the greatest sum of weights, i.e. for each node 607 that meets all of the scheduling requirements 608 (resource request, requiredDuringScheduling affinity 609 expressions, etc.), compute a sum by iterating 610 through the elements of this field and adding 611 "weight" to the sum if the node matches the corresponding 612 matchExpressions; the node(s) with the highest 613 sum are the most preferred. 614 items: 615 description: An empty preferred scheduling term 616 matches all objects with implicit weight 0 (i.e. 617 it's a no-op). A null preferred scheduling term 618 matches no objects (i.e. is also a no-op). 619 properties: 620 preference: 621 description: A node selector term, associated 622 with the corresponding weight. 623 properties: 624 matchExpressions: 625 description: A list of node selector requirements 626 by node's labels. 627 items: 628 description: A node selector requirement 629 is a selector that contains values, 630 a key, and an operator that relates 631 the key and values. 632 properties: 633 key: 634 description: The label key that 635 the selector applies to. 636 type: string 637 operator: 638 description: Represents a key's 639 relationship to a set of values. 640 Valid operators are In, NotIn, 641 Exists, DoesNotExist. Gt, and 642 Lt. 643 type: string 644 values: 645 description: An array of string 646 values. If the operator is In 647 or NotIn, the values array must 648 be non-empty. If the operator 649 is Exists or DoesNotExist, the 650 values array must be empty. If 651 the operator is Gt or Lt, the 652 values array must have a single 653 element, which will be interpreted 654 as an integer. This array is replaced 655 during a strategic merge patch. 656 items: 657 type: string 658 type: array 659 required: 660 - key 661 - operator 662 type: object 663 type: array 664 matchFields: 665 description: A list of node selector requirements 666 by node's fields. 667 items: 668 description: A node selector requirement 669 is a selector that contains values, 670 a key, and an operator that relates 671 the key and values. 672 properties: 673 key: 674 description: The label key that 675 the selector applies to. 676 type: string 677 operator: 678 description: Represents a key's 679 relationship to a set of values. 680 Valid operators are In, NotIn, 681 Exists, DoesNotExist. Gt, and 682 Lt. 683 type: string 684 values: 685 description: An array of string 686 values. If the operator is In 687 or NotIn, the values array must 688 be non-empty. If the operator 689 is Exists or DoesNotExist, the 690 values array must be empty. If 691 the operator is Gt or Lt, the 692 values array must have a single 693 element, which will be interpreted 694 as an integer. This array is replaced 695 during a strategic merge patch. 696 items: 697 type: string 698 type: array 699 required: 700 - key 701 - operator 702 type: object 703 type: array 704 type: object 705 x-kubernetes-map-type: atomic 706 weight: 707 description: Weight associated with matching 708 the corresponding nodeSelectorTerm, in the 709 range 1-100. 710 format: int32 711 type: integer 712 required: 713 - preference 714 - weight 715 type: object 716 type: array 717 requiredDuringSchedulingIgnoredDuringExecution: 718 description: If the affinity requirements specified 719 by this field are not met at scheduling time, 720 the pod will not be scheduled onto the node. If 721 the affinity requirements specified by this field 722 cease to be met at some point during pod execution 723 (e.g. due to an update), the system may or may 724 not try to eventually evict the pod from its node. 725 properties: 726 nodeSelectorTerms: 727 description: Required. A list of node selector 728 terms. The terms are ORed. 729 items: 730 description: A null or empty node selector 731 term matches no objects. The requirements 732 of them are ANDed. The TopologySelectorTerm 733 type implements a subset of the NodeSelectorTerm. 734 properties: 735 matchExpressions: 736 description: A list of node selector requirements 737 by node's labels. 738 items: 739 description: A node selector requirement 740 is a selector that contains values, 741 a key, and an operator that relates 742 the key and values. 743 properties: 744 key: 745 description: The label key that 746 the selector applies to. 747 type: string 748 operator: 749 description: Represents a key's 750 relationship to a set of values. 751 Valid operators are In, NotIn, 752 Exists, DoesNotExist. Gt, and 753 Lt. 754 type: string 755 values: 756 description: An array of string 757 values. If the operator is In 758 or NotIn, the values array must 759 be non-empty. If the operator 760 is Exists or DoesNotExist, the 761 values array must be empty. If 762 the operator is Gt or Lt, the 763 values array must have a single 764 element, which will be interpreted 765 as an integer. This array is replaced 766 during a strategic merge patch. 767 items: 768 type: string 769 type: array 770 required: 771 - key 772 - operator 773 type: object 774 type: array 775 matchFields: 776 description: A list of node selector requirements 777 by node's fields. 778 items: 779 description: A node selector requirement 780 is a selector that contains values, 781 a key, and an operator that relates 782 the key and values. 783 properties: 784 key: 785 description: The label key that 786 the selector applies to. 787 type: string 788 operator: 789 description: Represents a key's 790 relationship to a set of values. 791 Valid operators are In, NotIn, 792 Exists, DoesNotExist. Gt, and 793 Lt. 794 type: string 795 values: 796 description: An array of string 797 values. If the operator is In 798 or NotIn, the values array must 799 be non-empty. If the operator 800 is Exists or DoesNotExist, the 801 values array must be empty. If 802 the operator is Gt or Lt, the 803 values array must have a single 804 element, which will be interpreted 805 as an integer. This array is replaced 806 during a strategic merge patch. 807 items: 808 type: string 809 type: array 810 required: 811 - key 812 - operator 813 type: object 814 type: array 815 type: object 816 x-kubernetes-map-type: atomic 817 type: array 818 required: 819 - nodeSelectorTerms 820 type: object 821 x-kubernetes-map-type: atomic 822 type: object 823 podAffinity: 824 description: Describes pod affinity scheduling rules 825 (e.g. co-locate this pod in the same node, zone, etc. 826 as some other pod(s)). 827 properties: 828 preferredDuringSchedulingIgnoredDuringExecution: 829 description: The scheduler will prefer to schedule 830 pods to nodes that satisfy the affinity expressions 831 specified by this field, but it may choose a node 832 that violates one or more of the expressions. 833 The node that is most preferred is the one with 834 the greatest sum of weights, i.e. for each node 835 that meets all of the scheduling requirements 836 (resource request, requiredDuringScheduling affinity 837 expressions, etc.), compute a sum by iterating 838 through the elements of this field and adding 839 "weight" to the sum if the node has pods which 840 matches the corresponding podAffinityTerm; the 841 node(s) with the highest sum are the most preferred. 842 items: 843 description: The weights of all of the matched 844 WeightedPodAffinityTerm fields are added per-node 845 to find the most preferred node(s) 846 properties: 847 podAffinityTerm: 848 description: Required. A pod affinity term, 849 associated with the corresponding weight. 850 properties: 851 labelSelector: 852 description: A label query over a set 853 of resources, in this case pods. 854 properties: 855 matchExpressions: 856 description: matchExpressions is a 857 list of label selector requirements. 858 The requirements are ANDed. 859 items: 860 description: A label selector requirement 861 is a selector that contains values, 862 a key, and an operator that relates 863 the key and values. 864 properties: 865 key: 866 description: key is the label 867 key that the selector applies 868 to. 869 type: string 870 operator: 871 description: operator represents 872 a key's relationship to a 873 set of values. Valid operators 874 are In, NotIn, Exists and 875 DoesNotExist. 876 type: string 877 values: 878 description: values is an array 879 of string values. If the operator 880 is In or NotIn, the values 881 array must be non-empty. If 882 the operator is Exists or 883 DoesNotExist, the values array 884 must be empty. This array 885 is replaced during a strategic 886 merge patch. 887 items: 888 type: string 889 type: array 890 required: 891 - key 892 - operator 893 type: object 894 type: array 895 matchLabels: 896 additionalProperties: 897 type: string 898 description: matchLabels is a map 899 of {key,value} pairs. A single {key,value} 900 in the matchLabels map is equivalent 901 to an element of matchExpressions, 902 whose key field is "key", the operator 903 is "In", and the values array contains 904 only "value". The requirements are 905 ANDed. 906 type: object 907 type: object 908 x-kubernetes-map-type: atomic 909 namespaceSelector: 910 description: A label query over the set 911 of namespaces that the term applies 912 to. The term is applied to the union 913 of the namespaces selected by this field 914 and the ones listed in the namespaces 915 field. null selector and null or empty 916 namespaces list means "this pod's namespace". 917 An empty selector ({}) matches all namespaces. 918 properties: 919 matchExpressions: 920 description: matchExpressions is a 921 list of label selector requirements. 922 The requirements are ANDed. 923 items: 924 description: A label selector requirement 925 is a selector that contains values, 926 a key, and an operator that relates 927 the key and values. 928 properties: 929 key: 930 description: key is the label 931 key that the selector applies 932 to. 933 type: string 934 operator: 935 description: operator represents 936 a key's relationship to a 937 set of values. Valid operators 938 are In, NotIn, Exists and 939 DoesNotExist. 940 type: string 941 values: 942 description: values is an array 943 of string values. If the operator 944 is In or NotIn, the values 945 array must be non-empty. If 946 the operator is Exists or 947 DoesNotExist, the values array 948 must be empty. This array 949 is replaced during a strategic 950 merge patch. 951 items: 952 type: string 953 type: array 954 required: 955 - key 956 - operator 957 type: object 958 type: array 959 matchLabels: 960 additionalProperties: 961 type: string 962 description: matchLabels is a map 963 of {key,value} pairs. A single {key,value} 964 in the matchLabels map is equivalent 965 to an element of matchExpressions, 966 whose key field is "key", the operator 967 is "In", and the values array contains 968 only "value". The requirements are 969 ANDed. 970 type: object 971 type: object 972 x-kubernetes-map-type: atomic 973 namespaces: 974 description: namespaces specifies a static 975 list of namespace names that the term 976 applies to. The term is applied to the 977 union of the namespaces listed in this 978 field and the ones selected by namespaceSelector. 979 null or empty namespaces list and null 980 namespaceSelector means "this pod's 981 namespace". 982 items: 983 type: string 984 type: array 985 topologyKey: 986 description: This pod should be co-located 987 (affinity) or not co-located (anti-affinity) 988 with the pods matching the labelSelector 989 in the specified namespaces, where co-located 990 is defined as running on a node whose 991 value of the label with key topologyKey 992 matches that of any node on which any 993 of the selected pods is running. Empty 994 topologyKey is not allowed. 995 type: string 996 required: 997 - topologyKey 998 type: object 999 weight: 1000 description: weight associated with matching 1001 the corresponding podAffinityTerm, in the 1002 range 1-100. 1003 format: int32 1004 type: integer 1005 required: 1006 - podAffinityTerm 1007 - weight 1008 type: object 1009 type: array 1010 requiredDuringSchedulingIgnoredDuringExecution: 1011 description: If the affinity requirements specified 1012 by this field are not met at scheduling time, 1013 the pod will not be scheduled onto the node. If 1014 the affinity requirements specified by this field 1015 cease to be met at some point during pod execution 1016 (e.g. due to a pod label update), the system may 1017 or may not try to eventually evict the pod from 1018 its node. When there are multiple elements, the 1019 lists of nodes corresponding to each podAffinityTerm 1020 are intersected, i.e. all terms must be satisfied. 1021 items: 1022 description: Defines a set of pods (namely those 1023 matching the labelSelector relative to the given 1024 namespace(s)) that this pod should be co-located 1025 (affinity) or not co-located (anti-affinity) 1026 with, where co-located is defined as running 1027 on a node whose value of the label with key 1028 <topologyKey> matches that of any node on which 1029 a pod of the set of pods is running 1030 properties: 1031 labelSelector: 1032 description: A label query over a set of resources, 1033 in this case pods. 1034 properties: 1035 matchExpressions: 1036 description: matchExpressions is a list 1037 of label selector requirements. The 1038 requirements are ANDed. 1039 items: 1040 description: A label selector requirement 1041 is a selector that contains values, 1042 a key, and an operator that relates 1043 the key and values. 1044 properties: 1045 key: 1046 description: key is the label key 1047 that the selector applies to. 1048 type: string 1049 operator: 1050 description: operator represents 1051 a key's relationship to a set 1052 of values. Valid operators are 1053 In, NotIn, Exists and DoesNotExist. 1054 type: string 1055 values: 1056 description: values is an array 1057 of string values. If the operator 1058 is In or NotIn, the values array 1059 must be non-empty. If the operator 1060 is Exists or DoesNotExist, the 1061 values array must be empty. This 1062 array is replaced during a strategic 1063 merge patch. 1064 items: 1065 type: string 1066 type: array 1067 required: 1068 - key 1069 - operator 1070 type: object 1071 type: array 1072 matchLabels: 1073 additionalProperties: 1074 type: string 1075 description: matchLabels is a map of {key,value} 1076 pairs. A single {key,value} in the matchLabels 1077 map is equivalent to an element of matchExpressions, 1078 whose key field is "key", the operator 1079 is "In", and the values array contains 1080 only "value". The requirements are ANDed. 1081 type: object 1082 type: object 1083 x-kubernetes-map-type: atomic 1084 namespaceSelector: 1085 description: A label query over the set of 1086 namespaces that the term applies to. The 1087 term is applied to the union of the namespaces 1088 selected by this field and the ones listed 1089 in the namespaces field. null selector and 1090 null or empty namespaces list means "this 1091 pod's namespace". An empty selector ({}) 1092 matches all namespaces. 1093 properties: 1094 matchExpressions: 1095 description: matchExpressions is a list 1096 of label selector requirements. The 1097 requirements are ANDed. 1098 items: 1099 description: A label selector requirement 1100 is a selector that contains values, 1101 a key, and an operator that relates 1102 the key and values. 1103 properties: 1104 key: 1105 description: key is the label key 1106 that the selector applies to. 1107 type: string 1108 operator: 1109 description: operator represents 1110 a key's relationship to a set 1111 of values. Valid operators are 1112 In, NotIn, Exists and DoesNotExist. 1113 type: string 1114 values: 1115 description: values is an array 1116 of string values. If the operator 1117 is In or NotIn, the values array 1118 must be non-empty. If the operator 1119 is Exists or DoesNotExist, the 1120 values array must be empty. This 1121 array is replaced during a strategic 1122 merge patch. 1123 items: 1124 type: string 1125 type: array 1126 required: 1127 - key 1128 - operator 1129 type: object 1130 type: array 1131 matchLabels: 1132 additionalProperties: 1133 type: string 1134 description: matchLabels is a map of {key,value} 1135 pairs. A single {key,value} in the matchLabels 1136 map is equivalent to an element of matchExpressions, 1137 whose key field is "key", the operator 1138 is "In", and the values array contains 1139 only "value". The requirements are ANDed. 1140 type: object 1141 type: object 1142 x-kubernetes-map-type: atomic 1143 namespaces: 1144 description: namespaces specifies a static 1145 list of namespace names that the term applies 1146 to. The term is applied to the union of 1147 the namespaces listed in this field and 1148 the ones selected by namespaceSelector. 1149 null or empty namespaces list and null namespaceSelector 1150 means "this pod's namespace". 1151 items: 1152 type: string 1153 type: array 1154 topologyKey: 1155 description: This pod should be co-located 1156 (affinity) or not co-located (anti-affinity) 1157 with the pods matching the labelSelector 1158 in the specified namespaces, where co-located 1159 is defined as running on a node whose value 1160 of the label with key topologyKey matches 1161 that of any node on which any of the selected 1162 pods is running. Empty topologyKey is not 1163 allowed. 1164 type: string 1165 required: 1166 - topologyKey 1167 type: object 1168 type: array 1169 type: object 1170 podAntiAffinity: 1171 description: Describes pod anti-affinity scheduling 1172 rules (e.g. avoid putting this pod in the same node, 1173 zone, etc. as some other pod(s)). 1174 properties: 1175 preferredDuringSchedulingIgnoredDuringExecution: 1176 description: The scheduler will prefer to schedule 1177 pods to nodes that satisfy the anti-affinity expressions 1178 specified by this field, but it may choose a node 1179 that violates one or more of the expressions. 1180 The node that is most preferred is the one with 1181 the greatest sum of weights, i.e. for each node 1182 that meets all of the scheduling requirements 1183 (resource request, requiredDuringScheduling anti-affinity 1184 expressions, etc.), compute a sum by iterating 1185 through the elements of this field and adding 1186 "weight" to the sum if the node has pods which 1187 matches the corresponding podAffinityTerm; the 1188 node(s) with the highest sum are the most preferred. 1189 items: 1190 description: The weights of all of the matched 1191 WeightedPodAffinityTerm fields are added per-node 1192 to find the most preferred node(s) 1193 properties: 1194 podAffinityTerm: 1195 description: Required. A pod affinity term, 1196 associated with the corresponding weight. 1197 properties: 1198 labelSelector: 1199 description: A label query over a set 1200 of resources, in this case pods. 1201 properties: 1202 matchExpressions: 1203 description: matchExpressions is a 1204 list of label selector requirements. 1205 The requirements are ANDed. 1206 items: 1207 description: A label selector requirement 1208 is a selector that contains values, 1209 a key, and an operator that relates 1210 the key and values. 1211 properties: 1212 key: 1213 description: key is the label 1214 key that the selector applies 1215 to. 1216 type: string 1217 operator: 1218 description: operator represents 1219 a key's relationship to a 1220 set of values. Valid operators 1221 are In, NotIn, Exists and 1222 DoesNotExist. 1223 type: string 1224 values: 1225 description: values is an array 1226 of string values. If the operator 1227 is In or NotIn, the values 1228 array must be non-empty. If 1229 the operator is Exists or 1230 DoesNotExist, the values array 1231 must be empty. This array 1232 is replaced during a strategic 1233 merge patch. 1234 items: 1235 type: string 1236 type: array 1237 required: 1238 - key 1239 - operator 1240 type: object 1241 type: array 1242 matchLabels: 1243 additionalProperties: 1244 type: string 1245 description: matchLabels is a map 1246 of {key,value} pairs. A single {key,value} 1247 in the matchLabels map is equivalent 1248 to an element of matchExpressions, 1249 whose key field is "key", the operator 1250 is "In", and the values array contains 1251 only "value". The requirements are 1252 ANDed. 1253 type: object 1254 type: object 1255 x-kubernetes-map-type: atomic 1256 namespaceSelector: 1257 description: A label query over the set 1258 of namespaces that the term applies 1259 to. The term is applied to the union 1260 of the namespaces selected by this field 1261 and the ones listed in the namespaces 1262 field. null selector and null or empty 1263 namespaces list means "this pod's namespace". 1264 An empty selector ({}) matches all namespaces. 1265 properties: 1266 matchExpressions: 1267 description: matchExpressions is a 1268 list of label selector requirements. 1269 The requirements are ANDed. 1270 items: 1271 description: A label selector requirement 1272 is a selector that contains values, 1273 a key, and an operator that relates 1274 the key and values. 1275 properties: 1276 key: 1277 description: key is the label 1278 key that the selector applies 1279 to. 1280 type: string 1281 operator: 1282 description: operator represents 1283 a key's relationship to a 1284 set of values. Valid operators 1285 are In, NotIn, Exists and 1286 DoesNotExist. 1287 type: string 1288 values: 1289 description: values is an array 1290 of string values. If the operator 1291 is In or NotIn, the values 1292 array must be non-empty. If 1293 the operator is Exists or 1294 DoesNotExist, the values array 1295 must be empty. This array 1296 is replaced during a strategic 1297 merge patch. 1298 items: 1299 type: string 1300 type: array 1301 required: 1302 - key 1303 - operator 1304 type: object 1305 type: array 1306 matchLabels: 1307 additionalProperties: 1308 type: string 1309 description: matchLabels is a map 1310 of {key,value} pairs. A single {key,value} 1311 in the matchLabels map is equivalent 1312 to an element of matchExpressions, 1313 whose key field is "key", the operator 1314 is "In", and the values array contains 1315 only "value". The requirements are 1316 ANDed. 1317 type: object 1318 type: object 1319 x-kubernetes-map-type: atomic 1320 namespaces: 1321 description: namespaces specifies a static 1322 list of namespace names that the term 1323 applies to. The term is applied to the 1324 union of the namespaces listed in this 1325 field and the ones selected by namespaceSelector. 1326 null or empty namespaces list and null 1327 namespaceSelector means "this pod's 1328 namespace". 1329 items: 1330 type: string 1331 type: array 1332 topologyKey: 1333 description: This pod should be co-located 1334 (affinity) or not co-located (anti-affinity) 1335 with the pods matching the labelSelector 1336 in the specified namespaces, where co-located 1337 is defined as running on a node whose 1338 value of the label with key topologyKey 1339 matches that of any node on which any 1340 of the selected pods is running. Empty 1341 topologyKey is not allowed. 1342 type: string 1343 required: 1344 - topologyKey 1345 type: object 1346 weight: 1347 description: weight associated with matching 1348 the corresponding podAffinityTerm, in the 1349 range 1-100. 1350 format: int32 1351 type: integer 1352 required: 1353 - podAffinityTerm 1354 - weight 1355 type: object 1356 type: array 1357 requiredDuringSchedulingIgnoredDuringExecution: 1358 description: If the anti-affinity requirements specified 1359 by this field are not met at scheduling time, 1360 the pod will not be scheduled onto the node. If 1361 the anti-affinity requirements specified by this 1362 field cease to be met at some point during pod 1363 execution (e.g. due to a pod label update), the 1364 system may or may not try to eventually evict 1365 the pod from its node. When there are multiple 1366 elements, the lists of nodes corresponding to 1367 each podAffinityTerm are intersected, i.e. all 1368 terms must be satisfied. 1369 items: 1370 description: Defines a set of pods (namely those 1371 matching the labelSelector relative to the given 1372 namespace(s)) that this pod should be co-located 1373 (affinity) or not co-located (anti-affinity) 1374 with, where co-located is defined as running 1375 on a node whose value of the label with key 1376 <topologyKey> matches that of any node on which 1377 a pod of the set of pods is running 1378 properties: 1379 labelSelector: 1380 description: A label query over a set of resources, 1381 in this case pods. 1382 properties: 1383 matchExpressions: 1384 description: matchExpressions is a list 1385 of label selector requirements. The 1386 requirements are ANDed. 1387 items: 1388 description: A label selector requirement 1389 is a selector that contains values, 1390 a key, and an operator that relates 1391 the key and values. 1392 properties: 1393 key: 1394 description: key is the label key 1395 that the selector applies to. 1396 type: string 1397 operator: 1398 description: operator represents 1399 a key's relationship to a set 1400 of values. Valid operators are 1401 In, NotIn, Exists and DoesNotExist. 1402 type: string 1403 values: 1404 description: values is an array 1405 of string values. If the operator 1406 is In or NotIn, the values array 1407 must be non-empty. If the operator 1408 is Exists or DoesNotExist, the 1409 values array must be empty. This 1410 array is replaced during a strategic 1411 merge patch. 1412 items: 1413 type: string 1414 type: array 1415 required: 1416 - key 1417 - operator 1418 type: object 1419 type: array 1420 matchLabels: 1421 additionalProperties: 1422 type: string 1423 description: matchLabels is a map of {key,value} 1424 pairs. A single {key,value} in the matchLabels 1425 map is equivalent to an element of matchExpressions, 1426 whose key field is "key", the operator 1427 is "In", and the values array contains 1428 only "value". The requirements are ANDed. 1429 type: object 1430 type: object 1431 x-kubernetes-map-type: atomic 1432 namespaceSelector: 1433 description: A label query over the set of 1434 namespaces that the term applies to. The 1435 term is applied to the union of the namespaces 1436 selected by this field and the ones listed 1437 in the namespaces field. null selector and 1438 null or empty namespaces list means "this 1439 pod's namespace". An empty selector ({}) 1440 matches all namespaces. 1441 properties: 1442 matchExpressions: 1443 description: matchExpressions is a list 1444 of label selector requirements. The 1445 requirements are ANDed. 1446 items: 1447 description: A label selector requirement 1448 is a selector that contains values, 1449 a key, and an operator that relates 1450 the key and values. 1451 properties: 1452 key: 1453 description: key is the label key 1454 that the selector applies to. 1455 type: string 1456 operator: 1457 description: operator represents 1458 a key's relationship to a set 1459 of values. Valid operators are 1460 In, NotIn, Exists and DoesNotExist. 1461 type: string 1462 values: 1463 description: values is an array 1464 of string values. If the operator 1465 is In or NotIn, the values array 1466 must be non-empty. If the operator 1467 is Exists or DoesNotExist, the 1468 values array must be empty. This 1469 array is replaced during a strategic 1470 merge patch. 1471 items: 1472 type: string 1473 type: array 1474 required: 1475 - key 1476 - operator 1477 type: object 1478 type: array 1479 matchLabels: 1480 additionalProperties: 1481 type: string 1482 description: matchLabels is a map of {key,value} 1483 pairs. A single {key,value} in the matchLabels 1484 map is equivalent to an element of matchExpressions, 1485 whose key field is "key", the operator 1486 is "In", and the values array contains 1487 only "value". The requirements are ANDed. 1488 type: object 1489 type: object 1490 x-kubernetes-map-type: atomic 1491 namespaces: 1492 description: namespaces specifies a static 1493 list of namespace names that the term applies 1494 to. The term is applied to the union of 1495 the namespaces listed in this field and 1496 the ones selected by namespaceSelector. 1497 null or empty namespaces list and null namespaceSelector 1498 means "this pod's namespace". 1499 items: 1500 type: string 1501 type: array 1502 topologyKey: 1503 description: This pod should be co-located 1504 (affinity) or not co-located (anti-affinity) 1505 with the pods matching the labelSelector 1506 in the specified namespaces, where co-located 1507 is defined as running on a node whose value 1508 of the label with key topologyKey matches 1509 that of any node on which any of the selected 1510 pods is running. Empty topologyKey is not 1511 allowed. 1512 type: string 1513 required: 1514 - topologyKey 1515 type: object 1516 type: array 1517 type: object 1518 type: object 1519 automountServiceAccountToken: 1520 description: AutomountServiceAccountToken indicates whether 1521 a service account token should be automatically mounted. 1522 type: boolean 1523 containers: 1524 description: List of containers belonging to the pod. Containers 1525 cannot currently be added or removed. There must be at 1526 least one container in a Pod. Cannot be updated. 1527 items: 1528 description: A single application container that you want 1529 to run within a pod. 1530 properties: 1531 args: 1532 description: 'Arguments to the entrypoint. The container 1533 image''s CMD is used if this is not provided. Variable 1534 references $(VAR_NAME) are expanded using the container''s 1535 environment. If a variable cannot be resolved, the 1536 reference in the input string will be unchanged. 1537 Double $$ are reduced to a single $, which allows 1538 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1539 will produce the string literal "$(VAR_NAME)". Escaped 1540 references will never be expanded, regardless of 1541 whether the variable exists or not. Cannot be updated. 1542 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1543 items: 1544 type: string 1545 type: array 1546 command: 1547 description: 'Entrypoint array. Not executed within 1548 a shell. The container image''s ENTRYPOINT is used 1549 if this is not provided. Variable references $(VAR_NAME) 1550 are expanded using the container''s environment. 1551 If a variable cannot be resolved, the reference 1552 in the input string will be unchanged. Double $$ 1553 are reduced to a single $, which allows for escaping 1554 the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 1555 produce the string literal "$(VAR_NAME)". Escaped 1556 references will never be expanded, regardless of 1557 whether the variable exists or not. Cannot be updated. 1558 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1559 items: 1560 type: string 1561 type: array 1562 env: 1563 description: List of environment variables to set 1564 in the container. Cannot be updated. 1565 items: 1566 description: EnvVar represents an environment variable 1567 present in a Container. 1568 properties: 1569 name: 1570 description: Name of the environment variable. 1571 Must be a C_IDENTIFIER. 1572 type: string 1573 value: 1574 description: 'Variable references $(VAR_NAME) 1575 are expanded using the previously defined 1576 environment variables in the container and 1577 any service environment variables. If a variable 1578 cannot be resolved, the reference in the input 1579 string will be unchanged. Double $$ are reduced 1580 to a single $, which allows for escaping the 1581 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 1582 produce the string literal "$(VAR_NAME)". 1583 Escaped references will never be expanded, 1584 regardless of whether the variable exists 1585 or not. Defaults to "".' 1586 type: string 1587 valueFrom: 1588 description: Source for the environment variable's 1589 value. Cannot be used if value is not empty. 1590 properties: 1591 configMapKeyRef: 1592 description: Selects a key of a ConfigMap. 1593 properties: 1594 key: 1595 description: The key to select. 1596 type: string 1597 name: 1598 description: 'Name of the referent. 1599 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1600 TODO: Add other useful fields. apiVersion, 1601 kind, uid?' 1602 type: string 1603 optional: 1604 description: Specify whether the ConfigMap 1605 or its key must be defined 1606 type: boolean 1607 required: 1608 - key 1609 type: object 1610 x-kubernetes-map-type: atomic 1611 fieldRef: 1612 description: 'Selects a field of the pod: 1613 supports metadata.name, metadata.namespace, 1614 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 1615 spec.nodeName, spec.serviceAccountName, 1616 status.hostIP, status.podIP, status.podIPs.' 1617 properties: 1618 apiVersion: 1619 description: Version of the schema the 1620 FieldPath is written in terms of, 1621 defaults to "v1". 1622 type: string 1623 fieldPath: 1624 description: Path of the field to select 1625 in the specified API version. 1626 type: string 1627 required: 1628 - fieldPath 1629 type: object 1630 x-kubernetes-map-type: atomic 1631 resourceFieldRef: 1632 description: 'Selects a resource of the 1633 container: only resources limits and requests 1634 (limits.cpu, limits.memory, limits.ephemeral-storage, 1635 requests.cpu, requests.memory and requests.ephemeral-storage) 1636 are currently supported.' 1637 properties: 1638 containerName: 1639 description: 'Container name: required 1640 for volumes, optional for env vars' 1641 type: string 1642 divisor: 1643 anyOf: 1644 - type: integer 1645 - type: string 1646 description: Specifies the output format 1647 of the exposed resources, defaults 1648 to "1" 1649 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1650 x-kubernetes-int-or-string: true 1651 resource: 1652 description: 'Required: resource to 1653 select' 1654 type: string 1655 required: 1656 - resource 1657 type: object 1658 x-kubernetes-map-type: atomic 1659 secretKeyRef: 1660 description: Selects a key of a secret in 1661 the pod's namespace 1662 properties: 1663 key: 1664 description: The key of the secret to 1665 select from. Must be a valid secret 1666 key. 1667 type: string 1668 name: 1669 description: 'Name of the referent. 1670 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1671 TODO: Add other useful fields. apiVersion, 1672 kind, uid?' 1673 type: string 1674 optional: 1675 description: Specify whether the Secret 1676 or its key must be defined 1677 type: boolean 1678 required: 1679 - key 1680 type: object 1681 x-kubernetes-map-type: atomic 1682 type: object 1683 required: 1684 - name 1685 type: object 1686 type: array 1687 envFrom: 1688 description: List of sources to populate environment 1689 variables in the container. The keys defined within 1690 a source must be a C_IDENTIFIER. All invalid keys 1691 will be reported as an event when the container 1692 is starting. When a key exists in multiple sources, 1693 the value associated with the last source will take 1694 precedence. Values defined by an Env with a duplicate 1695 key will take precedence. Cannot be updated. 1696 items: 1697 description: EnvFromSource represents the source 1698 of a set of ConfigMaps 1699 properties: 1700 configMapRef: 1701 description: The ConfigMap to select from 1702 properties: 1703 name: 1704 description: 'Name of the referent. More 1705 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1706 TODO: Add other useful fields. apiVersion, 1707 kind, uid?' 1708 type: string 1709 optional: 1710 description: Specify whether the ConfigMap 1711 must be defined 1712 type: boolean 1713 type: object 1714 x-kubernetes-map-type: atomic 1715 prefix: 1716 description: An optional identifier to prepend 1717 to each key in the ConfigMap. Must be a C_IDENTIFIER. 1718 type: string 1719 secretRef: 1720 description: The Secret to select from 1721 properties: 1722 name: 1723 description: 'Name of the referent. More 1724 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1725 TODO: Add other useful fields. apiVersion, 1726 kind, uid?' 1727 type: string 1728 optional: 1729 description: Specify whether the Secret 1730 must be defined 1731 type: boolean 1732 type: object 1733 x-kubernetes-map-type: atomic 1734 type: object 1735 type: array 1736 image: 1737 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 1738 This field is optional to allow higher level config 1739 management to default or override container images 1740 in workload controllers like Deployments and StatefulSets.' 1741 type: string 1742 imagePullPolicy: 1743 description: 'Image pull policy. One of Always, Never, 1744 IfNotPresent. Defaults to Always if :latest tag 1745 is specified, or IfNotPresent otherwise. Cannot 1746 be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1747 type: string 1748 lifecycle: 1749 description: Actions that the management system should 1750 take in response to container lifecycle events. 1751 Cannot be updated. 1752 properties: 1753 postStart: 1754 description: 'PostStart is called immediately 1755 after a container is created. If the handler 1756 fails, the container is terminated and restarted 1757 according to its restart policy. Other management 1758 of the container blocks until the hook completes. 1759 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1760 properties: 1761 exec: 1762 description: Exec specifies the action to 1763 take. 1764 properties: 1765 command: 1766 description: Command is the command line 1767 to execute inside the container, the 1768 working directory for the command is 1769 root ('/') in the container's filesystem. 1770 The command is simply exec'd, it is 1771 not run inside a shell, so traditional 1772 shell instructions ('|', etc) won't 1773 work. To use a shell, you need to explicitly 1774 call out to that shell. Exit status 1775 of 0 is treated as live/healthy and 1776 non-zero is unhealthy. 1777 items: 1778 type: string 1779 type: array 1780 type: object 1781 httpGet: 1782 description: HTTPGet specifies the http request 1783 to perform. 1784 properties: 1785 host: 1786 description: Host name to connect to, 1787 defaults to the pod IP. You probably 1788 want to set "Host" in httpHeaders instead. 1789 type: string 1790 httpHeaders: 1791 description: Custom headers to set in 1792 the request. HTTP allows repeated headers. 1793 items: 1794 description: HTTPHeader describes a 1795 custom header to be used in HTTP probes 1796 properties: 1797 name: 1798 description: The header field name. 1799 This will be canonicalized upon 1800 output, so case-variant names 1801 will be understood as the same 1802 header. 1803 type: string 1804 value: 1805 description: The header field value 1806 type: string 1807 required: 1808 - name 1809 - value 1810 type: object 1811 type: array 1812 path: 1813 description: Path to access on the HTTP 1814 server. 1815 type: string 1816 port: 1817 anyOf: 1818 - type: integer 1819 - type: string 1820 description: Name or number of the port 1821 to access on the container. Number must 1822 be in the range 1 to 65535. Name must 1823 be an IANA_SVC_NAME. 1824 x-kubernetes-int-or-string: true 1825 scheme: 1826 description: Scheme to use for connecting 1827 to the host. Defaults to HTTP. 1828 type: string 1829 required: 1830 - port 1831 type: object 1832 tcpSocket: 1833 description: Deprecated. TCPSocket is NOT 1834 supported as a LifecycleHandler and kept 1835 for the backward compatibility. There are 1836 no validation of this field and lifecycle 1837 hooks will fail in runtime when tcp handler 1838 is specified. 1839 properties: 1840 host: 1841 description: 'Optional: Host name to connect 1842 to, defaults to the pod IP.' 1843 type: string 1844 port: 1845 anyOf: 1846 - type: integer 1847 - type: string 1848 description: Number or name of the port 1849 to access on the container. Number must 1850 be in the range 1 to 65535. Name must 1851 be an IANA_SVC_NAME. 1852 x-kubernetes-int-or-string: true 1853 required: 1854 - port 1855 type: object 1856 type: object 1857 preStop: 1858 description: 'PreStop is called immediately before 1859 a container is terminated due to an API request 1860 or management event such as liveness/startup 1861 probe failure, preemption, resource contention, 1862 etc. The handler is not called if the container 1863 crashes or exits. The Pod''s termination grace 1864 period countdown begins before the PreStop hook 1865 is executed. Regardless of the outcome of the 1866 handler, the container will eventually terminate 1867 within the Pod''s termination grace period (unless 1868 delayed by finalizers). Other management of 1869 the container blocks until the hook completes 1870 or until the termination grace period is reached. 1871 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1872 properties: 1873 exec: 1874 description: Exec specifies the action to 1875 take. 1876 properties: 1877 command: 1878 description: Command is the command line 1879 to execute inside the container, the 1880 working directory for the command is 1881 root ('/') in the container's filesystem. 1882 The command is simply exec'd, it is 1883 not run inside a shell, so traditional 1884 shell instructions ('|', etc) won't 1885 work. To use a shell, you need to explicitly 1886 call out to that shell. Exit status 1887 of 0 is treated as live/healthy and 1888 non-zero is unhealthy. 1889 items: 1890 type: string 1891 type: array 1892 type: object 1893 httpGet: 1894 description: HTTPGet specifies the http request 1895 to perform. 1896 properties: 1897 host: 1898 description: Host name to connect to, 1899 defaults to the pod IP. You probably 1900 want to set "Host" in httpHeaders instead. 1901 type: string 1902 httpHeaders: 1903 description: Custom headers to set in 1904 the request. HTTP allows repeated headers. 1905 items: 1906 description: HTTPHeader describes a 1907 custom header to be used in HTTP probes 1908 properties: 1909 name: 1910 description: The header field name. 1911 This will be canonicalized upon 1912 output, so case-variant names 1913 will be understood as the same 1914 header. 1915 type: string 1916 value: 1917 description: The header field value 1918 type: string 1919 required: 1920 - name 1921 - value 1922 type: object 1923 type: array 1924 path: 1925 description: Path to access on the HTTP 1926 server. 1927 type: string 1928 port: 1929 anyOf: 1930 - type: integer 1931 - type: string 1932 description: Name or number of the port 1933 to access on the container. Number must 1934 be in the range 1 to 65535. Name must 1935 be an IANA_SVC_NAME. 1936 x-kubernetes-int-or-string: true 1937 scheme: 1938 description: Scheme to use for connecting 1939 to the host. Defaults to HTTP. 1940 type: string 1941 required: 1942 - port 1943 type: object 1944 tcpSocket: 1945 description: Deprecated. TCPSocket is NOT 1946 supported as a LifecycleHandler and kept 1947 for the backward compatibility. There are 1948 no validation of this field and lifecycle 1949 hooks will fail in runtime when tcp handler 1950 is specified. 1951 properties: 1952 host: 1953 description: 'Optional: Host name to connect 1954 to, defaults to the pod IP.' 1955 type: string 1956 port: 1957 anyOf: 1958 - type: integer 1959 - type: string 1960 description: Number or name of the port 1961 to access on the container. Number must 1962 be in the range 1 to 65535. Name must 1963 be an IANA_SVC_NAME. 1964 x-kubernetes-int-or-string: true 1965 required: 1966 - port 1967 type: object 1968 type: object 1969 type: object 1970 livenessProbe: 1971 description: 'Periodic probe of container liveness. 1972 Container will be restarted if the probe fails. 1973 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1974 properties: 1975 exec: 1976 description: Exec specifies the action to take. 1977 properties: 1978 command: 1979 description: Command is the command line to 1980 execute inside the container, the working 1981 directory for the command is root ('/') 1982 in the container's filesystem. The command 1983 is simply exec'd, it is not run inside a 1984 shell, so traditional shell instructions 1985 ('|', etc) won't work. To use a shell, you 1986 need to explicitly call out to that shell. 1987 Exit status of 0 is treated as live/healthy 1988 and non-zero is unhealthy. 1989 items: 1990 type: string 1991 type: array 1992 type: object 1993 failureThreshold: 1994 description: Minimum consecutive failures for 1995 the probe to be considered failed after having 1996 succeeded. Defaults to 3. Minimum value is 1. 1997 format: int32 1998 type: integer 1999 grpc: 2000 description: GRPC specifies an action involving 2001 a GRPC port. 2002 properties: 2003 port: 2004 description: Port number of the gRPC service. 2005 Number must be in the range 1 to 65535. 2006 format: int32 2007 type: integer 2008 service: 2009 description: "Service is the name of the service 2010 to place in the gRPC HealthCheckRequest 2011 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2012 \n If this is not specified, the default 2013 behavior is defined by gRPC." 2014 type: string 2015 required: 2016 - port 2017 type: object 2018 httpGet: 2019 description: HTTPGet specifies the http request 2020 to perform. 2021 properties: 2022 host: 2023 description: Host name to connect to, defaults 2024 to the pod IP. You probably want to set 2025 "Host" in httpHeaders instead. 2026 type: string 2027 httpHeaders: 2028 description: Custom headers to set in the 2029 request. HTTP allows repeated headers. 2030 items: 2031 description: HTTPHeader describes a custom 2032 header to be used in HTTP probes 2033 properties: 2034 name: 2035 description: The header field name. 2036 This will be canonicalized upon output, 2037 so case-variant names will be understood 2038 as the same header. 2039 type: string 2040 value: 2041 description: The header field value 2042 type: string 2043 required: 2044 - name 2045 - value 2046 type: object 2047 type: array 2048 path: 2049 description: Path to access on the HTTP server. 2050 type: string 2051 port: 2052 anyOf: 2053 - type: integer 2054 - type: string 2055 description: Name or number of the port to 2056 access on the container. Number must be 2057 in the range 1 to 65535. Name must be an 2058 IANA_SVC_NAME. 2059 x-kubernetes-int-or-string: true 2060 scheme: 2061 description: Scheme to use for connecting 2062 to the host. Defaults to HTTP. 2063 type: string 2064 required: 2065 - port 2066 type: object 2067 initialDelaySeconds: 2068 description: 'Number of seconds after the container 2069 has started before liveness probes are initiated. 2070 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2071 format: int32 2072 type: integer 2073 periodSeconds: 2074 description: How often (in seconds) to perform 2075 the probe. Default to 10 seconds. Minimum value 2076 is 1. 2077 format: int32 2078 type: integer 2079 successThreshold: 2080 description: Minimum consecutive successes for 2081 the probe to be considered successful after 2082 having failed. Defaults to 1. Must be 1 for 2083 liveness and startup. Minimum value is 1. 2084 format: int32 2085 type: integer 2086 tcpSocket: 2087 description: TCPSocket specifies an action involving 2088 a TCP port. 2089 properties: 2090 host: 2091 description: 'Optional: Host name to connect 2092 to, defaults to the pod IP.' 2093 type: string 2094 port: 2095 anyOf: 2096 - type: integer 2097 - type: string 2098 description: Number or name of the port to 2099 access on the container. Number must be 2100 in the range 1 to 65535. Name must be an 2101 IANA_SVC_NAME. 2102 x-kubernetes-int-or-string: true 2103 required: 2104 - port 2105 type: object 2106 terminationGracePeriodSeconds: 2107 description: Optional duration in seconds the 2108 pod needs to terminate gracefully upon probe 2109 failure. The grace period is the duration in 2110 seconds after the processes running in the pod 2111 are sent a termination signal and the time when 2112 the processes are forcibly halted with a kill 2113 signal. Set this value longer than the expected 2114 cleanup time for your process. If this value 2115 is nil, the pod's terminationGracePeriodSeconds 2116 will be used. Otherwise, this value overrides 2117 the value provided by the pod spec. Value must 2118 be non-negative integer. The value zero indicates 2119 stop immediately via the kill signal (no opportunity 2120 to shut down). This is a beta field and requires 2121 enabling ProbeTerminationGracePeriod feature 2122 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2123 is used if unset. 2124 format: int64 2125 type: integer 2126 timeoutSeconds: 2127 description: 'Number of seconds after which the 2128 probe times out. Defaults to 1 second. Minimum 2129 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2130 format: int32 2131 type: integer 2132 type: object 2133 name: 2134 description: Name of the container specified as a 2135 DNS_LABEL. Each container in a pod must have a unique 2136 name (DNS_LABEL). Cannot be updated. 2137 type: string 2138 ports: 2139 description: List of ports to expose from the container. 2140 Not specifying a port here DOES NOT prevent that 2141 port from being exposed. Any port which is listening 2142 on the default "0.0.0.0" address inside a container 2143 will be accessible from the network. Modifying this 2144 array with strategic merge patch may corrupt the 2145 data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. 2146 Cannot be updated. 2147 items: 2148 description: ContainerPort represents a network 2149 port in a single container. 2150 properties: 2151 containerPort: 2152 description: Number of port to expose on the 2153 pod's IP address. This must be a valid port 2154 number, 0 < x < 65536. 2155 format: int32 2156 type: integer 2157 hostIP: 2158 description: What host IP to bind the external 2159 port to. 2160 type: string 2161 hostPort: 2162 description: Number of port to expose on the 2163 host. If specified, this must be a valid port 2164 number, 0 < x < 65536. If HostNetwork is specified, 2165 this must match ContainerPort. Most containers 2166 do not need this. 2167 format: int32 2168 type: integer 2169 name: 2170 description: If specified, this must be an IANA_SVC_NAME 2171 and unique within the pod. Each named port 2172 in a pod must have a unique name. Name for 2173 the port that can be referred to by services. 2174 type: string 2175 protocol: 2176 default: TCP 2177 description: Protocol for port. Must be UDP, 2178 TCP, or SCTP. Defaults to "TCP". 2179 type: string 2180 required: 2181 - containerPort 2182 type: object 2183 type: array 2184 x-kubernetes-list-map-keys: 2185 - containerPort 2186 - protocol 2187 x-kubernetes-list-type: map 2188 readinessProbe: 2189 description: 'Periodic probe of container service 2190 readiness. Container will be removed from service 2191 endpoints if the probe fails. Cannot be updated. 2192 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2193 properties: 2194 exec: 2195 description: Exec specifies the action to take. 2196 properties: 2197 command: 2198 description: Command is the command line to 2199 execute inside the container, the working 2200 directory for the command is root ('/') 2201 in the container's filesystem. The command 2202 is simply exec'd, it is not run inside a 2203 shell, so traditional shell instructions 2204 ('|', etc) won't work. To use a shell, you 2205 need to explicitly call out to that shell. 2206 Exit status of 0 is treated as live/healthy 2207 and non-zero is unhealthy. 2208 items: 2209 type: string 2210 type: array 2211 type: object 2212 failureThreshold: 2213 description: Minimum consecutive failures for 2214 the probe to be considered failed after having 2215 succeeded. Defaults to 3. Minimum value is 1. 2216 format: int32 2217 type: integer 2218 grpc: 2219 description: GRPC specifies an action involving 2220 a GRPC port. 2221 properties: 2222 port: 2223 description: Port number of the gRPC service. 2224 Number must be in the range 1 to 65535. 2225 format: int32 2226 type: integer 2227 service: 2228 description: "Service is the name of the service 2229 to place in the gRPC HealthCheckRequest 2230 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2231 \n If this is not specified, the default 2232 behavior is defined by gRPC." 2233 type: string 2234 required: 2235 - port 2236 type: object 2237 httpGet: 2238 description: HTTPGet specifies the http request 2239 to perform. 2240 properties: 2241 host: 2242 description: Host name to connect to, defaults 2243 to the pod IP. You probably want to set 2244 "Host" in httpHeaders instead. 2245 type: string 2246 httpHeaders: 2247 description: Custom headers to set in the 2248 request. HTTP allows repeated headers. 2249 items: 2250 description: HTTPHeader describes a custom 2251 header to be used in HTTP probes 2252 properties: 2253 name: 2254 description: The header field name. 2255 This will be canonicalized upon output, 2256 so case-variant names will be understood 2257 as the same header. 2258 type: string 2259 value: 2260 description: The header field value 2261 type: string 2262 required: 2263 - name 2264 - value 2265 type: object 2266 type: array 2267 path: 2268 description: Path to access on the HTTP server. 2269 type: string 2270 port: 2271 anyOf: 2272 - type: integer 2273 - type: string 2274 description: Name or number of the port to 2275 access on the container. Number must be 2276 in the range 1 to 65535. Name must be an 2277 IANA_SVC_NAME. 2278 x-kubernetes-int-or-string: true 2279 scheme: 2280 description: Scheme to use for connecting 2281 to the host. Defaults to HTTP. 2282 type: string 2283 required: 2284 - port 2285 type: object 2286 initialDelaySeconds: 2287 description: 'Number of seconds after the container 2288 has started before liveness probes are initiated. 2289 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2290 format: int32 2291 type: integer 2292 periodSeconds: 2293 description: How often (in seconds) to perform 2294 the probe. Default to 10 seconds. Minimum value 2295 is 1. 2296 format: int32 2297 type: integer 2298 successThreshold: 2299 description: Minimum consecutive successes for 2300 the probe to be considered successful after 2301 having failed. Defaults to 1. Must be 1 for 2302 liveness and startup. Minimum value is 1. 2303 format: int32 2304 type: integer 2305 tcpSocket: 2306 description: TCPSocket specifies an action involving 2307 a TCP port. 2308 properties: 2309 host: 2310 description: 'Optional: Host name to connect 2311 to, defaults to the pod IP.' 2312 type: string 2313 port: 2314 anyOf: 2315 - type: integer 2316 - type: string 2317 description: Number or name of the port to 2318 access on the container. Number must be 2319 in the range 1 to 65535. Name must be an 2320 IANA_SVC_NAME. 2321 x-kubernetes-int-or-string: true 2322 required: 2323 - port 2324 type: object 2325 terminationGracePeriodSeconds: 2326 description: Optional duration in seconds the 2327 pod needs to terminate gracefully upon probe 2328 failure. The grace period is the duration in 2329 seconds after the processes running in the pod 2330 are sent a termination signal and the time when 2331 the processes are forcibly halted with a kill 2332 signal. Set this value longer than the expected 2333 cleanup time for your process. If this value 2334 is nil, the pod's terminationGracePeriodSeconds 2335 will be used. Otherwise, this value overrides 2336 the value provided by the pod spec. Value must 2337 be non-negative integer. The value zero indicates 2338 stop immediately via the kill signal (no opportunity 2339 to shut down). This is a beta field and requires 2340 enabling ProbeTerminationGracePeriod feature 2341 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2342 is used if unset. 2343 format: int64 2344 type: integer 2345 timeoutSeconds: 2346 description: 'Number of seconds after which the 2347 probe times out. Defaults to 1 second. Minimum 2348 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2349 format: int32 2350 type: integer 2351 type: object 2352 resizePolicy: 2353 description: Resources resize policy for the container. 2354 items: 2355 description: ContainerResizePolicy represents resource 2356 resize policy for the container. 2357 properties: 2358 resourceName: 2359 description: 'Name of the resource to which 2360 this resource resize policy applies. Supported 2361 values: cpu, memory.' 2362 type: string 2363 restartPolicy: 2364 description: Restart policy to apply when specified 2365 resource is resized. If not specified, it 2366 defaults to NotRequired. 2367 type: string 2368 required: 2369 - resourceName 2370 - restartPolicy 2371 type: object 2372 type: array 2373 x-kubernetes-list-type: atomic 2374 resources: 2375 description: 'Compute Resources required by this container. 2376 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2377 properties: 2378 claims: 2379 description: "Claims lists the names of resources, 2380 defined in spec.resourceClaims, that are used 2381 by this container. \n This is an alpha field 2382 and requires enabling the DynamicResourceAllocation 2383 feature gate. \n This field is immutable. It 2384 can only be set for containers." 2385 items: 2386 description: ResourceClaim references one entry 2387 in PodSpec.ResourceClaims. 2388 properties: 2389 name: 2390 description: Name must match the name of 2391 one entry in pod.spec.resourceClaims of 2392 the Pod where this field is used. It makes 2393 that resource available inside a container. 2394 type: string 2395 required: 2396 - name 2397 type: object 2398 type: array 2399 x-kubernetes-list-map-keys: 2400 - name 2401 x-kubernetes-list-type: map 2402 limits: 2403 additionalProperties: 2404 anyOf: 2405 - type: integer 2406 - type: string 2407 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2408 x-kubernetes-int-or-string: true 2409 description: 'Limits describes the maximum amount 2410 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2411 type: object 2412 requests: 2413 additionalProperties: 2414 anyOf: 2415 - type: integer 2416 - type: string 2417 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2418 x-kubernetes-int-or-string: true 2419 description: 'Requests describes the minimum amount 2420 of compute resources required. If Requests is 2421 omitted for a container, it defaults to Limits 2422 if that is explicitly specified, otherwise to 2423 an implementation-defined value. Requests cannot 2424 exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2425 type: object 2426 type: object 2427 restartPolicy: 2428 description: 'RestartPolicy defines the restart behavior 2429 of individual containers in a pod. This field may 2430 only be set for init containers, and the only allowed 2431 value is "Always". For non-init containers or when 2432 this field is not specified, the restart behavior 2433 is defined by the Pod''s restart policy and the 2434 container type. Setting the RestartPolicy as "Always" 2435 for the init container will have the following effect: 2436 this init container will be continually restarted 2437 on exit until all regular containers have terminated. 2438 Once all regular containers have completed, all 2439 init containers with restartPolicy "Always" will 2440 be shut down. This lifecycle differs from normal 2441 init containers and is often referred to as a "sidecar" 2442 container. Although this init container still starts 2443 in the init container sequence, it does not wait 2444 for the container to complete before proceeding 2445 to the next init container. Instead, the next init 2446 container starts immediately after this init container 2447 is started, or after any startupProbe has successfully 2448 completed.' 2449 type: string 2450 securityContext: 2451 description: 'SecurityContext defines the security 2452 options the container should be run with. If set, 2453 the fields of SecurityContext override the equivalent 2454 fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2455 properties: 2456 allowPrivilegeEscalation: 2457 description: 'AllowPrivilegeEscalation controls 2458 whether a process can gain more privileges than 2459 its parent process. This bool directly controls 2460 if the no_new_privs flag will be set on the 2461 container process. AllowPrivilegeEscalation 2462 is true always when the container is: 1) run 2463 as Privileged 2) has CAP_SYS_ADMIN Note that 2464 this field cannot be set when spec.os.name is 2465 windows.' 2466 type: boolean 2467 capabilities: 2468 description: The capabilities to add/drop when 2469 running containers. Defaults to the default 2470 set of capabilities granted by the container 2471 runtime. Note that this field cannot be set 2472 when spec.os.name is windows. 2473 properties: 2474 add: 2475 description: Added capabilities 2476 items: 2477 description: Capability represent POSIX 2478 capabilities type 2479 type: string 2480 type: array 2481 drop: 2482 description: Removed capabilities 2483 items: 2484 description: Capability represent POSIX 2485 capabilities type 2486 type: string 2487 type: array 2488 type: object 2489 privileged: 2490 description: Run container in privileged mode. 2491 Processes in privileged containers are essentially 2492 equivalent to root on the host. Defaults to 2493 false. Note that this field cannot be set when 2494 spec.os.name is windows. 2495 type: boolean 2496 procMount: 2497 description: procMount denotes the type of proc 2498 mount to use for the containers. The default 2499 is DefaultProcMount which uses the container 2500 runtime defaults for readonly paths and masked 2501 paths. This requires the ProcMountType feature 2502 flag to be enabled. Note that this field cannot 2503 be set when spec.os.name is windows. 2504 type: string 2505 readOnlyRootFilesystem: 2506 description: Whether this container has a read-only 2507 root filesystem. Default is false. Note that 2508 this field cannot be set when spec.os.name is 2509 windows. 2510 type: boolean 2511 runAsGroup: 2512 description: The GID to run the entrypoint of 2513 the container process. Uses runtime default 2514 if unset. May also be set in PodSecurityContext. If 2515 set in both SecurityContext and PodSecurityContext, 2516 the value specified in SecurityContext takes 2517 precedence. Note that this field cannot be set 2518 when spec.os.name is windows. 2519 format: int64 2520 type: integer 2521 runAsNonRoot: 2522 description: Indicates that the container must 2523 run as a non-root user. If true, the Kubelet 2524 will validate the image at runtime to ensure 2525 that it does not run as UID 0 (root) and fail 2526 to start the container if it does. If unset 2527 or false, no such validation will be performed. 2528 May also be set in PodSecurityContext. If set 2529 in both SecurityContext and PodSecurityContext, 2530 the value specified in SecurityContext takes 2531 precedence. 2532 type: boolean 2533 runAsUser: 2534 description: The UID to run the entrypoint of 2535 the container process. Defaults to user specified 2536 in image metadata if unspecified. May also be 2537 set in PodSecurityContext. If set in both SecurityContext 2538 and PodSecurityContext, the value specified 2539 in SecurityContext takes precedence. Note that 2540 this field cannot be set when spec.os.name is 2541 windows. 2542 format: int64 2543 type: integer 2544 seLinuxOptions: 2545 description: The SELinux context to be applied 2546 to the container. If unspecified, the container 2547 runtime will allocate a random SELinux context 2548 for each container. May also be set in PodSecurityContext. If 2549 set in both SecurityContext and PodSecurityContext, 2550 the value specified in SecurityContext takes 2551 precedence. Note that this field cannot be set 2552 when spec.os.name is windows. 2553 properties: 2554 level: 2555 description: Level is SELinux level label 2556 that applies to the container. 2557 type: string 2558 role: 2559 description: Role is a SELinux role label 2560 that applies to the container. 2561 type: string 2562 type: 2563 description: Type is a SELinux type label 2564 that applies to the container. 2565 type: string 2566 user: 2567 description: User is a SELinux user label 2568 that applies to the container. 2569 type: string 2570 type: object 2571 seccompProfile: 2572 description: The seccomp options to use by this 2573 container. If seccomp options are provided at 2574 both the pod & container level, the container 2575 options override the pod options. Note that 2576 this field cannot be set when spec.os.name is 2577 windows. 2578 properties: 2579 localhostProfile: 2580 description: localhostProfile indicates a 2581 profile defined in a file on the node should 2582 be used. The profile must be preconfigured 2583 on the node to work. Must be a descending 2584 path, relative to the kubelet's configured 2585 seccomp profile location. Must be set if 2586 type is "Localhost". Must NOT be set for 2587 any other type. 2588 type: string 2589 type: 2590 description: "type indicates which kind of 2591 seccomp profile will be applied. Valid options 2592 are: \n Localhost - a profile defined in 2593 a file on the node should be used. RuntimeDefault 2594 - the container runtime default profile 2595 should be used. Unconfined - no profile 2596 should be applied." 2597 type: string 2598 required: 2599 - type 2600 type: object 2601 windowsOptions: 2602 description: The Windows specific settings applied 2603 to all containers. If unspecified, the options 2604 from the PodSecurityContext will be used. If 2605 set in both SecurityContext and PodSecurityContext, 2606 the value specified in SecurityContext takes 2607 precedence. Note that this field cannot be set 2608 when spec.os.name is linux. 2609 properties: 2610 gmsaCredentialSpec: 2611 description: GMSACredentialSpec is where the 2612 GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2613 inlines the contents of the GMSA credential 2614 spec named by the GMSACredentialSpecName 2615 field. 2616 type: string 2617 gmsaCredentialSpecName: 2618 description: GMSACredentialSpecName is the 2619 name of the GMSA credential spec to use. 2620 type: string 2621 hostProcess: 2622 description: HostProcess determines if a container 2623 should be run as a 'Host Process' container. 2624 All of a Pod's containers must have the 2625 same effective HostProcess value (it is 2626 not allowed to have a mix of HostProcess 2627 containers and non-HostProcess containers). 2628 In addition, if HostProcess is true then 2629 HostNetwork must also be set to true. 2630 type: boolean 2631 runAsUserName: 2632 description: The UserName in Windows to run 2633 the entrypoint of the container process. 2634 Defaults to the user specified in image 2635 metadata if unspecified. May also be set 2636 in PodSecurityContext. If set in both SecurityContext 2637 and PodSecurityContext, the value specified 2638 in SecurityContext takes precedence. 2639 type: string 2640 type: object 2641 type: object 2642 startupProbe: 2643 description: 'StartupProbe indicates that the Pod 2644 has successfully initialized. If specified, no other 2645 probes are executed until this completes successfully. 2646 If this probe fails, the Pod will be restarted, 2647 just as if the livenessProbe failed. This can be 2648 used to provide different probe parameters at the 2649 beginning of a Pod''s lifecycle, when it might take 2650 a long time to load data or warm a cache, than during 2651 steady-state operation. This cannot be updated. 2652 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2653 properties: 2654 exec: 2655 description: Exec specifies the action to take. 2656 properties: 2657 command: 2658 description: Command is the command line to 2659 execute inside the container, the working 2660 directory for the command is root ('/') 2661 in the container's filesystem. The command 2662 is simply exec'd, it is not run inside a 2663 shell, so traditional shell instructions 2664 ('|', etc) won't work. To use a shell, you 2665 need to explicitly call out to that shell. 2666 Exit status of 0 is treated as live/healthy 2667 and non-zero is unhealthy. 2668 items: 2669 type: string 2670 type: array 2671 type: object 2672 failureThreshold: 2673 description: Minimum consecutive failures for 2674 the probe to be considered failed after having 2675 succeeded. Defaults to 3. Minimum value is 1. 2676 format: int32 2677 type: integer 2678 grpc: 2679 description: GRPC specifies an action involving 2680 a GRPC port. 2681 properties: 2682 port: 2683 description: Port number of the gRPC service. 2684 Number must be in the range 1 to 65535. 2685 format: int32 2686 type: integer 2687 service: 2688 description: "Service is the name of the service 2689 to place in the gRPC HealthCheckRequest 2690 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2691 \n If this is not specified, the default 2692 behavior is defined by gRPC." 2693 type: string 2694 required: 2695 - port 2696 type: object 2697 httpGet: 2698 description: HTTPGet specifies the http request 2699 to perform. 2700 properties: 2701 host: 2702 description: Host name to connect to, defaults 2703 to the pod IP. You probably want to set 2704 "Host" in httpHeaders instead. 2705 type: string 2706 httpHeaders: 2707 description: Custom headers to set in the 2708 request. HTTP allows repeated headers. 2709 items: 2710 description: HTTPHeader describes a custom 2711 header to be used in HTTP probes 2712 properties: 2713 name: 2714 description: The header field name. 2715 This will be canonicalized upon output, 2716 so case-variant names will be understood 2717 as the same header. 2718 type: string 2719 value: 2720 description: The header field value 2721 type: string 2722 required: 2723 - name 2724 - value 2725 type: object 2726 type: array 2727 path: 2728 description: Path to access on the HTTP server. 2729 type: string 2730 port: 2731 anyOf: 2732 - type: integer 2733 - type: string 2734 description: Name or number of the port to 2735 access on the container. Number must be 2736 in the range 1 to 65535. Name must be an 2737 IANA_SVC_NAME. 2738 x-kubernetes-int-or-string: true 2739 scheme: 2740 description: Scheme to use for connecting 2741 to the host. Defaults to HTTP. 2742 type: string 2743 required: 2744 - port 2745 type: object 2746 initialDelaySeconds: 2747 description: 'Number of seconds after the container 2748 has started before liveness probes are initiated. 2749 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2750 format: int32 2751 type: integer 2752 periodSeconds: 2753 description: How often (in seconds) to perform 2754 the probe. Default to 10 seconds. Minimum value 2755 is 1. 2756 format: int32 2757 type: integer 2758 successThreshold: 2759 description: Minimum consecutive successes for 2760 the probe to be considered successful after 2761 having failed. Defaults to 1. Must be 1 for 2762 liveness and startup. Minimum value is 1. 2763 format: int32 2764 type: integer 2765 tcpSocket: 2766 description: TCPSocket specifies an action involving 2767 a TCP port. 2768 properties: 2769 host: 2770 description: 'Optional: Host name to connect 2771 to, defaults to the pod IP.' 2772 type: string 2773 port: 2774 anyOf: 2775 - type: integer 2776 - type: string 2777 description: Number or name of the port to 2778 access on the container. Number must be 2779 in the range 1 to 65535. Name must be an 2780 IANA_SVC_NAME. 2781 x-kubernetes-int-or-string: true 2782 required: 2783 - port 2784 type: object 2785 terminationGracePeriodSeconds: 2786 description: Optional duration in seconds the 2787 pod needs to terminate gracefully upon probe 2788 failure. The grace period is the duration in 2789 seconds after the processes running in the pod 2790 are sent a termination signal and the time when 2791 the processes are forcibly halted with a kill 2792 signal. Set this value longer than the expected 2793 cleanup time for your process. If this value 2794 is nil, the pod's terminationGracePeriodSeconds 2795 will be used. Otherwise, this value overrides 2796 the value provided by the pod spec. Value must 2797 be non-negative integer. The value zero indicates 2798 stop immediately via the kill signal (no opportunity 2799 to shut down). This is a beta field and requires 2800 enabling ProbeTerminationGracePeriod feature 2801 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2802 is used if unset. 2803 format: int64 2804 type: integer 2805 timeoutSeconds: 2806 description: 'Number of seconds after which the 2807 probe times out. Defaults to 1 second. Minimum 2808 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2809 format: int32 2810 type: integer 2811 type: object 2812 stdin: 2813 description: Whether this container should allocate 2814 a buffer for stdin in the container runtime. If 2815 this is not set, reads from stdin in the container 2816 will always result in EOF. Default is false. 2817 type: boolean 2818 stdinOnce: 2819 description: Whether the container runtime should 2820 close the stdin channel after it has been opened 2821 by a single attach. When stdin is true the stdin 2822 stream will remain open across multiple attach sessions. 2823 If stdinOnce is set to true, stdin is opened on 2824 container start, is empty until the first client 2825 attaches to stdin, and then remains open and accepts 2826 data until the client disconnects, at which time 2827 stdin is closed and remains closed until the container 2828 is restarted. If this flag is false, a container 2829 processes that reads from stdin will never receive 2830 an EOF. Default is false 2831 type: boolean 2832 terminationMessagePath: 2833 description: 'Optional: Path at which the file to 2834 which the container''s termination message will 2835 be written is mounted into the container''s filesystem. 2836 Message written is intended to be brief final status, 2837 such as an assertion failure message. Will be truncated 2838 by the node if greater than 4096 bytes. The total 2839 message length across all containers will be limited 2840 to 12kb. Defaults to /dev/termination-log. Cannot 2841 be updated.' 2842 type: string 2843 terminationMessagePolicy: 2844 description: Indicate how the termination message 2845 should be populated. File will use the contents 2846 of terminationMessagePath to populate the container 2847 status message on both success and failure. FallbackToLogsOnError 2848 will use the last chunk of container log output 2849 if the termination message file is empty and the 2850 container exited with an error. The log output is 2851 limited to 2048 bytes or 80 lines, whichever is 2852 smaller. Defaults to File. Cannot be updated. 2853 type: string 2854 tty: 2855 description: Whether this container should allocate 2856 a TTY for itself, also requires 'stdin' to be true. 2857 Default is false. 2858 type: boolean 2859 volumeDevices: 2860 description: volumeDevices is the list of block devices 2861 to be used by the container. 2862 items: 2863 description: volumeDevice describes a mapping of 2864 a raw block device within a container. 2865 properties: 2866 devicePath: 2867 description: devicePath is the path inside of 2868 the container that the device will be mapped 2869 to. 2870 type: string 2871 name: 2872 description: name must match the name of a persistentVolumeClaim 2873 in the pod 2874 type: string 2875 required: 2876 - devicePath 2877 - name 2878 type: object 2879 type: array 2880 volumeMounts: 2881 description: Pod volumes to mount into the container's 2882 filesystem. Cannot be updated. 2883 items: 2884 description: VolumeMount describes a mounting of 2885 a Volume within a container. 2886 properties: 2887 mountPath: 2888 description: Path within the container at which 2889 the volume should be mounted. Must not contain 2890 ':'. 2891 type: string 2892 mountPropagation: 2893 description: mountPropagation determines how 2894 mounts are propagated from the host to container 2895 and the other way around. When not set, MountPropagationNone 2896 is used. This field is beta in 1.10. 2897 type: string 2898 name: 2899 description: This must match the Name of a Volume. 2900 type: string 2901 readOnly: 2902 description: Mounted read-only if true, read-write 2903 otherwise (false or unspecified). Defaults 2904 to false. 2905 type: boolean 2906 subPath: 2907 description: Path within the volume from which 2908 the container's volume should be mounted. 2909 Defaults to "" (volume's root). 2910 type: string 2911 subPathExpr: 2912 description: Expanded path within the volume 2913 from which the container's volume should be 2914 mounted. Behaves similarly to SubPath but 2915 environment variable references $(VAR_NAME) 2916 are expanded using the container's environment. 2917 Defaults to "" (volume's root). SubPathExpr 2918 and SubPath are mutually exclusive. 2919 type: string 2920 required: 2921 - mountPath 2922 - name 2923 type: object 2924 type: array 2925 workingDir: 2926 description: Container's working directory. If not 2927 specified, the container runtime's default will 2928 be used, which might be configured in the container 2929 image. Cannot be updated. 2930 type: string 2931 required: 2932 - name 2933 type: object 2934 type: array 2935 dnsConfig: 2936 description: Specifies the DNS parameters of a pod. Parameters 2937 specified here will be merged to the generated DNS configuration 2938 based on DNSPolicy. 2939 properties: 2940 nameservers: 2941 description: A list of DNS name server IP addresses. 2942 This will be appended to the base nameservers generated 2943 from DNSPolicy. Duplicated nameservers will be removed. 2944 items: 2945 type: string 2946 type: array 2947 options: 2948 description: A list of DNS resolver options. This will 2949 be merged with the base options generated from DNSPolicy. 2950 Duplicated entries will be removed. Resolution options 2951 given in Options will override those that appear in 2952 the base DNSPolicy. 2953 items: 2954 description: PodDNSConfigOption defines DNS resolver 2955 options of a pod. 2956 properties: 2957 name: 2958 description: Required. 2959 type: string 2960 value: 2961 type: string 2962 type: object 2963 type: array 2964 searches: 2965 description: A list of DNS search domains for host-name 2966 lookup. This will be appended to the base search paths 2967 generated from DNSPolicy. Duplicated search paths 2968 will be removed. 2969 items: 2970 type: string 2971 type: array 2972 type: object 2973 dnsPolicy: 2974 description: Set DNS policy for the pod. Defaults to "ClusterFirst". 2975 Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 2976 'Default' or 'None'. DNS parameters given in DNSConfig 2977 will be merged with the policy selected with DNSPolicy. 2978 To have DNS options set along with hostNetwork, you have 2979 to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 2980 type: string 2981 enableServiceLinks: 2982 description: 'EnableServiceLinks indicates whether information 2983 about services should be injected into pod''s environment 2984 variables, matching the syntax of Docker links. Optional: 2985 Defaults to true.' 2986 type: boolean 2987 ephemeralContainers: 2988 description: List of ephemeral containers run in this pod. 2989 Ephemeral containers may be run in an existing pod to 2990 perform user-initiated actions such as debugging. This 2991 list cannot be specified when creating a pod, and it cannot 2992 be modified by updating the pod spec. In order to add 2993 an ephemeral container to an existing pod, use the pod's 2994 ephemeralcontainers subresource. 2995 items: 2996 description: "An EphemeralContainer is a temporary container 2997 that you may add to an existing Pod for user-initiated 2998 activities such as debugging. Ephemeral containers have 2999 no resource or scheduling guarantees, and they will 3000 not be restarted when they exit or when a Pod is removed 3001 or restarted. The kubelet may evict a Pod if an ephemeral 3002 container causes the Pod to exceed its resource allocation. 3003 \n To add an ephemeral container, use the ephemeralcontainers 3004 subresource of an existing Pod. Ephemeral containers 3005 may not be removed or restarted." 3006 properties: 3007 args: 3008 description: 'Arguments to the entrypoint. The image''s 3009 CMD is used if this is not provided. Variable references 3010 $(VAR_NAME) are expanded using the container''s 3011 environment. If a variable cannot be resolved, the 3012 reference in the input string will be unchanged. 3013 Double $$ are reduced to a single $, which allows 3014 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 3015 will produce the string literal "$(VAR_NAME)". Escaped 3016 references will never be expanded, regardless of 3017 whether the variable exists or not. Cannot be updated. 3018 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 3019 items: 3020 type: string 3021 type: array 3022 command: 3023 description: 'Entrypoint array. Not executed within 3024 a shell. The image''s ENTRYPOINT is used if this 3025 is not provided. Variable references $(VAR_NAME) 3026 are expanded using the container''s environment. 3027 If a variable cannot be resolved, the reference 3028 in the input string will be unchanged. Double $$ 3029 are reduced to a single $, which allows for escaping 3030 the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 3031 produce the string literal "$(VAR_NAME)". Escaped 3032 references will never be expanded, regardless of 3033 whether the variable exists or not. Cannot be updated. 3034 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 3035 items: 3036 type: string 3037 type: array 3038 env: 3039 description: List of environment variables to set 3040 in the container. Cannot be updated. 3041 items: 3042 description: EnvVar represents an environment variable 3043 present in a Container. 3044 properties: 3045 name: 3046 description: Name of the environment variable. 3047 Must be a C_IDENTIFIER. 3048 type: string 3049 value: 3050 description: 'Variable references $(VAR_NAME) 3051 are expanded using the previously defined 3052 environment variables in the container and 3053 any service environment variables. If a variable 3054 cannot be resolved, the reference in the input 3055 string will be unchanged. Double $$ are reduced 3056 to a single $, which allows for escaping the 3057 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 3058 produce the string literal "$(VAR_NAME)". 3059 Escaped references will never be expanded, 3060 regardless of whether the variable exists 3061 or not. Defaults to "".' 3062 type: string 3063 valueFrom: 3064 description: Source for the environment variable's 3065 value. Cannot be used if value is not empty. 3066 properties: 3067 configMapKeyRef: 3068 description: Selects a key of a ConfigMap. 3069 properties: 3070 key: 3071 description: The key to select. 3072 type: string 3073 name: 3074 description: 'Name of the referent. 3075 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3076 TODO: Add other useful fields. apiVersion, 3077 kind, uid?' 3078 type: string 3079 optional: 3080 description: Specify whether the ConfigMap 3081 or its key must be defined 3082 type: boolean 3083 required: 3084 - key 3085 type: object 3086 x-kubernetes-map-type: atomic 3087 fieldRef: 3088 description: 'Selects a field of the pod: 3089 supports metadata.name, metadata.namespace, 3090 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 3091 spec.nodeName, spec.serviceAccountName, 3092 status.hostIP, status.podIP, status.podIPs.' 3093 properties: 3094 apiVersion: 3095 description: Version of the schema the 3096 FieldPath is written in terms of, 3097 defaults to "v1". 3098 type: string 3099 fieldPath: 3100 description: Path of the field to select 3101 in the specified API version. 3102 type: string 3103 required: 3104 - fieldPath 3105 type: object 3106 x-kubernetes-map-type: atomic 3107 resourceFieldRef: 3108 description: 'Selects a resource of the 3109 container: only resources limits and requests 3110 (limits.cpu, limits.memory, limits.ephemeral-storage, 3111 requests.cpu, requests.memory and requests.ephemeral-storage) 3112 are currently supported.' 3113 properties: 3114 containerName: 3115 description: 'Container name: required 3116 for volumes, optional for env vars' 3117 type: string 3118 divisor: 3119 anyOf: 3120 - type: integer 3121 - type: string 3122 description: Specifies the output format 3123 of the exposed resources, defaults 3124 to "1" 3125 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3126 x-kubernetes-int-or-string: true 3127 resource: 3128 description: 'Required: resource to 3129 select' 3130 type: string 3131 required: 3132 - resource 3133 type: object 3134 x-kubernetes-map-type: atomic 3135 secretKeyRef: 3136 description: Selects a key of a secret in 3137 the pod's namespace 3138 properties: 3139 key: 3140 description: The key of the secret to 3141 select from. Must be a valid secret 3142 key. 3143 type: string 3144 name: 3145 description: 'Name of the referent. 3146 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3147 TODO: Add other useful fields. apiVersion, 3148 kind, uid?' 3149 type: string 3150 optional: 3151 description: Specify whether the Secret 3152 or its key must be defined 3153 type: boolean 3154 required: 3155 - key 3156 type: object 3157 x-kubernetes-map-type: atomic 3158 type: object 3159 required: 3160 - name 3161 type: object 3162 type: array 3163 envFrom: 3164 description: List of sources to populate environment 3165 variables in the container. The keys defined within 3166 a source must be a C_IDENTIFIER. All invalid keys 3167 will be reported as an event when the container 3168 is starting. When a key exists in multiple sources, 3169 the value associated with the last source will take 3170 precedence. Values defined by an Env with a duplicate 3171 key will take precedence. Cannot be updated. 3172 items: 3173 description: EnvFromSource represents the source 3174 of a set of ConfigMaps 3175 properties: 3176 configMapRef: 3177 description: The ConfigMap to select from 3178 properties: 3179 name: 3180 description: 'Name of the referent. More 3181 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3182 TODO: Add other useful fields. apiVersion, 3183 kind, uid?' 3184 type: string 3185 optional: 3186 description: Specify whether the ConfigMap 3187 must be defined 3188 type: boolean 3189 type: object 3190 x-kubernetes-map-type: atomic 3191 prefix: 3192 description: An optional identifier to prepend 3193 to each key in the ConfigMap. Must be a C_IDENTIFIER. 3194 type: string 3195 secretRef: 3196 description: The Secret to select from 3197 properties: 3198 name: 3199 description: 'Name of the referent. More 3200 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3201 TODO: Add other useful fields. apiVersion, 3202 kind, uid?' 3203 type: string 3204 optional: 3205 description: Specify whether the Secret 3206 must be defined 3207 type: boolean 3208 type: object 3209 x-kubernetes-map-type: atomic 3210 type: object 3211 type: array 3212 image: 3213 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' 3214 type: string 3215 imagePullPolicy: 3216 description: 'Image pull policy. One of Always, Never, 3217 IfNotPresent. Defaults to Always if :latest tag 3218 is specified, or IfNotPresent otherwise. Cannot 3219 be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 3220 type: string 3221 lifecycle: 3222 description: Lifecycle is not allowed for ephemeral 3223 containers. 3224 properties: 3225 postStart: 3226 description: 'PostStart is called immediately 3227 after a container is created. If the handler 3228 fails, the container is terminated and restarted 3229 according to its restart policy. Other management 3230 of the container blocks until the hook completes. 3231 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3232 properties: 3233 exec: 3234 description: Exec specifies the action to 3235 take. 3236 properties: 3237 command: 3238 description: Command is the command line 3239 to execute inside the container, the 3240 working directory for the command is 3241 root ('/') in the container's filesystem. 3242 The command is simply exec'd, it is 3243 not run inside a shell, so traditional 3244 shell instructions ('|', etc) won't 3245 work. To use a shell, you need to explicitly 3246 call out to that shell. Exit status 3247 of 0 is treated as live/healthy and 3248 non-zero is unhealthy. 3249 items: 3250 type: string 3251 type: array 3252 type: object 3253 httpGet: 3254 description: HTTPGet specifies the http request 3255 to perform. 3256 properties: 3257 host: 3258 description: Host name to connect to, 3259 defaults to the pod IP. You probably 3260 want to set "Host" in httpHeaders instead. 3261 type: string 3262 httpHeaders: 3263 description: Custom headers to set in 3264 the request. HTTP allows repeated headers. 3265 items: 3266 description: HTTPHeader describes a 3267 custom header to be used in HTTP probes 3268 properties: 3269 name: 3270 description: The header field name. 3271 This will be canonicalized upon 3272 output, so case-variant names 3273 will be understood as the same 3274 header. 3275 type: string 3276 value: 3277 description: The header field value 3278 type: string 3279 required: 3280 - name 3281 - value 3282 type: object 3283 type: array 3284 path: 3285 description: Path to access on the HTTP 3286 server. 3287 type: string 3288 port: 3289 anyOf: 3290 - type: integer 3291 - type: string 3292 description: Name or number of the port 3293 to access on the container. Number must 3294 be in the range 1 to 65535. Name must 3295 be an IANA_SVC_NAME. 3296 x-kubernetes-int-or-string: true 3297 scheme: 3298 description: Scheme to use for connecting 3299 to the host. Defaults to HTTP. 3300 type: string 3301 required: 3302 - port 3303 type: object 3304 tcpSocket: 3305 description: Deprecated. TCPSocket is NOT 3306 supported as a LifecycleHandler and kept 3307 for the backward compatibility. There are 3308 no validation of this field and lifecycle 3309 hooks will fail in runtime when tcp handler 3310 is specified. 3311 properties: 3312 host: 3313 description: 'Optional: Host name to connect 3314 to, defaults to the pod IP.' 3315 type: string 3316 port: 3317 anyOf: 3318 - type: integer 3319 - type: string 3320 description: Number or name of the port 3321 to access on the container. Number must 3322 be in the range 1 to 65535. Name must 3323 be an IANA_SVC_NAME. 3324 x-kubernetes-int-or-string: true 3325 required: 3326 - port 3327 type: object 3328 type: object 3329 preStop: 3330 description: 'PreStop is called immediately before 3331 a container is terminated due to an API request 3332 or management event such as liveness/startup 3333 probe failure, preemption, resource contention, 3334 etc. The handler is not called if the container 3335 crashes or exits. The Pod''s termination grace 3336 period countdown begins before the PreStop hook 3337 is executed. Regardless of the outcome of the 3338 handler, the container will eventually terminate 3339 within the Pod''s termination grace period (unless 3340 delayed by finalizers). Other management of 3341 the container blocks until the hook completes 3342 or until the termination grace period is reached. 3343 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3344 properties: 3345 exec: 3346 description: Exec specifies the action to 3347 take. 3348 properties: 3349 command: 3350 description: Command is the command line 3351 to execute inside the container, the 3352 working directory for the command is 3353 root ('/') in the container's filesystem. 3354 The command is simply exec'd, it is 3355 not run inside a shell, so traditional 3356 shell instructions ('|', etc) won't 3357 work. To use a shell, you need to explicitly 3358 call out to that shell. Exit status 3359 of 0 is treated as live/healthy and 3360 non-zero is unhealthy. 3361 items: 3362 type: string 3363 type: array 3364 type: object 3365 httpGet: 3366 description: HTTPGet specifies the http request 3367 to perform. 3368 properties: 3369 host: 3370 description: Host name to connect to, 3371 defaults to the pod IP. You probably 3372 want to set "Host" in httpHeaders instead. 3373 type: string 3374 httpHeaders: 3375 description: Custom headers to set in 3376 the request. HTTP allows repeated headers. 3377 items: 3378 description: HTTPHeader describes a 3379 custom header to be used in HTTP probes 3380 properties: 3381 name: 3382 description: The header field name. 3383 This will be canonicalized upon 3384 output, so case-variant names 3385 will be understood as the same 3386 header. 3387 type: string 3388 value: 3389 description: The header field value 3390 type: string 3391 required: 3392 - name 3393 - value 3394 type: object 3395 type: array 3396 path: 3397 description: Path to access on the HTTP 3398 server. 3399 type: string 3400 port: 3401 anyOf: 3402 - type: integer 3403 - type: string 3404 description: Name or number of the port 3405 to access on the container. Number must 3406 be in the range 1 to 65535. Name must 3407 be an IANA_SVC_NAME. 3408 x-kubernetes-int-or-string: true 3409 scheme: 3410 description: Scheme to use for connecting 3411 to the host. Defaults to HTTP. 3412 type: string 3413 required: 3414 - port 3415 type: object 3416 tcpSocket: 3417 description: Deprecated. TCPSocket is NOT 3418 supported as a LifecycleHandler and kept 3419 for the backward compatibility. There are 3420 no validation of this field and lifecycle 3421 hooks will fail in runtime when tcp handler 3422 is specified. 3423 properties: 3424 host: 3425 description: 'Optional: Host name to connect 3426 to, defaults to the pod IP.' 3427 type: string 3428 port: 3429 anyOf: 3430 - type: integer 3431 - type: string 3432 description: Number or name of the port 3433 to access on the container. Number must 3434 be in the range 1 to 65535. Name must 3435 be an IANA_SVC_NAME. 3436 x-kubernetes-int-or-string: true 3437 required: 3438 - port 3439 type: object 3440 type: object 3441 type: object 3442 livenessProbe: 3443 description: Probes are not allowed for ephemeral 3444 containers. 3445 properties: 3446 exec: 3447 description: Exec specifies the action to take. 3448 properties: 3449 command: 3450 description: Command is the command line to 3451 execute inside the container, the working 3452 directory for the command is root ('/') 3453 in the container's filesystem. The command 3454 is simply exec'd, it is not run inside a 3455 shell, so traditional shell instructions 3456 ('|', etc) won't work. To use a shell, you 3457 need to explicitly call out to that shell. 3458 Exit status of 0 is treated as live/healthy 3459 and non-zero is unhealthy. 3460 items: 3461 type: string 3462 type: array 3463 type: object 3464 failureThreshold: 3465 description: Minimum consecutive failures for 3466 the probe to be considered failed after having 3467 succeeded. Defaults to 3. Minimum value is 1. 3468 format: int32 3469 type: integer 3470 grpc: 3471 description: GRPC specifies an action involving 3472 a GRPC port. 3473 properties: 3474 port: 3475 description: Port number of the gRPC service. 3476 Number must be in the range 1 to 65535. 3477 format: int32 3478 type: integer 3479 service: 3480 description: "Service is the name of the service 3481 to place in the gRPC HealthCheckRequest 3482 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3483 \n If this is not specified, the default 3484 behavior is defined by gRPC." 3485 type: string 3486 required: 3487 - port 3488 type: object 3489 httpGet: 3490 description: HTTPGet specifies the http request 3491 to perform. 3492 properties: 3493 host: 3494 description: Host name to connect to, defaults 3495 to the pod IP. You probably want to set 3496 "Host" in httpHeaders instead. 3497 type: string 3498 httpHeaders: 3499 description: Custom headers to set in the 3500 request. HTTP allows repeated headers. 3501 items: 3502 description: HTTPHeader describes a custom 3503 header to be used in HTTP probes 3504 properties: 3505 name: 3506 description: The header field name. 3507 This will be canonicalized upon output, 3508 so case-variant names will be understood 3509 as the same header. 3510 type: string 3511 value: 3512 description: The header field value 3513 type: string 3514 required: 3515 - name 3516 - value 3517 type: object 3518 type: array 3519 path: 3520 description: Path to access on the HTTP server. 3521 type: string 3522 port: 3523 anyOf: 3524 - type: integer 3525 - type: string 3526 description: Name or number of the port to 3527 access on the container. Number must be 3528 in the range 1 to 65535. Name must be an 3529 IANA_SVC_NAME. 3530 x-kubernetes-int-or-string: true 3531 scheme: 3532 description: Scheme to use for connecting 3533 to the host. Defaults to HTTP. 3534 type: string 3535 required: 3536 - port 3537 type: object 3538 initialDelaySeconds: 3539 description: 'Number of seconds after the container 3540 has started before liveness probes are initiated. 3541 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3542 format: int32 3543 type: integer 3544 periodSeconds: 3545 description: How often (in seconds) to perform 3546 the probe. Default to 10 seconds. Minimum value 3547 is 1. 3548 format: int32 3549 type: integer 3550 successThreshold: 3551 description: Minimum consecutive successes for 3552 the probe to be considered successful after 3553 having failed. Defaults to 1. Must be 1 for 3554 liveness and startup. Minimum value is 1. 3555 format: int32 3556 type: integer 3557 tcpSocket: 3558 description: TCPSocket specifies an action involving 3559 a TCP port. 3560 properties: 3561 host: 3562 description: 'Optional: Host name to connect 3563 to, defaults to the pod IP.' 3564 type: string 3565 port: 3566 anyOf: 3567 - type: integer 3568 - type: string 3569 description: Number or name of the port to 3570 access on the container. Number must be 3571 in the range 1 to 65535. Name must be an 3572 IANA_SVC_NAME. 3573 x-kubernetes-int-or-string: true 3574 required: 3575 - port 3576 type: object 3577 terminationGracePeriodSeconds: 3578 description: Optional duration in seconds the 3579 pod needs to terminate gracefully upon probe 3580 failure. The grace period is the duration in 3581 seconds after the processes running in the pod 3582 are sent a termination signal and the time when 3583 the processes are forcibly halted with a kill 3584 signal. Set this value longer than the expected 3585 cleanup time for your process. If this value 3586 is nil, the pod's terminationGracePeriodSeconds 3587 will be used. Otherwise, this value overrides 3588 the value provided by the pod spec. Value must 3589 be non-negative integer. The value zero indicates 3590 stop immediately via the kill signal (no opportunity 3591 to shut down). This is a beta field and requires 3592 enabling ProbeTerminationGracePeriod feature 3593 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3594 is used if unset. 3595 format: int64 3596 type: integer 3597 timeoutSeconds: 3598 description: 'Number of seconds after which the 3599 probe times out. Defaults to 1 second. Minimum 3600 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3601 format: int32 3602 type: integer 3603 type: object 3604 name: 3605 description: Name of the ephemeral container specified 3606 as a DNS_LABEL. This name must be unique among all 3607 containers, init containers and ephemeral containers. 3608 type: string 3609 ports: 3610 description: Ports are not allowed for ephemeral containers. 3611 items: 3612 description: ContainerPort represents a network 3613 port in a single container. 3614 properties: 3615 containerPort: 3616 description: Number of port to expose on the 3617 pod's IP address. This must be a valid port 3618 number, 0 < x < 65536. 3619 format: int32 3620 type: integer 3621 hostIP: 3622 description: What host IP to bind the external 3623 port to. 3624 type: string 3625 hostPort: 3626 description: Number of port to expose on the 3627 host. If specified, this must be a valid port 3628 number, 0 < x < 65536. If HostNetwork is specified, 3629 this must match ContainerPort. Most containers 3630 do not need this. 3631 format: int32 3632 type: integer 3633 name: 3634 description: If specified, this must be an IANA_SVC_NAME 3635 and unique within the pod. Each named port 3636 in a pod must have a unique name. Name for 3637 the port that can be referred to by services. 3638 type: string 3639 protocol: 3640 default: TCP 3641 description: Protocol for port. Must be UDP, 3642 TCP, or SCTP. Defaults to "TCP". 3643 type: string 3644 required: 3645 - containerPort 3646 type: object 3647 type: array 3648 x-kubernetes-list-map-keys: 3649 - containerPort 3650 - protocol 3651 x-kubernetes-list-type: map 3652 readinessProbe: 3653 description: Probes are not allowed for ephemeral 3654 containers. 3655 properties: 3656 exec: 3657 description: Exec specifies the action to take. 3658 properties: 3659 command: 3660 description: Command is the command line to 3661 execute inside the container, the working 3662 directory for the command is root ('/') 3663 in the container's filesystem. The command 3664 is simply exec'd, it is not run inside a 3665 shell, so traditional shell instructions 3666 ('|', etc) won't work. To use a shell, you 3667 need to explicitly call out to that shell. 3668 Exit status of 0 is treated as live/healthy 3669 and non-zero is unhealthy. 3670 items: 3671 type: string 3672 type: array 3673 type: object 3674 failureThreshold: 3675 description: Minimum consecutive failures for 3676 the probe to be considered failed after having 3677 succeeded. Defaults to 3. Minimum value is 1. 3678 format: int32 3679 type: integer 3680 grpc: 3681 description: GRPC specifies an action involving 3682 a GRPC port. 3683 properties: 3684 port: 3685 description: Port number of the gRPC service. 3686 Number must be in the range 1 to 65535. 3687 format: int32 3688 type: integer 3689 service: 3690 description: "Service is the name of the service 3691 to place in the gRPC HealthCheckRequest 3692 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3693 \n If this is not specified, the default 3694 behavior is defined by gRPC." 3695 type: string 3696 required: 3697 - port 3698 type: object 3699 httpGet: 3700 description: HTTPGet specifies the http request 3701 to perform. 3702 properties: 3703 host: 3704 description: Host name to connect to, defaults 3705 to the pod IP. You probably want to set 3706 "Host" in httpHeaders instead. 3707 type: string 3708 httpHeaders: 3709 description: Custom headers to set in the 3710 request. HTTP allows repeated headers. 3711 items: 3712 description: HTTPHeader describes a custom 3713 header to be used in HTTP probes 3714 properties: 3715 name: 3716 description: The header field name. 3717 This will be canonicalized upon output, 3718 so case-variant names will be understood 3719 as the same header. 3720 type: string 3721 value: 3722 description: The header field value 3723 type: string 3724 required: 3725 - name 3726 - value 3727 type: object 3728 type: array 3729 path: 3730 description: Path to access on the HTTP server. 3731 type: string 3732 port: 3733 anyOf: 3734 - type: integer 3735 - type: string 3736 description: Name or number of the port to 3737 access on the container. Number must be 3738 in the range 1 to 65535. Name must be an 3739 IANA_SVC_NAME. 3740 x-kubernetes-int-or-string: true 3741 scheme: 3742 description: Scheme to use for connecting 3743 to the host. Defaults to HTTP. 3744 type: string 3745 required: 3746 - port 3747 type: object 3748 initialDelaySeconds: 3749 description: 'Number of seconds after the container 3750 has started before liveness probes are initiated. 3751 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3752 format: int32 3753 type: integer 3754 periodSeconds: 3755 description: How often (in seconds) to perform 3756 the probe. Default to 10 seconds. Minimum value 3757 is 1. 3758 format: int32 3759 type: integer 3760 successThreshold: 3761 description: Minimum consecutive successes for 3762 the probe to be considered successful after 3763 having failed. Defaults to 1. Must be 1 for 3764 liveness and startup. Minimum value is 1. 3765 format: int32 3766 type: integer 3767 tcpSocket: 3768 description: TCPSocket specifies an action involving 3769 a TCP port. 3770 properties: 3771 host: 3772 description: 'Optional: Host name to connect 3773 to, defaults to the pod IP.' 3774 type: string 3775 port: 3776 anyOf: 3777 - type: integer 3778 - type: string 3779 description: Number or name of the port to 3780 access on the container. Number must be 3781 in the range 1 to 65535. Name must be an 3782 IANA_SVC_NAME. 3783 x-kubernetes-int-or-string: true 3784 required: 3785 - port 3786 type: object 3787 terminationGracePeriodSeconds: 3788 description: Optional duration in seconds the 3789 pod needs to terminate gracefully upon probe 3790 failure. The grace period is the duration in 3791 seconds after the processes running in the pod 3792 are sent a termination signal and the time when 3793 the processes are forcibly halted with a kill 3794 signal. Set this value longer than the expected 3795 cleanup time for your process. If this value 3796 is nil, the pod's terminationGracePeriodSeconds 3797 will be used. Otherwise, this value overrides 3798 the value provided by the pod spec. Value must 3799 be non-negative integer. The value zero indicates 3800 stop immediately via the kill signal (no opportunity 3801 to shut down). This is a beta field and requires 3802 enabling ProbeTerminationGracePeriod feature 3803 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3804 is used if unset. 3805 format: int64 3806 type: integer 3807 timeoutSeconds: 3808 description: 'Number of seconds after which the 3809 probe times out. Defaults to 1 second. Minimum 3810 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3811 format: int32 3812 type: integer 3813 type: object 3814 resizePolicy: 3815 description: Resources resize policy for the container. 3816 items: 3817 description: ContainerResizePolicy represents resource 3818 resize policy for the container. 3819 properties: 3820 resourceName: 3821 description: 'Name of the resource to which 3822 this resource resize policy applies. Supported 3823 values: cpu, memory.' 3824 type: string 3825 restartPolicy: 3826 description: Restart policy to apply when specified 3827 resource is resized. If not specified, it 3828 defaults to NotRequired. 3829 type: string 3830 required: 3831 - resourceName 3832 - restartPolicy 3833 type: object 3834 type: array 3835 x-kubernetes-list-type: atomic 3836 resources: 3837 description: Resources are not allowed for ephemeral 3838 containers. Ephemeral containers use spare resources 3839 already allocated to the pod. 3840 properties: 3841 claims: 3842 description: "Claims lists the names of resources, 3843 defined in spec.resourceClaims, that are used 3844 by this container. \n This is an alpha field 3845 and requires enabling the DynamicResourceAllocation 3846 feature gate. \n This field is immutable. It 3847 can only be set for containers." 3848 items: 3849 description: ResourceClaim references one entry 3850 in PodSpec.ResourceClaims. 3851 properties: 3852 name: 3853 description: Name must match the name of 3854 one entry in pod.spec.resourceClaims of 3855 the Pod where this field is used. It makes 3856 that resource available inside a container. 3857 type: string 3858 required: 3859 - name 3860 type: object 3861 type: array 3862 x-kubernetes-list-map-keys: 3863 - name 3864 x-kubernetes-list-type: map 3865 limits: 3866 additionalProperties: 3867 anyOf: 3868 - type: integer 3869 - type: string 3870 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3871 x-kubernetes-int-or-string: true 3872 description: 'Limits describes the maximum amount 3873 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3874 type: object 3875 requests: 3876 additionalProperties: 3877 anyOf: 3878 - type: integer 3879 - type: string 3880 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3881 x-kubernetes-int-or-string: true 3882 description: 'Requests describes the minimum amount 3883 of compute resources required. If Requests is 3884 omitted for a container, it defaults to Limits 3885 if that is explicitly specified, otherwise to 3886 an implementation-defined value. Requests cannot 3887 exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3888 type: object 3889 type: object 3890 restartPolicy: 3891 description: Restart policy for the container to manage 3892 the restart behavior of each container within a 3893 pod. This may only be set for init containers. You 3894 cannot set this field on ephemeral containers. 3895 type: string 3896 securityContext: 3897 description: 'Optional: SecurityContext defines the 3898 security options the ephemeral container should 3899 be run with. If set, the fields of SecurityContext 3900 override the equivalent fields of PodSecurityContext.' 3901 properties: 3902 allowPrivilegeEscalation: 3903 description: 'AllowPrivilegeEscalation controls 3904 whether a process can gain more privileges than 3905 its parent process. This bool directly controls 3906 if the no_new_privs flag will be set on the 3907 container process. AllowPrivilegeEscalation 3908 is true always when the container is: 1) run 3909 as Privileged 2) has CAP_SYS_ADMIN Note that 3910 this field cannot be set when spec.os.name is 3911 windows.' 3912 type: boolean 3913 capabilities: 3914 description: The capabilities to add/drop when 3915 running containers. Defaults to the default 3916 set of capabilities granted by the container 3917 runtime. Note that this field cannot be set 3918 when spec.os.name is windows. 3919 properties: 3920 add: 3921 description: Added capabilities 3922 items: 3923 description: Capability represent POSIX 3924 capabilities type 3925 type: string 3926 type: array 3927 drop: 3928 description: Removed capabilities 3929 items: 3930 description: Capability represent POSIX 3931 capabilities type 3932 type: string 3933 type: array 3934 type: object 3935 privileged: 3936 description: Run container in privileged mode. 3937 Processes in privileged containers are essentially 3938 equivalent to root on the host. Defaults to 3939 false. Note that this field cannot be set when 3940 spec.os.name is windows. 3941 type: boolean 3942 procMount: 3943 description: procMount denotes the type of proc 3944 mount to use for the containers. The default 3945 is DefaultProcMount which uses the container 3946 runtime defaults for readonly paths and masked 3947 paths. This requires the ProcMountType feature 3948 flag to be enabled. Note that this field cannot 3949 be set when spec.os.name is windows. 3950 type: string 3951 readOnlyRootFilesystem: 3952 description: Whether this container has a read-only 3953 root filesystem. Default is false. Note that 3954 this field cannot be set when spec.os.name is 3955 windows. 3956 type: boolean 3957 runAsGroup: 3958 description: The GID to run the entrypoint of 3959 the container process. Uses runtime default 3960 if unset. May also be set in PodSecurityContext. If 3961 set in both SecurityContext and PodSecurityContext, 3962 the value specified in SecurityContext takes 3963 precedence. Note that this field cannot be set 3964 when spec.os.name is windows. 3965 format: int64 3966 type: integer 3967 runAsNonRoot: 3968 description: Indicates that the container must 3969 run as a non-root user. If true, the Kubelet 3970 will validate the image at runtime to ensure 3971 that it does not run as UID 0 (root) and fail 3972 to start the container if it does. If unset 3973 or false, no such validation will be performed. 3974 May also be set in PodSecurityContext. If set 3975 in both SecurityContext and PodSecurityContext, 3976 the value specified in SecurityContext takes 3977 precedence. 3978 type: boolean 3979 runAsUser: 3980 description: The UID to run the entrypoint of 3981 the container process. Defaults to user specified 3982 in image metadata if unspecified. May also be 3983 set in PodSecurityContext. If set in both SecurityContext 3984 and PodSecurityContext, the value specified 3985 in SecurityContext takes precedence. Note that 3986 this field cannot be set when spec.os.name is 3987 windows. 3988 format: int64 3989 type: integer 3990 seLinuxOptions: 3991 description: The SELinux context to be applied 3992 to the container. If unspecified, the container 3993 runtime will allocate a random SELinux context 3994 for each container. May also be set in PodSecurityContext. If 3995 set in both SecurityContext and PodSecurityContext, 3996 the value specified in SecurityContext takes 3997 precedence. Note that this field cannot be set 3998 when spec.os.name is windows. 3999 properties: 4000 level: 4001 description: Level is SELinux level label 4002 that applies to the container. 4003 type: string 4004 role: 4005 description: Role is a SELinux role label 4006 that applies to the container. 4007 type: string 4008 type: 4009 description: Type is a SELinux type label 4010 that applies to the container. 4011 type: string 4012 user: 4013 description: User is a SELinux user label 4014 that applies to the container. 4015 type: string 4016 type: object 4017 seccompProfile: 4018 description: The seccomp options to use by this 4019 container. If seccomp options are provided at 4020 both the pod & container level, the container 4021 options override the pod options. Note that 4022 this field cannot be set when spec.os.name is 4023 windows. 4024 properties: 4025 localhostProfile: 4026 description: localhostProfile indicates a 4027 profile defined in a file on the node should 4028 be used. The profile must be preconfigured 4029 on the node to work. Must be a descending 4030 path, relative to the kubelet's configured 4031 seccomp profile location. Must be set if 4032 type is "Localhost". Must NOT be set for 4033 any other type. 4034 type: string 4035 type: 4036 description: "type indicates which kind of 4037 seccomp profile will be applied. Valid options 4038 are: \n Localhost - a profile defined in 4039 a file on the node should be used. RuntimeDefault 4040 - the container runtime default profile 4041 should be used. Unconfined - no profile 4042 should be applied." 4043 type: string 4044 required: 4045 - type 4046 type: object 4047 windowsOptions: 4048 description: The Windows specific settings applied 4049 to all containers. If unspecified, the options 4050 from the PodSecurityContext will be used. If 4051 set in both SecurityContext and PodSecurityContext, 4052 the value specified in SecurityContext takes 4053 precedence. Note that this field cannot be set 4054 when spec.os.name is linux. 4055 properties: 4056 gmsaCredentialSpec: 4057 description: GMSACredentialSpec is where the 4058 GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 4059 inlines the contents of the GMSA credential 4060 spec named by the GMSACredentialSpecName 4061 field. 4062 type: string 4063 gmsaCredentialSpecName: 4064 description: GMSACredentialSpecName is the 4065 name of the GMSA credential spec to use. 4066 type: string 4067 hostProcess: 4068 description: HostProcess determines if a container 4069 should be run as a 'Host Process' container. 4070 All of a Pod's containers must have the 4071 same effective HostProcess value (it is 4072 not allowed to have a mix of HostProcess 4073 containers and non-HostProcess containers). 4074 In addition, if HostProcess is true then 4075 HostNetwork must also be set to true. 4076 type: boolean 4077 runAsUserName: 4078 description: The UserName in Windows to run 4079 the entrypoint of the container process. 4080 Defaults to the user specified in image 4081 metadata if unspecified. May also be set 4082 in PodSecurityContext. If set in both SecurityContext 4083 and PodSecurityContext, the value specified 4084 in SecurityContext takes precedence. 4085 type: string 4086 type: object 4087 type: object 4088 startupProbe: 4089 description: Probes are not allowed for ephemeral 4090 containers. 4091 properties: 4092 exec: 4093 description: Exec specifies the action to take. 4094 properties: 4095 command: 4096 description: Command is the command line to 4097 execute inside the container, the working 4098 directory for the command is root ('/') 4099 in the container's filesystem. The command 4100 is simply exec'd, it is not run inside a 4101 shell, so traditional shell instructions 4102 ('|', etc) won't work. To use a shell, you 4103 need to explicitly call out to that shell. 4104 Exit status of 0 is treated as live/healthy 4105 and non-zero is unhealthy. 4106 items: 4107 type: string 4108 type: array 4109 type: object 4110 failureThreshold: 4111 description: Minimum consecutive failures for 4112 the probe to be considered failed after having 4113 succeeded. Defaults to 3. Minimum value is 1. 4114 format: int32 4115 type: integer 4116 grpc: 4117 description: GRPC specifies an action involving 4118 a GRPC port. 4119 properties: 4120 port: 4121 description: Port number of the gRPC service. 4122 Number must be in the range 1 to 65535. 4123 format: int32 4124 type: integer 4125 service: 4126 description: "Service is the name of the service 4127 to place in the gRPC HealthCheckRequest 4128 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4129 \n If this is not specified, the default 4130 behavior is defined by gRPC." 4131 type: string 4132 required: 4133 - port 4134 type: object 4135 httpGet: 4136 description: HTTPGet specifies the http request 4137 to perform. 4138 properties: 4139 host: 4140 description: Host name to connect to, defaults 4141 to the pod IP. You probably want to set 4142 "Host" in httpHeaders instead. 4143 type: string 4144 httpHeaders: 4145 description: Custom headers to set in the 4146 request. HTTP allows repeated headers. 4147 items: 4148 description: HTTPHeader describes a custom 4149 header to be used in HTTP probes 4150 properties: 4151 name: 4152 description: The header field name. 4153 This will be canonicalized upon output, 4154 so case-variant names will be understood 4155 as the same header. 4156 type: string 4157 value: 4158 description: The header field value 4159 type: string 4160 required: 4161 - name 4162 - value 4163 type: object 4164 type: array 4165 path: 4166 description: Path to access on the HTTP server. 4167 type: string 4168 port: 4169 anyOf: 4170 - type: integer 4171 - type: string 4172 description: Name or number of the port to 4173 access on the container. Number must be 4174 in the range 1 to 65535. Name must be an 4175 IANA_SVC_NAME. 4176 x-kubernetes-int-or-string: true 4177 scheme: 4178 description: Scheme to use for connecting 4179 to the host. Defaults to HTTP. 4180 type: string 4181 required: 4182 - port 4183 type: object 4184 initialDelaySeconds: 4185 description: 'Number of seconds after the container 4186 has started before liveness probes are initiated. 4187 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4188 format: int32 4189 type: integer 4190 periodSeconds: 4191 description: How often (in seconds) to perform 4192 the probe. Default to 10 seconds. Minimum value 4193 is 1. 4194 format: int32 4195 type: integer 4196 successThreshold: 4197 description: Minimum consecutive successes for 4198 the probe to be considered successful after 4199 having failed. Defaults to 1. Must be 1 for 4200 liveness and startup. Minimum value is 1. 4201 format: int32 4202 type: integer 4203 tcpSocket: 4204 description: TCPSocket specifies an action involving 4205 a TCP port. 4206 properties: 4207 host: 4208 description: 'Optional: Host name to connect 4209 to, defaults to the pod IP.' 4210 type: string 4211 port: 4212 anyOf: 4213 - type: integer 4214 - type: string 4215 description: Number or name of the port to 4216 access on the container. Number must be 4217 in the range 1 to 65535. Name must be an 4218 IANA_SVC_NAME. 4219 x-kubernetes-int-or-string: true 4220 required: 4221 - port 4222 type: object 4223 terminationGracePeriodSeconds: 4224 description: Optional duration in seconds the 4225 pod needs to terminate gracefully upon probe 4226 failure. The grace period is the duration in 4227 seconds after the processes running in the pod 4228 are sent a termination signal and the time when 4229 the processes are forcibly halted with a kill 4230 signal. Set this value longer than the expected 4231 cleanup time for your process. If this value 4232 is nil, the pod's terminationGracePeriodSeconds 4233 will be used. Otherwise, this value overrides 4234 the value provided by the pod spec. Value must 4235 be non-negative integer. The value zero indicates 4236 stop immediately via the kill signal (no opportunity 4237 to shut down). This is a beta field and requires 4238 enabling ProbeTerminationGracePeriod feature 4239 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 4240 is used if unset. 4241 format: int64 4242 type: integer 4243 timeoutSeconds: 4244 description: 'Number of seconds after which the 4245 probe times out. Defaults to 1 second. Minimum 4246 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4247 format: int32 4248 type: integer 4249 type: object 4250 stdin: 4251 description: Whether this container should allocate 4252 a buffer for stdin in the container runtime. If 4253 this is not set, reads from stdin in the container 4254 will always result in EOF. Default is false. 4255 type: boolean 4256 stdinOnce: 4257 description: Whether the container runtime should 4258 close the stdin channel after it has been opened 4259 by a single attach. When stdin is true the stdin 4260 stream will remain open across multiple attach sessions. 4261 If stdinOnce is set to true, stdin is opened on 4262 container start, is empty until the first client 4263 attaches to stdin, and then remains open and accepts 4264 data until the client disconnects, at which time 4265 stdin is closed and remains closed until the container 4266 is restarted. If this flag is false, a container 4267 processes that reads from stdin will never receive 4268 an EOF. Default is false 4269 type: boolean 4270 targetContainerName: 4271 description: "If set, the name of the container from 4272 PodSpec that this ephemeral container targets. The 4273 ephemeral container will be run in the namespaces 4274 (IPC, PID, etc) of this container. If not set then 4275 the ephemeral container uses the namespaces configured 4276 in the Pod spec. \n The container runtime must implement 4277 support for this feature. If the runtime does not 4278 support namespace targeting then the result of setting 4279 this field is undefined." 4280 type: string 4281 terminationMessagePath: 4282 description: 'Optional: Path at which the file to 4283 which the container''s termination message will 4284 be written is mounted into the container''s filesystem. 4285 Message written is intended to be brief final status, 4286 such as an assertion failure message. Will be truncated 4287 by the node if greater than 4096 bytes. The total 4288 message length across all containers will be limited 4289 to 12kb. Defaults to /dev/termination-log. Cannot 4290 be updated.' 4291 type: string 4292 terminationMessagePolicy: 4293 description: Indicate how the termination message 4294 should be populated. File will use the contents 4295 of terminationMessagePath to populate the container 4296 status message on both success and failure. FallbackToLogsOnError 4297 will use the last chunk of container log output 4298 if the termination message file is empty and the 4299 container exited with an error. The log output is 4300 limited to 2048 bytes or 80 lines, whichever is 4301 smaller. Defaults to File. Cannot be updated. 4302 type: string 4303 tty: 4304 description: Whether this container should allocate 4305 a TTY for itself, also requires 'stdin' to be true. 4306 Default is false. 4307 type: boolean 4308 volumeDevices: 4309 description: volumeDevices is the list of block devices 4310 to be used by the container. 4311 items: 4312 description: volumeDevice describes a mapping of 4313 a raw block device within a container. 4314 properties: 4315 devicePath: 4316 description: devicePath is the path inside of 4317 the container that the device will be mapped 4318 to. 4319 type: string 4320 name: 4321 description: name must match the name of a persistentVolumeClaim 4322 in the pod 4323 type: string 4324 required: 4325 - devicePath 4326 - name 4327 type: object 4328 type: array 4329 volumeMounts: 4330 description: Pod volumes to mount into the container's 4331 filesystem. Subpath mounts are not allowed for ephemeral 4332 containers. Cannot be updated. 4333 items: 4334 description: VolumeMount describes a mounting of 4335 a Volume within a container. 4336 properties: 4337 mountPath: 4338 description: Path within the container at which 4339 the volume should be mounted. Must not contain 4340 ':'. 4341 type: string 4342 mountPropagation: 4343 description: mountPropagation determines how 4344 mounts are propagated from the host to container 4345 and the other way around. When not set, MountPropagationNone 4346 is used. This field is beta in 1.10. 4347 type: string 4348 name: 4349 description: This must match the Name of a Volume. 4350 type: string 4351 readOnly: 4352 description: Mounted read-only if true, read-write 4353 otherwise (false or unspecified). Defaults 4354 to false. 4355 type: boolean 4356 subPath: 4357 description: Path within the volume from which 4358 the container's volume should be mounted. 4359 Defaults to "" (volume's root). 4360 type: string 4361 subPathExpr: 4362 description: Expanded path within the volume 4363 from which the container's volume should be 4364 mounted. Behaves similarly to SubPath but 4365 environment variable references $(VAR_NAME) 4366 are expanded using the container's environment. 4367 Defaults to "" (volume's root). SubPathExpr 4368 and SubPath are mutually exclusive. 4369 type: string 4370 required: 4371 - mountPath 4372 - name 4373 type: object 4374 type: array 4375 workingDir: 4376 description: Container's working directory. If not 4377 specified, the container runtime's default will 4378 be used, which might be configured in the container 4379 image. Cannot be updated. 4380 type: string 4381 required: 4382 - name 4383 type: object 4384 type: array 4385 hostAliases: 4386 description: HostAliases is an optional list of hosts and 4387 IPs that will be injected into the pod's hosts file if 4388 specified. This is only valid for non-hostNetwork pods. 4389 items: 4390 description: HostAlias holds the mapping between IP and 4391 hostnames that will be injected as an entry in the pod's 4392 hosts file. 4393 properties: 4394 hostnames: 4395 description: Hostnames for the above IP address. 4396 items: 4397 type: string 4398 type: array 4399 ip: 4400 description: IP address of the host file entry. 4401 type: string 4402 type: object 4403 type: array 4404 hostIPC: 4405 description: 'Use the host''s ipc namespace. Optional: Default 4406 to false.' 4407 type: boolean 4408 hostNetwork: 4409 description: Host networking requested for this pod. Use 4410 the host's network namespace. If this option is set, the 4411 ports that will be used must be specified. Default to 4412 false. 4413 type: boolean 4414 hostPID: 4415 description: 'Use the host''s pid namespace. Optional: Default 4416 to false.' 4417 type: boolean 4418 hostUsers: 4419 description: 'Use the host''s user namespace. Optional: 4420 Default to true. If set to true or not present, the pod 4421 will be run in the host user namespace, useful for when 4422 the pod needs a feature only available to the host user 4423 namespace, such as loading a kernel module with CAP_SYS_MODULE. 4424 When set to false, a new userns is created for the pod. 4425 Setting false is useful for mitigating container breakout 4426 vulnerabilities even allowing users to run their containers 4427 as root without actually having root privileges on the 4428 host. This field is alpha-level and is only honored by 4429 servers that enable the UserNamespacesSupport feature.' 4430 type: boolean 4431 hostname: 4432 description: Specifies the hostname of the Pod If not specified, 4433 the pod's hostname will be set to a system-defined value. 4434 type: string 4435 imagePullSecrets: 4436 description: 'ImagePullSecrets is an optional list of references 4437 to secrets in the same namespace to use for pulling any 4438 of the images used by this PodSpec. If specified, these 4439 secrets will be passed to individual puller implementations 4440 for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 4441 items: 4442 description: LocalObjectReference contains enough information 4443 to let you locate the referenced object inside the same 4444 namespace. 4445 properties: 4446 name: 4447 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4448 TODO: Add other useful fields. apiVersion, kind, 4449 uid?' 4450 type: string 4451 type: object 4452 x-kubernetes-map-type: atomic 4453 type: array 4454 initContainers: 4455 description: 'List of initialization containers belonging 4456 to the pod. Init containers are executed in order prior 4457 to containers being started. If any init container fails, 4458 the pod is considered to have failed and is handled according 4459 to its restartPolicy. The name for an init container or 4460 normal container must be unique among all containers. 4461 Init containers may not have Lifecycle actions, Readiness 4462 probes, Liveness probes, or Startup probes. The resourceRequirements 4463 of an init container are taken into account during scheduling 4464 by finding the highest request/limit for each resource 4465 type, and then using the max of of that value or the sum 4466 of the normal containers. Limits are applied to init containers 4467 in a similar fashion. Init containers cannot currently 4468 be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' 4469 items: 4470 description: A single application container that you want 4471 to run within a pod. 4472 properties: 4473 args: 4474 description: 'Arguments to the entrypoint. The container 4475 image''s CMD is used if this is not provided. Variable 4476 references $(VAR_NAME) are expanded using the container''s 4477 environment. If a variable cannot be resolved, the 4478 reference in the input string will be unchanged. 4479 Double $$ are reduced to a single $, which allows 4480 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 4481 will produce the string literal "$(VAR_NAME)". Escaped 4482 references will never be expanded, regardless of 4483 whether the variable exists or not. Cannot be updated. 4484 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4485 items: 4486 type: string 4487 type: array 4488 command: 4489 description: 'Entrypoint array. Not executed within 4490 a shell. The container image''s ENTRYPOINT is used 4491 if this is not provided. Variable references $(VAR_NAME) 4492 are expanded using the container''s environment. 4493 If a variable cannot be resolved, the reference 4494 in the input string will be unchanged. Double $$ 4495 are reduced to a single $, which allows for escaping 4496 the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 4497 produce the string literal "$(VAR_NAME)". Escaped 4498 references will never be expanded, regardless of 4499 whether the variable exists or not. Cannot be updated. 4500 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4501 items: 4502 type: string 4503 type: array 4504 env: 4505 description: List of environment variables to set 4506 in the container. Cannot be updated. 4507 items: 4508 description: EnvVar represents an environment variable 4509 present in a Container. 4510 properties: 4511 name: 4512 description: Name of the environment variable. 4513 Must be a C_IDENTIFIER. 4514 type: string 4515 value: 4516 description: 'Variable references $(VAR_NAME) 4517 are expanded using the previously defined 4518 environment variables in the container and 4519 any service environment variables. If a variable 4520 cannot be resolved, the reference in the input 4521 string will be unchanged. Double $$ are reduced 4522 to a single $, which allows for escaping the 4523 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 4524 produce the string literal "$(VAR_NAME)". 4525 Escaped references will never be expanded, 4526 regardless of whether the variable exists 4527 or not. Defaults to "".' 4528 type: string 4529 valueFrom: 4530 description: Source for the environment variable's 4531 value. Cannot be used if value is not empty. 4532 properties: 4533 configMapKeyRef: 4534 description: Selects a key of a ConfigMap. 4535 properties: 4536 key: 4537 description: The key to select. 4538 type: string 4539 name: 4540 description: 'Name of the referent. 4541 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4542 TODO: Add other useful fields. apiVersion, 4543 kind, uid?' 4544 type: string 4545 optional: 4546 description: Specify whether the ConfigMap 4547 or its key must be defined 4548 type: boolean 4549 required: 4550 - key 4551 type: object 4552 x-kubernetes-map-type: atomic 4553 fieldRef: 4554 description: 'Selects a field of the pod: 4555 supports metadata.name, metadata.namespace, 4556 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 4557 spec.nodeName, spec.serviceAccountName, 4558 status.hostIP, status.podIP, status.podIPs.' 4559 properties: 4560 apiVersion: 4561 description: Version of the schema the 4562 FieldPath is written in terms of, 4563 defaults to "v1". 4564 type: string 4565 fieldPath: 4566 description: Path of the field to select 4567 in the specified API version. 4568 type: string 4569 required: 4570 - fieldPath 4571 type: object 4572 x-kubernetes-map-type: atomic 4573 resourceFieldRef: 4574 description: 'Selects a resource of the 4575 container: only resources limits and requests 4576 (limits.cpu, limits.memory, limits.ephemeral-storage, 4577 requests.cpu, requests.memory and requests.ephemeral-storage) 4578 are currently supported.' 4579 properties: 4580 containerName: 4581 description: 'Container name: required 4582 for volumes, optional for env vars' 4583 type: string 4584 divisor: 4585 anyOf: 4586 - type: integer 4587 - type: string 4588 description: Specifies the output format 4589 of the exposed resources, defaults 4590 to "1" 4591 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4592 x-kubernetes-int-or-string: true 4593 resource: 4594 description: 'Required: resource to 4595 select' 4596 type: string 4597 required: 4598 - resource 4599 type: object 4600 x-kubernetes-map-type: atomic 4601 secretKeyRef: 4602 description: Selects a key of a secret in 4603 the pod's namespace 4604 properties: 4605 key: 4606 description: The key of the secret to 4607 select from. Must be a valid secret 4608 key. 4609 type: string 4610 name: 4611 description: 'Name of the referent. 4612 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4613 TODO: Add other useful fields. apiVersion, 4614 kind, uid?' 4615 type: string 4616 optional: 4617 description: Specify whether the Secret 4618 or its key must be defined 4619 type: boolean 4620 required: 4621 - key 4622 type: object 4623 x-kubernetes-map-type: atomic 4624 type: object 4625 required: 4626 - name 4627 type: object 4628 type: array 4629 envFrom: 4630 description: List of sources to populate environment 4631 variables in the container. The keys defined within 4632 a source must be a C_IDENTIFIER. All invalid keys 4633 will be reported as an event when the container 4634 is starting. When a key exists in multiple sources, 4635 the value associated with the last source will take 4636 precedence. Values defined by an Env with a duplicate 4637 key will take precedence. Cannot be updated. 4638 items: 4639 description: EnvFromSource represents the source 4640 of a set of ConfigMaps 4641 properties: 4642 configMapRef: 4643 description: The ConfigMap to select from 4644 properties: 4645 name: 4646 description: 'Name of the referent. More 4647 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4648 TODO: Add other useful fields. apiVersion, 4649 kind, uid?' 4650 type: string 4651 optional: 4652 description: Specify whether the ConfigMap 4653 must be defined 4654 type: boolean 4655 type: object 4656 x-kubernetes-map-type: atomic 4657 prefix: 4658 description: An optional identifier to prepend 4659 to each key in the ConfigMap. Must be a C_IDENTIFIER. 4660 type: string 4661 secretRef: 4662 description: The Secret to select from 4663 properties: 4664 name: 4665 description: 'Name of the referent. More 4666 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4667 TODO: Add other useful fields. apiVersion, 4668 kind, uid?' 4669 type: string 4670 optional: 4671 description: Specify whether the Secret 4672 must be defined 4673 type: boolean 4674 type: object 4675 x-kubernetes-map-type: atomic 4676 type: object 4677 type: array 4678 image: 4679 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 4680 This field is optional to allow higher level config 4681 management to default or override container images 4682 in workload controllers like Deployments and StatefulSets.' 4683 type: string 4684 imagePullPolicy: 4685 description: 'Image pull policy. One of Always, Never, 4686 IfNotPresent. Defaults to Always if :latest tag 4687 is specified, or IfNotPresent otherwise. Cannot 4688 be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 4689 type: string 4690 lifecycle: 4691 description: Actions that the management system should 4692 take in response to container lifecycle events. 4693 Cannot be updated. 4694 properties: 4695 postStart: 4696 description: 'PostStart is called immediately 4697 after a container is created. If the handler 4698 fails, the container is terminated and restarted 4699 according to its restart policy. Other management 4700 of the container blocks until the hook completes. 4701 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4702 properties: 4703 exec: 4704 description: Exec specifies the action to 4705 take. 4706 properties: 4707 command: 4708 description: Command is the command line 4709 to execute inside the container, the 4710 working directory for the command is 4711 root ('/') in the container's filesystem. 4712 The command is simply exec'd, it is 4713 not run inside a shell, so traditional 4714 shell instructions ('|', etc) won't 4715 work. To use a shell, you need to explicitly 4716 call out to that shell. Exit status 4717 of 0 is treated as live/healthy and 4718 non-zero is unhealthy. 4719 items: 4720 type: string 4721 type: array 4722 type: object 4723 httpGet: 4724 description: HTTPGet specifies the http request 4725 to perform. 4726 properties: 4727 host: 4728 description: Host name to connect to, 4729 defaults to the pod IP. You probably 4730 want to set "Host" in httpHeaders instead. 4731 type: string 4732 httpHeaders: 4733 description: Custom headers to set in 4734 the request. HTTP allows repeated headers. 4735 items: 4736 description: HTTPHeader describes a 4737 custom header to be used in HTTP probes 4738 properties: 4739 name: 4740 description: The header field name. 4741 This will be canonicalized upon 4742 output, so case-variant names 4743 will be understood as the same 4744 header. 4745 type: string 4746 value: 4747 description: The header field value 4748 type: string 4749 required: 4750 - name 4751 - value 4752 type: object 4753 type: array 4754 path: 4755 description: Path to access on the HTTP 4756 server. 4757 type: string 4758 port: 4759 anyOf: 4760 - type: integer 4761 - type: string 4762 description: Name or number of the port 4763 to access on the container. Number must 4764 be in the range 1 to 65535. Name must 4765 be an IANA_SVC_NAME. 4766 x-kubernetes-int-or-string: true 4767 scheme: 4768 description: Scheme to use for connecting 4769 to the host. Defaults to HTTP. 4770 type: string 4771 required: 4772 - port 4773 type: object 4774 tcpSocket: 4775 description: Deprecated. TCPSocket is NOT 4776 supported as a LifecycleHandler and kept 4777 for the backward compatibility. There are 4778 no validation of this field and lifecycle 4779 hooks will fail in runtime when tcp handler 4780 is specified. 4781 properties: 4782 host: 4783 description: 'Optional: Host name to connect 4784 to, defaults to the pod IP.' 4785 type: string 4786 port: 4787 anyOf: 4788 - type: integer 4789 - type: string 4790 description: Number or name of the port 4791 to access on the container. Number must 4792 be in the range 1 to 65535. Name must 4793 be an IANA_SVC_NAME. 4794 x-kubernetes-int-or-string: true 4795 required: 4796 - port 4797 type: object 4798 type: object 4799 preStop: 4800 description: 'PreStop is called immediately before 4801 a container is terminated due to an API request 4802 or management event such as liveness/startup 4803 probe failure, preemption, resource contention, 4804 etc. The handler is not called if the container 4805 crashes or exits. The Pod''s termination grace 4806 period countdown begins before the PreStop hook 4807 is executed. Regardless of the outcome of the 4808 handler, the container will eventually terminate 4809 within the Pod''s termination grace period (unless 4810 delayed by finalizers). Other management of 4811 the container blocks until the hook completes 4812 or until the termination grace period is reached. 4813 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4814 properties: 4815 exec: 4816 description: Exec specifies the action to 4817 take. 4818 properties: 4819 command: 4820 description: Command is the command line 4821 to execute inside the container, the 4822 working directory for the command is 4823 root ('/') in the container's filesystem. 4824 The command is simply exec'd, it is 4825 not run inside a shell, so traditional 4826 shell instructions ('|', etc) won't 4827 work. To use a shell, you need to explicitly 4828 call out to that shell. Exit status 4829 of 0 is treated as live/healthy and 4830 non-zero is unhealthy. 4831 items: 4832 type: string 4833 type: array 4834 type: object 4835 httpGet: 4836 description: HTTPGet specifies the http request 4837 to perform. 4838 properties: 4839 host: 4840 description: Host name to connect to, 4841 defaults to the pod IP. You probably 4842 want to set "Host" in httpHeaders instead. 4843 type: string 4844 httpHeaders: 4845 description: Custom headers to set in 4846 the request. HTTP allows repeated headers. 4847 items: 4848 description: HTTPHeader describes a 4849 custom header to be used in HTTP probes 4850 properties: 4851 name: 4852 description: The header field name. 4853 This will be canonicalized upon 4854 output, so case-variant names 4855 will be understood as the same 4856 header. 4857 type: string 4858 value: 4859 description: The header field value 4860 type: string 4861 required: 4862 - name 4863 - value 4864 type: object 4865 type: array 4866 path: 4867 description: Path to access on the HTTP 4868 server. 4869 type: string 4870 port: 4871 anyOf: 4872 - type: integer 4873 - type: string 4874 description: Name or number of the port 4875 to access on the container. Number must 4876 be in the range 1 to 65535. Name must 4877 be an IANA_SVC_NAME. 4878 x-kubernetes-int-or-string: true 4879 scheme: 4880 description: Scheme to use for connecting 4881 to the host. Defaults to HTTP. 4882 type: string 4883 required: 4884 - port 4885 type: object 4886 tcpSocket: 4887 description: Deprecated. TCPSocket is NOT 4888 supported as a LifecycleHandler and kept 4889 for the backward compatibility. There are 4890 no validation of this field and lifecycle 4891 hooks will fail in runtime when tcp handler 4892 is specified. 4893 properties: 4894 host: 4895 description: 'Optional: Host name to connect 4896 to, defaults to the pod IP.' 4897 type: string 4898 port: 4899 anyOf: 4900 - type: integer 4901 - type: string 4902 description: Number or name of the port 4903 to access on the container. Number must 4904 be in the range 1 to 65535. Name must 4905 be an IANA_SVC_NAME. 4906 x-kubernetes-int-or-string: true 4907 required: 4908 - port 4909 type: object 4910 type: object 4911 type: object 4912 livenessProbe: 4913 description: 'Periodic probe of container liveness. 4914 Container will be restarted if the probe fails. 4915 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4916 properties: 4917 exec: 4918 description: Exec specifies the action to take. 4919 properties: 4920 command: 4921 description: Command is the command line to 4922 execute inside the container, the working 4923 directory for the command is root ('/') 4924 in the container's filesystem. The command 4925 is simply exec'd, it is not run inside a 4926 shell, so traditional shell instructions 4927 ('|', etc) won't work. To use a shell, you 4928 need to explicitly call out to that shell. 4929 Exit status of 0 is treated as live/healthy 4930 and non-zero is unhealthy. 4931 items: 4932 type: string 4933 type: array 4934 type: object 4935 failureThreshold: 4936 description: Minimum consecutive failures for 4937 the probe to be considered failed after having 4938 succeeded. Defaults to 3. Minimum value is 1. 4939 format: int32 4940 type: integer 4941 grpc: 4942 description: GRPC specifies an action involving 4943 a GRPC port. 4944 properties: 4945 port: 4946 description: Port number of the gRPC service. 4947 Number must be in the range 1 to 65535. 4948 format: int32 4949 type: integer 4950 service: 4951 description: "Service is the name of the service 4952 to place in the gRPC HealthCheckRequest 4953 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4954 \n If this is not specified, the default 4955 behavior is defined by gRPC." 4956 type: string 4957 required: 4958 - port 4959 type: object 4960 httpGet: 4961 description: HTTPGet specifies the http request 4962 to perform. 4963 properties: 4964 host: 4965 description: Host name to connect to, defaults 4966 to the pod IP. You probably want to set 4967 "Host" in httpHeaders instead. 4968 type: string 4969 httpHeaders: 4970 description: Custom headers to set in the 4971 request. HTTP allows repeated headers. 4972 items: 4973 description: HTTPHeader describes a custom 4974 header to be used in HTTP probes 4975 properties: 4976 name: 4977 description: The header field name. 4978 This will be canonicalized upon output, 4979 so case-variant names will be understood 4980 as the same header. 4981 type: string 4982 value: 4983 description: The header field value 4984 type: string 4985 required: 4986 - name 4987 - value 4988 type: object 4989 type: array 4990 path: 4991 description: Path to access on the HTTP server. 4992 type: string 4993 port: 4994 anyOf: 4995 - type: integer 4996 - type: string 4997 description: Name or number of the port to 4998 access on the container. Number must be 4999 in the range 1 to 65535. Name must be an 5000 IANA_SVC_NAME. 5001 x-kubernetes-int-or-string: true 5002 scheme: 5003 description: Scheme to use for connecting 5004 to the host. Defaults to HTTP. 5005 type: string 5006 required: 5007 - port 5008 type: object 5009 initialDelaySeconds: 5010 description: 'Number of seconds after the container 5011 has started before liveness probes are initiated. 5012 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5013 format: int32 5014 type: integer 5015 periodSeconds: 5016 description: How often (in seconds) to perform 5017 the probe. Default to 10 seconds. Minimum value 5018 is 1. 5019 format: int32 5020 type: integer 5021 successThreshold: 5022 description: Minimum consecutive successes for 5023 the probe to be considered successful after 5024 having failed. Defaults to 1. Must be 1 for 5025 liveness and startup. Minimum value is 1. 5026 format: int32 5027 type: integer 5028 tcpSocket: 5029 description: TCPSocket specifies an action involving 5030 a TCP port. 5031 properties: 5032 host: 5033 description: 'Optional: Host name to connect 5034 to, defaults to the pod IP.' 5035 type: string 5036 port: 5037 anyOf: 5038 - type: integer 5039 - type: string 5040 description: Number or name of the port to 5041 access on the container. Number must be 5042 in the range 1 to 65535. Name must be an 5043 IANA_SVC_NAME. 5044 x-kubernetes-int-or-string: true 5045 required: 5046 - port 5047 type: object 5048 terminationGracePeriodSeconds: 5049 description: Optional duration in seconds the 5050 pod needs to terminate gracefully upon probe 5051 failure. The grace period is the duration in 5052 seconds after the processes running in the pod 5053 are sent a termination signal and the time when 5054 the processes are forcibly halted with a kill 5055 signal. Set this value longer than the expected 5056 cleanup time for your process. If this value 5057 is nil, the pod's terminationGracePeriodSeconds 5058 will be used. Otherwise, this value overrides 5059 the value provided by the pod spec. Value must 5060 be non-negative integer. The value zero indicates 5061 stop immediately via the kill signal (no opportunity 5062 to shut down). This is a beta field and requires 5063 enabling ProbeTerminationGracePeriod feature 5064 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5065 is used if unset. 5066 format: int64 5067 type: integer 5068 timeoutSeconds: 5069 description: 'Number of seconds after which the 5070 probe times out. Defaults to 1 second. Minimum 5071 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5072 format: int32 5073 type: integer 5074 type: object 5075 name: 5076 description: Name of the container specified as a 5077 DNS_LABEL. Each container in a pod must have a unique 5078 name (DNS_LABEL). Cannot be updated. 5079 type: string 5080 ports: 5081 description: List of ports to expose from the container. 5082 Not specifying a port here DOES NOT prevent that 5083 port from being exposed. Any port which is listening 5084 on the default "0.0.0.0" address inside a container 5085 will be accessible from the network. Modifying this 5086 array with strategic merge patch may corrupt the 5087 data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. 5088 Cannot be updated. 5089 items: 5090 description: ContainerPort represents a network 5091 port in a single container. 5092 properties: 5093 containerPort: 5094 description: Number of port to expose on the 5095 pod's IP address. This must be a valid port 5096 number, 0 < x < 65536. 5097 format: int32 5098 type: integer 5099 hostIP: 5100 description: What host IP to bind the external 5101 port to. 5102 type: string 5103 hostPort: 5104 description: Number of port to expose on the 5105 host. If specified, this must be a valid port 5106 number, 0 < x < 65536. If HostNetwork is specified, 5107 this must match ContainerPort. Most containers 5108 do not need this. 5109 format: int32 5110 type: integer 5111 name: 5112 description: If specified, this must be an IANA_SVC_NAME 5113 and unique within the pod. Each named port 5114 in a pod must have a unique name. Name for 5115 the port that can be referred to by services. 5116 type: string 5117 protocol: 5118 default: TCP 5119 description: Protocol for port. Must be UDP, 5120 TCP, or SCTP. Defaults to "TCP". 5121 type: string 5122 required: 5123 - containerPort 5124 type: object 5125 type: array 5126 x-kubernetes-list-map-keys: 5127 - containerPort 5128 - protocol 5129 x-kubernetes-list-type: map 5130 readinessProbe: 5131 description: 'Periodic probe of container service 5132 readiness. Container will be removed from service 5133 endpoints if the probe fails. Cannot be updated. 5134 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5135 properties: 5136 exec: 5137 description: Exec specifies the action to take. 5138 properties: 5139 command: 5140 description: Command is the command line to 5141 execute inside the container, the working 5142 directory for the command is root ('/') 5143 in the container's filesystem. The command 5144 is simply exec'd, it is not run inside a 5145 shell, so traditional shell instructions 5146 ('|', etc) won't work. To use a shell, you 5147 need to explicitly call out to that shell. 5148 Exit status of 0 is treated as live/healthy 5149 and non-zero is unhealthy. 5150 items: 5151 type: string 5152 type: array 5153 type: object 5154 failureThreshold: 5155 description: Minimum consecutive failures for 5156 the probe to be considered failed after having 5157 succeeded. Defaults to 3. Minimum value is 1. 5158 format: int32 5159 type: integer 5160 grpc: 5161 description: GRPC specifies an action involving 5162 a GRPC port. 5163 properties: 5164 port: 5165 description: Port number of the gRPC service. 5166 Number must be in the range 1 to 65535. 5167 format: int32 5168 type: integer 5169 service: 5170 description: "Service is the name of the service 5171 to place in the gRPC HealthCheckRequest 5172 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5173 \n If this is not specified, the default 5174 behavior is defined by gRPC." 5175 type: string 5176 required: 5177 - port 5178 type: object 5179 httpGet: 5180 description: HTTPGet specifies the http request 5181 to perform. 5182 properties: 5183 host: 5184 description: Host name to connect to, defaults 5185 to the pod IP. You probably want to set 5186 "Host" in httpHeaders instead. 5187 type: string 5188 httpHeaders: 5189 description: Custom headers to set in the 5190 request. HTTP allows repeated headers. 5191 items: 5192 description: HTTPHeader describes a custom 5193 header to be used in HTTP probes 5194 properties: 5195 name: 5196 description: The header field name. 5197 This will be canonicalized upon output, 5198 so case-variant names will be understood 5199 as the same header. 5200 type: string 5201 value: 5202 description: The header field value 5203 type: string 5204 required: 5205 - name 5206 - value 5207 type: object 5208 type: array 5209 path: 5210 description: Path to access on the HTTP server. 5211 type: string 5212 port: 5213 anyOf: 5214 - type: integer 5215 - type: string 5216 description: Name or number of the port to 5217 access on the container. Number must be 5218 in the range 1 to 65535. Name must be an 5219 IANA_SVC_NAME. 5220 x-kubernetes-int-or-string: true 5221 scheme: 5222 description: Scheme to use for connecting 5223 to the host. Defaults to HTTP. 5224 type: string 5225 required: 5226 - port 5227 type: object 5228 initialDelaySeconds: 5229 description: 'Number of seconds after the container 5230 has started before liveness probes are initiated. 5231 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5232 format: int32 5233 type: integer 5234 periodSeconds: 5235 description: How often (in seconds) to perform 5236 the probe. Default to 10 seconds. Minimum value 5237 is 1. 5238 format: int32 5239 type: integer 5240 successThreshold: 5241 description: Minimum consecutive successes for 5242 the probe to be considered successful after 5243 having failed. Defaults to 1. Must be 1 for 5244 liveness and startup. Minimum value is 1. 5245 format: int32 5246 type: integer 5247 tcpSocket: 5248 description: TCPSocket specifies an action involving 5249 a TCP port. 5250 properties: 5251 host: 5252 description: 'Optional: Host name to connect 5253 to, defaults to the pod IP.' 5254 type: string 5255 port: 5256 anyOf: 5257 - type: integer 5258 - type: string 5259 description: Number or name of the port to 5260 access on the container. Number must be 5261 in the range 1 to 65535. Name must be an 5262 IANA_SVC_NAME. 5263 x-kubernetes-int-or-string: true 5264 required: 5265 - port 5266 type: object 5267 terminationGracePeriodSeconds: 5268 description: Optional duration in seconds the 5269 pod needs to terminate gracefully upon probe 5270 failure. The grace period is the duration in 5271 seconds after the processes running in the pod 5272 are sent a termination signal and the time when 5273 the processes are forcibly halted with a kill 5274 signal. Set this value longer than the expected 5275 cleanup time for your process. If this value 5276 is nil, the pod's terminationGracePeriodSeconds 5277 will be used. Otherwise, this value overrides 5278 the value provided by the pod spec. Value must 5279 be non-negative integer. The value zero indicates 5280 stop immediately via the kill signal (no opportunity 5281 to shut down). This is a beta field and requires 5282 enabling ProbeTerminationGracePeriod feature 5283 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5284 is used if unset. 5285 format: int64 5286 type: integer 5287 timeoutSeconds: 5288 description: 'Number of seconds after which the 5289 probe times out. Defaults to 1 second. Minimum 5290 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5291 format: int32 5292 type: integer 5293 type: object 5294 resizePolicy: 5295 description: Resources resize policy for the container. 5296 items: 5297 description: ContainerResizePolicy represents resource 5298 resize policy for the container. 5299 properties: 5300 resourceName: 5301 description: 'Name of the resource to which 5302 this resource resize policy applies. Supported 5303 values: cpu, memory.' 5304 type: string 5305 restartPolicy: 5306 description: Restart policy to apply when specified 5307 resource is resized. If not specified, it 5308 defaults to NotRequired. 5309 type: string 5310 required: 5311 - resourceName 5312 - restartPolicy 5313 type: object 5314 type: array 5315 x-kubernetes-list-type: atomic 5316 resources: 5317 description: 'Compute Resources required by this container. 5318 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5319 properties: 5320 claims: 5321 description: "Claims lists the names of resources, 5322 defined in spec.resourceClaims, that are used 5323 by this container. \n This is an alpha field 5324 and requires enabling the DynamicResourceAllocation 5325 feature gate. \n This field is immutable. It 5326 can only be set for containers." 5327 items: 5328 description: ResourceClaim references one entry 5329 in PodSpec.ResourceClaims. 5330 properties: 5331 name: 5332 description: Name must match the name of 5333 one entry in pod.spec.resourceClaims of 5334 the Pod where this field is used. It makes 5335 that resource available inside a container. 5336 type: string 5337 required: 5338 - name 5339 type: object 5340 type: array 5341 x-kubernetes-list-map-keys: 5342 - name 5343 x-kubernetes-list-type: map 5344 limits: 5345 additionalProperties: 5346 anyOf: 5347 - type: integer 5348 - type: string 5349 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5350 x-kubernetes-int-or-string: true 5351 description: 'Limits describes the maximum amount 5352 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5353 type: object 5354 requests: 5355 additionalProperties: 5356 anyOf: 5357 - type: integer 5358 - type: string 5359 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5360 x-kubernetes-int-or-string: true 5361 description: 'Requests describes the minimum amount 5362 of compute resources required. If Requests is 5363 omitted for a container, it defaults to Limits 5364 if that is explicitly specified, otherwise to 5365 an implementation-defined value. Requests cannot 5366 exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5367 type: object 5368 type: object 5369 restartPolicy: 5370 description: 'RestartPolicy defines the restart behavior 5371 of individual containers in a pod. This field may 5372 only be set for init containers, and the only allowed 5373 value is "Always". For non-init containers or when 5374 this field is not specified, the restart behavior 5375 is defined by the Pod''s restart policy and the 5376 container type. Setting the RestartPolicy as "Always" 5377 for the init container will have the following effect: 5378 this init container will be continually restarted 5379 on exit until all regular containers have terminated. 5380 Once all regular containers have completed, all 5381 init containers with restartPolicy "Always" will 5382 be shut down. This lifecycle differs from normal 5383 init containers and is often referred to as a "sidecar" 5384 container. Although this init container still starts 5385 in the init container sequence, it does not wait 5386 for the container to complete before proceeding 5387 to the next init container. Instead, the next init 5388 container starts immediately after this init container 5389 is started, or after any startupProbe has successfully 5390 completed.' 5391 type: string 5392 securityContext: 5393 description: 'SecurityContext defines the security 5394 options the container should be run with. If set, 5395 the fields of SecurityContext override the equivalent 5396 fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 5397 properties: 5398 allowPrivilegeEscalation: 5399 description: 'AllowPrivilegeEscalation controls 5400 whether a process can gain more privileges than 5401 its parent process. This bool directly controls 5402 if the no_new_privs flag will be set on the 5403 container process. AllowPrivilegeEscalation 5404 is true always when the container is: 1) run 5405 as Privileged 2) has CAP_SYS_ADMIN Note that 5406 this field cannot be set when spec.os.name is 5407 windows.' 5408 type: boolean 5409 capabilities: 5410 description: The capabilities to add/drop when 5411 running containers. Defaults to the default 5412 set of capabilities granted by the container 5413 runtime. Note that this field cannot be set 5414 when spec.os.name is windows. 5415 properties: 5416 add: 5417 description: Added capabilities 5418 items: 5419 description: Capability represent POSIX 5420 capabilities type 5421 type: string 5422 type: array 5423 drop: 5424 description: Removed capabilities 5425 items: 5426 description: Capability represent POSIX 5427 capabilities type 5428 type: string 5429 type: array 5430 type: object 5431 privileged: 5432 description: Run container in privileged mode. 5433 Processes in privileged containers are essentially 5434 equivalent to root on the host. Defaults to 5435 false. Note that this field cannot be set when 5436 spec.os.name is windows. 5437 type: boolean 5438 procMount: 5439 description: procMount denotes the type of proc 5440 mount to use for the containers. The default 5441 is DefaultProcMount which uses the container 5442 runtime defaults for readonly paths and masked 5443 paths. This requires the ProcMountType feature 5444 flag to be enabled. Note that this field cannot 5445 be set when spec.os.name is windows. 5446 type: string 5447 readOnlyRootFilesystem: 5448 description: Whether this container has a read-only 5449 root filesystem. Default is false. Note that 5450 this field cannot be set when spec.os.name is 5451 windows. 5452 type: boolean 5453 runAsGroup: 5454 description: The GID to run the entrypoint of 5455 the container process. Uses runtime default 5456 if unset. May also be set in PodSecurityContext. If 5457 set in both SecurityContext and PodSecurityContext, 5458 the value specified in SecurityContext takes 5459 precedence. Note that this field cannot be set 5460 when spec.os.name is windows. 5461 format: int64 5462 type: integer 5463 runAsNonRoot: 5464 description: Indicates that the container must 5465 run as a non-root user. If true, the Kubelet 5466 will validate the image at runtime to ensure 5467 that it does not run as UID 0 (root) and fail 5468 to start the container if it does. If unset 5469 or false, no such validation will be performed. 5470 May also be set in PodSecurityContext. If set 5471 in both SecurityContext and PodSecurityContext, 5472 the value specified in SecurityContext takes 5473 precedence. 5474 type: boolean 5475 runAsUser: 5476 description: The UID to run the entrypoint of 5477 the container process. Defaults to user specified 5478 in image metadata if unspecified. May also be 5479 set in PodSecurityContext. If set in both SecurityContext 5480 and PodSecurityContext, the value specified 5481 in SecurityContext takes precedence. Note that 5482 this field cannot be set when spec.os.name is 5483 windows. 5484 format: int64 5485 type: integer 5486 seLinuxOptions: 5487 description: The SELinux context to be applied 5488 to the container. If unspecified, the container 5489 runtime will allocate a random SELinux context 5490 for each container. May also be set in PodSecurityContext. If 5491 set in both SecurityContext and PodSecurityContext, 5492 the value specified in SecurityContext takes 5493 precedence. Note that this field cannot be set 5494 when spec.os.name is windows. 5495 properties: 5496 level: 5497 description: Level is SELinux level label 5498 that applies to the container. 5499 type: string 5500 role: 5501 description: Role is a SELinux role label 5502 that applies to the container. 5503 type: string 5504 type: 5505 description: Type is a SELinux type label 5506 that applies to the container. 5507 type: string 5508 user: 5509 description: User is a SELinux user label 5510 that applies to the container. 5511 type: string 5512 type: object 5513 seccompProfile: 5514 description: The seccomp options to use by this 5515 container. If seccomp options are provided at 5516 both the pod & container level, the container 5517 options override the pod options. Note that 5518 this field cannot be set when spec.os.name is 5519 windows. 5520 properties: 5521 localhostProfile: 5522 description: localhostProfile indicates a 5523 profile defined in a file on the node should 5524 be used. The profile must be preconfigured 5525 on the node to work. Must be a descending 5526 path, relative to the kubelet's configured 5527 seccomp profile location. Must be set if 5528 type is "Localhost". Must NOT be set for 5529 any other type. 5530 type: string 5531 type: 5532 description: "type indicates which kind of 5533 seccomp profile will be applied. Valid options 5534 are: \n Localhost - a profile defined in 5535 a file on the node should be used. RuntimeDefault 5536 - the container runtime default profile 5537 should be used. Unconfined - no profile 5538 should be applied." 5539 type: string 5540 required: 5541 - type 5542 type: object 5543 windowsOptions: 5544 description: The Windows specific settings applied 5545 to all containers. If unspecified, the options 5546 from the PodSecurityContext will be used. If 5547 set in both SecurityContext and PodSecurityContext, 5548 the value specified in SecurityContext takes 5549 precedence. Note that this field cannot be set 5550 when spec.os.name is linux. 5551 properties: 5552 gmsaCredentialSpec: 5553 description: GMSACredentialSpec is where the 5554 GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5555 inlines the contents of the GMSA credential 5556 spec named by the GMSACredentialSpecName 5557 field. 5558 type: string 5559 gmsaCredentialSpecName: 5560 description: GMSACredentialSpecName is the 5561 name of the GMSA credential spec to use. 5562 type: string 5563 hostProcess: 5564 description: HostProcess determines if a container 5565 should be run as a 'Host Process' container. 5566 All of a Pod's containers must have the 5567 same effective HostProcess value (it is 5568 not allowed to have a mix of HostProcess 5569 containers and non-HostProcess containers). 5570 In addition, if HostProcess is true then 5571 HostNetwork must also be set to true. 5572 type: boolean 5573 runAsUserName: 5574 description: The UserName in Windows to run 5575 the entrypoint of the container process. 5576 Defaults to the user specified in image 5577 metadata if unspecified. May also be set 5578 in PodSecurityContext. If set in both SecurityContext 5579 and PodSecurityContext, the value specified 5580 in SecurityContext takes precedence. 5581 type: string 5582 type: object 5583 type: object 5584 startupProbe: 5585 description: 'StartupProbe indicates that the Pod 5586 has successfully initialized. If specified, no other 5587 probes are executed until this completes successfully. 5588 If this probe fails, the Pod will be restarted, 5589 just as if the livenessProbe failed. This can be 5590 used to provide different probe parameters at the 5591 beginning of a Pod''s lifecycle, when it might take 5592 a long time to load data or warm a cache, than during 5593 steady-state operation. This cannot be updated. 5594 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5595 properties: 5596 exec: 5597 description: Exec specifies the action to take. 5598 properties: 5599 command: 5600 description: Command is the command line to 5601 execute inside the container, the working 5602 directory for the command is root ('/') 5603 in the container's filesystem. The command 5604 is simply exec'd, it is not run inside a 5605 shell, so traditional shell instructions 5606 ('|', etc) won't work. To use a shell, you 5607 need to explicitly call out to that shell. 5608 Exit status of 0 is treated as live/healthy 5609 and non-zero is unhealthy. 5610 items: 5611 type: string 5612 type: array 5613 type: object 5614 failureThreshold: 5615 description: Minimum consecutive failures for 5616 the probe to be considered failed after having 5617 succeeded. Defaults to 3. Minimum value is 1. 5618 format: int32 5619 type: integer 5620 grpc: 5621 description: GRPC specifies an action involving 5622 a GRPC port. 5623 properties: 5624 port: 5625 description: Port number of the gRPC service. 5626 Number must be in the range 1 to 65535. 5627 format: int32 5628 type: integer 5629 service: 5630 description: "Service is the name of the service 5631 to place in the gRPC HealthCheckRequest 5632 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5633 \n If this is not specified, the default 5634 behavior is defined by gRPC." 5635 type: string 5636 required: 5637 - port 5638 type: object 5639 httpGet: 5640 description: HTTPGet specifies the http request 5641 to perform. 5642 properties: 5643 host: 5644 description: Host name to connect to, defaults 5645 to the pod IP. You probably want to set 5646 "Host" in httpHeaders instead. 5647 type: string 5648 httpHeaders: 5649 description: Custom headers to set in the 5650 request. HTTP allows repeated headers. 5651 items: 5652 description: HTTPHeader describes a custom 5653 header to be used in HTTP probes 5654 properties: 5655 name: 5656 description: The header field name. 5657 This will be canonicalized upon output, 5658 so case-variant names will be understood 5659 as the same header. 5660 type: string 5661 value: 5662 description: The header field value 5663 type: string 5664 required: 5665 - name 5666 - value 5667 type: object 5668 type: array 5669 path: 5670 description: Path to access on the HTTP server. 5671 type: string 5672 port: 5673 anyOf: 5674 - type: integer 5675 - type: string 5676 description: Name or number of the port to 5677 access on the container. Number must be 5678 in the range 1 to 65535. Name must be an 5679 IANA_SVC_NAME. 5680 x-kubernetes-int-or-string: true 5681 scheme: 5682 description: Scheme to use for connecting 5683 to the host. Defaults to HTTP. 5684 type: string 5685 required: 5686 - port 5687 type: object 5688 initialDelaySeconds: 5689 description: 'Number of seconds after the container 5690 has started before liveness probes are initiated. 5691 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5692 format: int32 5693 type: integer 5694 periodSeconds: 5695 description: How often (in seconds) to perform 5696 the probe. Default to 10 seconds. Minimum value 5697 is 1. 5698 format: int32 5699 type: integer 5700 successThreshold: 5701 description: Minimum consecutive successes for 5702 the probe to be considered successful after 5703 having failed. Defaults to 1. Must be 1 for 5704 liveness and startup. Minimum value is 1. 5705 format: int32 5706 type: integer 5707 tcpSocket: 5708 description: TCPSocket specifies an action involving 5709 a TCP port. 5710 properties: 5711 host: 5712 description: 'Optional: Host name to connect 5713 to, defaults to the pod IP.' 5714 type: string 5715 port: 5716 anyOf: 5717 - type: integer 5718 - type: string 5719 description: Number or name of the port to 5720 access on the container. Number must be 5721 in the range 1 to 65535. Name must be an 5722 IANA_SVC_NAME. 5723 x-kubernetes-int-or-string: true 5724 required: 5725 - port 5726 type: object 5727 terminationGracePeriodSeconds: 5728 description: Optional duration in seconds the 5729 pod needs to terminate gracefully upon probe 5730 failure. The grace period is the duration in 5731 seconds after the processes running in the pod 5732 are sent a termination signal and the time when 5733 the processes are forcibly halted with a kill 5734 signal. Set this value longer than the expected 5735 cleanup time for your process. If this value 5736 is nil, the pod's terminationGracePeriodSeconds 5737 will be used. Otherwise, this value overrides 5738 the value provided by the pod spec. Value must 5739 be non-negative integer. The value zero indicates 5740 stop immediately via the kill signal (no opportunity 5741 to shut down). This is a beta field and requires 5742 enabling ProbeTerminationGracePeriod feature 5743 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5744 is used if unset. 5745 format: int64 5746 type: integer 5747 timeoutSeconds: 5748 description: 'Number of seconds after which the 5749 probe times out. Defaults to 1 second. Minimum 5750 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5751 format: int32 5752 type: integer 5753 type: object 5754 stdin: 5755 description: Whether this container should allocate 5756 a buffer for stdin in the container runtime. If 5757 this is not set, reads from stdin in the container 5758 will always result in EOF. Default is false. 5759 type: boolean 5760 stdinOnce: 5761 description: Whether the container runtime should 5762 close the stdin channel after it has been opened 5763 by a single attach. When stdin is true the stdin 5764 stream will remain open across multiple attach sessions. 5765 If stdinOnce is set to true, stdin is opened on 5766 container start, is empty until the first client 5767 attaches to stdin, and then remains open and accepts 5768 data until the client disconnects, at which time 5769 stdin is closed and remains closed until the container 5770 is restarted. If this flag is false, a container 5771 processes that reads from stdin will never receive 5772 an EOF. Default is false 5773 type: boolean 5774 terminationMessagePath: 5775 description: 'Optional: Path at which the file to 5776 which the container''s termination message will 5777 be written is mounted into the container''s filesystem. 5778 Message written is intended to be brief final status, 5779 such as an assertion failure message. Will be truncated 5780 by the node if greater than 4096 bytes. The total 5781 message length across all containers will be limited 5782 to 12kb. Defaults to /dev/termination-log. Cannot 5783 be updated.' 5784 type: string 5785 terminationMessagePolicy: 5786 description: Indicate how the termination message 5787 should be populated. File will use the contents 5788 of terminationMessagePath to populate the container 5789 status message on both success and failure. FallbackToLogsOnError 5790 will use the last chunk of container log output 5791 if the termination message file is empty and the 5792 container exited with an error. The log output is 5793 limited to 2048 bytes or 80 lines, whichever is 5794 smaller. Defaults to File. Cannot be updated. 5795 type: string 5796 tty: 5797 description: Whether this container should allocate 5798 a TTY for itself, also requires 'stdin' to be true. 5799 Default is false. 5800 type: boolean 5801 volumeDevices: 5802 description: volumeDevices is the list of block devices 5803 to be used by the container. 5804 items: 5805 description: volumeDevice describes a mapping of 5806 a raw block device within a container. 5807 properties: 5808 devicePath: 5809 description: devicePath is the path inside of 5810 the container that the device will be mapped 5811 to. 5812 type: string 5813 name: 5814 description: name must match the name of a persistentVolumeClaim 5815 in the pod 5816 type: string 5817 required: 5818 - devicePath 5819 - name 5820 type: object 5821 type: array 5822 volumeMounts: 5823 description: Pod volumes to mount into the container's 5824 filesystem. Cannot be updated. 5825 items: 5826 description: VolumeMount describes a mounting of 5827 a Volume within a container. 5828 properties: 5829 mountPath: 5830 description: Path within the container at which 5831 the volume should be mounted. Must not contain 5832 ':'. 5833 type: string 5834 mountPropagation: 5835 description: mountPropagation determines how 5836 mounts are propagated from the host to container 5837 and the other way around. When not set, MountPropagationNone 5838 is used. This field is beta in 1.10. 5839 type: string 5840 name: 5841 description: This must match the Name of a Volume. 5842 type: string 5843 readOnly: 5844 description: Mounted read-only if true, read-write 5845 otherwise (false or unspecified). Defaults 5846 to false. 5847 type: boolean 5848 subPath: 5849 description: Path within the volume from which 5850 the container's volume should be mounted. 5851 Defaults to "" (volume's root). 5852 type: string 5853 subPathExpr: 5854 description: Expanded path within the volume 5855 from which the container's volume should be 5856 mounted. Behaves similarly to SubPath but 5857 environment variable references $(VAR_NAME) 5858 are expanded using the container's environment. 5859 Defaults to "" (volume's root). SubPathExpr 5860 and SubPath are mutually exclusive. 5861 type: string 5862 required: 5863 - mountPath 5864 - name 5865 type: object 5866 type: array 5867 workingDir: 5868 description: Container's working directory. If not 5869 specified, the container runtime's default will 5870 be used, which might be configured in the container 5871 image. Cannot be updated. 5872 type: string 5873 required: 5874 - name 5875 type: object 5876 type: array 5877 nodeName: 5878 description: NodeName is a request to schedule this pod 5879 onto a specific node. If it is non-empty, the scheduler 5880 simply schedules this pod onto that node, assuming that 5881 it fits resource requirements. 5882 type: string 5883 nodeSelector: 5884 additionalProperties: 5885 type: string 5886 description: 'NodeSelector is a selector which must be true 5887 for the pod to fit on a node. Selector which must match 5888 a node''s labels for the pod to be scheduled on that node. 5889 More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 5890 type: object 5891 x-kubernetes-map-type: atomic 5892 os: 5893 description: "Specifies the OS of the containers in the 5894 pod. Some pod and container fields are restricted if this 5895 is set. \n If the OS field is set to linux, the following 5896 fields must be unset: -securityContext.windowsOptions 5897 \n If the OS field is set to windows, following fields 5898 must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers 5899 - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile 5900 - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy 5901 - spec.securityContext.sysctls - spec.shareProcessNamespace 5902 - spec.securityContext.runAsUser - spec.securityContext.runAsGroup 5903 - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions 5904 - spec.containers[*].securityContext.seccompProfile - 5905 spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem 5906 - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation 5907 - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser 5908 - spec.containers[*].securityContext.runAsGroup" 5909 properties: 5910 name: 5911 description: 'Name is the name of the operating system. 5912 The currently supported values are linux and windows. 5913 Additional value may be defined in future and can 5914 be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration 5915 Clients should expect to handle additional values 5916 and treat unrecognized values in this field as os: 5917 null' 5918 type: string 5919 required: 5920 - name 5921 type: object 5922 overhead: 5923 additionalProperties: 5924 anyOf: 5925 - type: integer 5926 - type: string 5927 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5928 x-kubernetes-int-or-string: true 5929 description: 'Overhead represents the resource overhead 5930 associated with running a pod for a given RuntimeClass. 5931 This field will be autopopulated at admission time by 5932 the RuntimeClass admission controller. If the RuntimeClass 5933 admission controller is enabled, overhead must not be 5934 set in Pod create requests. The RuntimeClass admission 5935 controller will reject Pod create requests which have 5936 the overhead already set. If RuntimeClass is configured 5937 and selected in the PodSpec, Overhead will be set to the 5938 value defined in the corresponding RuntimeClass, otherwise 5939 it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' 5940 type: object 5941 preemptionPolicy: 5942 description: PreemptionPolicy is the Policy for preempting 5943 pods with lower priority. One of Never, PreemptLowerPriority. 5944 Defaults to PreemptLowerPriority if unset. 5945 type: string 5946 priority: 5947 description: The priority value. Various system components 5948 use this field to find the priority of the pod. When Priority 5949 Admission Controller is enabled, it prevents users from 5950 setting this field. The admission controller populates 5951 this field from PriorityClassName. The higher the value, 5952 the higher the priority. 5953 format: int32 5954 type: integer 5955 priorityClassName: 5956 description: If specified, indicates the pod's priority. 5957 "system-node-critical" and "system-cluster-critical" are 5958 two special keywords which indicate the highest priorities 5959 with the former being the highest priority. Any other 5960 name must be defined by creating a PriorityClass object 5961 with that name. If not specified, the pod priority will 5962 be default or zero if there is no default. 5963 type: string 5964 readinessGates: 5965 description: 'If specified, all readiness gates will be 5966 evaluated for pod readiness. A pod is ready when all its 5967 containers are ready AND all conditions specified in the 5968 readiness gates have status equal to "True" More info: 5969 https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' 5970 items: 5971 description: PodReadinessGate contains the reference to 5972 a pod condition 5973 properties: 5974 conditionType: 5975 description: ConditionType refers to a condition in 5976 the pod's condition list with matching type. 5977 type: string 5978 required: 5979 - conditionType 5980 type: object 5981 type: array 5982 resourceClaims: 5983 description: "ResourceClaims defines which ResourceClaims 5984 must be allocated and reserved before the Pod is allowed 5985 to start. The resources will be made available to those 5986 containers which consume them by name. \n This is an alpha 5987 field and requires enabling the DynamicResourceAllocation 5988 feature gate. \n This field is immutable." 5989 items: 5990 description: PodResourceClaim references exactly one ResourceClaim 5991 through a ClaimSource. It adds a name to it that uniquely 5992 identifies the ResourceClaim inside the Pod. Containers 5993 that need access to the ResourceClaim reference it with 5994 this name. 5995 properties: 5996 name: 5997 description: Name uniquely identifies this resource 5998 claim inside the pod. This must be a DNS_LABEL. 5999 type: string 6000 source: 6001 description: Source describes where to find the ResourceClaim. 6002 properties: 6003 resourceClaimName: 6004 description: ResourceClaimName is the name of 6005 a ResourceClaim object in the same namespace 6006 as this pod. 6007 type: string 6008 resourceClaimTemplateName: 6009 description: "ResourceClaimTemplateName is the 6010 name of a ResourceClaimTemplate object in the 6011 same namespace as this pod. \n The template 6012 will be used to create a new ResourceClaim, 6013 which will be bound to this pod. When this pod 6014 is deleted, the ResourceClaim will also be deleted. 6015 The pod name and resource name, along with a 6016 generated component, will be used to form a 6017 unique name for the ResourceClaim, which will 6018 be recorded in pod.status.resourceClaimStatuses. 6019 \n This field is immutable and no changes will 6020 be made to the corresponding ResourceClaim by 6021 the control plane after creating the ResourceClaim." 6022 type: string 6023 type: object 6024 required: 6025 - name 6026 type: object 6027 type: array 6028 x-kubernetes-list-map-keys: 6029 - name 6030 x-kubernetes-list-type: map 6031 restartPolicy: 6032 description: 'Restart policy for all containers within the 6033 pod. One of Always, OnFailure, Never. In some contexts, 6034 only a subset of those values may be permitted. Default 6035 to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 6036 type: string 6037 runtimeClassName: 6038 description: 'RuntimeClassName refers to a RuntimeClass 6039 object in the node.k8s.io group, which should be used 6040 to run this pod. If no RuntimeClass resource matches 6041 the named class, the pod will not be run. If unset or 6042 empty, the "legacy" RuntimeClass will be used, which is 6043 an implicit class with an empty definition that uses the 6044 default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' 6045 type: string 6046 schedulerName: 6047 description: If specified, the pod will be dispatched by 6048 specified scheduler. If not specified, the pod will be 6049 dispatched by default scheduler. 6050 type: string 6051 schedulingGates: 6052 description: "SchedulingGates is an opaque list of values 6053 that if specified will block scheduling the pod. If schedulingGates 6054 is not empty, the pod will stay in the SchedulingGated 6055 state and the scheduler will not attempt to schedule the 6056 pod. \n SchedulingGates can only be set at pod creation 6057 time, and be removed only afterwards. \n This is a beta 6058 feature enabled by the PodSchedulingReadiness feature 6059 gate." 6060 items: 6061 description: PodSchedulingGate is associated to a Pod 6062 to guard its scheduling. 6063 properties: 6064 name: 6065 description: Name of the scheduling gate. Each scheduling 6066 gate must have a unique name field. 6067 type: string 6068 required: 6069 - name 6070 type: object 6071 type: array 6072 x-kubernetes-list-map-keys: 6073 - name 6074 x-kubernetes-list-type: map 6075 securityContext: 6076 description: 'SecurityContext holds pod-level security attributes 6077 and common container settings. Optional: Defaults to empty. See 6078 type description for default values of each field.' 6079 properties: 6080 fsGroup: 6081 description: "A special supplemental group that applies 6082 to all containers in a pod. Some volume types allow 6083 the Kubelet to change the ownership of that volume 6084 to be owned by the pod: \n 1. The owning GID will 6085 be the FSGroup 2. The setgid bit is set (new files 6086 created in the volume will be owned by FSGroup) 3. 6087 The permission bits are OR'd with rw-rw---- \n If 6088 unset, the Kubelet will not modify the ownership and 6089 permissions of any volume. Note that this field cannot 6090 be set when spec.os.name is windows." 6091 format: int64 6092 type: integer 6093 fsGroupChangePolicy: 6094 description: 'fsGroupChangePolicy defines behavior of 6095 changing ownership and permission of the volume before 6096 being exposed inside Pod. This field will only apply 6097 to volume types which support fsGroup based ownership(and 6098 permissions). It will have no effect on ephemeral 6099 volume types such as: secret, configmaps and emptydir. 6100 Valid values are "OnRootMismatch" and "Always". If 6101 not specified, "Always" is used. Note that this field 6102 cannot be set when spec.os.name is windows.' 6103 type: string 6104 runAsGroup: 6105 description: The GID to run the entrypoint of the container 6106 process. Uses runtime default if unset. May also be 6107 set in SecurityContext. If set in both SecurityContext 6108 and PodSecurityContext, the value specified in SecurityContext 6109 takes precedence for that container. Note that this 6110 field cannot be set when spec.os.name is windows. 6111 format: int64 6112 type: integer 6113 runAsNonRoot: 6114 description: Indicates that the container must run as 6115 a non-root user. If true, the Kubelet will validate 6116 the image at runtime to ensure that it does not run 6117 as UID 0 (root) and fail to start the container if 6118 it does. If unset or false, no such validation will 6119 be performed. May also be set in SecurityContext. If 6120 set in both SecurityContext and PodSecurityContext, 6121 the value specified in SecurityContext takes precedence. 6122 type: boolean 6123 runAsUser: 6124 description: The UID to run the entrypoint of the container 6125 process. Defaults to user specified in image metadata 6126 if unspecified. May also be set in SecurityContext. If 6127 set in both SecurityContext and PodSecurityContext, 6128 the value specified in SecurityContext takes precedence 6129 for that container. Note that this field cannot be 6130 set when spec.os.name is windows. 6131 format: int64 6132 type: integer 6133 seLinuxOptions: 6134 description: The SELinux context to be applied to all 6135 containers. If unspecified, the container runtime 6136 will allocate a random SELinux context for each container. May 6137 also be set in SecurityContext. If set in both SecurityContext 6138 and PodSecurityContext, the value specified in SecurityContext 6139 takes precedence for that container. Note that this 6140 field cannot be set when spec.os.name is windows. 6141 properties: 6142 level: 6143 description: Level is SELinux level label that applies 6144 to the container. 6145 type: string 6146 role: 6147 description: Role is a SELinux role label that applies 6148 to the container. 6149 type: string 6150 type: 6151 description: Type is a SELinux type label that applies 6152 to the container. 6153 type: string 6154 user: 6155 description: User is a SELinux user label that applies 6156 to the container. 6157 type: string 6158 type: object 6159 seccompProfile: 6160 description: The seccomp options to use by the containers 6161 in this pod. Note that this field cannot be set when 6162 spec.os.name is windows. 6163 properties: 6164 localhostProfile: 6165 description: localhostProfile indicates a profile 6166 defined in a file on the node should be used. 6167 The profile must be preconfigured on the node 6168 to work. Must be a descending path, relative to 6169 the kubelet's configured seccomp profile location. 6170 Must be set if type is "Localhost". Must NOT be 6171 set for any other type. 6172 type: string 6173 type: 6174 description: "type indicates which kind of seccomp 6175 profile will be applied. Valid options are: \n 6176 Localhost - a profile defined in a file on the 6177 node should be used. RuntimeDefault - the container 6178 runtime default profile should be used. Unconfined 6179 - no profile should be applied." 6180 type: string 6181 required: 6182 - type 6183 type: object 6184 supplementalGroups: 6185 description: A list of groups applied to the first process 6186 run in each container, in addition to the container's 6187 primary GID, the fsGroup (if specified), and group 6188 memberships defined in the container image for the 6189 uid of the container process. If unspecified, no additional 6190 groups are added to any container. Note that group 6191 memberships defined in the container image for the 6192 uid of the container process are still effective, 6193 even if they are not included in this list. Note that 6194 this field cannot be set when spec.os.name is windows. 6195 items: 6196 format: int64 6197 type: integer 6198 type: array 6199 sysctls: 6200 description: Sysctls hold a list of namespaced sysctls 6201 used for the pod. Pods with unsupported sysctls (by 6202 the container runtime) might fail to launch. Note 6203 that this field cannot be set when spec.os.name is 6204 windows. 6205 items: 6206 description: Sysctl defines a kernel parameter to 6207 be set 6208 properties: 6209 name: 6210 description: Name of a property to set 6211 type: string 6212 value: 6213 description: Value of a property to set 6214 type: string 6215 required: 6216 - name 6217 - value 6218 type: object 6219 type: array 6220 windowsOptions: 6221 description: The Windows specific settings applied to 6222 all containers. If unspecified, the options within 6223 a container's SecurityContext will be used. If set 6224 in both SecurityContext and PodSecurityContext, the 6225 value specified in SecurityContext takes precedence. 6226 Note that this field cannot be set when spec.os.name 6227 is linux. 6228 properties: 6229 gmsaCredentialSpec: 6230 description: GMSACredentialSpec is where the GMSA 6231 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 6232 inlines the contents of the GMSA credential spec 6233 named by the GMSACredentialSpecName field. 6234 type: string 6235 gmsaCredentialSpecName: 6236 description: GMSACredentialSpecName is the name 6237 of the GMSA credential spec to use. 6238 type: string 6239 hostProcess: 6240 description: HostProcess determines if a container 6241 should be run as a 'Host Process' container. All 6242 of a Pod's containers must have the same effective 6243 HostProcess value (it is not allowed to have a 6244 mix of HostProcess containers and non-HostProcess 6245 containers). In addition, if HostProcess is true 6246 then HostNetwork must also be set to true. 6247 type: boolean 6248 runAsUserName: 6249 description: The UserName in Windows to run the 6250 entrypoint of the container process. Defaults 6251 to the user specified in image metadata if unspecified. 6252 May also be set in PodSecurityContext. If set 6253 in both SecurityContext and PodSecurityContext, 6254 the value specified in SecurityContext takes precedence. 6255 type: string 6256 type: object 6257 type: object 6258 serviceAccount: 6259 description: 'DeprecatedServiceAccount is a depreciated 6260 alias for ServiceAccountName. Deprecated: Use serviceAccountName 6261 instead.' 6262 type: string 6263 serviceAccountName: 6264 description: 'ServiceAccountName is the name of the ServiceAccount 6265 to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 6266 type: string 6267 setHostnameAsFQDN: 6268 description: If true the pod's hostname will be configured 6269 as the pod's FQDN, rather than the leaf name (the default). 6270 In Linux containers, this means setting the FQDN in the 6271 hostname field of the kernel (the nodename field of struct 6272 utsname). In Windows containers, this means setting the 6273 registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters 6274 to FQDN. If a pod does not have FQDN, this has no effect. 6275 Default to false. 6276 type: boolean 6277 shareProcessNamespace: 6278 description: 'Share a single process namespace between all 6279 of the containers in a pod. When this is set containers 6280 will be able to view and signal processes from other containers 6281 in the same pod, and the first process in each container 6282 will not be assigned PID 1. HostPID and ShareProcessNamespace 6283 cannot both be set. Optional: Default to false.' 6284 type: boolean 6285 subdomain: 6286 description: If specified, the fully qualified Pod hostname 6287 will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster 6288 domain>". If not specified, the pod will not have a domainname 6289 at all. 6290 type: string 6291 terminationGracePeriodSeconds: 6292 description: Optional duration in seconds the pod needs 6293 to terminate gracefully. May be decreased in delete request. 6294 Value must be non-negative integer. The value zero indicates 6295 stop immediately via the kill signal (no opportunity to 6296 shut down). If this value is nil, the default grace period 6297 will be used instead. The grace period is the duration 6298 in seconds after the processes running in the pod are 6299 sent a termination signal and the time when the processes 6300 are forcibly halted with a kill signal. Set this value 6301 longer than the expected cleanup time for your process. 6302 Defaults to 30 seconds. 6303 format: int64 6304 type: integer 6305 tolerations: 6306 description: If specified, the pod's tolerations. 6307 items: 6308 description: The pod this Toleration is attached to tolerates 6309 any taint that matches the triple <key,value,effect> 6310 using the matching operator <operator>. 6311 properties: 6312 effect: 6313 description: Effect indicates the taint effect to 6314 match. Empty means match all taint effects. When 6315 specified, allowed values are NoSchedule, PreferNoSchedule 6316 and NoExecute. 6317 type: string 6318 key: 6319 description: Key is the taint key that the toleration 6320 applies to. Empty means match all taint keys. If 6321 the key is empty, operator must be Exists; this 6322 combination means to match all values and all keys. 6323 type: string 6324 operator: 6325 description: Operator represents a key's relationship 6326 to the value. Valid operators are Exists and Equal. 6327 Defaults to Equal. Exists is equivalent to wildcard 6328 for value, so that a pod can tolerate all taints 6329 of a particular category. 6330 type: string 6331 tolerationSeconds: 6332 description: TolerationSeconds represents the period 6333 of time the toleration (which must be of effect 6334 NoExecute, otherwise this field is ignored) tolerates 6335 the taint. By default, it is not set, which means 6336 tolerate the taint forever (do not evict). Zero 6337 and negative values will be treated as 0 (evict 6338 immediately) by the system. 6339 format: int64 6340 type: integer 6341 value: 6342 description: Value is the taint value the toleration 6343 matches to. If the operator is Exists, the value 6344 should be empty, otherwise just a regular string. 6345 type: string 6346 type: object 6347 type: array 6348 topologySpreadConstraints: 6349 description: TopologySpreadConstraints describes how a group 6350 of pods ought to spread across topology domains. Scheduler 6351 will schedule pods in a way which abides by the constraints. 6352 All topologySpreadConstraints are ANDed. 6353 items: 6354 description: TopologySpreadConstraint specifies how to 6355 spread matching pods among the given topology. 6356 properties: 6357 labelSelector: 6358 description: LabelSelector is used to find matching 6359 pods. Pods that match this label selector are counted 6360 to determine the number of pods in their corresponding 6361 topology domain. 6362 properties: 6363 matchExpressions: 6364 description: matchExpressions is a list of label 6365 selector requirements. The requirements are 6366 ANDed. 6367 items: 6368 description: A label selector requirement is 6369 a selector that contains values, a key, and 6370 an operator that relates the key and values. 6371 properties: 6372 key: 6373 description: key is the label key that the 6374 selector applies to. 6375 type: string 6376 operator: 6377 description: operator represents a key's 6378 relationship to a set of values. Valid 6379 operators are In, NotIn, Exists and DoesNotExist. 6380 type: string 6381 values: 6382 description: values is an array of string 6383 values. If the operator is In or NotIn, 6384 the values array must be non-empty. If 6385 the operator is Exists or DoesNotExist, 6386 the values array must be empty. This array 6387 is replaced during a strategic merge patch. 6388 items: 6389 type: string 6390 type: array 6391 required: 6392 - key 6393 - operator 6394 type: object 6395 type: array 6396 matchLabels: 6397 additionalProperties: 6398 type: string 6399 description: matchLabels is a map of {key,value} 6400 pairs. A single {key,value} in the matchLabels 6401 map is equivalent to an element of matchExpressions, 6402 whose key field is "key", the operator is "In", 6403 and the values array contains only "value". 6404 The requirements are ANDed. 6405 type: object 6406 type: object 6407 x-kubernetes-map-type: atomic 6408 matchLabelKeys: 6409 description: "MatchLabelKeys is a set of pod label 6410 keys to select the pods over which spreading will 6411 be calculated. The keys are used to lookup values 6412 from the incoming pod labels, those key-value labels 6413 are ANDed with labelSelector to select the group 6414 of existing pods over which spreading will be calculated 6415 for the incoming pod. The same key is forbidden 6416 to exist in both MatchLabelKeys and LabelSelector. 6417 MatchLabelKeys cannot be set when LabelSelector 6418 isn't set. Keys that don't exist in the incoming 6419 pod labels will be ignored. A null or empty list 6420 means only match against labelSelector. \n This 6421 is a beta field and requires the MatchLabelKeysInPodTopologySpread 6422 feature gate to be enabled (enabled by default)." 6423 items: 6424 type: string 6425 type: array 6426 x-kubernetes-list-type: atomic 6427 maxSkew: 6428 description: 'MaxSkew describes the degree to which 6429 pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 6430 it is the maximum permitted difference between the 6431 number of matching pods in the target topology and 6432 the global minimum. The global minimum is the minimum 6433 number of matching pods in an eligible domain or 6434 zero if the number of eligible domains is less than 6435 MinDomains. For example, in a 3-zone cluster, MaxSkew 6436 is set to 1, and pods with the same labelSelector 6437 spread as 2/2/1: In this case, the global minimum 6438 is 1. | zone1 | zone2 | zone3 | | P P | P P | P | 6439 - if MaxSkew is 1, incoming pod can only be scheduled 6440 to zone3 to become 2/2/2; scheduling it onto zone1(zone2) 6441 would make the ActualSkew(3-1) on zone1(zone2) violate 6442 MaxSkew(1). - if MaxSkew is 2, incoming pod can 6443 be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 6444 it is used to give higher precedence to topologies 6445 that satisfy it. It''s a required field. Default 6446 value is 1 and 0 is not allowed.' 6447 format: int32 6448 type: integer 6449 minDomains: 6450 description: "MinDomains indicates a minimum number 6451 of eligible domains. When the number of eligible 6452 domains with matching topology keys is less than 6453 minDomains, Pod Topology Spread treats \"global 6454 minimum\" as 0, and then the calculation of Skew 6455 is performed. And when the number of eligible domains 6456 with matching topology keys equals or greater than 6457 minDomains, this value has no effect on scheduling. 6458 As a result, when the number of eligible domains 6459 is less than minDomains, scheduler won't schedule 6460 more than maxSkew Pods to those domains. If value 6461 is nil, the constraint behaves as if MinDomains 6462 is equal to 1. Valid values are integers greater 6463 than 0. When value is not nil, WhenUnsatisfiable 6464 must be DoNotSchedule. \n For example, in a 3-zone 6465 cluster, MaxSkew is set to 2, MinDomains is set 6466 to 5 and pods with the same labelSelector spread 6467 as 2/2/2: | zone1 | zone2 | zone3 | | P P | P 6468 P | P P | The number of domains is less than 6469 5(MinDomains), so \"global minimum\" is treated 6470 as 0. In this situation, new pod with the same labelSelector 6471 cannot be scheduled, because computed skew will 6472 be 3(3 - 0) if new Pod is scheduled to any of the 6473 three zones, it will violate MaxSkew. \n This is 6474 a beta field and requires the MinDomainsInPodTopologySpread 6475 feature gate to be enabled (enabled by default)." 6476 format: int32 6477 type: integer 6478 nodeAffinityPolicy: 6479 description: "NodeAffinityPolicy indicates how we 6480 will treat Pod's nodeAffinity/nodeSelector when 6481 calculating pod topology spread skew. Options are: 6482 - Honor: only nodes matching nodeAffinity/nodeSelector 6483 are included in the calculations. - Ignore: nodeAffinity/nodeSelector 6484 are ignored. All nodes are included in the calculations. 6485 \n If this value is nil, the behavior is equivalent 6486 to the Honor policy. This is a beta-level feature 6487 default enabled by the NodeInclusionPolicyInPodTopologySpread 6488 feature flag." 6489 type: string 6490 nodeTaintsPolicy: 6491 description: "NodeTaintsPolicy indicates how we will 6492 treat node taints when calculating pod topology 6493 spread skew. Options are: - Honor: nodes without 6494 taints, along with tainted nodes for which the incoming 6495 pod has a toleration, are included. - Ignore: node 6496 taints are ignored. All nodes are included. \n If 6497 this value is nil, the behavior is equivalent to 6498 the Ignore policy. This is a beta-level feature 6499 default enabled by the NodeInclusionPolicyInPodTopologySpread 6500 feature flag." 6501 type: string 6502 topologyKey: 6503 description: TopologyKey is the key of node labels. 6504 Nodes that have a label with this key and identical 6505 values are considered to be in the same topology. 6506 We consider each <key, value> as a "bucket", and 6507 try to put balanced number of pods into each bucket. 6508 We define a domain as a particular instance of a 6509 topology. Also, we define an eligible domain as 6510 a domain whose nodes meet the requirements of nodeAffinityPolicy 6511 and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", 6512 each Node is a domain of that topology. And, if 6513 TopologyKey is "topology.kubernetes.io/zone", each 6514 zone is a domain of that topology. It's a required 6515 field. 6516 type: string 6517 whenUnsatisfiable: 6518 description: 'WhenUnsatisfiable indicates how to deal 6519 with a pod if it doesn''t satisfy the spread constraint. 6520 - DoNotSchedule (default) tells the scheduler not 6521 to schedule it. - ScheduleAnyway tells the scheduler 6522 to schedule the pod in any location, but giving 6523 higher precedence to topologies that would help 6524 reduce the skew. A constraint is considered "Unsatisfiable" 6525 for an incoming pod if and only if every possible 6526 node assignment for that pod would violate "MaxSkew" 6527 on some topology. For example, in a 3-zone cluster, 6528 MaxSkew is set to 1, and pods with the same labelSelector 6529 spread as 3/1/1: | zone1 | zone2 | zone3 | | P P 6530 P | P | P | If WhenUnsatisfiable is set 6531 to DoNotSchedule, incoming pod can only be scheduled 6532 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) 6533 on zone2(zone3) satisfies MaxSkew(1). In other words, 6534 the cluster can still be imbalanced, but scheduler 6535 won''t make it *more* imbalanced. It''s a required 6536 field.' 6537 type: string 6538 required: 6539 - maxSkew 6540 - topologyKey 6541 - whenUnsatisfiable 6542 type: object 6543 type: array 6544 x-kubernetes-list-map-keys: 6545 - topologyKey 6546 - whenUnsatisfiable 6547 x-kubernetes-list-type: map 6548 volumes: 6549 description: 'List of volumes that can be mounted by containers 6550 belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 6551 items: 6552 description: Volume represents a named volume in a pod 6553 that may be accessed by any container in the pod. 6554 properties: 6555 awsElasticBlockStore: 6556 description: 'awsElasticBlockStore represents an AWS 6557 Disk resource that is attached to a kubelet''s host 6558 machine and then exposed to the pod. More info: 6559 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6560 properties: 6561 fsType: 6562 description: 'fsType is the filesystem type of 6563 the volume that you want to mount. Tip: Ensure 6564 that the filesystem type is supported by the 6565 host operating system. Examples: "ext4", "xfs", 6566 "ntfs". Implicitly inferred to be "ext4" if 6567 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6568 TODO: how do we prevent errors in the filesystem 6569 from compromising the machine' 6570 type: string 6571 partition: 6572 description: 'partition is the partition in the 6573 volume that you want to mount. If omitted, the 6574 default is to mount by volume name. Examples: 6575 For volume /dev/sda1, you specify the partition 6576 as "1". Similarly, the volume partition for 6577 /dev/sda is "0" (or you can leave the property 6578 empty).' 6579 format: int32 6580 type: integer 6581 readOnly: 6582 description: 'readOnly value true will force the 6583 readOnly setting in VolumeMounts. More info: 6584 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6585 type: boolean 6586 volumeID: 6587 description: 'volumeID is unique ID of the persistent 6588 disk resource in AWS (Amazon EBS volume). More 6589 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6590 type: string 6591 required: 6592 - volumeID 6593 type: object 6594 azureDisk: 6595 description: azureDisk represents an Azure Data Disk 6596 mount on the host and bind mount to the pod. 6597 properties: 6598 cachingMode: 6599 description: 'cachingMode is the Host Caching 6600 mode: None, Read Only, Read Write.' 6601 type: string 6602 diskName: 6603 description: diskName is the Name of the data 6604 disk in the blob storage 6605 type: string 6606 diskURI: 6607 description: diskURI is the URI of data disk in 6608 the blob storage 6609 type: string 6610 fsType: 6611 description: fsType is Filesystem type to mount. 6612 Must be a filesystem type supported by the host 6613 operating system. Ex. "ext4", "xfs", "ntfs". 6614 Implicitly inferred to be "ext4" if unspecified. 6615 type: string 6616 kind: 6617 description: 'kind expected values are Shared: 6618 multiple blob disks per storage account Dedicated: 6619 single blob disk per storage account Managed: 6620 azure managed data disk (only in managed availability 6621 set). defaults to shared' 6622 type: string 6623 readOnly: 6624 description: readOnly Defaults to false (read/write). 6625 ReadOnly here will force the ReadOnly setting 6626 in VolumeMounts. 6627 type: boolean 6628 required: 6629 - diskName 6630 - diskURI 6631 type: object 6632 azureFile: 6633 description: azureFile represents an Azure File Service 6634 mount on the host and bind mount to the pod. 6635 properties: 6636 readOnly: 6637 description: readOnly defaults to false (read/write). 6638 ReadOnly here will force the ReadOnly setting 6639 in VolumeMounts. 6640 type: boolean 6641 secretName: 6642 description: secretName is the name of secret 6643 that contains Azure Storage Account Name and 6644 Key 6645 type: string 6646 shareName: 6647 description: shareName is the azure share Name 6648 type: string 6649 required: 6650 - secretName 6651 - shareName 6652 type: object 6653 cephfs: 6654 description: cephFS represents a Ceph FS mount on 6655 the host that shares a pod's lifetime 6656 properties: 6657 monitors: 6658 description: 'monitors is Required: Monitors is 6659 a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6660 items: 6661 type: string 6662 type: array 6663 path: 6664 description: 'path is Optional: Used as the mounted 6665 root, rather than the full Ceph tree, default 6666 is /' 6667 type: string 6668 readOnly: 6669 description: 'readOnly is Optional: Defaults to 6670 false (read/write). ReadOnly here will force 6671 the ReadOnly setting in VolumeMounts. More info: 6672 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6673 type: boolean 6674 secretFile: 6675 description: 'secretFile is Optional: SecretFile 6676 is the path to key ring for User, default is 6677 /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6678 type: string 6679 secretRef: 6680 description: 'secretRef is Optional: SecretRef 6681 is reference to the authentication secret for 6682 User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6683 properties: 6684 name: 6685 description: 'Name of the referent. More info: 6686 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6687 TODO: Add other useful fields. apiVersion, 6688 kind, uid?' 6689 type: string 6690 type: object 6691 x-kubernetes-map-type: atomic 6692 user: 6693 description: 'user is optional: User is the rados 6694 user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6695 type: string 6696 required: 6697 - monitors 6698 type: object 6699 cinder: 6700 description: 'cinder represents a cinder volume attached 6701 and mounted on kubelets host machine. More info: 6702 https://examples.k8s.io/mysql-cinder-pd/README.md' 6703 properties: 6704 fsType: 6705 description: 'fsType is the filesystem type to 6706 mount. Must be a filesystem type supported by 6707 the host operating system. Examples: "ext4", 6708 "xfs", "ntfs". Implicitly inferred to be "ext4" 6709 if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6710 type: string 6711 readOnly: 6712 description: 'readOnly defaults to false (read/write). 6713 ReadOnly here will force the ReadOnly setting 6714 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6715 type: boolean 6716 secretRef: 6717 description: 'secretRef is optional: points to 6718 a secret object containing parameters used to 6719 connect to OpenStack.' 6720 properties: 6721 name: 6722 description: 'Name of the referent. More info: 6723 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6724 TODO: Add other useful fields. apiVersion, 6725 kind, uid?' 6726 type: string 6727 type: object 6728 x-kubernetes-map-type: atomic 6729 volumeID: 6730 description: 'volumeID used to identify the volume 6731 in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6732 type: string 6733 required: 6734 - volumeID 6735 type: object 6736 configMap: 6737 description: configMap represents a configMap that 6738 should populate this volume 6739 properties: 6740 defaultMode: 6741 description: 'defaultMode is optional: mode bits 6742 used to set permissions on created files by 6743 default. Must be an octal value between 0000 6744 and 0777 or a decimal value between 0 and 511. 6745 YAML accepts both octal and decimal values, 6746 JSON requires decimal values for mode bits. 6747 Defaults to 0644. Directories within the path 6748 are not affected by this setting. This might 6749 be in conflict with other options that affect 6750 the file mode, like fsGroup, and the result 6751 can be other mode bits set.' 6752 format: int32 6753 type: integer 6754 items: 6755 description: items if unspecified, each key-value 6756 pair in the Data field of the referenced ConfigMap 6757 will be projected into the volume as a file 6758 whose name is the key and content is the value. 6759 If specified, the listed keys will be projected 6760 into the specified paths, and unlisted keys 6761 will not be present. If a key is specified which 6762 is not present in the ConfigMap, the volume 6763 setup will error unless it is marked optional. 6764 Paths must be relative and may not contain the 6765 '..' path or start with '..'. 6766 items: 6767 description: Maps a string key to a path within 6768 a volume. 6769 properties: 6770 key: 6771 description: key is the key to project. 6772 type: string 6773 mode: 6774 description: 'mode is Optional: mode bits 6775 used to set permissions on this file. 6776 Must be an octal value between 0000 and 6777 0777 or a decimal value between 0 and 6778 511. YAML accepts both octal and decimal 6779 values, JSON requires decimal values for 6780 mode bits. If not specified, the volume 6781 defaultMode will be used. This might be 6782 in conflict with other options that affect 6783 the file mode, like fsGroup, and the result 6784 can be other mode bits set.' 6785 format: int32 6786 type: integer 6787 path: 6788 description: path is the relative path of 6789 the file to map the key to. May not be 6790 an absolute path. May not contain the 6791 path element '..'. May not start with 6792 the string '..'. 6793 type: string 6794 required: 6795 - key 6796 - path 6797 type: object 6798 type: array 6799 name: 6800 description: 'Name of the referent. More info: 6801 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6802 TODO: Add other useful fields. apiVersion, kind, 6803 uid?' 6804 type: string 6805 optional: 6806 description: optional specify whether the ConfigMap 6807 or its keys must be defined 6808 type: boolean 6809 type: object 6810 x-kubernetes-map-type: atomic 6811 csi: 6812 description: csi (Container Storage Interface) represents 6813 ephemeral storage that is handled by certain external 6814 CSI drivers (Beta feature). 6815 properties: 6816 driver: 6817 description: driver is the name of the CSI driver 6818 that handles this volume. Consult with your 6819 admin for the correct name as registered in 6820 the cluster. 6821 type: string 6822 fsType: 6823 description: fsType to mount. Ex. "ext4", "xfs", 6824 "ntfs". If not provided, the empty value is 6825 passed to the associated CSI driver which will 6826 determine the default filesystem to apply. 6827 type: string 6828 nodePublishSecretRef: 6829 description: nodePublishSecretRef is a reference 6830 to the secret object containing sensitive information 6831 to pass to the CSI driver to complete the CSI 6832 NodePublishVolume and NodeUnpublishVolume calls. 6833 This field is optional, and may be empty if 6834 no secret is required. If the secret object 6835 contains more than one secret, all secret references 6836 are passed. 6837 properties: 6838 name: 6839 description: 'Name of the referent. More info: 6840 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6841 TODO: Add other useful fields. apiVersion, 6842 kind, uid?' 6843 type: string 6844 type: object 6845 x-kubernetes-map-type: atomic 6846 readOnly: 6847 description: readOnly specifies a read-only configuration 6848 for the volume. Defaults to false (read/write). 6849 type: boolean 6850 volumeAttributes: 6851 additionalProperties: 6852 type: string 6853 description: volumeAttributes stores driver-specific 6854 properties that are passed to the CSI driver. 6855 Consult your driver's documentation for supported 6856 values. 6857 type: object 6858 required: 6859 - driver 6860 type: object 6861 downwardAPI: 6862 description: downwardAPI represents downward API about 6863 the pod that should populate this volume 6864 properties: 6865 defaultMode: 6866 description: 'Optional: mode bits to use on created 6867 files by default. Must be a Optional: mode bits 6868 used to set permissions on created files by 6869 default. Must be an octal value between 0000 6870 and 0777 or a decimal value between 0 and 511. 6871 YAML accepts both octal and decimal values, 6872 JSON requires decimal values for mode bits. 6873 Defaults to 0644. Directories within the path 6874 are not affected by this setting. This might 6875 be in conflict with other options that affect 6876 the file mode, like fsGroup, and the result 6877 can be other mode bits set.' 6878 format: int32 6879 type: integer 6880 items: 6881 description: Items is a list of downward API volume 6882 file 6883 items: 6884 description: DownwardAPIVolumeFile represents 6885 information to create the file containing 6886 the pod field 6887 properties: 6888 fieldRef: 6889 description: 'Required: Selects a field 6890 of the pod: only annotations, labels, 6891 name and namespace are supported.' 6892 properties: 6893 apiVersion: 6894 description: Version of the schema the 6895 FieldPath is written in terms of, 6896 defaults to "v1". 6897 type: string 6898 fieldPath: 6899 description: Path of the field to select 6900 in the specified API version. 6901 type: string 6902 required: 6903 - fieldPath 6904 type: object 6905 x-kubernetes-map-type: atomic 6906 mode: 6907 description: 'Optional: mode bits used to 6908 set permissions on this file, must be 6909 an octal value between 0000 and 0777 or 6910 a decimal value between 0 and 511. YAML 6911 accepts both octal and decimal values, 6912 JSON requires decimal values for mode 6913 bits. If not specified, the volume defaultMode 6914 will be used. This might be in conflict 6915 with other options that affect the file 6916 mode, like fsGroup, and the result can 6917 be other mode bits set.' 6918 format: int32 6919 type: integer 6920 path: 6921 description: 'Required: Path is the relative 6922 path name of the file to be created. Must 6923 not be absolute or contain the ''..'' 6924 path. Must be utf-8 encoded. The first 6925 item of the relative path must not start 6926 with ''..''' 6927 type: string 6928 resourceFieldRef: 6929 description: 'Selects a resource of the 6930 container: only resources limits and requests 6931 (limits.cpu, limits.memory, requests.cpu 6932 and requests.memory) are currently supported.' 6933 properties: 6934 containerName: 6935 description: 'Container name: required 6936 for volumes, optional for env vars' 6937 type: string 6938 divisor: 6939 anyOf: 6940 - type: integer 6941 - type: string 6942 description: Specifies the output format 6943 of the exposed resources, defaults 6944 to "1" 6945 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6946 x-kubernetes-int-or-string: true 6947 resource: 6948 description: 'Required: resource to 6949 select' 6950 type: string 6951 required: 6952 - resource 6953 type: object 6954 x-kubernetes-map-type: atomic 6955 required: 6956 - path 6957 type: object 6958 type: array 6959 type: object 6960 emptyDir: 6961 description: 'emptyDir represents a temporary directory 6962 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6963 properties: 6964 medium: 6965 description: 'medium represents what type of storage 6966 medium should back this directory. The default 6967 is "" which means to use the node''s default 6968 medium. Must be an empty string (default) or 6969 Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6970 type: string 6971 sizeLimit: 6972 anyOf: 6973 - type: integer 6974 - type: string 6975 description: 'sizeLimit is the total amount of 6976 local storage required for this EmptyDir volume. 6977 The size limit is also applicable for memory 6978 medium. The maximum usage on memory medium EmptyDir 6979 would be the minimum value between the SizeLimit 6980 specified here and the sum of memory limits 6981 of all containers in a pod. The default is nil 6982 which means that the limit is undefined. More 6983 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6984 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6985 x-kubernetes-int-or-string: true 6986 type: object 6987 ephemeral: 6988 description: "ephemeral represents a volume that is 6989 handled by a cluster storage driver. The volume's 6990 lifecycle is tied to the pod that defines it - it 6991 will be created before the pod starts, and deleted 6992 when the pod is removed. \n Use this if: a) the 6993 volume is only needed while the pod runs, b) features 6994 of normal volumes like restoring from snapshot or 6995 capacity tracking are needed, c) the storage driver 6996 is specified through a storage class, and d) the 6997 storage driver supports dynamic volume provisioning 6998 through a PersistentVolumeClaim (see EphemeralVolumeSource 6999 for more information on the connection between this 7000 volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 7001 or one of the vendor-specific APIs for volumes that 7002 persist for longer than the lifecycle of an individual 7003 pod. \n Use CSI for light-weight local ephemeral 7004 volumes if the CSI driver is meant to be used that 7005 way - see the documentation of the driver for more 7006 information. \n A pod can use both types of ephemeral 7007 volumes and persistent volumes at the same time." 7008 properties: 7009 volumeClaimTemplate: 7010 description: "Will be used to create a stand-alone 7011 PVC to provision the volume. The pod in which 7012 this EphemeralVolumeSource is embedded will 7013 be the owner of the PVC, i.e. the PVC will be 7014 deleted together with the pod. The name of 7015 the PVC will be `<pod name>-<volume name>` where 7016 `<volume name>` is the name from the `PodSpec.Volumes` 7017 array entry. Pod validation will reject the 7018 pod if the concatenated name is not valid for 7019 a PVC (for example, too long). \n An existing 7020 PVC with that name that is not owned by the 7021 pod will *not* be used for the pod to avoid 7022 using an unrelated volume by mistake. Starting 7023 the pod is then blocked until the unrelated 7024 PVC is removed. If such a pre-created PVC is 7025 meant to be used by the pod, the PVC has to 7026 updated with an owner reference to the pod once 7027 the pod exists. Normally this should not be 7028 necessary, but it may be useful when manually 7029 reconstructing a broken cluster. \n This field 7030 is read-only and no changes will be made by 7031 Kubernetes to the PVC after it has been created. 7032 \n Required, must not be nil." 7033 properties: 7034 metadata: 7035 description: May contain labels and annotations 7036 that will be copied into the PVC when creating 7037 it. No other fields are allowed and will 7038 be rejected during validation. 7039 properties: 7040 annotations: 7041 additionalProperties: 7042 type: string 7043 type: object 7044 finalizers: 7045 items: 7046 type: string 7047 type: array 7048 labels: 7049 additionalProperties: 7050 type: string 7051 type: object 7052 name: 7053 type: string 7054 namespace: 7055 type: string 7056 type: object 7057 spec: 7058 description: The specification for the PersistentVolumeClaim. 7059 The entire content is copied unchanged into 7060 the PVC that gets created from this template. 7061 The same fields as in a PersistentVolumeClaim 7062 are also valid here. 7063 properties: 7064 accessModes: 7065 description: 'accessModes contains the 7066 desired access modes the volume should 7067 have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 7068 items: 7069 type: string 7070 type: array 7071 dataSource: 7072 description: 'dataSource field can be 7073 used to specify either: * An existing 7074 VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 7075 * An existing PVC (PersistentVolumeClaim) 7076 If the provisioner or an external controller 7077 can support the specified data source, 7078 it will create a new volume based on 7079 the contents of the specified data source. 7080 When the AnyVolumeDataSource feature 7081 gate is enabled, dataSource contents 7082 will be copied to dataSourceRef, and 7083 dataSourceRef contents will be copied 7084 to dataSource when dataSourceRef.namespace 7085 is not specified. If the namespace is 7086 specified, then dataSourceRef will not 7087 be copied to dataSource.' 7088 properties: 7089 apiGroup: 7090 description: APIGroup is the group 7091 for the resource being referenced. 7092 If APIGroup is not specified, the 7093 specified Kind must be in the core 7094 API group. For any other third-party 7095 types, APIGroup is required. 7096 type: string 7097 kind: 7098 description: Kind is the type of resource 7099 being referenced 7100 type: string 7101 name: 7102 description: Name is the name of resource 7103 being referenced 7104 type: string 7105 required: 7106 - kind 7107 - name 7108 type: object 7109 x-kubernetes-map-type: atomic 7110 dataSourceRef: 7111 description: 'dataSourceRef specifies 7112 the object from which to populate the 7113 volume with data, if a non-empty volume 7114 is desired. This may be any object from 7115 a non-empty API group (non core object) 7116 or a PersistentVolumeClaim object. When 7117 this field is specified, volume binding 7118 will only succeed if the type of the 7119 specified object matches some installed 7120 volume populator or dynamic provisioner. 7121 This field will replace the functionality 7122 of the dataSource field and as such 7123 if both fields are non-empty, they must 7124 have the same value. For backwards compatibility, 7125 when namespace isn''t specified in dataSourceRef, 7126 both fields (dataSource and dataSourceRef) 7127 will be set to the same value automatically 7128 if one of them is empty and the other 7129 is non-empty. When namespace is specified 7130 in dataSourceRef, dataSource isn''t 7131 set to the same value and must be empty. 7132 There are three important differences 7133 between dataSource and dataSourceRef: 7134 * While dataSource only allows two specific 7135 types of objects, dataSourceRef allows 7136 any non-core object, as well as PersistentVolumeClaim 7137 objects. * While dataSource ignores 7138 disallowed values (dropping them), dataSourceRef 7139 preserves all values, and generates 7140 an error if a disallowed value is specified. 7141 * While dataSource only allows local 7142 objects, dataSourceRef allows objects 7143 in any namespaces. (Beta) Using this 7144 field requires the AnyVolumeDataSource 7145 feature gate to be enabled. (Alpha) 7146 Using the namespace field of dataSourceRef 7147 requires the CrossNamespaceVolumeDataSource 7148 feature gate to be enabled.' 7149 properties: 7150 apiGroup: 7151 description: APIGroup is the group 7152 for the resource being referenced. 7153 If APIGroup is not specified, the 7154 specified Kind must be in the core 7155 API group. For any other third-party 7156 types, APIGroup is required. 7157 type: string 7158 kind: 7159 description: Kind is the type of resource 7160 being referenced 7161 type: string 7162 name: 7163 description: Name is the name of resource 7164 being referenced 7165 type: string 7166 namespace: 7167 description: Namespace is the namespace 7168 of resource being referenced Note 7169 that when a namespace is specified, 7170 a gateway.networking.k8s.io/ReferenceGrant 7171 object is required in the referent 7172 namespace to allow that namespace's 7173 owner to accept the reference. See 7174 the ReferenceGrant documentation 7175 for details. (Alpha) This field 7176 requires the CrossNamespaceVolumeDataSource 7177 feature gate to be enabled. 7178 type: string 7179 required: 7180 - kind 7181 - name 7182 type: object 7183 resources: 7184 description: 'resources represents the 7185 minimum resources the volume should 7186 have. If RecoverVolumeExpansionFailure 7187 feature is enabled users are allowed 7188 to specify resource requirements that 7189 are lower than previous value but must 7190 still be higher than capacity recorded 7191 in the status field of the claim. More 7192 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 7193 properties: 7194 claims: 7195 description: "Claims lists the names 7196 of resources, defined in spec.resourceClaims, 7197 that are used by this container. 7198 \n This is an alpha field and requires 7199 enabling the DynamicResourceAllocation 7200 feature gate. \n This field is immutable. 7201 It can only be set for containers." 7202 items: 7203 description: ResourceClaim references 7204 one entry in PodSpec.ResourceClaims. 7205 properties: 7206 name: 7207 description: Name must match 7208 the name of one entry in pod.spec.resourceClaims 7209 of the Pod where this field 7210 is used. It makes that resource 7211 available inside a container. 7212 type: string 7213 required: 7214 - name 7215 type: object 7216 type: array 7217 x-kubernetes-list-map-keys: 7218 - name 7219 x-kubernetes-list-type: map 7220 limits: 7221 additionalProperties: 7222 anyOf: 7223 - type: integer 7224 - type: string 7225 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7226 x-kubernetes-int-or-string: true 7227 description: 'Limits describes the 7228 maximum amount of compute resources 7229 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7230 type: object 7231 requests: 7232 additionalProperties: 7233 anyOf: 7234 - type: integer 7235 - type: string 7236 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7237 x-kubernetes-int-or-string: true 7238 description: 'Requests describes the 7239 minimum amount of compute resources 7240 required. If Requests is omitted 7241 for a container, it defaults to 7242 Limits if that is explicitly specified, 7243 otherwise to an implementation-defined 7244 value. Requests cannot exceed Limits. 7245 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7246 type: object 7247 type: object 7248 selector: 7249 description: selector is a label query 7250 over volumes to consider for binding. 7251 properties: 7252 matchExpressions: 7253 description: matchExpressions is a 7254 list of label selector requirements. 7255 The requirements are ANDed. 7256 items: 7257 description: A label selector requirement 7258 is a selector that contains values, 7259 a key, and an operator that relates 7260 the key and values. 7261 properties: 7262 key: 7263 description: key is the label 7264 key that the selector applies 7265 to. 7266 type: string 7267 operator: 7268 description: operator represents 7269 a key's relationship to a 7270 set of values. Valid operators 7271 are In, NotIn, Exists and 7272 DoesNotExist. 7273 type: string 7274 values: 7275 description: values is an array 7276 of string values. If the operator 7277 is In or NotIn, the values 7278 array must be non-empty. If 7279 the operator is Exists or 7280 DoesNotExist, the values array 7281 must be empty. This array 7282 is replaced during a strategic 7283 merge patch. 7284 items: 7285 type: string 7286 type: array 7287 required: 7288 - key 7289 - operator 7290 type: object 7291 type: array 7292 matchLabels: 7293 additionalProperties: 7294 type: string 7295 description: matchLabels is a map 7296 of {key,value} pairs. A single {key,value} 7297 in the matchLabels map is equivalent 7298 to an element of matchExpressions, 7299 whose key field is "key", the operator 7300 is "In", and the values array contains 7301 only "value". The requirements are 7302 ANDed. 7303 type: object 7304 type: object 7305 x-kubernetes-map-type: atomic 7306 storageClassName: 7307 description: 'storageClassName is the 7308 name of the StorageClass required by 7309 the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 7310 type: string 7311 volumeMode: 7312 description: volumeMode defines what type 7313 of volume is required by the claim. 7314 Value of Filesystem is implied when 7315 not included in claim spec. 7316 type: string 7317 volumeName: 7318 description: volumeName is the binding 7319 reference to the PersistentVolume backing 7320 this claim. 7321 type: string 7322 type: object 7323 required: 7324 - spec 7325 type: object 7326 type: object 7327 fc: 7328 description: fc represents a Fibre Channel resource 7329 that is attached to a kubelet's host machine and 7330 then exposed to the pod. 7331 properties: 7332 fsType: 7333 description: 'fsType is the filesystem type to 7334 mount. Must be a filesystem type supported by 7335 the host operating system. Ex. "ext4", "xfs", 7336 "ntfs". Implicitly inferred to be "ext4" if 7337 unspecified. TODO: how do we prevent errors 7338 in the filesystem from compromising the machine' 7339 type: string 7340 lun: 7341 description: 'lun is Optional: FC target lun number' 7342 format: int32 7343 type: integer 7344 readOnly: 7345 description: 'readOnly is Optional: Defaults to 7346 false (read/write). ReadOnly here will force 7347 the ReadOnly setting in VolumeMounts.' 7348 type: boolean 7349 targetWWNs: 7350 description: 'targetWWNs is Optional: FC target 7351 worldwide names (WWNs)' 7352 items: 7353 type: string 7354 type: array 7355 wwids: 7356 description: 'wwids Optional: FC volume world 7357 wide identifiers (wwids) Either wwids or combination 7358 of targetWWNs and lun must be set, but not both 7359 simultaneously.' 7360 items: 7361 type: string 7362 type: array 7363 type: object 7364 flexVolume: 7365 description: flexVolume represents a generic volume 7366 resource that is provisioned/attached using an exec 7367 based plugin. 7368 properties: 7369 driver: 7370 description: driver is the name of the driver 7371 to use for this volume. 7372 type: string 7373 fsType: 7374 description: fsType is the filesystem type to 7375 mount. Must be a filesystem type supported by 7376 the host operating system. Ex. "ext4", "xfs", 7377 "ntfs". The default filesystem depends on FlexVolume 7378 script. 7379 type: string 7380 options: 7381 additionalProperties: 7382 type: string 7383 description: 'options is Optional: this field 7384 holds extra command options if any.' 7385 type: object 7386 readOnly: 7387 description: 'readOnly is Optional: defaults to 7388 false (read/write). ReadOnly here will force 7389 the ReadOnly setting in VolumeMounts.' 7390 type: boolean 7391 secretRef: 7392 description: 'secretRef is Optional: secretRef 7393 is reference to the secret object containing 7394 sensitive information to pass to the plugin 7395 scripts. This may be empty if no secret object 7396 is specified. If the secret object contains 7397 more than one secret, all secrets are passed 7398 to the plugin scripts.' 7399 properties: 7400 name: 7401 description: 'Name of the referent. More info: 7402 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7403 TODO: Add other useful fields. apiVersion, 7404 kind, uid?' 7405 type: string 7406 type: object 7407 x-kubernetes-map-type: atomic 7408 required: 7409 - driver 7410 type: object 7411 flocker: 7412 description: flocker represents a Flocker volume attached 7413 to a kubelet's host machine. This depends on the 7414 Flocker control service being running 7415 properties: 7416 datasetName: 7417 description: datasetName is Name of the dataset 7418 stored as metadata -> name on the dataset for 7419 Flocker should be considered as deprecated 7420 type: string 7421 datasetUUID: 7422 description: datasetUUID is the UUID of the dataset. 7423 This is unique identifier of a Flocker dataset 7424 type: string 7425 type: object 7426 gcePersistentDisk: 7427 description: 'gcePersistentDisk represents a GCE Disk 7428 resource that is attached to a kubelet''s host machine 7429 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7430 properties: 7431 fsType: 7432 description: 'fsType is filesystem type of the 7433 volume that you want to mount. Tip: Ensure that 7434 the filesystem type is supported by the host 7435 operating system. Examples: "ext4", "xfs", "ntfs". 7436 Implicitly inferred to be "ext4" if unspecified. 7437 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 7438 TODO: how do we prevent errors in the filesystem 7439 from compromising the machine' 7440 type: string 7441 partition: 7442 description: 'partition is the partition in the 7443 volume that you want to mount. If omitted, the 7444 default is to mount by volume name. Examples: 7445 For volume /dev/sda1, you specify the partition 7446 as "1". Similarly, the volume partition for 7447 /dev/sda is "0" (or you can leave the property 7448 empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7449 format: int32 7450 type: integer 7451 pdName: 7452 description: 'pdName is unique name of the PD 7453 resource in GCE. Used to identify the disk in 7454 GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7455 type: string 7456 readOnly: 7457 description: 'readOnly here will force the ReadOnly 7458 setting in VolumeMounts. Defaults to false. 7459 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7460 type: boolean 7461 required: 7462 - pdName 7463 type: object 7464 gitRepo: 7465 description: 'gitRepo represents a git repository 7466 at a particular revision. DEPRECATED: GitRepo is 7467 deprecated. To provision a container with a git 7468 repo, mount an EmptyDir into an InitContainer that 7469 clones the repo using git, then mount the EmptyDir 7470 into the Pod''s container.' 7471 properties: 7472 directory: 7473 description: directory is the target directory 7474 name. Must not contain or start with '..'. If 7475 '.' is supplied, the volume directory will be 7476 the git repository. Otherwise, if specified, 7477 the volume will contain the git repository in 7478 the subdirectory with the given name. 7479 type: string 7480 repository: 7481 description: repository is the URL 7482 type: string 7483 revision: 7484 description: revision is the commit hash for the 7485 specified revision. 7486 type: string 7487 required: 7488 - repository 7489 type: object 7490 glusterfs: 7491 description: 'glusterfs represents a Glusterfs mount 7492 on the host that shares a pod''s lifetime. More 7493 info: https://examples.k8s.io/volumes/glusterfs/README.md' 7494 properties: 7495 endpoints: 7496 description: 'endpoints is the endpoint name that 7497 details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7498 type: string 7499 path: 7500 description: 'path is the Glusterfs volume path. 7501 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7502 type: string 7503 readOnly: 7504 description: 'readOnly here will force the Glusterfs 7505 volume to be mounted with read-only permissions. 7506 Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7507 type: boolean 7508 required: 7509 - endpoints 7510 - path 7511 type: object 7512 hostPath: 7513 description: 'hostPath represents a pre-existing file 7514 or directory on the host machine that is directly 7515 exposed to the container. This is generally used 7516 for system agents or other privileged things that 7517 are allowed to see the host machine. Most containers 7518 will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 7519 --- TODO(jonesdl) We need to restrict who can use 7520 host directory mounts and who can/can not mount 7521 host directories as read/write.' 7522 properties: 7523 path: 7524 description: 'path of the directory on the host. 7525 If the path is a symlink, it will follow the 7526 link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 7527 type: string 7528 type: 7529 description: 'type for HostPath Volume Defaults 7530 to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 7531 type: string 7532 required: 7533 - path 7534 type: object 7535 iscsi: 7536 description: 'iscsi represents an ISCSI Disk resource 7537 that is attached to a kubelet''s host machine and 7538 then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 7539 properties: 7540 chapAuthDiscovery: 7541 description: chapAuthDiscovery defines whether 7542 support iSCSI Discovery CHAP authentication 7543 type: boolean 7544 chapAuthSession: 7545 description: chapAuthSession defines whether support 7546 iSCSI Session CHAP authentication 7547 type: boolean 7548 fsType: 7549 description: 'fsType is the filesystem type of 7550 the volume that you want to mount. Tip: Ensure 7551 that the filesystem type is supported by the 7552 host operating system. Examples: "ext4", "xfs", 7553 "ntfs". Implicitly inferred to be "ext4" if 7554 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 7555 TODO: how do we prevent errors in the filesystem 7556 from compromising the machine' 7557 type: string 7558 initiatorName: 7559 description: initiatorName is the custom iSCSI 7560 Initiator Name. If initiatorName is specified 7561 with iscsiInterface simultaneously, new iSCSI 7562 interface <target portal>:<volume name> will 7563 be created for the connection. 7564 type: string 7565 iqn: 7566 description: iqn is the target iSCSI Qualified 7567 Name. 7568 type: string 7569 iscsiInterface: 7570 description: iscsiInterface is the interface Name 7571 that uses an iSCSI transport. Defaults to 'default' 7572 (tcp). 7573 type: string 7574 lun: 7575 description: lun represents iSCSI Target Lun number. 7576 format: int32 7577 type: integer 7578 portals: 7579 description: portals is the iSCSI Target Portal 7580 List. The portal is either an IP or ip_addr:port 7581 if the port is other than default (typically 7582 TCP ports 860 and 3260). 7583 items: 7584 type: string 7585 type: array 7586 readOnly: 7587 description: readOnly here will force the ReadOnly 7588 setting in VolumeMounts. Defaults to false. 7589 type: boolean 7590 secretRef: 7591 description: secretRef is the CHAP Secret for 7592 iSCSI target and initiator authentication 7593 properties: 7594 name: 7595 description: 'Name of the referent. More info: 7596 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7597 TODO: Add other useful fields. apiVersion, 7598 kind, uid?' 7599 type: string 7600 type: object 7601 x-kubernetes-map-type: atomic 7602 targetPortal: 7603 description: targetPortal is iSCSI Target Portal. 7604 The Portal is either an IP or ip_addr:port if 7605 the port is other than default (typically TCP 7606 ports 860 and 3260). 7607 type: string 7608 required: 7609 - iqn 7610 - lun 7611 - targetPortal 7612 type: object 7613 name: 7614 description: 'name of the volume. Must be a DNS_LABEL 7615 and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 7616 type: string 7617 nfs: 7618 description: 'nfs represents an NFS mount on the host 7619 that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7620 properties: 7621 path: 7622 description: 'path that is exported by the NFS 7623 server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7624 type: string 7625 readOnly: 7626 description: 'readOnly here will force the NFS 7627 export to be mounted with read-only permissions. 7628 Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7629 type: boolean 7630 server: 7631 description: 'server is the hostname or IP address 7632 of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7633 type: string 7634 required: 7635 - path 7636 - server 7637 type: object 7638 persistentVolumeClaim: 7639 description: 'persistentVolumeClaimVolumeSource represents 7640 a reference to a PersistentVolumeClaim in the same 7641 namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7642 properties: 7643 claimName: 7644 description: 'claimName is the name of a PersistentVolumeClaim 7645 in the same namespace as the pod using this 7646 volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7647 type: string 7648 readOnly: 7649 description: readOnly Will force the ReadOnly 7650 setting in VolumeMounts. Default false. 7651 type: boolean 7652 required: 7653 - claimName 7654 type: object 7655 photonPersistentDisk: 7656 description: photonPersistentDisk represents a PhotonController 7657 persistent disk attached and mounted on kubelets 7658 host machine 7659 properties: 7660 fsType: 7661 description: fsType is the filesystem type to 7662 mount. Must be a filesystem type supported by 7663 the host operating system. Ex. "ext4", "xfs", 7664 "ntfs". Implicitly inferred to be "ext4" if 7665 unspecified. 7666 type: string 7667 pdID: 7668 description: pdID is the ID that identifies Photon 7669 Controller persistent disk 7670 type: string 7671 required: 7672 - pdID 7673 type: object 7674 portworxVolume: 7675 description: portworxVolume represents a portworx 7676 volume attached and mounted on kubelets host machine 7677 properties: 7678 fsType: 7679 description: fSType represents the filesystem 7680 type to mount Must be a filesystem type supported 7681 by the host operating system. Ex. "ext4", "xfs". 7682 Implicitly inferred to be "ext4" if unspecified. 7683 type: string 7684 readOnly: 7685 description: readOnly defaults to false (read/write). 7686 ReadOnly here will force the ReadOnly setting 7687 in VolumeMounts. 7688 type: boolean 7689 volumeID: 7690 description: volumeID uniquely identifies a Portworx 7691 volume 7692 type: string 7693 required: 7694 - volumeID 7695 type: object 7696 projected: 7697 description: projected items for all in one resources 7698 secrets, configmaps, and downward API 7699 properties: 7700 defaultMode: 7701 description: defaultMode are the mode bits used 7702 to set permissions on created files by default. 7703 Must be an octal value between 0000 and 0777 7704 or a decimal value between 0 and 511. YAML accepts 7705 both octal and decimal values, JSON requires 7706 decimal values for mode bits. Directories within 7707 the path are not affected by this setting. This 7708 might be in conflict with other options that 7709 affect the file mode, like fsGroup, and the 7710 result can be other mode bits set. 7711 format: int32 7712 type: integer 7713 sources: 7714 description: sources is the list of volume projections 7715 items: 7716 description: Projection that may be projected 7717 along with other supported volume types 7718 properties: 7719 configMap: 7720 description: configMap information about 7721 the configMap data to project 7722 properties: 7723 items: 7724 description: items if unspecified, each 7725 key-value pair in the Data field of 7726 the referenced ConfigMap will be projected 7727 into the volume as a file whose name 7728 is the key and content is the value. 7729 If specified, the listed keys will 7730 be projected into the specified paths, 7731 and unlisted keys will not be present. 7732 If a key is specified which is not 7733 present in the ConfigMap, the volume 7734 setup will error unless it is marked 7735 optional. Paths must be relative and 7736 may not contain the '..' path or start 7737 with '..'. 7738 items: 7739 description: Maps a string key to 7740 a path within a volume. 7741 properties: 7742 key: 7743 description: key is the key to 7744 project. 7745 type: string 7746 mode: 7747 description: 'mode is Optional: 7748 mode bits used to set permissions 7749 on this file. Must be an octal 7750 value between 0000 and 0777 7751 or a decimal value between 0 7752 and 511. YAML accepts both octal 7753 and decimal values, JSON requires 7754 decimal values for mode bits. 7755 If not specified, the volume 7756 defaultMode will be used. This 7757 might be in conflict with other 7758 options that affect the file 7759 mode, like fsGroup, and the 7760 result can be other mode bits 7761 set.' 7762 format: int32 7763 type: integer 7764 path: 7765 description: path is the relative 7766 path of the file to map the 7767 key to. May not be an absolute 7768 path. May not contain the path 7769 element '..'. May not start 7770 with the string '..'. 7771 type: string 7772 required: 7773 - key 7774 - path 7775 type: object 7776 type: array 7777 name: 7778 description: 'Name of the referent. 7779 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7780 TODO: Add other useful fields. apiVersion, 7781 kind, uid?' 7782 type: string 7783 optional: 7784 description: optional specify whether 7785 the ConfigMap or its keys must be 7786 defined 7787 type: boolean 7788 type: object 7789 x-kubernetes-map-type: atomic 7790 downwardAPI: 7791 description: downwardAPI information about 7792 the downwardAPI data to project 7793 properties: 7794 items: 7795 description: Items is a list of DownwardAPIVolume 7796 file 7797 items: 7798 description: DownwardAPIVolumeFile 7799 represents information to create 7800 the file containing the pod field 7801 properties: 7802 fieldRef: 7803 description: 'Required: Selects 7804 a field of the pod: only annotations, 7805 labels, name and namespace are 7806 supported.' 7807 properties: 7808 apiVersion: 7809 description: Version of the 7810 schema the FieldPath is 7811 written in terms of, defaults 7812 to "v1". 7813 type: string 7814 fieldPath: 7815 description: Path of the field 7816 to select in the specified 7817 API version. 7818 type: string 7819 required: 7820 - fieldPath 7821 type: object 7822 x-kubernetes-map-type: atomic 7823 mode: 7824 description: 'Optional: mode bits 7825 used to set permissions on this 7826 file, must be an octal value 7827 between 0000 and 0777 or a decimal 7828 value between 0 and 511. YAML 7829 accepts both octal and decimal 7830 values, JSON requires decimal 7831 values for mode bits. If not 7832 specified, the volume defaultMode 7833 will be used. This might be 7834 in conflict with other options 7835 that affect the file mode, like 7836 fsGroup, and the result can 7837 be other mode bits set.' 7838 format: int32 7839 type: integer 7840 path: 7841 description: 'Required: Path is the 7842 relative path name of the file 7843 to be created. Must not be absolute 7844 or contain the ''..'' path. 7845 Must be utf-8 encoded. The first 7846 item of the relative path must 7847 not start with ''..''' 7848 type: string 7849 resourceFieldRef: 7850 description: 'Selects a resource 7851 of the container: only resources 7852 limits and requests (limits.cpu, 7853 limits.memory, requests.cpu 7854 and requests.memory) are currently 7855 supported.' 7856 properties: 7857 containerName: 7858 description: 'Container name: 7859 required for volumes, optional 7860 for env vars' 7861 type: string 7862 divisor: 7863 anyOf: 7864 - type: integer 7865 - type: string 7866 description: Specifies the 7867 output format of the exposed 7868 resources, defaults to "1" 7869 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7870 x-kubernetes-int-or-string: true 7871 resource: 7872 description: 'Required: resource 7873 to select' 7874 type: string 7875 required: 7876 - resource 7877 type: object 7878 x-kubernetes-map-type: atomic 7879 required: 7880 - path 7881 type: object 7882 type: array 7883 type: object 7884 secret: 7885 description: secret information about the 7886 secret data to project 7887 properties: 7888 items: 7889 description: items if unspecified, each 7890 key-value pair in the Data field of 7891 the referenced Secret will be projected 7892 into the volume as a file whose name 7893 is the key and content is the value. 7894 If specified, the listed keys will 7895 be projected into the specified paths, 7896 and unlisted keys will not be present. 7897 If a key is specified which is not 7898 present in the Secret, the volume 7899 setup will error unless it is marked 7900 optional. Paths must be relative and 7901 may not contain the '..' path or start 7902 with '..'. 7903 items: 7904 description: Maps a string key to 7905 a path within a volume. 7906 properties: 7907 key: 7908 description: key is the key to 7909 project. 7910 type: string 7911 mode: 7912 description: 'mode is Optional: 7913 mode bits used to set permissions 7914 on this file. Must be an octal 7915 value between 0000 and 0777 7916 or a decimal value between 0 7917 and 511. YAML accepts both octal 7918 and decimal values, JSON requires 7919 decimal values for mode bits. 7920 If not specified, the volume 7921 defaultMode will be used. This 7922 might be in conflict with other 7923 options that affect the file 7924 mode, like fsGroup, and the 7925 result can be other mode bits 7926 set.' 7927 format: int32 7928 type: integer 7929 path: 7930 description: path is the relative 7931 path of the file to map the 7932 key to. May not be an absolute 7933 path. May not contain the path 7934 element '..'. May not start 7935 with the string '..'. 7936 type: string 7937 required: 7938 - key 7939 - path 7940 type: object 7941 type: array 7942 name: 7943 description: 'Name of the referent. 7944 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7945 TODO: Add other useful fields. apiVersion, 7946 kind, uid?' 7947 type: string 7948 optional: 7949 description: optional field specify 7950 whether the Secret or its key must 7951 be defined 7952 type: boolean 7953 type: object 7954 x-kubernetes-map-type: atomic 7955 serviceAccountToken: 7956 description: serviceAccountToken is information 7957 about the serviceAccountToken data to 7958 project 7959 properties: 7960 audience: 7961 description: audience is the intended 7962 audience of the token. A recipient 7963 of a token must identify itself with 7964 an identifier specified in the audience 7965 of the token, and otherwise should 7966 reject the token. The audience defaults 7967 to the identifier of the apiserver. 7968 type: string 7969 expirationSeconds: 7970 description: expirationSeconds is the 7971 requested duration of validity of 7972 the service account token. As the 7973 token approaches expiration, the kubelet 7974 volume plugin will proactively rotate 7975 the service account token. The kubelet 7976 will start trying to rotate the token 7977 if the token is older than 80 percent 7978 of its time to live or if the token 7979 is older than 24 hours.Defaults to 7980 1 hour and must be at least 10 minutes. 7981 format: int64 7982 type: integer 7983 path: 7984 description: path is the path relative 7985 to the mount point of the file to 7986 project the token into. 7987 type: string 7988 required: 7989 - path 7990 type: object 7991 type: object 7992 type: array 7993 type: object 7994 quobyte: 7995 description: quobyte represents a Quobyte mount on 7996 the host that shares a pod's lifetime 7997 properties: 7998 group: 7999 description: group to map volume access to Default 8000 is no group 8001 type: string 8002 readOnly: 8003 description: readOnly here will force the Quobyte 8004 volume to be mounted with read-only permissions. 8005 Defaults to false. 8006 type: boolean 8007 registry: 8008 description: registry represents a single or multiple 8009 Quobyte Registry services specified as a string 8010 as host:port pair (multiple entries are separated 8011 with commas) which acts as the central registry 8012 for volumes 8013 type: string 8014 tenant: 8015 description: tenant owning the given Quobyte volume 8016 in the Backend Used with dynamically provisioned 8017 Quobyte volumes, value is set by the plugin 8018 type: string 8019 user: 8020 description: user to map volume access to Defaults 8021 to serivceaccount user 8022 type: string 8023 volume: 8024 description: volume is a string that references 8025 an already created Quobyte volume by name. 8026 type: string 8027 required: 8028 - registry 8029 - volume 8030 type: object 8031 rbd: 8032 description: 'rbd represents a Rados Block Device 8033 mount on the host that shares a pod''s lifetime. 8034 More info: https://examples.k8s.io/volumes/rbd/README.md' 8035 properties: 8036 fsType: 8037 description: 'fsType is the filesystem type of 8038 the volume that you want to mount. Tip: Ensure 8039 that the filesystem type is supported by the 8040 host operating system. Examples: "ext4", "xfs", 8041 "ntfs". Implicitly inferred to be "ext4" if 8042 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 8043 TODO: how do we prevent errors in the filesystem 8044 from compromising the machine' 8045 type: string 8046 image: 8047 description: 'image is the rados image name. More 8048 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8049 type: string 8050 keyring: 8051 description: 'keyring is the path to key ring 8052 for RBDUser. Default is /etc/ceph/keyring. More 8053 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8054 type: string 8055 monitors: 8056 description: 'monitors is a collection of Ceph 8057 monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8058 items: 8059 type: string 8060 type: array 8061 pool: 8062 description: 'pool is the rados pool name. Default 8063 is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8064 type: string 8065 readOnly: 8066 description: 'readOnly here will force the ReadOnly 8067 setting in VolumeMounts. Defaults to false. 8068 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8069 type: boolean 8070 secretRef: 8071 description: 'secretRef is name of the authentication 8072 secret for RBDUser. If provided overrides keyring. 8073 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8074 properties: 8075 name: 8076 description: 'Name of the referent. More info: 8077 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8078 TODO: Add other useful fields. apiVersion, 8079 kind, uid?' 8080 type: string 8081 type: object 8082 x-kubernetes-map-type: atomic 8083 user: 8084 description: 'user is the rados user name. Default 8085 is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8086 type: string 8087 required: 8088 - image 8089 - monitors 8090 type: object 8091 scaleIO: 8092 description: scaleIO represents a ScaleIO persistent 8093 volume attached and mounted on Kubernetes nodes. 8094 properties: 8095 fsType: 8096 description: fsType is the filesystem type to 8097 mount. Must be a filesystem type supported by 8098 the host operating system. Ex. "ext4", "xfs", 8099 "ntfs". Default is "xfs". 8100 type: string 8101 gateway: 8102 description: gateway is the host address of the 8103 ScaleIO API Gateway. 8104 type: string 8105 protectionDomain: 8106 description: protectionDomain is the name of the 8107 ScaleIO Protection Domain for the configured 8108 storage. 8109 type: string 8110 readOnly: 8111 description: readOnly Defaults to false (read/write). 8112 ReadOnly here will force the ReadOnly setting 8113 in VolumeMounts. 8114 type: boolean 8115 secretRef: 8116 description: secretRef references to the secret 8117 for ScaleIO user and other sensitive information. 8118 If this is not provided, Login operation will 8119 fail. 8120 properties: 8121 name: 8122 description: 'Name of the referent. More info: 8123 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8124 TODO: Add other useful fields. apiVersion, 8125 kind, uid?' 8126 type: string 8127 type: object 8128 x-kubernetes-map-type: atomic 8129 sslEnabled: 8130 description: sslEnabled Flag enable/disable SSL 8131 communication with Gateway, default false 8132 type: boolean 8133 storageMode: 8134 description: storageMode indicates whether the 8135 storage for a volume should be ThickProvisioned 8136 or ThinProvisioned. Default is ThinProvisioned. 8137 type: string 8138 storagePool: 8139 description: storagePool is the ScaleIO Storage 8140 Pool associated with the protection domain. 8141 type: string 8142 system: 8143 description: system is the name of the storage 8144 system as configured in ScaleIO. 8145 type: string 8146 volumeName: 8147 description: volumeName is the name of a volume 8148 already created in the ScaleIO system that is 8149 associated with this volume source. 8150 type: string 8151 required: 8152 - gateway 8153 - secretRef 8154 - system 8155 type: object 8156 secret: 8157 description: 'secret represents a secret that should 8158 populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 8159 properties: 8160 defaultMode: 8161 description: 'defaultMode is Optional: mode bits 8162 used to set permissions on created files by 8163 default. Must be an octal value between 0000 8164 and 0777 or a decimal value between 0 and 511. 8165 YAML accepts both octal and decimal values, 8166 JSON requires decimal values for mode bits. 8167 Defaults to 0644. Directories within the path 8168 are not affected by this setting. This might 8169 be in conflict with other options that affect 8170 the file mode, like fsGroup, and the result 8171 can be other mode bits set.' 8172 format: int32 8173 type: integer 8174 items: 8175 description: items If unspecified, each key-value 8176 pair in the Data field of the referenced Secret 8177 will be projected into the volume as a file 8178 whose name is the key and content is the value. 8179 If specified, the listed keys will be projected 8180 into the specified paths, and unlisted keys 8181 will not be present. If a key is specified which 8182 is not present in the Secret, the volume setup 8183 will error unless it is marked optional. Paths 8184 must be relative and may not contain the '..' 8185 path or start with '..'. 8186 items: 8187 description: Maps a string key to a path within 8188 a volume. 8189 properties: 8190 key: 8191 description: key is the key to project. 8192 type: string 8193 mode: 8194 description: 'mode is Optional: mode bits 8195 used to set permissions on this file. 8196 Must be an octal value between 0000 and 8197 0777 or a decimal value between 0 and 8198 511. YAML accepts both octal and decimal 8199 values, JSON requires decimal values for 8200 mode bits. If not specified, the volume 8201 defaultMode will be used. This might be 8202 in conflict with other options that affect 8203 the file mode, like fsGroup, and the result 8204 can be other mode bits set.' 8205 format: int32 8206 type: integer 8207 path: 8208 description: path is the relative path of 8209 the file to map the key to. May not be 8210 an absolute path. May not contain the 8211 path element '..'. May not start with 8212 the string '..'. 8213 type: string 8214 required: 8215 - key 8216 - path 8217 type: object 8218 type: array 8219 optional: 8220 description: optional field specify whether the 8221 Secret or its keys must be defined 8222 type: boolean 8223 secretName: 8224 description: 'secretName is the name of the secret 8225 in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 8226 type: string 8227 type: object 8228 storageos: 8229 description: storageOS represents a StorageOS volume 8230 attached and mounted on Kubernetes nodes. 8231 properties: 8232 fsType: 8233 description: fsType is the filesystem type to 8234 mount. Must be a filesystem type supported by 8235 the host operating system. Ex. "ext4", "xfs", 8236 "ntfs". Implicitly inferred to be "ext4" if 8237 unspecified. 8238 type: string 8239 readOnly: 8240 description: readOnly defaults to false (read/write). 8241 ReadOnly here will force the ReadOnly setting 8242 in VolumeMounts. 8243 type: boolean 8244 secretRef: 8245 description: secretRef specifies the secret to 8246 use for obtaining the StorageOS API credentials. If 8247 not specified, default values will be attempted. 8248 properties: 8249 name: 8250 description: 'Name of the referent. More info: 8251 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8252 TODO: Add other useful fields. apiVersion, 8253 kind, uid?' 8254 type: string 8255 type: object 8256 x-kubernetes-map-type: atomic 8257 volumeName: 8258 description: volumeName is the human-readable 8259 name of the StorageOS volume. Volume names 8260 are only unique within a namespace. 8261 type: string 8262 volumeNamespace: 8263 description: volumeNamespace specifies the scope 8264 of the volume within StorageOS. If no namespace 8265 is specified then the Pod's namespace will be 8266 used. This allows the Kubernetes name scoping 8267 to be mirrored within StorageOS for tighter 8268 integration. Set VolumeName to any name to override 8269 the default behaviour. Set to "default" if you 8270 are not using namespaces within StorageOS. Namespaces 8271 that do not pre-exist within StorageOS will 8272 be created. 8273 type: string 8274 type: object 8275 vsphereVolume: 8276 description: vsphereVolume represents a vSphere volume 8277 attached and mounted on kubelets host machine 8278 properties: 8279 fsType: 8280 description: fsType is filesystem type to mount. 8281 Must be a filesystem type supported by the host 8282 operating system. Ex. "ext4", "xfs", "ntfs". 8283 Implicitly inferred to be "ext4" if unspecified. 8284 type: string 8285 storagePolicyID: 8286 description: storagePolicyID is the storage Policy 8287 Based Management (SPBM) profile ID associated 8288 with the StoragePolicyName. 8289 type: string 8290 storagePolicyName: 8291 description: storagePolicyName is the storage 8292 Policy Based Management (SPBM) profile name. 8293 type: string 8294 volumePath: 8295 description: volumePath is the path that identifies 8296 vSphere volume vmdk 8297 type: string 8298 required: 8299 - volumePath 8300 type: object 8301 required: 8302 - name 8303 type: object 8304 type: array 8305 required: 8306 - containers 8307 type: object 8308 x-kubernetes-preserve-unknown-fields: true 8309 probes: 8310 description: probes setting for healthy checks. 8311 properties: 8312 roleProbe: 8313 description: Probe for DB role changed check. 8314 properties: 8315 commands: 8316 description: commands used to execute for probe. 8317 properties: 8318 queries: 8319 description: Read check executed on probe sidecar, 8320 used to check workload's readonly access. 8321 items: 8322 type: string 8323 type: array 8324 writes: 8325 description: Write check executed on probe sidecar, 8326 used to check workload's allow write access. 8327 items: 8328 type: string 8329 type: array 8330 type: object 8331 failureThreshold: 8332 default: 3 8333 description: Minimum consecutive failures for the probe 8334 to be considered failed after having succeeded. 8335 format: int32 8336 minimum: 2 8337 type: integer 8338 periodSeconds: 8339 default: 1 8340 description: How often (in seconds) to perform the probe. 8341 format: int32 8342 minimum: 1 8343 type: integer 8344 timeoutSeconds: 8345 default: 1 8346 description: Number of seconds after which the probe 8347 times out. Defaults to 1 second. 8348 format: int32 8349 minimum: 1 8350 type: integer 8351 type: object 8352 roleProbeTimeoutAfterPodsReady: 8353 description: roleProbeTimeoutAfterPodsReady(in seconds), 8354 when all pods of the component are ready, it will detect 8355 whether the application is available in the pod. if pods 8356 exceed the InitializationTimeoutSeconds time without a 8357 role label, this component will enter the Failed/Abnormal 8358 phase. Note that this configuration will only take effect 8359 if the component supports RoleProbe and will not affect 8360 the life cycle of the pod. default values are 60 seconds. 8361 format: int32 8362 minimum: 30 8363 type: integer 8364 runningProbe: 8365 description: Probe for DB running check. 8366 properties: 8367 commands: 8368 description: commands used to execute for probe. 8369 properties: 8370 queries: 8371 description: Read check executed on probe sidecar, 8372 used to check workload's readonly access. 8373 items: 8374 type: string 8375 type: array 8376 writes: 8377 description: Write check executed on probe sidecar, 8378 used to check workload's allow write access. 8379 items: 8380 type: string 8381 type: array 8382 type: object 8383 failureThreshold: 8384 default: 3 8385 description: Minimum consecutive failures for the probe 8386 to be considered failed after having succeeded. 8387 format: int32 8388 minimum: 2 8389 type: integer 8390 periodSeconds: 8391 default: 1 8392 description: How often (in seconds) to perform the probe. 8393 format: int32 8394 minimum: 1 8395 type: integer 8396 timeoutSeconds: 8397 default: 1 8398 description: Number of seconds after which the probe 8399 times out. Defaults to 1 second. 8400 format: int32 8401 minimum: 1 8402 type: integer 8403 type: object 8404 statusProbe: 8405 description: Probe for DB status check. 8406 properties: 8407 commands: 8408 description: commands used to execute for probe. 8409 properties: 8410 queries: 8411 description: Read check executed on probe sidecar, 8412 used to check workload's readonly access. 8413 items: 8414 type: string 8415 type: array 8416 writes: 8417 description: Write check executed on probe sidecar, 8418 used to check workload's allow write access. 8419 items: 8420 type: string 8421 type: array 8422 type: object 8423 failureThreshold: 8424 default: 3 8425 description: Minimum consecutive failures for the probe 8426 to be considered failed after having succeeded. 8427 format: int32 8428 minimum: 2 8429 type: integer 8430 periodSeconds: 8431 default: 1 8432 description: How often (in seconds) to perform the probe. 8433 format: int32 8434 minimum: 1 8435 type: integer 8436 timeoutSeconds: 8437 default: 1 8438 description: Number of seconds after which the probe 8439 times out. Defaults to 1 second. 8440 format: int32 8441 minimum: 1 8442 type: integer 8443 type: object 8444 type: object 8445 replicationSpec: 8446 description: replicationSpec defines replication related spec 8447 if workloadType is Replication. 8448 properties: 8449 llPodManagementPolicy: 8450 description: llPodManagementPolicy is the low-level controls 8451 how pods are created during initial scale up, when replacing 8452 pods on nodes, or when scaling down. `OrderedReady` policy 8453 specify where pods are created in increasing order (pod-0, 8454 then pod-1, etc) and the controller will wait until each 8455 pod is ready before continuing. When scaling down, the 8456 pods are removed in the opposite order. `Parallel` policy 8457 specify create pods in parallel to match the desired scale 8458 without waiting, and on scale down will delete all pods 8459 at once. 8460 type: string 8461 llUpdateStrategy: 8462 description: llUpdateStrategy indicates the low-level StatefulSetUpdateStrategy 8463 that will be employed to update Pods in the StatefulSet 8464 when a revision is made to Template. Will ignore `updateStrategy` 8465 attribute if provided. 8466 properties: 8467 rollingUpdate: 8468 description: RollingUpdate is used to communicate parameters 8469 when Type is RollingUpdateStatefulSetStrategyType. 8470 properties: 8471 maxUnavailable: 8472 anyOf: 8473 - type: integer 8474 - type: string 8475 description: 'The maximum number of pods that can 8476 be unavailable during the update. Value can be 8477 an absolute number (ex: 5) or a percentage of 8478 desired pods (ex: 10%). Absolute number is calculated 8479 from percentage by rounding up. This can not be 8480 0. Defaults to 1. This field is alpha-level and 8481 is only honored by servers that enable the MaxUnavailableStatefulSet 8482 feature. The field applies to all pods in the 8483 range 0 to Replicas-1. That means if there is 8484 any unavailable pod in the range 0 to Replicas-1, 8485 it will be counted towards MaxUnavailable.' 8486 x-kubernetes-int-or-string: true 8487 partition: 8488 description: Partition indicates the ordinal at 8489 which the StatefulSet should be partitioned for 8490 updates. During a rolling update, all pods from 8491 ordinal Replicas-1 to Partition are updated. All 8492 pods from ordinal Partition-1 to 0 remain untouched. 8493 This is helpful in being able to do a canary based 8494 deployment. The default value is 0. 8495 format: int32 8496 type: integer 8497 type: object 8498 type: 8499 description: Type indicates the type of the StatefulSetUpdateStrategy. 8500 Default is RollingUpdate. 8501 type: string 8502 type: object 8503 updateStrategy: 8504 default: Serial 8505 description: "updateStrategy, Pods update strategy. In case 8506 of workloadType=Consensus the update strategy will be 8507 following: \n serial: update Pods one by one that guarantee 8508 minimum component unavailable time. Learner -> Follower(with 8509 AccessMode=none) -> Follower(with AccessMode=readonly) 8510 -> Follower(with AccessMode=readWrite) -> Leader bestEffortParallel: 8511 update Pods in parallel that guarantee minimum component 8512 un-writable time. Learner, Follower(minority) in parallel 8513 -> Follower(majority) -> Leader, keep majority online 8514 all the time. parallel: force parallel" 8515 enum: 8516 - Serial 8517 - BestEffortParallel 8518 - Parallel 8519 type: string 8520 type: object 8521 rsmSpec: 8522 description: RSMSpec defines workload related spec of this component. 8523 start from KB 0.7.0, RSM(ReplicatedStateMachineSpec) will 8524 be the underlying CR which powers all kinds of workload in 8525 KB. RSM is an enhanced stateful workload extension dedicated 8526 for heavy-state workloads like databases. 8527 properties: 8528 memberUpdateStrategy: 8529 description: 'MemberUpdateStrategy, Members(Pods) update 8530 strategy. serial: update Members one by one that guarantee 8531 minimum component unavailable time. Learner -> Follower(with 8532 AccessMode=none) -> Follower(with AccessMode=readonly) 8533 -> Follower(with AccessMode=readWrite) -> Leader bestEffortParallel: 8534 update Members in parallel that guarantee minimum component 8535 un-writable time. Learner, Follower(minority) in parallel 8536 -> Follower(majority) -> Leader, keep majority online 8537 all the time. parallel: force parallel' 8538 enum: 8539 - Serial 8540 - BestEffortParallel 8541 - Parallel 8542 type: string 8543 membershipReconfiguration: 8544 description: MembershipReconfiguration provides actions 8545 to do membership dynamic reconfiguration. 8546 properties: 8547 logSyncAction: 8548 description: LogSyncAction specifies how to trigger 8549 the new member to start log syncing previous none-nil 8550 action's Image wil be used if not configured 8551 properties: 8552 command: 8553 description: Command will be executed in Container 8554 to retrieve or process role info 8555 items: 8556 type: string 8557 type: array 8558 image: 8559 description: utility image contains command that 8560 can be used to retrieve of process role info 8561 type: string 8562 required: 8563 - command 8564 type: object 8565 memberJoinAction: 8566 description: MemberJoinAction specifies how to add member 8567 previous none-nil action's Image wil be used if not 8568 configured 8569 properties: 8570 command: 8571 description: Command will be executed in Container 8572 to retrieve or process role info 8573 items: 8574 type: string 8575 type: array 8576 image: 8577 description: utility image contains command that 8578 can be used to retrieve of process role info 8579 type: string 8580 required: 8581 - command 8582 type: object 8583 memberLeaveAction: 8584 description: MemberLeaveAction specifies how to remove 8585 member previous none-nil action's Image wil be used 8586 if not configured 8587 properties: 8588 command: 8589 description: Command will be executed in Container 8590 to retrieve or process role info 8591 items: 8592 type: string 8593 type: array 8594 image: 8595 description: utility image contains command that 8596 can be used to retrieve of process role info 8597 type: string 8598 required: 8599 - command 8600 type: object 8601 promoteAction: 8602 description: PromoteAction specifies how to tell the 8603 cluster that the new member can join voting now previous 8604 none-nil action's Image wil be used if not configured 8605 properties: 8606 command: 8607 description: Command will be executed in Container 8608 to retrieve or process role info 8609 items: 8610 type: string 8611 type: array 8612 image: 8613 description: utility image contains command that 8614 can be used to retrieve of process role info 8615 type: string 8616 required: 8617 - command 8618 type: object 8619 switchoverAction: 8620 description: SwitchoverAction specifies how to do switchover 8621 latest [BusyBox](https://busybox.net/) image will 8622 be used if Image not configured 8623 properties: 8624 command: 8625 description: Command will be executed in Container 8626 to retrieve or process role info 8627 items: 8628 type: string 8629 type: array 8630 image: 8631 description: utility image contains command that 8632 can be used to retrieve of process role info 8633 type: string 8634 required: 8635 - command 8636 type: object 8637 type: object 8638 roleProbe: 8639 description: RoleProbe provides method to probe role. 8640 properties: 8641 builtinHandlerName: 8642 description: 'BuiltinHandler specifies the builtin handler 8643 name to use to probe the role of the main container. 8644 current available handlers: mysql, postgres, mongodb, 8645 redis, etcd, kafka. use CustomHandler to define your 8646 own role probe function if none of them satisfies 8647 the requirement.' 8648 type: string 8649 customHandler: 8650 description: "CustomHandler defines the custom way to 8651 do role probe. if the BuiltinHandler satisfies the 8652 requirement, use it instead. \n how the actions defined 8653 here works: \n Actions will be taken in serial. after 8654 all actions done, the final output should be a single 8655 string of the role name defined in spec.Roles latest 8656 [BusyBox](https://busybox.net/) image will be used 8657 if Image not configured Environment variables can 8658 be used in Command: - v_KB_RSM_LAST_STDOUT stdout 8659 from last action, watch 'v_' prefixed - KB_RSM_USERNAME 8660 username part of credential - KB_RSM_PASSWORD password 8661 part of credential" 8662 items: 8663 properties: 8664 command: 8665 description: Command will be executed in Container 8666 to retrieve or process role info 8667 items: 8668 type: string 8669 type: array 8670 image: 8671 description: utility image contains command that 8672 can be used to retrieve of process role info 8673 type: string 8674 required: 8675 - command 8676 type: object 8677 type: array 8678 failureThreshold: 8679 default: 3 8680 description: Minimum consecutive failures for the probe 8681 to be considered failed after having succeeded. Defaults 8682 to 3. Minimum value is 1. 8683 format: int32 8684 minimum: 1 8685 type: integer 8686 initialDelaySeconds: 8687 default: 0 8688 description: Number of seconds after the container has 8689 started before role probe has started. 8690 format: int32 8691 minimum: 0 8692 type: integer 8693 periodSeconds: 8694 default: 2 8695 description: How often (in seconds) to perform the probe. 8696 Default to 2 seconds. Minimum value is 1. 8697 format: int32 8698 minimum: 1 8699 type: integer 8700 roleUpdateMechanism: 8701 default: ReadinessProbeEventUpdate 8702 description: RoleUpdateMechanism specifies the way how 8703 pod role label being updated. 8704 enum: 8705 - ReadinessProbeEventUpdate 8706 - DirectAPIServerEventUpdate 8707 type: string 8708 successThreshold: 8709 default: 1 8710 description: Minimum consecutive successes for the probe 8711 to be considered successful after having failed. Defaults 8712 to 1. Minimum value is 1. 8713 format: int32 8714 minimum: 1 8715 type: integer 8716 timeoutSeconds: 8717 default: 1 8718 description: Number of seconds after which the probe 8719 times out. Defaults to 1 second. Minimum value is 8720 1. 8721 format: int32 8722 minimum: 1 8723 type: integer 8724 type: object 8725 roles: 8726 description: Roles, a list of roles defined in the system. 8727 items: 8728 properties: 8729 accessMode: 8730 default: ReadWrite 8731 description: AccessMode, what service this member 8732 capable. 8733 enum: 8734 - None 8735 - Readonly 8736 - ReadWrite 8737 type: string 8738 canVote: 8739 default: true 8740 description: CanVote, whether this member has voting 8741 rights 8742 type: boolean 8743 isLeader: 8744 default: false 8745 description: IsLeader, whether this member is the 8746 leader 8747 type: boolean 8748 name: 8749 default: leader 8750 description: Name, role name. 8751 type: string 8752 required: 8753 - accessMode 8754 - name 8755 type: object 8756 type: array 8757 type: object 8758 scriptSpecs: 8759 description: The scriptSpec field provided by provider, and 8760 finally this configTemplateRefs will be rendered into the 8761 user's own configuration file according to the user's cluster. 8762 items: 8763 properties: 8764 defaultMode: 8765 description: 'defaultMode is optional: mode bits used 8766 to set permissions on created files by default. Must 8767 be an octal value between 0000 and 0777 or a decimal 8768 value between 0 and 511. YAML accepts both octal and 8769 decimal values, JSON requires decimal values for mode 8770 bits. Defaults to 0644. Directories within the path 8771 are not affected by this setting. This might be in conflict 8772 with other options that affect the file mode, like fsGroup, 8773 and the result can be other mode bits set.' 8774 format: int32 8775 type: integer 8776 name: 8777 description: Specify the name of configuration template. 8778 maxLength: 63 8779 pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ 8780 type: string 8781 namespace: 8782 default: default 8783 description: Specify the namespace of the referenced the 8784 configuration template ConfigMap object. An empty namespace 8785 is equivalent to the "default" namespace. 8786 maxLength: 63 8787 pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ 8788 type: string 8789 templateRef: 8790 description: Specify the name of the referenced the configuration 8791 template ConfigMap object. 8792 maxLength: 63 8793 pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ 8794 type: string 8795 volumeName: 8796 description: volumeName is the volume name of PodTemplate, 8797 which the configuration file produced through the configuration 8798 template will be mounted to the corresponding volume. 8799 Must be a DNS_LABEL name. The volume name must be defined 8800 in podSpec.containers[*].volumeMounts. 8801 maxLength: 63 8802 pattern: ^[a-z]([a-z0-9\-]*[a-z0-9])?$ 8803 type: string 8804 required: 8805 - name 8806 - templateRef 8807 - volumeName 8808 type: object 8809 type: array 8810 x-kubernetes-list-map-keys: 8811 - name 8812 x-kubernetes-list-type: map 8813 service: 8814 description: service defines the behavior of a service spec. 8815 provide read-write service when WorkloadType is Consensus. 8816 properties: 8817 ports: 8818 description: 'The list of ports that are exposed by this 8819 service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' 8820 items: 8821 properties: 8822 appProtocol: 8823 description: The application protocol for this port. 8824 This field follows standard Kubernetes label syntax. 8825 Un-prefixed names are reserved for IANA standard 8826 service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). 8827 Non-standard protocols should use prefixed names 8828 such as mycompany.com/my-custom-protocol. 8829 type: string 8830 name: 8831 description: The name of this port within the service. 8832 This must be a DNS_LABEL. All ports within a ServiceSpec 8833 must have unique names. When considering the endpoints 8834 for a Service, this must match the 'name' field 8835 in the EndpointPort. 8836 type: string 8837 port: 8838 description: The port that will be exposed by this 8839 service. 8840 format: int32 8841 type: integer 8842 protocol: 8843 default: TCP 8844 description: The IP protocol for this port. Supports 8845 "TCP", "UDP", and "SCTP". Default is TCP. 8846 enum: 8847 - TCP 8848 - UDP 8849 - SCTP 8850 type: string 8851 targetPort: 8852 anyOf: 8853 - type: integer 8854 - type: string 8855 description: 'Number or name of the port to access 8856 on the pods targeted by the service. Number must 8857 be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 8858 If this is a string, it will be looked up as a named 8859 port in the target Pod''s container ports. If this 8860 is not specified, the value of the ''port'' field 8861 is used (an identity map). This field is ignored 8862 for services with clusterIP=None, and should be 8863 omitted or set equal to the ''port'' field. More 8864 info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' 8865 x-kubernetes-int-or-string: true 8866 required: 8867 - port 8868 type: object 8869 type: array 8870 x-kubernetes-list-map-keys: 8871 - port 8872 - protocol 8873 x-kubernetes-list-type: map 8874 type: object 8875 serviceRefDeclarations: 8876 description: serviceRefDeclarations is used to declare the service 8877 reference of the current component. 8878 items: 8879 properties: 8880 name: 8881 description: The name of the service reference declaration. 8882 The service reference can come from an external service 8883 that is not part of KubeBlocks, or services provided 8884 by other KubeBlocks Cluster objects. The specific type 8885 of service reference depends on the binding declaration 8886 when creates a Cluster. 8887 type: string 8888 serviceRefDeclarationSpecs: 8889 description: serviceRefDeclarationSpecs is a collection 8890 of service descriptions for a service reference declaration. 8891 Each ServiceRefDeclarationSpec defines a service Kind 8892 and Version. When multiple ServiceRefDeclarationSpecs 8893 are defined, it indicates that the ServiceRefDeclaration 8894 can be any one of the specified ServiceRefDeclarationSpecs. 8895 For example, when the ServiceRefDeclaration is declared 8896 to require an OLTP database, which can be either MySQL 8897 or PostgreSQL, you can define a ServiceRefDeclarationSpec 8898 for MySQL and another ServiceRefDeclarationSpec for 8899 PostgreSQL, when referencing the service within the 8900 cluster, as long as the serviceKind and serviceVersion 8901 match either MySQL or PostgreSQL, it can be used. 8902 items: 8903 properties: 8904 serviceKind: 8905 description: service kind, indicating the type or 8906 nature of the service. It should be well-known 8907 application cluster type, e.g. {mysql, redis, 8908 mongodb}. The serviceKind is case-insensitive 8909 and supports abbreviations for some well-known 8910 databases. For example, both 'zk' and 'zookeeper' 8911 will be considered as a ZooKeeper cluster, and 8912 'pg', 'postgres', 'postgresql' will all be considered 8913 as a PostgreSQL cluster. 8914 type: string 8915 serviceVersion: 8916 description: The service version of the service 8917 reference. It is a regular expression that matches 8918 a version number pattern. For example, `^8.0.8$`, 8919 `8.0.\d{1,2}$`, `^[v\-]*?(\d{1,2}\.){0,3}\d{1,2}$` 8920 type: string 8921 required: 8922 - serviceKind 8923 - serviceVersion 8924 type: object 8925 type: array 8926 required: 8927 - name 8928 - serviceRefDeclarationSpecs 8929 type: object 8930 type: array 8931 statefulSpec: 8932 description: statefulSpec defines stateful related spec if workloadType 8933 is Stateful. 8934 properties: 8935 llPodManagementPolicy: 8936 description: llPodManagementPolicy is the low-level controls 8937 how pods are created during initial scale up, when replacing 8938 pods on nodes, or when scaling down. `OrderedReady` policy 8939 specify where pods are created in increasing order (pod-0, 8940 then pod-1, etc) and the controller will wait until each 8941 pod is ready before continuing. When scaling down, the 8942 pods are removed in the opposite order. `Parallel` policy 8943 specify create pods in parallel to match the desired scale 8944 without waiting, and on scale down will delete all pods 8945 at once. 8946 type: string 8947 llUpdateStrategy: 8948 description: llUpdateStrategy indicates the low-level StatefulSetUpdateStrategy 8949 that will be employed to update Pods in the StatefulSet 8950 when a revision is made to Template. Will ignore `updateStrategy` 8951 attribute if provided. 8952 properties: 8953 rollingUpdate: 8954 description: RollingUpdate is used to communicate parameters 8955 when Type is RollingUpdateStatefulSetStrategyType. 8956 properties: 8957 maxUnavailable: 8958 anyOf: 8959 - type: integer 8960 - type: string 8961 description: 'The maximum number of pods that can 8962 be unavailable during the update. Value can be 8963 an absolute number (ex: 5) or a percentage of 8964 desired pods (ex: 10%). Absolute number is calculated 8965 from percentage by rounding up. This can not be 8966 0. Defaults to 1. This field is alpha-level and 8967 is only honored by servers that enable the MaxUnavailableStatefulSet 8968 feature. The field applies to all pods in the 8969 range 0 to Replicas-1. That means if there is 8970 any unavailable pod in the range 0 to Replicas-1, 8971 it will be counted towards MaxUnavailable.' 8972 x-kubernetes-int-or-string: true 8973 partition: 8974 description: Partition indicates the ordinal at 8975 which the StatefulSet should be partitioned for 8976 updates. During a rolling update, all pods from 8977 ordinal Replicas-1 to Partition are updated. All 8978 pods from ordinal Partition-1 to 0 remain untouched. 8979 This is helpful in being able to do a canary based 8980 deployment. The default value is 0. 8981 format: int32 8982 type: integer 8983 type: object 8984 type: 8985 description: Type indicates the type of the StatefulSetUpdateStrategy. 8986 Default is RollingUpdate. 8987 type: string 8988 type: object 8989 updateStrategy: 8990 default: Serial 8991 description: "updateStrategy, Pods update strategy. In case 8992 of workloadType=Consensus the update strategy will be 8993 following: \n serial: update Pods one by one that guarantee 8994 minimum component unavailable time. Learner -> Follower(with 8995 AccessMode=none) -> Follower(with AccessMode=readonly) 8996 -> Follower(with AccessMode=readWrite) -> Leader bestEffortParallel: 8997 update Pods in parallel that guarantee minimum component 8998 un-writable time. Learner, Follower(minority) in parallel 8999 -> Follower(majority) -> Leader, keep majority online 9000 all the time. parallel: force parallel" 9001 enum: 9002 - Serial 9003 - BestEffortParallel 9004 - Parallel 9005 type: string 9006 type: object 9007 statelessSpec: 9008 description: statelessSpec defines stateless related spec if 9009 workloadType is Stateless. 9010 properties: 9011 updateStrategy: 9012 description: updateStrategy defines the underlying deployment 9013 strategy to use to replace existing pods with new ones. 9014 properties: 9015 rollingUpdate: 9016 description: 'Rolling update config params. Present 9017 only if DeploymentStrategyType = RollingUpdate. --- 9018 TODO: Update this to follow our convention for oneOf, 9019 whatever we decide it to be.' 9020 properties: 9021 maxSurge: 9022 anyOf: 9023 - type: integer 9024 - type: string 9025 description: 'The maximum number of pods that can 9026 be scheduled above the desired number of pods. 9027 Value can be an absolute number (ex: 5) or a percentage 9028 of desired pods (ex: 10%). This can not be 0 if 9029 MaxUnavailable is 0. Absolute number is calculated 9030 from percentage by rounding up. Defaults to 25%. 9031 Example: when this is set to 30%, the new ReplicaSet 9032 can be scaled up immediately when the rolling 9033 update starts, such that the total number of old 9034 and new pods do not exceed 130% of desired pods. 9035 Once old pods have been killed, new ReplicaSet 9036 can be scaled up further, ensuring that total 9037 number of pods running at any time during the 9038 update is at most 130% of desired pods.' 9039 x-kubernetes-int-or-string: true 9040 maxUnavailable: 9041 anyOf: 9042 - type: integer 9043 - type: string 9044 description: 'The maximum number of pods that can 9045 be unavailable during the update. Value can be 9046 an absolute number (ex: 5) or a percentage of 9047 desired pods (ex: 10%). Absolute number is calculated 9048 from percentage by rounding down. This can not 9049 be 0 if MaxSurge is 0. Defaults to 25%. Example: 9050 when this is set to 30%, the old ReplicaSet can 9051 be scaled down to 70% of desired pods immediately 9052 when the rolling update starts. Once new pods 9053 are ready, old ReplicaSet can be scaled down further, 9054 followed by scaling up the new ReplicaSet, ensuring 9055 that the total number of pods available at all 9056 times during the update is at least 70% of desired 9057 pods.' 9058 x-kubernetes-int-or-string: true 9059 type: object 9060 type: 9061 description: Type of deployment. Can be "Recreate" or 9062 "RollingUpdate". Default is RollingUpdate. 9063 type: string 9064 type: object 9065 type: object 9066 switchoverSpec: 9067 description: switchoverSpec defines command to do switchover. 9068 in particular, when workloadType=Replication, the command 9069 defined in switchoverSpec will only be executed under the 9070 condition of cluster.componentSpecs[x].SwitchPolicy.type=Noop. 9071 properties: 9072 withCandidate: 9073 description: withCandidate corresponds to the switchover 9074 of the specified candidate primary or leader instance. 9075 properties: 9076 cmdExecutorConfig: 9077 description: cmdExecutorConfig is the executor configuration 9078 of the switchover command. 9079 properties: 9080 args: 9081 description: args is used to perform statements. 9082 items: 9083 type: string 9084 type: array 9085 command: 9086 description: command to perform statements. 9087 items: 9088 type: string 9089 minItems: 1 9090 type: array 9091 env: 9092 description: envs is a list of environment variables. 9093 items: 9094 description: EnvVar represents an environment 9095 variable present in a Container. 9096 properties: 9097 name: 9098 description: Name of the environment variable. 9099 Must be a C_IDENTIFIER. 9100 type: string 9101 value: 9102 description: 'Variable references $(VAR_NAME) 9103 are expanded using the previously defined 9104 environment variables in the container and 9105 any service environment variables. If a 9106 variable cannot be resolved, the reference 9107 in the input string will be unchanged. Double 9108 $$ are reduced to a single $, which allows 9109 for escaping the $(VAR_NAME) syntax: i.e. 9110 "$$(VAR_NAME)" will produce the string literal 9111 "$(VAR_NAME)". Escaped references will never 9112 be expanded, regardless of whether the variable 9113 exists or not. Defaults to "".' 9114 type: string 9115 valueFrom: 9116 description: Source for the environment variable's 9117 value. Cannot be used if value is not empty. 9118 properties: 9119 configMapKeyRef: 9120 description: Selects a key of a ConfigMap. 9121 properties: 9122 key: 9123 description: The key to select. 9124 type: string 9125 name: 9126 description: 'Name of the referent. 9127 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9128 TODO: Add other useful fields. apiVersion, 9129 kind, uid?' 9130 type: string 9131 optional: 9132 description: Specify whether the ConfigMap 9133 or its key must be defined 9134 type: boolean 9135 required: 9136 - key 9137 type: object 9138 x-kubernetes-map-type: atomic 9139 fieldRef: 9140 description: 'Selects a field of the pod: 9141 supports metadata.name, metadata.namespace, 9142 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 9143 spec.nodeName, spec.serviceAccountName, 9144 status.hostIP, status.podIP, status.podIPs.' 9145 properties: 9146 apiVersion: 9147 description: Version of the schema 9148 the FieldPath is written in terms 9149 of, defaults to "v1". 9150 type: string 9151 fieldPath: 9152 description: Path of the field to 9153 select in the specified API version. 9154 type: string 9155 required: 9156 - fieldPath 9157 type: object 9158 x-kubernetes-map-type: atomic 9159 resourceFieldRef: 9160 description: 'Selects a resource of the 9161 container: only resources limits and 9162 requests (limits.cpu, limits.memory, 9163 limits.ephemeral-storage, requests.cpu, 9164 requests.memory and requests.ephemeral-storage) 9165 are currently supported.' 9166 properties: 9167 containerName: 9168 description: 'Container name: required 9169 for volumes, optional for env vars' 9170 type: string 9171 divisor: 9172 anyOf: 9173 - type: integer 9174 - type: string 9175 description: Specifies the output 9176 format of the exposed resources, 9177 defaults to "1" 9178 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9179 x-kubernetes-int-or-string: true 9180 resource: 9181 description: 'Required: resource to 9182 select' 9183 type: string 9184 required: 9185 - resource 9186 type: object 9187 x-kubernetes-map-type: atomic 9188 secretKeyRef: 9189 description: Selects a key of a secret 9190 in the pod's namespace 9191 properties: 9192 key: 9193 description: The key of the secret 9194 to select from. Must be a valid 9195 secret key. 9196 type: string 9197 name: 9198 description: 'Name of the referent. 9199 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9200 TODO: Add other useful fields. apiVersion, 9201 kind, uid?' 9202 type: string 9203 optional: 9204 description: Specify whether the Secret 9205 or its key must be defined 9206 type: boolean 9207 required: 9208 - key 9209 type: object 9210 x-kubernetes-map-type: atomic 9211 type: object 9212 required: 9213 - name 9214 type: object 9215 type: array 9216 x-kubernetes-preserve-unknown-fields: true 9217 image: 9218 description: image for Connector when executing 9219 the command. 9220 type: string 9221 required: 9222 - command 9223 - image 9224 type: object 9225 scriptSpecSelectors: 9226 description: scriptSpecSelectors defines the selector 9227 of the scriptSpecs that need to be referenced. Once 9228 ScriptSpecSelectors is defined, the scripts defined 9229 in scriptSpecs can be referenced in the SwitchoverAction.CmdExecutorConfig. 9230 items: 9231 properties: 9232 name: 9233 description: ScriptSpec name of the referent, 9234 refer to componentDefs[x].scriptSpecs[y].Name. 9235 maxLength: 63 9236 pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ 9237 type: string 9238 required: 9239 - name 9240 type: object 9241 type: array 9242 required: 9243 - cmdExecutorConfig 9244 type: object 9245 withoutCandidate: 9246 description: withoutCandidate corresponds to a switchover 9247 that does not specify a candidate primary or leader instance. 9248 properties: 9249 cmdExecutorConfig: 9250 description: cmdExecutorConfig is the executor configuration 9251 of the switchover command. 9252 properties: 9253 args: 9254 description: args is used to perform statements. 9255 items: 9256 type: string 9257 type: array 9258 command: 9259 description: command to perform statements. 9260 items: 9261 type: string 9262 minItems: 1 9263 type: array 9264 env: 9265 description: envs is a list of environment variables. 9266 items: 9267 description: EnvVar represents an environment 9268 variable present in a Container. 9269 properties: 9270 name: 9271 description: Name of the environment variable. 9272 Must be a C_IDENTIFIER. 9273 type: string 9274 value: 9275 description: 'Variable references $(VAR_NAME) 9276 are expanded using the previously defined 9277 environment variables in the container and 9278 any service environment variables. If a 9279 variable cannot be resolved, the reference 9280 in the input string will be unchanged. Double 9281 $$ are reduced to a single $, which allows 9282 for escaping the $(VAR_NAME) syntax: i.e. 9283 "$$(VAR_NAME)" will produce the string literal 9284 "$(VAR_NAME)". Escaped references will never 9285 be expanded, regardless of whether the variable 9286 exists or not. Defaults to "".' 9287 type: string 9288 valueFrom: 9289 description: Source for the environment variable's 9290 value. Cannot be used if value is not empty. 9291 properties: 9292 configMapKeyRef: 9293 description: Selects a key of a ConfigMap. 9294 properties: 9295 key: 9296 description: The key to select. 9297 type: string 9298 name: 9299 description: 'Name of the referent. 9300 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9301 TODO: Add other useful fields. apiVersion, 9302 kind, uid?' 9303 type: string 9304 optional: 9305 description: Specify whether the ConfigMap 9306 or its key must be defined 9307 type: boolean 9308 required: 9309 - key 9310 type: object 9311 x-kubernetes-map-type: atomic 9312 fieldRef: 9313 description: 'Selects a field of the pod: 9314 supports metadata.name, metadata.namespace, 9315 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 9316 spec.nodeName, spec.serviceAccountName, 9317 status.hostIP, status.podIP, status.podIPs.' 9318 properties: 9319 apiVersion: 9320 description: Version of the schema 9321 the FieldPath is written in terms 9322 of, defaults to "v1". 9323 type: string 9324 fieldPath: 9325 description: Path of the field to 9326 select in the specified API version. 9327 type: string 9328 required: 9329 - fieldPath 9330 type: object 9331 x-kubernetes-map-type: atomic 9332 resourceFieldRef: 9333 description: 'Selects a resource of the 9334 container: only resources limits and 9335 requests (limits.cpu, limits.memory, 9336 limits.ephemeral-storage, requests.cpu, 9337 requests.memory and requests.ephemeral-storage) 9338 are currently supported.' 9339 properties: 9340 containerName: 9341 description: 'Container name: required 9342 for volumes, optional for env vars' 9343 type: string 9344 divisor: 9345 anyOf: 9346 - type: integer 9347 - type: string 9348 description: Specifies the output 9349 format of the exposed resources, 9350 defaults to "1" 9351 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9352 x-kubernetes-int-or-string: true 9353 resource: 9354 description: 'Required: resource to 9355 select' 9356 type: string 9357 required: 9358 - resource 9359 type: object 9360 x-kubernetes-map-type: atomic 9361 secretKeyRef: 9362 description: Selects a key of a secret 9363 in the pod's namespace 9364 properties: 9365 key: 9366 description: The key of the secret 9367 to select from. Must be a valid 9368 secret key. 9369 type: string 9370 name: 9371 description: 'Name of the referent. 9372 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9373 TODO: Add other useful fields. apiVersion, 9374 kind, uid?' 9375 type: string 9376 optional: 9377 description: Specify whether the Secret 9378 or its key must be defined 9379 type: boolean 9380 required: 9381 - key 9382 type: object 9383 x-kubernetes-map-type: atomic 9384 type: object 9385 required: 9386 - name 9387 type: object 9388 type: array 9389 x-kubernetes-preserve-unknown-fields: true 9390 image: 9391 description: image for Connector when executing 9392 the command. 9393 type: string 9394 required: 9395 - command 9396 - image 9397 type: object 9398 scriptSpecSelectors: 9399 description: scriptSpecSelectors defines the selector 9400 of the scriptSpecs that need to be referenced. Once 9401 ScriptSpecSelectors is defined, the scripts defined 9402 in scriptSpecs can be referenced in the SwitchoverAction.CmdExecutorConfig. 9403 items: 9404 properties: 9405 name: 9406 description: ScriptSpec name of the referent, 9407 refer to componentDefs[x].scriptSpecs[y].Name. 9408 maxLength: 63 9409 pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ 9410 type: string 9411 required: 9412 - name 9413 type: object 9414 type: array 9415 required: 9416 - cmdExecutorConfig 9417 type: object 9418 type: object 9419 systemAccounts: 9420 description: Statement to create system account. 9421 properties: 9422 accounts: 9423 description: accounts defines system account config settings. 9424 items: 9425 description: SystemAccountConfig specifies how to create 9426 and delete system accounts. 9427 properties: 9428 name: 9429 description: name is the name of a system account. 9430 enum: 9431 - kbadmin 9432 - kbdataprotection 9433 - kbprobe 9434 - kbmonitoring 9435 - kbreplicator 9436 type: string 9437 provisionPolicy: 9438 description: provisionPolicy defines how to create 9439 account. 9440 properties: 9441 scope: 9442 default: AnyPods 9443 description: scope is the scope to provision account, 9444 and the scope could be `AnyPods` or `AllPods`. 9445 type: string 9446 secretRef: 9447 description: secretRef will be used when Type 9448 is ReferToExisting. 9449 properties: 9450 name: 9451 description: name refers to the name of the 9452 secret. 9453 type: string 9454 namespace: 9455 description: namespace refers to the namespace 9456 of the secret. 9457 type: string 9458 required: 9459 - name 9460 - namespace 9461 type: object 9462 statements: 9463 description: statements will be used when Type 9464 is CreateByStmt. 9465 properties: 9466 creation: 9467 description: creation specifies statement 9468 how to create this account with required 9469 privileges. 9470 type: string 9471 deletion: 9472 description: 'deletion specifies statement 9473 how to delete this account. Used in combination 9474 with `CreateionStatement` to delete the 9475 account before create it. For instance, 9476 one usually uses `drop user if exists` statement 9477 followed by `create user` statement to create 9478 an account. Deprecated: this field is deprecated, 9479 use `update` instead.' 9480 type: string 9481 update: 9482 description: update specifies statement how 9483 to update account's password. 9484 type: string 9485 required: 9486 - creation 9487 type: object 9488 type: 9489 description: type defines the way to provision 9490 an account, either `CreateByStmt` or `ReferToExisting`. 9491 type: string 9492 required: 9493 - scope 9494 - type 9495 type: object 9496 required: 9497 - name 9498 - provisionPolicy 9499 type: object 9500 minItems: 1 9501 type: array 9502 x-kubernetes-list-map-keys: 9503 - name 9504 x-kubernetes-list-type: map 9505 cmdExecutorConfig: 9506 description: cmdExecutorConfig configs how to get client 9507 SDK and perform statements. 9508 properties: 9509 args: 9510 description: args is used to perform statements. 9511 items: 9512 type: string 9513 type: array 9514 command: 9515 description: command to perform statements. 9516 items: 9517 type: string 9518 minItems: 1 9519 type: array 9520 env: 9521 description: envs is a list of environment variables. 9522 items: 9523 description: EnvVar represents an environment variable 9524 present in a Container. 9525 properties: 9526 name: 9527 description: Name of the environment variable. 9528 Must be a C_IDENTIFIER. 9529 type: string 9530 value: 9531 description: 'Variable references $(VAR_NAME) 9532 are expanded using the previously defined environment 9533 variables in the container and any service environment 9534 variables. If a variable cannot be resolved, 9535 the reference in the input string will be unchanged. 9536 Double $$ are reduced to a single $, which allows 9537 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 9538 will produce the string literal "$(VAR_NAME)". 9539 Escaped references will never be expanded, regardless 9540 of whether the variable exists or not. Defaults 9541 to "".' 9542 type: string 9543 valueFrom: 9544 description: Source for the environment variable's 9545 value. Cannot be used if value is not empty. 9546 properties: 9547 configMapKeyRef: 9548 description: Selects a key of a ConfigMap. 9549 properties: 9550 key: 9551 description: The key to select. 9552 type: string 9553 name: 9554 description: 'Name of the referent. More 9555 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9556 TODO: Add other useful fields. apiVersion, 9557 kind, uid?' 9558 type: string 9559 optional: 9560 description: Specify whether the ConfigMap 9561 or its key must be defined 9562 type: boolean 9563 required: 9564 - key 9565 type: object 9566 x-kubernetes-map-type: atomic 9567 fieldRef: 9568 description: 'Selects a field of the pod: 9569 supports metadata.name, metadata.namespace, 9570 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 9571 spec.nodeName, spec.serviceAccountName, 9572 status.hostIP, status.podIP, status.podIPs.' 9573 properties: 9574 apiVersion: 9575 description: Version of the schema the 9576 FieldPath is written in terms of, defaults 9577 to "v1". 9578 type: string 9579 fieldPath: 9580 description: Path of the field to select 9581 in the specified API version. 9582 type: string 9583 required: 9584 - fieldPath 9585 type: object 9586 x-kubernetes-map-type: atomic 9587 resourceFieldRef: 9588 description: 'Selects a resource of the container: 9589 only resources limits and requests (limits.cpu, 9590 limits.memory, limits.ephemeral-storage, 9591 requests.cpu, requests.memory and requests.ephemeral-storage) 9592 are currently supported.' 9593 properties: 9594 containerName: 9595 description: 'Container name: required 9596 for volumes, optional for env vars' 9597 type: string 9598 divisor: 9599 anyOf: 9600 - type: integer 9601 - type: string 9602 description: Specifies the output format 9603 of the exposed resources, defaults to 9604 "1" 9605 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9606 x-kubernetes-int-or-string: true 9607 resource: 9608 description: 'Required: resource to select' 9609 type: string 9610 required: 9611 - resource 9612 type: object 9613 x-kubernetes-map-type: atomic 9614 secretKeyRef: 9615 description: Selects a key of a secret in 9616 the pod's namespace 9617 properties: 9618 key: 9619 description: The key of the secret to 9620 select from. Must be a valid secret 9621 key. 9622 type: string 9623 name: 9624 description: 'Name of the referent. More 9625 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9626 TODO: Add other useful fields. apiVersion, 9627 kind, uid?' 9628 type: string 9629 optional: 9630 description: Specify whether the Secret 9631 or its key must be defined 9632 type: boolean 9633 required: 9634 - key 9635 type: object 9636 x-kubernetes-map-type: atomic 9637 type: object 9638 required: 9639 - name 9640 type: object 9641 type: array 9642 x-kubernetes-preserve-unknown-fields: true 9643 image: 9644 description: image for Connector when executing the 9645 command. 9646 type: string 9647 required: 9648 - command 9649 - image 9650 type: object 9651 passwordConfig: 9652 description: passwordConfig defines the pattern to generate 9653 password. 9654 properties: 9655 length: 9656 default: 10 9657 description: length defines the length of password. 9658 format: int32 9659 maximum: 32 9660 minimum: 8 9661 type: integer 9662 letterCase: 9663 default: MixedCases 9664 description: letterCase defines to use lower-cases, 9665 upper-cases or mixed-cases of letters. 9666 type: string 9667 numDigits: 9668 default: 2 9669 description: numDigits defines number of digits. 9670 format: int32 9671 maximum: 20 9672 minimum: 0 9673 type: integer 9674 numSymbols: 9675 default: 0 9676 description: numSymbols defines number of symbols. 9677 format: int32 9678 maximum: 20 9679 minimum: 0 9680 type: integer 9681 type: object 9682 required: 9683 - accounts 9684 - cmdExecutorConfig 9685 - passwordConfig 9686 type: object 9687 volumeProtectionSpec: 9688 properties: 9689 highWatermark: 9690 default: 90 9691 description: The high watermark threshold for volume space 9692 usage. If there is any specified volumes who's space usage 9693 is over the threshold, the pre-defined "LOCK" action will 9694 be triggered to degrade the service to protect volume 9695 from space exhaustion, such as to set the instance as 9696 read-only. And after that, if all volumes' space usage 9697 drops under the threshold later, the pre-defined "UNLOCK" 9698 action will be performed to recover the service normally. 9699 maximum: 100 9700 minimum: 0 9701 type: integer 9702 volumes: 9703 description: Volumes to protect. 9704 items: 9705 properties: 9706 highWatermark: 9707 description: Volume specified high watermark threshold, 9708 it will override the component level threshold. 9709 If the value is invalid, it will be ignored and 9710 the component level threshold will be used. 9711 maximum: 100 9712 minimum: 0 9713 type: integer 9714 name: 9715 description: Name of volume to protect. 9716 type: string 9717 type: object 9718 type: array 9719 type: object 9720 volumeTypes: 9721 description: "volumeTypes is used to describe the purpose of 9722 the volumes mapping the name of the VolumeMounts in the PodSpec.Container 9723 field, such as data volume, log volume, etc. When backing 9724 up the volume, the volume can be correctly backed up according 9725 to the volumeType. \n For example: `name: data, type: data` 9726 means that the volume named `data` is used to store `data`. 9727 `name: binlog, type: log` means that the volume named `binlog` 9728 is used to store `log`. \n NOTE: When volumeTypes is not defined, 9729 the backup function will not be supported, even if a persistent 9730 volume has been specified." 9731 items: 9732 properties: 9733 name: 9734 description: name definition is the same as the name of 9735 the VolumeMounts field in PodSpec.Container, similar 9736 to the relations of Volumes[*].name and VolumesMounts[*].name 9737 in Pod.Spec. 9738 pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ 9739 type: string 9740 type: 9741 description: 'type is in enum of {data, log}. VolumeTypeData: 9742 the volume is for the persistent data storage. VolumeTypeLog: 9743 the volume is for the persistent log storage.' 9744 enum: 9745 - data 9746 - log 9747 type: string 9748 required: 9749 - name 9750 type: object 9751 type: array 9752 x-kubernetes-list-map-keys: 9753 - name 9754 x-kubernetes-list-type: map 9755 workloadType: 9756 description: workloadType defines type of the workload. Stateless 9757 is a stateless workload type used to describe stateless applications. 9758 Stateful is a stateful workload type used to describe common 9759 stateful applications. Consensus is a stateful workload type 9760 used to describe applications based on consensus protocols, 9761 common consensus protocols such as raft and paxos. Replication 9762 is a stateful workload type used to describe applications 9763 based on the primary-secondary data replication protocol. 9764 enum: 9765 - Stateless 9766 - Stateful 9767 - Consensus 9768 - Replication 9769 type: string 9770 required: 9771 - name 9772 - workloadType 9773 type: object 9774 x-kubernetes-validations: 9775 - message: componentDefs.consensusSpec(deprecated) or componentDefs.rsmSpec(recommended) 9776 is required when componentDefs.workloadType is Consensus, and 9777 forbidden otherwise 9778 rule: 'has(self.workloadType) && self.workloadType == ''Consensus'' 9779 ? (has(self.consensusSpec) || has(self.rsmSpec)) : !has(self.consensusSpec)' 9780 minItems: 1 9781 type: array 9782 x-kubernetes-list-map-keys: 9783 - name 9784 x-kubernetes-list-type: map 9785 connectionCredential: 9786 additionalProperties: 9787 type: string 9788 description: "Connection credential template used for creating a connection 9789 credential secret for cluster.apps.kubeblocks.io object. \n Built-in 9790 objects are: - `$(RANDOM_PASSWD)` - random 8 characters. - `$(UUID)` 9791 - generate a random UUID v4 string. - `$(UUID_B64)` - generate a 9792 random UUID v4 BASE64 encoded string. - `$(UUID_STR_B64)` - generate 9793 a random UUID v4 string then BASE64 encoded. - `$(UUID_HEX)` - generate 9794 a random UUID v4 HEX representation. - `$(HEADLESS_SVC_FQDN)` - 9795 headless service FQDN placeholder, value pattern - $(CLUSTER_NAME)-$(1ST_COMP_NAME)-headless.$(NAMESPACE).svc, 9796 where 1ST_COMP_NAME is the 1st component that provide `ClusterDefinition.spec.componentDefs[].service` 9797 attribute; - `$(SVC_FQDN)` - service FQDN placeholder, value pattern 9798 - $(CLUSTER_NAME)-$(1ST_COMP_NAME).$(NAMESPACE).svc, where 1ST_COMP_NAME 9799 is the 1st component that provide `ClusterDefinition.spec.componentDefs[].service` 9800 attribute; - `$(SVC_PORT_{PORT-NAME})` - a ServicePort's port value 9801 with specified port name, i.e, a servicePort JSON struct: `{\"name\": 9802 \"mysql\", \"targetPort\": \"mysqlContainerPort\", \"port\": 3306}`, 9803 and \"$(SVC_PORT_mysql)\" in the connection credential value is 9804 3306." 9805 type: object 9806 type: 9807 description: Cluster definition type defines well known application 9808 cluster type, e.g. mysql/redis/mongodb 9809 maxLength: 24 9810 pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ 9811 type: string 9812 required: 9813 - componentDefs 9814 type: object 9815 status: 9816 description: ClusterDefinitionStatus defines the observed state of ClusterDefinition 9817 properties: 9818 message: 9819 description: Extra message in current phase 9820 type: string 9821 observedGeneration: 9822 description: observedGeneration is the most recent generation observed 9823 for this ClusterDefinition. It corresponds to the ClusterDefinition's 9824 generation, which is updated on mutation by the API Server. 9825 format: int64 9826 type: integer 9827 phase: 9828 description: ClusterDefinition phase, valid values are `empty`, `Available`, 9829 'Unavailable`. Available is ClusterDefinition become available, 9830 and can be referenced for co-related objects. 9831 enum: 9832 - Available 9833 - Unavailable 9834 type: string 9835 type: object 9836 type: object 9837 served: true 9838 storage: true 9839 subresources: 9840 status: {}