github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/helm/crds/workloads.kubeblocks.io_replicatedstatemachines.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 controller-gen.kubebuilder.io/version: v0.12.1 6 labels: 7 app.kubernetes.io/name: kubeblocks 8 name: replicatedstatemachines.workloads.kubeblocks.io 9 spec: 10 group: workloads.kubeblocks.io 11 names: 12 categories: 13 - kubeblocks 14 - all 15 kind: ReplicatedStateMachine 16 listKind: ReplicatedStateMachineList 17 plural: replicatedstatemachines 18 shortNames: 19 - rsm 20 singular: replicatedstatemachine 21 scope: Namespaced 22 versions: 23 - additionalPrinterColumns: 24 - description: leader pod name. 25 jsonPath: .status.membersStatus[?(@.role.isLeader==true)].podName 26 name: LEADER 27 type: string 28 - description: ready replicas. 29 jsonPath: .status.readyReplicas 30 name: READY 31 type: string 32 - description: total replicas. 33 jsonPath: .status.replicas 34 name: REPLICAS 35 type: string 36 - jsonPath: .metadata.creationTimestamp 37 name: AGE 38 type: date 39 name: v1alpha1 40 schema: 41 openAPIV3Schema: 42 description: ReplicatedStateMachine is the Schema for the replicatedstatemachines 43 API. 44 properties: 45 apiVersion: 46 description: 'APIVersion defines the versioned schema of this representation 47 of an object. Servers should convert recognized schemas to the latest 48 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 49 type: string 50 kind: 51 description: 'Kind is a string value representing the REST resource this 52 object represents. Servers may infer this from the endpoint the client 53 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 54 type: string 55 metadata: 56 type: object 57 spec: 58 description: ReplicatedStateMachineSpec defines the desired state of ReplicatedStateMachine 59 properties: 60 alternativeServices: 61 description: AlternativeServices defines Alternative Services selector 62 pattern specifier. can be used for creating Readonly service. 63 items: 64 description: Service is a named abstraction of software service 65 (for example, mysql) consisting of local port (for example 3306) 66 that the proxy listens on, and the selector that determines which 67 pods will answer requests sent through the proxy. 68 properties: 69 apiVersion: 70 description: 'APIVersion defines the versioned schema of this 71 representation of an object. Servers should convert recognized 72 schemas to the latest internal value, and may reject unrecognized 73 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 74 type: string 75 kind: 76 description: 'Kind is a string value representing the REST resource 77 this object represents. Servers may infer this from the endpoint 78 the client submits requests to. Cannot be updated. In CamelCase. 79 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 80 type: string 81 metadata: 82 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 83 properties: 84 annotations: 85 additionalProperties: 86 type: string 87 type: object 88 finalizers: 89 items: 90 type: string 91 type: array 92 labels: 93 additionalProperties: 94 type: string 95 type: object 96 name: 97 type: string 98 namespace: 99 type: string 100 type: object 101 spec: 102 description: Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 103 properties: 104 allocateLoadBalancerNodePorts: 105 description: allocateLoadBalancerNodePorts defines if NodePorts 106 will be automatically allocated for services with type 107 LoadBalancer. Default is "true". It may be set to "false" 108 if the cluster load-balancer does not rely on NodePorts. If 109 the caller requests specific NodePorts (by specifying 110 a value), those requests will be respected, regardless 111 of this field. This field may only be set for services 112 with type LoadBalancer and will be cleared if the type 113 is changed to any other type. 114 type: boolean 115 clusterIP: 116 description: 'clusterIP is the IP address of the service 117 and is usually assigned randomly. If an address is specified 118 manually, is in-range (as per system configuration), and 119 is not in use, it will be allocated to the service; otherwise 120 creation of the service will fail. This field may not 121 be changed through updates unless the type field is also 122 being changed to ExternalName (which requires this field 123 to be blank) or the type field is being changed from ExternalName 124 (in which case this field may optionally be specified, 125 as describe above). Valid values are "None", empty string 126 (""), or a valid IP address. Setting this to "None" makes 127 a "headless service" (no virtual IP), which is useful 128 when direct endpoint connections are preferred and proxying 129 is not required. Only applies to types ClusterIP, NodePort, 130 and LoadBalancer. If this field is specified when creating 131 a Service of type ExternalName, creation will fail. This 132 field will be wiped when updating a Service to type ExternalName. 133 More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' 134 type: string 135 clusterIPs: 136 description: "ClusterIPs is a list of IP addresses assigned 137 to this service, and are usually assigned randomly. If 138 an address is specified manually, is in-range (as per 139 system configuration), and is not in use, it will be allocated 140 to the service; otherwise creation of the service will 141 fail. This field may not be changed through updates unless 142 the type field is also being changed to ExternalName (which 143 requires this field to be empty) or the type field is 144 being changed from ExternalName (in which case this field 145 may optionally be specified, as describe above). Valid 146 values are \"None\", empty string (\"\"), or a valid IP 147 address. Setting this to \"None\" makes a \"headless 148 service\" (no virtual IP), which is useful when direct 149 endpoint connections are preferred and proxying is not 150 required. Only applies to types ClusterIP, NodePort, 151 and LoadBalancer. If this field is specified when creating 152 a Service of type ExternalName, creation will fail. This 153 field will be wiped when updating a Service to type ExternalName. 154 \ If this field is not specified, it will be initialized 155 from the clusterIP field. If this field is specified, 156 clients must ensure that clusterIPs[0] and clusterIP have 157 the same value. \n This field may hold a maximum of two 158 entries (dual-stack IPs, in either order). These IPs must 159 correspond to the values of the ipFamilies field. Both 160 clusterIPs and ipFamilies are governed by the ipFamilyPolicy 161 field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" 162 items: 163 type: string 164 type: array 165 x-kubernetes-list-type: atomic 166 externalIPs: 167 description: externalIPs is a list of IP addresses for which 168 nodes in the cluster will also accept traffic for this 169 service. These IPs are not managed by Kubernetes. The 170 user is responsible for ensuring that traffic arrives 171 at a node with this IP. A common example is external 172 load-balancers that are not part of the Kubernetes system. 173 items: 174 type: string 175 type: array 176 externalName: 177 description: externalName is the external reference that 178 discovery mechanisms will return as an alias for this 179 service (e.g. a DNS CNAME record). No proxying will be 180 involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) 181 and requires `type` to be "ExternalName". 182 type: string 183 externalTrafficPolicy: 184 description: externalTrafficPolicy describes how nodes distribute 185 service traffic they receive on one of the Service's "externally-facing" 186 addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). 187 If set to "Local", the proxy will configure the service 188 in a way that assumes that external load balancers will 189 take care of balancing the service traffic between nodes, 190 and so each node will deliver traffic only to the node-local 191 endpoints of the service, without masquerading the client 192 source IP. (Traffic mistakenly sent to a node with no 193 endpoints will be dropped.) The default value, "Cluster", 194 uses the standard behavior of routing to all endpoints 195 evenly (possibly modified by topology and other features). 196 Note that traffic sent to an External IP or LoadBalancer 197 IP from within the cluster will always get "Cluster" semantics, 198 but clients sending to a NodePort from within the cluster 199 may need to take traffic policy into account when picking 200 a node. 201 type: string 202 healthCheckNodePort: 203 description: healthCheckNodePort specifies the healthcheck 204 nodePort for the service. This only applies when type 205 is set to LoadBalancer and externalTrafficPolicy is set 206 to Local. If a value is specified, is in-range, and is 207 not in use, it will be used. If not specified, a value 208 will be automatically allocated. External systems (e.g. 209 load-balancers) can use this port to determine if a given 210 node holds endpoints for this service or not. If this 211 field is specified when creating a Service which does 212 not need it, creation will fail. This field will be wiped 213 when updating a Service to no longer need it (e.g. changing 214 type). This field cannot be updated once set. 215 format: int32 216 type: integer 217 internalTrafficPolicy: 218 description: InternalTrafficPolicy describes how nodes distribute 219 service traffic they receive on the ClusterIP. If set 220 to "Local", the proxy will assume that pods only want 221 to talk to endpoints of the service on the same node as 222 the pod, dropping the traffic if there are no local endpoints. 223 The default value, "Cluster", uses the standard behavior 224 of routing to all endpoints evenly (possibly modified 225 by topology and other features). 226 type: string 227 ipFamilies: 228 description: "IPFamilies is a list of IP families (e.g. 229 IPv4, IPv6) assigned to this service. This field is usually 230 assigned automatically based on cluster configuration 231 and the ipFamilyPolicy field. If this field is specified 232 manually, the requested family is available in the cluster, 233 and ipFamilyPolicy allows it, it will be used; otherwise 234 creation of the service will fail. This field is conditionally 235 mutable: it allows for adding or removing a secondary 236 IP family, but it does not allow changing the primary 237 IP family of the Service. Valid values are \"IPv4\" and 238 \"IPv6\". This field only applies to Services of types 239 ClusterIP, NodePort, and LoadBalancer, and does apply 240 to \"headless\" services. This field will be wiped when 241 updating a Service to type ExternalName. \n This field 242 may hold a maximum of two entries (dual-stack families, 243 in either order). These families must correspond to the 244 values of the clusterIPs field, if specified. Both clusterIPs 245 and ipFamilies are governed by the ipFamilyPolicy field." 246 items: 247 description: IPFamily represents the IP Family (IPv4 or 248 IPv6). This type is used to express the family of an 249 IP expressed by a type (e.g. service.spec.ipFamilies). 250 type: string 251 type: array 252 x-kubernetes-list-type: atomic 253 ipFamilyPolicy: 254 description: IPFamilyPolicy represents the dual-stack-ness 255 requested or required by this Service. If there is no 256 value provided, then this field will be set to SingleStack. 257 Services can be "SingleStack" (a single IP family), "PreferDualStack" 258 (two IP families on dual-stack configured clusters or 259 a single IP family on single-stack clusters), or "RequireDualStack" 260 (two IP families on dual-stack configured clusters, otherwise 261 fail). The ipFamilies and clusterIPs fields depend on 262 the value of this field. This field will be wiped when 263 updating a service to type ExternalName. 264 type: string 265 loadBalancerClass: 266 description: loadBalancerClass is the class of the load 267 balancer implementation this Service belongs to. If specified, 268 the value of this field must be a label-style identifier, 269 with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". 270 Unprefixed names are reserved for end-users. This field 271 can only be set when the Service type is 'LoadBalancer'. 272 If not set, the default load balancer implementation is 273 used, today this is typically done through the cloud provider 274 integration, but should apply for any default implementation. 275 If set, it is assumed that a load balancer implementation 276 is watching for Services with a matching class. Any default 277 load balancer implementation (e.g. cloud providers) should 278 ignore Services that set this field. This field can only 279 be set when creating or updating a Service to type 'LoadBalancer'. 280 Once set, it can not be changed. This field will be wiped 281 when a service is updated to a non 'LoadBalancer' type. 282 type: string 283 loadBalancerIP: 284 description: 'Only applies to Service Type: LoadBalancer. 285 This feature depends on whether the underlying cloud-provider 286 supports specifying the loadBalancerIP when a load balancer 287 is created. This field will be ignored if the cloud-provider 288 does not support the feature. Deprecated: This field was 289 under-specified and its meaning varies across implementations. 290 Using it is non-portable and it may not support dual-stack. 291 Users are encouraged to use implementation-specific annotations 292 when available.' 293 type: string 294 loadBalancerSourceRanges: 295 description: 'If specified and supported by the platform, 296 this will restrict traffic through the cloud-provider 297 load-balancer will be restricted to the specified client 298 IPs. This field will be ignored if the cloud-provider 299 does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' 300 items: 301 type: string 302 type: array 303 ports: 304 description: 'The list of ports that are exposed by this 305 service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' 306 items: 307 description: ServicePort contains information on service's 308 port. 309 properties: 310 appProtocol: 311 description: "The application protocol for this port. 312 This is used as a hint for implementations to offer 313 richer behavior for protocols that they understand. 314 This field follows standard Kubernetes label syntax. 315 Valid values are either: \n * Un-prefixed protocol 316 names - reserved for IANA standard service names 317 (as per RFC-6335 and https://www.iana.org/assignments/service-names). 318 \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' 319 - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 320 * 'kubernetes.io/ws' - WebSocket over cleartext 321 as described in https://www.rfc-editor.org/rfc/rfc6455 322 * 'kubernetes.io/wss' - WebSocket over TLS as described 323 in https://www.rfc-editor.org/rfc/rfc6455 \n * Other 324 protocols should use implementation-defined prefixed 325 names such as mycompany.com/my-custom-protocol." 326 type: string 327 name: 328 description: The name of this port within the service. 329 This must be a DNS_LABEL. All ports within a ServiceSpec 330 must have unique names. When considering the endpoints 331 for a Service, this must match the 'name' field 332 in the EndpointPort. Optional if only one ServicePort 333 is defined on this service. 334 type: string 335 nodePort: 336 description: 'The port on each node on which this 337 service is exposed when type is NodePort or LoadBalancer. Usually 338 assigned by the system. If a value is specified, 339 in-range, and not in use it will be used, otherwise 340 the operation will fail. If not specified, a port 341 will be allocated if this Service requires one. If 342 this field is specified when creating a Service 343 which does not need it, creation will fail. This 344 field will be wiped when updating a Service to no 345 longer need it (e.g. changing type from NodePort 346 to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' 347 format: int32 348 type: integer 349 port: 350 description: The port that will be exposed by this 351 service. 352 format: int32 353 type: integer 354 protocol: 355 default: TCP 356 description: The IP protocol for this port. Supports 357 "TCP", "UDP", and "SCTP". Default is TCP. 358 type: string 359 targetPort: 360 anyOf: 361 - type: integer 362 - type: string 363 description: 'Number or name of the port to access 364 on the pods targeted by the service. Number must 365 be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 366 If this is a string, it will be looked up as a named 367 port in the target Pod''s container ports. If this 368 is not specified, the value of the ''port'' field 369 is used (an identity map). This field is ignored 370 for services with clusterIP=None, and should be 371 omitted or set equal to the ''port'' field. More 372 info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' 373 x-kubernetes-int-or-string: true 374 required: 375 - port 376 type: object 377 type: array 378 x-kubernetes-list-map-keys: 379 - port 380 - protocol 381 x-kubernetes-list-type: map 382 publishNotReadyAddresses: 383 description: publishNotReadyAddresses indicates that any 384 agent which deals with endpoints for this Service should 385 disregard any indications of ready/not-ready. The primary 386 use case for setting this field is for a StatefulSet's 387 Headless Service to propagate SRV DNS records for its 388 Pods for the purpose of peer discovery. The Kubernetes 389 controllers that generate Endpoints and EndpointSlice 390 resources for Services interpret this to mean that all 391 endpoints are considered "ready" even if the Pods themselves 392 are not. Agents which consume only Kubernetes generated 393 endpoints through the Endpoints or EndpointSlice resources 394 can safely assume this behavior. 395 type: boolean 396 selector: 397 additionalProperties: 398 type: string 399 description: 'Route service traffic to pods with label keys 400 and values matching this selector. If empty or not present, 401 the service is assumed to have an external process managing 402 its endpoints, which Kubernetes will not modify. Only 403 applies to types ClusterIP, NodePort, and LoadBalancer. 404 Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' 405 type: object 406 x-kubernetes-map-type: atomic 407 sessionAffinity: 408 description: 'Supports "ClientIP" and "None". Used to maintain 409 session affinity. Enable client IP based session affinity. 410 Must be ClientIP or None. Defaults to None. More info: 411 https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' 412 type: string 413 sessionAffinityConfig: 414 description: sessionAffinityConfig contains the configurations 415 of session affinity. 416 properties: 417 clientIP: 418 description: clientIP contains the configurations of 419 Client IP based session affinity. 420 properties: 421 timeoutSeconds: 422 description: timeoutSeconds specifies the seconds 423 of ClientIP type session sticky time. The value 424 must be >0 && <=86400(for 1 day) if ServiceAffinity 425 == "ClientIP". Default value is 10800(for 3 hours). 426 format: int32 427 type: integer 428 type: object 429 type: object 430 type: 431 description: 'type determines how the Service is exposed. 432 Defaults to ClusterIP. Valid options are ExternalName, 433 ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates 434 a cluster-internal IP address for load-balancing to endpoints. 435 Endpoints are determined by the selector or if that is 436 not specified, by manual construction of an Endpoints 437 object or EndpointSlice objects. If clusterIP is "None", 438 no virtual IP is allocated and the endpoints are published 439 as a set of endpoints rather than a virtual IP. "NodePort" 440 builds on ClusterIP and allocates a port on every node 441 which routes to the same endpoints as the clusterIP. "LoadBalancer" 442 builds on NodePort and creates an external load-balancer 443 (if supported in the current cloud) which routes to the 444 same endpoints as the clusterIP. "ExternalName" aliases 445 this service to the specified externalName. Several other 446 fields do not apply to ExternalName services. More info: 447 https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' 448 type: string 449 type: object 450 status: 451 description: 'Most recently observed status of the service. 452 Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 453 properties: 454 conditions: 455 description: Current service state 456 items: 457 description: "Condition contains details for one aspect 458 of the current state of this API Resource. --- This 459 struct is intended for direct use as an array at the 460 field path .status.conditions. For example, \n type 461 FooStatus struct{ // Represents the observations of 462 a foo's current state. // Known .status.conditions.type 463 are: \"Available\", \"Progressing\", and \"Degraded\" 464 // +patchMergeKey=type // +patchStrategy=merge // +listType=map 465 // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" 466 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` 467 \n // other fields }" 468 properties: 469 lastTransitionTime: 470 description: lastTransitionTime is the last time the 471 condition transitioned from one status to another. 472 This should be when the underlying condition changed. If 473 that is not known, then using the time when the 474 API field changed is acceptable. 475 format: date-time 476 type: string 477 message: 478 description: message is a human readable message indicating 479 details about the transition. This may be an empty 480 string. 481 maxLength: 32768 482 type: string 483 observedGeneration: 484 description: observedGeneration represents the .metadata.generation 485 that the condition was set based upon. For instance, 486 if .metadata.generation is currently 12, but the 487 .status.conditions[x].observedGeneration is 9, the 488 condition is out of date with respect to the current 489 state of the instance. 490 format: int64 491 minimum: 0 492 type: integer 493 reason: 494 description: reason contains a programmatic identifier 495 indicating the reason for the condition's last transition. 496 Producers of specific condition types may define 497 expected values and meanings for this field, and 498 whether the values are considered a guaranteed API. 499 The value should be a CamelCase string. This field 500 may not be empty. 501 maxLength: 1024 502 minLength: 1 503 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 504 type: string 505 status: 506 description: status of the condition, one of True, 507 False, Unknown. 508 enum: 509 - "True" 510 - "False" 511 - Unknown 512 type: string 513 type: 514 description: type of condition in CamelCase or in 515 foo.example.com/CamelCase. --- Many .condition.type 516 values are consistent across resources like Available, 517 but because arbitrary conditions can be useful (see 518 .node.status.conditions), the ability to deconflict 519 is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) 520 maxLength: 316 521 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 522 type: string 523 required: 524 - lastTransitionTime 525 - message 526 - reason 527 - status 528 - type 529 type: object 530 type: array 531 x-kubernetes-list-map-keys: 532 - type 533 x-kubernetes-list-type: map 534 loadBalancer: 535 description: LoadBalancer contains the current status of 536 the load-balancer, if one is present. 537 properties: 538 ingress: 539 description: Ingress is a list containing ingress points 540 for the load-balancer. Traffic intended for the service 541 should be sent to these ingress points. 542 items: 543 description: 'LoadBalancerIngress represents the status 544 of a load-balancer ingress point: traffic intended 545 for the service should be sent to an ingress point.' 546 properties: 547 hostname: 548 description: Hostname is set for load-balancer 549 ingress points that are DNS based (typically 550 AWS load-balancers) 551 type: string 552 ip: 553 description: IP is set for load-balancer ingress 554 points that are IP based (typically GCE or OpenStack 555 load-balancers) 556 type: string 557 ports: 558 description: Ports is a list of records of service 559 ports If used, every port defined in the service 560 should have an entry in it 561 items: 562 properties: 563 error: 564 description: 'Error is to record the problem 565 with the service port The format of the 566 error shall comply with the following 567 rules: - built-in error values shall be 568 specified in this file and those shall 569 use CamelCase names - cloud provider specific 570 error values must have names that comply 571 with the format foo.example.com/CamelCase. 572 --- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' 573 maxLength: 316 574 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 575 type: string 576 port: 577 description: Port is the port number of 578 the service port of which status is recorded 579 here 580 format: int32 581 type: integer 582 protocol: 583 default: TCP 584 description: 'Protocol is the protocol of 585 the service port of which status is recorded 586 here The supported values are: "TCP", 587 "UDP", "SCTP"' 588 type: string 589 required: 590 - port 591 - protocol 592 type: object 593 type: array 594 x-kubernetes-list-type: atomic 595 type: object 596 type: array 597 type: object 598 type: object 599 type: object 600 type: array 601 credential: 602 description: Credential used to connect to DB engine 603 properties: 604 password: 605 description: Password variable name will be KB_RSM_PASSWORD 606 properties: 607 value: 608 description: 'Variable references $(VAR_NAME) are expanded 609 using the previously defined environment variables in the 610 container and any service environment variables. If a variable 611 cannot be resolved, the reference in the input string will 612 be unchanged. Double $$ are reduced to a single $, which 613 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 614 will produce the string literal "$(VAR_NAME)". Escaped references 615 will never be expanded, regardless of whether the variable 616 exists or not. Defaults to "".' 617 type: string 618 valueFrom: 619 description: Source for the environment variable's value. 620 Cannot be used if value is not empty. 621 properties: 622 configMapKeyRef: 623 description: Selects a key of a ConfigMap. 624 properties: 625 key: 626 description: The key to select. 627 type: string 628 name: 629 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 630 TODO: Add other useful fields. apiVersion, kind, 631 uid?' 632 type: string 633 optional: 634 description: Specify whether the ConfigMap or its 635 key must be defined 636 type: boolean 637 required: 638 - key 639 type: object 640 x-kubernetes-map-type: atomic 641 fieldRef: 642 description: 'Selects a field of the pod: supports metadata.name, 643 metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 644 spec.nodeName, spec.serviceAccountName, status.hostIP, 645 status.podIP, status.podIPs.' 646 properties: 647 apiVersion: 648 description: Version of the schema the FieldPath is 649 written in terms of, defaults to "v1". 650 type: string 651 fieldPath: 652 description: Path of the field to select in the specified 653 API version. 654 type: string 655 required: 656 - fieldPath 657 type: object 658 x-kubernetes-map-type: atomic 659 resourceFieldRef: 660 description: 'Selects a resource of the container: only 661 resources limits and requests (limits.cpu, limits.memory, 662 limits.ephemeral-storage, requests.cpu, requests.memory 663 and requests.ephemeral-storage) are currently supported.' 664 properties: 665 containerName: 666 description: 'Container name: required for volumes, 667 optional for env vars' 668 type: string 669 divisor: 670 anyOf: 671 - type: integer 672 - type: string 673 description: Specifies the output format of the exposed 674 resources, defaults to "1" 675 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 676 x-kubernetes-int-or-string: true 677 resource: 678 description: 'Required: resource to select' 679 type: string 680 required: 681 - resource 682 type: object 683 x-kubernetes-map-type: atomic 684 secretKeyRef: 685 description: Selects a key of a secret in the pod's namespace 686 properties: 687 key: 688 description: The key of the secret to select from. Must 689 be a valid secret key. 690 type: string 691 name: 692 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 693 TODO: Add other useful fields. apiVersion, kind, 694 uid?' 695 type: string 696 optional: 697 description: Specify whether the Secret or its key 698 must be defined 699 type: boolean 700 required: 701 - key 702 type: object 703 x-kubernetes-map-type: atomic 704 type: object 705 type: object 706 username: 707 description: Username variable name will be KB_RSM_USERNAME 708 properties: 709 value: 710 description: 'Variable references $(VAR_NAME) are expanded 711 using the previously defined environment variables in the 712 container and any service environment variables. If a variable 713 cannot be resolved, the reference in the input string will 714 be unchanged. Double $$ are reduced to a single $, which 715 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 716 will produce the string literal "$(VAR_NAME)". Escaped references 717 will never be expanded, regardless of whether the variable 718 exists or not. Defaults to "".' 719 type: string 720 valueFrom: 721 description: Source for the environment variable's value. 722 Cannot be used if value is not empty. 723 properties: 724 configMapKeyRef: 725 description: Selects a key of a ConfigMap. 726 properties: 727 key: 728 description: The key to select. 729 type: string 730 name: 731 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 732 TODO: Add other useful fields. apiVersion, kind, 733 uid?' 734 type: string 735 optional: 736 description: Specify whether the ConfigMap or its 737 key must be defined 738 type: boolean 739 required: 740 - key 741 type: object 742 x-kubernetes-map-type: atomic 743 fieldRef: 744 description: 'Selects a field of the pod: supports metadata.name, 745 metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 746 spec.nodeName, spec.serviceAccountName, status.hostIP, 747 status.podIP, status.podIPs.' 748 properties: 749 apiVersion: 750 description: Version of the schema the FieldPath is 751 written in terms of, defaults to "v1". 752 type: string 753 fieldPath: 754 description: Path of the field to select in the specified 755 API version. 756 type: string 757 required: 758 - fieldPath 759 type: object 760 x-kubernetes-map-type: atomic 761 resourceFieldRef: 762 description: 'Selects a resource of the container: only 763 resources limits and requests (limits.cpu, limits.memory, 764 limits.ephemeral-storage, requests.cpu, requests.memory 765 and requests.ephemeral-storage) are currently supported.' 766 properties: 767 containerName: 768 description: 'Container name: required for volumes, 769 optional for env vars' 770 type: string 771 divisor: 772 anyOf: 773 - type: integer 774 - type: string 775 description: Specifies the output format of the exposed 776 resources, defaults to "1" 777 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 778 x-kubernetes-int-or-string: true 779 resource: 780 description: 'Required: resource to select' 781 type: string 782 required: 783 - resource 784 type: object 785 x-kubernetes-map-type: atomic 786 secretKeyRef: 787 description: Selects a key of a secret in the pod's namespace 788 properties: 789 key: 790 description: The key of the secret to select from. Must 791 be a valid secret key. 792 type: string 793 name: 794 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 795 TODO: Add other useful fields. apiVersion, kind, 796 uid?' 797 type: string 798 optional: 799 description: Specify whether the Secret or its key 800 must be defined 801 type: boolean 802 required: 803 - key 804 type: object 805 x-kubernetes-map-type: atomic 806 type: object 807 type: object 808 required: 809 - password 810 - username 811 type: object 812 memberUpdateStrategy: 813 description: 'MemberUpdateStrategy, Members(Pods) update strategy. 814 serial: update Members one by one that guarantee minimum component 815 unavailable time. Learner -> Follower(with AccessMode=none) -> Follower(with 816 AccessMode=readonly) -> Follower(with AccessMode=readWrite) -> Leader 817 bestEffortParallel: update Members in parallel that guarantee minimum 818 component un-writable time. Learner, Follower(minority) in parallel 819 -> Follower(majority) -> Leader, keep majority online all the time. 820 parallel: force parallel' 821 enum: 822 - Serial 823 - BestEffortParallel 824 - Parallel 825 type: string 826 membershipReconfiguration: 827 description: MembershipReconfiguration provides actions to do membership 828 dynamic reconfiguration. 829 properties: 830 logSyncAction: 831 description: LogSyncAction specifies how to trigger the new member 832 to start log syncing previous none-nil action's Image wil be 833 used if not configured 834 properties: 835 command: 836 description: Command will be executed in Container to retrieve 837 or process role info 838 items: 839 type: string 840 type: array 841 image: 842 description: utility image contains command that can be used 843 to retrieve of process role info 844 type: string 845 required: 846 - command 847 type: object 848 memberJoinAction: 849 description: MemberJoinAction specifies how to add member previous 850 none-nil action's Image wil be used if not configured 851 properties: 852 command: 853 description: Command will be executed in Container to retrieve 854 or process role info 855 items: 856 type: string 857 type: array 858 image: 859 description: utility image contains command that can be used 860 to retrieve of process role info 861 type: string 862 required: 863 - command 864 type: object 865 memberLeaveAction: 866 description: MemberLeaveAction specifies how to remove member 867 previous none-nil action's Image wil be used if not configured 868 properties: 869 command: 870 description: Command will be executed in Container to retrieve 871 or process role info 872 items: 873 type: string 874 type: array 875 image: 876 description: utility image contains command that can be used 877 to retrieve of process role info 878 type: string 879 required: 880 - command 881 type: object 882 promoteAction: 883 description: PromoteAction specifies how to tell the cluster that 884 the new member can join voting now previous none-nil action's 885 Image wil be used if not configured 886 properties: 887 command: 888 description: Command will be executed in Container to retrieve 889 or process role info 890 items: 891 type: string 892 type: array 893 image: 894 description: utility image contains command that can be used 895 to retrieve of process role info 896 type: string 897 required: 898 - command 899 type: object 900 switchoverAction: 901 description: SwitchoverAction specifies how to do switchover latest 902 [BusyBox](https://busybox.net/) image will be used if Image 903 not configured 904 properties: 905 command: 906 description: Command will be executed in Container to retrieve 907 or process role info 908 items: 909 type: string 910 type: array 911 image: 912 description: utility image contains command that can be used 913 to retrieve of process role info 914 type: string 915 required: 916 - command 917 type: object 918 type: object 919 paused: 920 description: Paused indicates that the rsm is paused, means the reconciliation 921 of this rsm object will be paused. 922 type: boolean 923 podManagementPolicy: 924 description: podManagementPolicy controls how pods are created during 925 initial scale up, when replacing pods on nodes, or when scaling 926 down. The default policy is `OrderedReady`, where pods are created 927 in increasing order (pod-0, then pod-1, etc) and the controller 928 will wait until each pod is ready before continuing. When scaling 929 down, the pods are removed in the opposite order. The alternative 930 policy is `Parallel` which will create pods in parallel to match 931 the desired scale without waiting, and on scale down will delete 932 all pods at once. 933 type: string 934 replicas: 935 default: 1 936 description: replicas is the desired number of replicas of the given 937 Template. These are replicas in the sense that they are instantiations 938 of the same Template, but individual replicas also have a consistent 939 identity. If unspecified, defaults to 1. 940 format: int32 941 minimum: 0 942 type: integer 943 roleProbe: 944 description: RoleProbe provides method to probe role. 945 properties: 946 builtinHandlerName: 947 description: 'BuiltinHandler specifies the builtin handler name 948 to use to probe the role of the main container. current available 949 handlers: mysql, postgres, mongodb, redis, etcd, kafka. use 950 CustomHandler to define your own role probe function if none 951 of them satisfies the requirement.' 952 type: string 953 customHandler: 954 description: "CustomHandler defines the custom way to do role 955 probe. if the BuiltinHandler satisfies the requirement, use 956 it instead. \n how the actions defined here works: \n Actions 957 will be taken in serial. after all actions done, the final output 958 should be a single string of the role name defined in spec.Roles 959 latest [BusyBox](https://busybox.net/) image will be used if 960 Image not configured Environment variables can be used in Command: 961 - v_KB_RSM_LAST_STDOUT stdout from last action, watch 'v_' prefixed 962 - KB_RSM_USERNAME username part of credential - KB_RSM_PASSWORD 963 password part of credential" 964 items: 965 properties: 966 command: 967 description: Command will be executed in Container to retrieve 968 or process role info 969 items: 970 type: string 971 type: array 972 image: 973 description: utility image contains command that can be 974 used to retrieve of process role info 975 type: string 976 required: 977 - command 978 type: object 979 type: array 980 failureThreshold: 981 default: 3 982 description: Minimum consecutive failures for the probe to be 983 considered failed after having succeeded. Defaults to 3. Minimum 984 value is 1. 985 format: int32 986 minimum: 1 987 type: integer 988 initialDelaySeconds: 989 default: 0 990 description: Number of seconds after the container has started 991 before role probe has started. 992 format: int32 993 minimum: 0 994 type: integer 995 periodSeconds: 996 default: 2 997 description: How often (in seconds) to perform the probe. Default 998 to 2 seconds. Minimum value is 1. 999 format: int32 1000 minimum: 1 1001 type: integer 1002 roleUpdateMechanism: 1003 default: ReadinessProbeEventUpdate 1004 description: RoleUpdateMechanism specifies the way how pod role 1005 label being updated. 1006 enum: 1007 - ReadinessProbeEventUpdate 1008 - DirectAPIServerEventUpdate 1009 type: string 1010 successThreshold: 1011 default: 1 1012 description: Minimum consecutive successes for the probe to be 1013 considered successful after having failed. Defaults to 1. Minimum 1014 value is 1. 1015 format: int32 1016 minimum: 1 1017 type: integer 1018 timeoutSeconds: 1019 default: 1 1020 description: Number of seconds after which the probe times out. 1021 Defaults to 1 second. Minimum value is 1. 1022 format: int32 1023 minimum: 1 1024 type: integer 1025 type: object 1026 roles: 1027 description: Roles, a list of roles defined in the system. 1028 items: 1029 properties: 1030 accessMode: 1031 default: ReadWrite 1032 description: AccessMode, what service this member capable. 1033 enum: 1034 - None 1035 - Readonly 1036 - ReadWrite 1037 type: string 1038 canVote: 1039 default: true 1040 description: CanVote, whether this member has voting rights 1041 type: boolean 1042 isLeader: 1043 default: false 1044 description: IsLeader, whether this member is the leader 1045 type: boolean 1046 name: 1047 default: leader 1048 description: Name, role name. 1049 type: string 1050 required: 1051 - accessMode 1052 - name 1053 type: object 1054 type: array 1055 selector: 1056 description: 'selector is a label query over pods that should match 1057 the replica count. It must match the pod template''s labels. More 1058 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' 1059 properties: 1060 matchExpressions: 1061 description: matchExpressions is a list of label selector requirements. 1062 The requirements are ANDed. 1063 items: 1064 description: A label selector requirement is a selector that 1065 contains values, a key, and an operator that relates the key 1066 and values. 1067 properties: 1068 key: 1069 description: key is the label key that the selector applies 1070 to. 1071 type: string 1072 operator: 1073 description: operator represents a key's relationship to 1074 a set of values. Valid operators are In, NotIn, Exists 1075 and DoesNotExist. 1076 type: string 1077 values: 1078 description: values is an array of string values. If the 1079 operator is In or NotIn, the values array must be non-empty. 1080 If the operator is Exists or DoesNotExist, the values 1081 array must be empty. This array is replaced during a strategic 1082 merge patch. 1083 items: 1084 type: string 1085 type: array 1086 required: 1087 - key 1088 - operator 1089 type: object 1090 type: array 1091 matchLabels: 1092 additionalProperties: 1093 type: string 1094 description: matchLabels is a map of {key,value} pairs. A single 1095 {key,value} in the matchLabels map is equivalent to an element 1096 of matchExpressions, whose key field is "key", the operator 1097 is "In", and the values array contains only "value". The requirements 1098 are ANDed. 1099 type: object 1100 type: object 1101 x-kubernetes-map-type: atomic 1102 service: 1103 description: service defines the behavior of a service spec. provides 1104 read-write service https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 1105 properties: 1106 apiVersion: 1107 description: 'APIVersion defines the versioned schema of this 1108 representation of an object. Servers should convert recognized 1109 schemas to the latest internal value, and may reject unrecognized 1110 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1111 type: string 1112 kind: 1113 description: 'Kind is a string value representing the REST resource 1114 this object represents. Servers may infer this from the endpoint 1115 the client submits requests to. Cannot be updated. In CamelCase. 1116 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1117 type: string 1118 metadata: 1119 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 1120 properties: 1121 annotations: 1122 additionalProperties: 1123 type: string 1124 type: object 1125 finalizers: 1126 items: 1127 type: string 1128 type: array 1129 labels: 1130 additionalProperties: 1131 type: string 1132 type: object 1133 name: 1134 type: string 1135 namespace: 1136 type: string 1137 type: object 1138 spec: 1139 description: Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 1140 properties: 1141 allocateLoadBalancerNodePorts: 1142 description: allocateLoadBalancerNodePorts defines if NodePorts 1143 will be automatically allocated for services with type LoadBalancer. Default 1144 is "true". It may be set to "false" if the cluster load-balancer 1145 does not rely on NodePorts. If the caller requests specific 1146 NodePorts (by specifying a value), those requests will be 1147 respected, regardless of this field. This field may only 1148 be set for services with type LoadBalancer and will be cleared 1149 if the type is changed to any other type. 1150 type: boolean 1151 clusterIP: 1152 description: 'clusterIP is the IP address of the service and 1153 is usually assigned randomly. If an address is specified 1154 manually, is in-range (as per system configuration), and 1155 is not in use, it will be allocated to the service; otherwise 1156 creation of the service will fail. This field may not be 1157 changed through updates unless the type field is also being 1158 changed to ExternalName (which requires this field to be 1159 blank) or the type field is being changed from ExternalName 1160 (in which case this field may optionally be specified, as 1161 describe above). Valid values are "None", empty string 1162 (""), or a valid IP address. Setting this to "None" makes 1163 a "headless service" (no virtual IP), which is useful when 1164 direct endpoint connections are preferred and proxying is 1165 not required. Only applies to types ClusterIP, NodePort, 1166 and LoadBalancer. If this field is specified when creating 1167 a Service of type ExternalName, creation will fail. This 1168 field will be wiped when updating a Service to type ExternalName. 1169 More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' 1170 type: string 1171 clusterIPs: 1172 description: "ClusterIPs is a list of IP addresses assigned 1173 to this service, and are usually assigned randomly. If 1174 an address is specified manually, is in-range (as per system 1175 configuration), and is not in use, it will be allocated 1176 to the service; otherwise creation of the service will fail. 1177 This field may not be changed through updates unless the 1178 type field is also being changed to ExternalName (which 1179 requires this field to be empty) or the type field is being 1180 changed from ExternalName (in which case this field may 1181 optionally be specified, as describe above). Valid values 1182 are \"None\", empty string (\"\"), or a valid IP address. 1183 \ Setting this to \"None\" makes a \"headless service\" 1184 (no virtual IP), which is useful when direct endpoint connections 1185 are preferred and proxying is not required. Only applies 1186 to types ClusterIP, NodePort, and LoadBalancer. If this 1187 field is specified when creating a Service of type ExternalName, 1188 creation will fail. This field will be wiped when updating 1189 a Service to type ExternalName. If this field is not specified, 1190 it will be initialized from the clusterIP field. If this 1191 field is specified, clients must ensure that clusterIPs[0] 1192 and clusterIP have the same value. \n This field may hold 1193 a maximum of two entries (dual-stack IPs, in either order). 1194 These IPs must correspond to the values of the ipFamilies 1195 field. Both clusterIPs and ipFamilies are governed by the 1196 ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" 1197 items: 1198 type: string 1199 type: array 1200 x-kubernetes-list-type: atomic 1201 externalIPs: 1202 description: externalIPs is a list of IP addresses for which 1203 nodes in the cluster will also accept traffic for this service. These 1204 IPs are not managed by Kubernetes. The user is responsible 1205 for ensuring that traffic arrives at a node with this IP. A 1206 common example is external load-balancers that are not part 1207 of the Kubernetes system. 1208 items: 1209 type: string 1210 type: array 1211 externalName: 1212 description: externalName is the external reference that discovery 1213 mechanisms will return as an alias for this service (e.g. 1214 a DNS CNAME record). No proxying will be involved. Must 1215 be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) 1216 and requires `type` to be "ExternalName". 1217 type: string 1218 externalTrafficPolicy: 1219 description: externalTrafficPolicy describes how nodes distribute 1220 service traffic they receive on one of the Service's "externally-facing" 1221 addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). 1222 If set to "Local", the proxy will configure the service 1223 in a way that assumes that external load balancers will 1224 take care of balancing the service traffic between nodes, 1225 and so each node will deliver traffic only to the node-local 1226 endpoints of the service, without masquerading the client 1227 source IP. (Traffic mistakenly sent to a node with no endpoints 1228 will be dropped.) The default value, "Cluster", uses the 1229 standard behavior of routing to all endpoints evenly (possibly 1230 modified by topology and other features). Note that traffic 1231 sent to an External IP or LoadBalancer IP from within the 1232 cluster will always get "Cluster" semantics, but clients 1233 sending to a NodePort from within the cluster may need to 1234 take traffic policy into account when picking a node. 1235 type: string 1236 healthCheckNodePort: 1237 description: healthCheckNodePort specifies the healthcheck 1238 nodePort for the service. This only applies when type is 1239 set to LoadBalancer and externalTrafficPolicy is set to 1240 Local. If a value is specified, is in-range, and is not 1241 in use, it will be used. If not specified, a value will 1242 be automatically allocated. External systems (e.g. load-balancers) 1243 can use this port to determine if a given node holds endpoints 1244 for this service or not. If this field is specified when 1245 creating a Service which does not need it, creation will 1246 fail. This field will be wiped when updating a Service to 1247 no longer need it (e.g. changing type). This field cannot 1248 be updated once set. 1249 format: int32 1250 type: integer 1251 internalTrafficPolicy: 1252 description: InternalTrafficPolicy describes how nodes distribute 1253 service traffic they receive on the ClusterIP. If set to 1254 "Local", the proxy will assume that pods only want to talk 1255 to endpoints of the service on the same node as the pod, 1256 dropping the traffic if there are no local endpoints. The 1257 default value, "Cluster", uses the standard behavior of 1258 routing to all endpoints evenly (possibly modified by topology 1259 and other features). 1260 type: string 1261 ipFamilies: 1262 description: "IPFamilies is a list of IP families (e.g. IPv4, 1263 IPv6) assigned to this service. This field is usually assigned 1264 automatically based on cluster configuration and the ipFamilyPolicy 1265 field. If this field is specified manually, the requested 1266 family is available in the cluster, and ipFamilyPolicy allows 1267 it, it will be used; otherwise creation of the service will 1268 fail. This field is conditionally mutable: it allows for 1269 adding or removing a secondary IP family, but it does not 1270 allow changing the primary IP family of the Service. Valid 1271 values are \"IPv4\" and \"IPv6\". This field only applies 1272 to Services of types ClusterIP, NodePort, and LoadBalancer, 1273 and does apply to \"headless\" services. This field will 1274 be wiped when updating a Service to type ExternalName. \n 1275 This field may hold a maximum of two entries (dual-stack 1276 families, in either order). These families must correspond 1277 to the values of the clusterIPs field, if specified. Both 1278 clusterIPs and ipFamilies are governed by the ipFamilyPolicy 1279 field." 1280 items: 1281 description: IPFamily represents the IP Family (IPv4 or 1282 IPv6). This type is used to express the family of an IP 1283 expressed by a type (e.g. service.spec.ipFamilies). 1284 type: string 1285 type: array 1286 x-kubernetes-list-type: atomic 1287 ipFamilyPolicy: 1288 description: IPFamilyPolicy represents the dual-stack-ness 1289 requested or required by this Service. If there is no value 1290 provided, then this field will be set to SingleStack. Services 1291 can be "SingleStack" (a single IP family), "PreferDualStack" 1292 (two IP families on dual-stack configured clusters or a 1293 single IP family on single-stack clusters), or "RequireDualStack" 1294 (two IP families on dual-stack configured clusters, otherwise 1295 fail). The ipFamilies and clusterIPs fields depend on the 1296 value of this field. This field will be wiped when updating 1297 a service to type ExternalName. 1298 type: string 1299 loadBalancerClass: 1300 description: loadBalancerClass is the class of the load balancer 1301 implementation this Service belongs to. If specified, the 1302 value of this field must be a label-style identifier, with 1303 an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". 1304 Unprefixed names are reserved for end-users. This field 1305 can only be set when the Service type is 'LoadBalancer'. 1306 If not set, the default load balancer implementation is 1307 used, today this is typically done through the cloud provider 1308 integration, but should apply for any default implementation. 1309 If set, it is assumed that a load balancer implementation 1310 is watching for Services with a matching class. Any default 1311 load balancer implementation (e.g. cloud providers) should 1312 ignore Services that set this field. This field can only 1313 be set when creating or updating a Service to type 'LoadBalancer'. 1314 Once set, it can not be changed. This field will be wiped 1315 when a service is updated to a non 'LoadBalancer' type. 1316 type: string 1317 loadBalancerIP: 1318 description: 'Only applies to Service Type: LoadBalancer. 1319 This feature depends on whether the underlying cloud-provider 1320 supports specifying the loadBalancerIP when a load balancer 1321 is created. This field will be ignored if the cloud-provider 1322 does not support the feature. Deprecated: This field was 1323 under-specified and its meaning varies across implementations. 1324 Using it is non-portable and it may not support dual-stack. 1325 Users are encouraged to use implementation-specific annotations 1326 when available.' 1327 type: string 1328 loadBalancerSourceRanges: 1329 description: 'If specified and supported by the platform, 1330 this will restrict traffic through the cloud-provider load-balancer 1331 will be restricted to the specified client IPs. This field 1332 will be ignored if the cloud-provider does not support the 1333 feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' 1334 items: 1335 type: string 1336 type: array 1337 ports: 1338 description: 'The list of ports that are exposed by this service. 1339 More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' 1340 items: 1341 description: ServicePort contains information on service's 1342 port. 1343 properties: 1344 appProtocol: 1345 description: "The application protocol for this port. 1346 This is used as a hint for implementations to offer 1347 richer behavior for protocols that they understand. 1348 This field follows standard Kubernetes label syntax. 1349 Valid values are either: \n * Un-prefixed protocol 1350 names - reserved for IANA standard service names (as 1351 per RFC-6335 and https://www.iana.org/assignments/service-names). 1352 \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' 1353 - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 1354 * 'kubernetes.io/ws' - WebSocket over cleartext as 1355 described in https://www.rfc-editor.org/rfc/rfc6455 1356 * 'kubernetes.io/wss' - WebSocket over TLS as described 1357 in https://www.rfc-editor.org/rfc/rfc6455 \n * Other 1358 protocols should use implementation-defined prefixed 1359 names such as mycompany.com/my-custom-protocol." 1360 type: string 1361 name: 1362 description: The name of this port within the service. 1363 This must be a DNS_LABEL. All ports within a ServiceSpec 1364 must have unique names. When considering the endpoints 1365 for a Service, this must match the 'name' field in 1366 the EndpointPort. Optional if only one ServicePort 1367 is defined on this service. 1368 type: string 1369 nodePort: 1370 description: 'The port on each node on which this service 1371 is exposed when type is NodePort or LoadBalancer. Usually 1372 assigned by the system. If a value is specified, in-range, 1373 and not in use it will be used, otherwise the operation 1374 will fail. If not specified, a port will be allocated 1375 if this Service requires one. If this field is specified 1376 when creating a Service which does not need it, creation 1377 will fail. This field will be wiped when updating 1378 a Service to no longer need it (e.g. changing type 1379 from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' 1380 format: int32 1381 type: integer 1382 port: 1383 description: The port that will be exposed by this service. 1384 format: int32 1385 type: integer 1386 protocol: 1387 default: TCP 1388 description: The IP protocol for this port. Supports 1389 "TCP", "UDP", and "SCTP". Default is TCP. 1390 type: string 1391 targetPort: 1392 anyOf: 1393 - type: integer 1394 - type: string 1395 description: 'Number or name of the port to access on 1396 the pods targeted by the service. Number must be in 1397 the range 1 to 65535. Name must be an IANA_SVC_NAME. 1398 If this is a string, it will be looked up as a named 1399 port in the target Pod''s container ports. If this 1400 is not specified, the value of the ''port'' field 1401 is used (an identity map). This field is ignored for 1402 services with clusterIP=None, and should be omitted 1403 or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' 1404 x-kubernetes-int-or-string: true 1405 required: 1406 - port 1407 type: object 1408 type: array 1409 x-kubernetes-list-map-keys: 1410 - port 1411 - protocol 1412 x-kubernetes-list-type: map 1413 publishNotReadyAddresses: 1414 description: publishNotReadyAddresses indicates that any agent 1415 which deals with endpoints for this Service should disregard 1416 any indications of ready/not-ready. The primary use case 1417 for setting this field is for a StatefulSet's Headless Service 1418 to propagate SRV DNS records for its Pods for the purpose 1419 of peer discovery. The Kubernetes controllers that generate 1420 Endpoints and EndpointSlice resources for Services interpret 1421 this to mean that all endpoints are considered "ready" even 1422 if the Pods themselves are not. Agents which consume only 1423 Kubernetes generated endpoints through the Endpoints or 1424 EndpointSlice resources can safely assume this behavior. 1425 type: boolean 1426 selector: 1427 additionalProperties: 1428 type: string 1429 description: 'Route service traffic to pods with label keys 1430 and values matching this selector. If empty or not present, 1431 the service is assumed to have an external process managing 1432 its endpoints, which Kubernetes will not modify. Only applies 1433 to types ClusterIP, NodePort, and LoadBalancer. Ignored 1434 if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' 1435 type: object 1436 x-kubernetes-map-type: atomic 1437 sessionAffinity: 1438 description: 'Supports "ClientIP" and "None". Used to maintain 1439 session affinity. Enable client IP based session affinity. 1440 Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' 1441 type: string 1442 sessionAffinityConfig: 1443 description: sessionAffinityConfig contains the configurations 1444 of session affinity. 1445 properties: 1446 clientIP: 1447 description: clientIP contains the configurations of Client 1448 IP based session affinity. 1449 properties: 1450 timeoutSeconds: 1451 description: timeoutSeconds specifies the seconds 1452 of ClientIP type session sticky time. The value 1453 must be >0 && <=86400(for 1 day) if ServiceAffinity 1454 == "ClientIP". Default value is 10800(for 3 hours). 1455 format: int32 1456 type: integer 1457 type: object 1458 type: object 1459 type: 1460 description: 'type determines how the Service is exposed. 1461 Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, 1462 NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal 1463 IP address for load-balancing to endpoints. Endpoints are 1464 determined by the selector or if that is not specified, 1465 by manual construction of an Endpoints object or EndpointSlice 1466 objects. If clusterIP is "None", no virtual IP is allocated 1467 and the endpoints are published as a set of endpoints rather 1468 than a virtual IP. "NodePort" builds on ClusterIP and allocates 1469 a port on every node which routes to the same endpoints 1470 as the clusterIP. "LoadBalancer" builds on NodePort and 1471 creates an external load-balancer (if supported in the current 1472 cloud) which routes to the same endpoints as the clusterIP. 1473 "ExternalName" aliases this service to the specified externalName. 1474 Several other fields do not apply to ExternalName services. 1475 More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' 1476 type: string 1477 type: object 1478 status: 1479 description: 'Most recently observed status of the service. Populated 1480 by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 1481 properties: 1482 conditions: 1483 description: Current service state 1484 items: 1485 description: "Condition contains details for one aspect 1486 of the current state of this API Resource. --- This struct 1487 is intended for direct use as an array at the field path 1488 .status.conditions. For example, \n type FooStatus struct{ 1489 // Represents the observations of a foo's current state. 1490 // Known .status.conditions.type are: \"Available\", \"Progressing\", 1491 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 1492 // +listType=map // +listMapKey=type Conditions []metav1.Condition 1493 `json:\"conditions,omitempty\" patchStrategy:\"merge\" 1494 patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` 1495 \n // other fields }" 1496 properties: 1497 lastTransitionTime: 1498 description: lastTransitionTime is the last time the 1499 condition transitioned from one status to another. 1500 This should be when the underlying condition changed. If 1501 that is not known, then using the time when the API 1502 field changed is acceptable. 1503 format: date-time 1504 type: string 1505 message: 1506 description: message is a human readable message indicating 1507 details about the transition. This may be an empty 1508 string. 1509 maxLength: 32768 1510 type: string 1511 observedGeneration: 1512 description: observedGeneration represents the .metadata.generation 1513 that the condition was set based upon. For instance, 1514 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration 1515 is 9, the condition is out of date with respect to 1516 the current state of the instance. 1517 format: int64 1518 minimum: 0 1519 type: integer 1520 reason: 1521 description: reason contains a programmatic identifier 1522 indicating the reason for the condition's last transition. 1523 Producers of specific condition types may define expected 1524 values and meanings for this field, and whether the 1525 values are considered a guaranteed API. The value 1526 should be a CamelCase string. This field may not be 1527 empty. 1528 maxLength: 1024 1529 minLength: 1 1530 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 1531 type: string 1532 status: 1533 description: status of the condition, one of True, False, 1534 Unknown. 1535 enum: 1536 - "True" 1537 - "False" 1538 - Unknown 1539 type: string 1540 type: 1541 description: type of condition in CamelCase or in foo.example.com/CamelCase. 1542 --- Many .condition.type values are consistent across 1543 resources like Available, but because arbitrary conditions 1544 can be useful (see .node.status.conditions), the ability 1545 to deconflict is important. The regex it matches is 1546 (dns1123SubdomainFmt/)?(qualifiedNameFmt) 1547 maxLength: 316 1548 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 1549 type: string 1550 required: 1551 - lastTransitionTime 1552 - message 1553 - reason 1554 - status 1555 - type 1556 type: object 1557 type: array 1558 x-kubernetes-list-map-keys: 1559 - type 1560 x-kubernetes-list-type: map 1561 loadBalancer: 1562 description: LoadBalancer contains the current status of the 1563 load-balancer, if one is present. 1564 properties: 1565 ingress: 1566 description: Ingress is a list containing ingress points 1567 for the load-balancer. Traffic intended for the service 1568 should be sent to these ingress points. 1569 items: 1570 description: 'LoadBalancerIngress represents the status 1571 of a load-balancer ingress point: traffic intended 1572 for the service should be sent to an ingress point.' 1573 properties: 1574 hostname: 1575 description: Hostname is set for load-balancer ingress 1576 points that are DNS based (typically AWS load-balancers) 1577 type: string 1578 ip: 1579 description: IP is set for load-balancer ingress 1580 points that are IP based (typically GCE or OpenStack 1581 load-balancers) 1582 type: string 1583 ports: 1584 description: Ports is a list of records of service 1585 ports If used, every port defined in the service 1586 should have an entry in it 1587 items: 1588 properties: 1589 error: 1590 description: 'Error is to record the problem 1591 with the service port The format of the 1592 error shall comply with the following rules: 1593 - built-in error values shall be specified 1594 in this file and those shall use CamelCase 1595 names - cloud provider specific error values 1596 must have names that comply with the format 1597 foo.example.com/CamelCase. --- The regex 1598 it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' 1599 maxLength: 316 1600 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 1601 type: string 1602 port: 1603 description: Port is the port number of the 1604 service port of which status is recorded 1605 here 1606 format: int32 1607 type: integer 1608 protocol: 1609 default: TCP 1610 description: 'Protocol is the protocol of 1611 the service port of which status is recorded 1612 here The supported values are: "TCP", "UDP", 1613 "SCTP"' 1614 type: string 1615 required: 1616 - port 1617 - protocol 1618 type: object 1619 type: array 1620 x-kubernetes-list-type: atomic 1621 type: object 1622 type: array 1623 type: object 1624 type: object 1625 type: object 1626 x-kubernetes-preserve-unknown-fields: true 1627 serviceName: 1628 description: 'serviceName is the name of the service that governs 1629 this StatefulSet. This service must exist before the StatefulSet, 1630 and is responsible for the network identity of the set. Pods get 1631 DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local 1632 where "pod-specific-string" is managed by the StatefulSet controller.' 1633 type: string 1634 template: 1635 description: PodTemplateSpec describes the data a pod should have 1636 when created from a template 1637 properties: 1638 metadata: 1639 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 1640 properties: 1641 annotations: 1642 additionalProperties: 1643 type: string 1644 type: object 1645 finalizers: 1646 items: 1647 type: string 1648 type: array 1649 labels: 1650 additionalProperties: 1651 type: string 1652 type: object 1653 name: 1654 type: string 1655 namespace: 1656 type: string 1657 type: object 1658 spec: 1659 description: 'Specification of the desired behavior of the pod. 1660 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 1661 properties: 1662 activeDeadlineSeconds: 1663 description: Optional duration in seconds the pod may be active 1664 on the node relative to StartTime before the system will 1665 actively try to mark it failed and kill associated containers. 1666 Value must be a positive integer. 1667 format: int64 1668 type: integer 1669 affinity: 1670 description: If specified, the pod's scheduling constraints 1671 properties: 1672 nodeAffinity: 1673 description: Describes node affinity scheduling rules 1674 for the pod. 1675 properties: 1676 preferredDuringSchedulingIgnoredDuringExecution: 1677 description: The scheduler will prefer to schedule 1678 pods to nodes that satisfy the affinity expressions 1679 specified by this field, but it may choose a node 1680 that violates one or more of the expressions. The 1681 node that is most preferred is the one with the 1682 greatest sum of weights, i.e. for each node that 1683 meets all of the scheduling requirements (resource 1684 request, requiredDuringScheduling affinity expressions, 1685 etc.), compute a sum by iterating through the elements 1686 of this field and adding "weight" to the sum if 1687 the node matches the corresponding matchExpressions; 1688 the node(s) with the highest sum are the most preferred. 1689 items: 1690 description: An empty preferred scheduling term 1691 matches all objects with implicit weight 0 (i.e. 1692 it's a no-op). A null preferred scheduling term 1693 matches no objects (i.e. is also a no-op). 1694 properties: 1695 preference: 1696 description: A node selector term, associated 1697 with the corresponding weight. 1698 properties: 1699 matchExpressions: 1700 description: A list of node selector requirements 1701 by node's labels. 1702 items: 1703 description: A node selector requirement 1704 is a selector that contains values, 1705 a key, and an operator that relates 1706 the key and values. 1707 properties: 1708 key: 1709 description: The label key that the 1710 selector applies to. 1711 type: string 1712 operator: 1713 description: Represents a key's relationship 1714 to a set of values. Valid operators 1715 are In, NotIn, Exists, DoesNotExist. 1716 Gt, and Lt. 1717 type: string 1718 values: 1719 description: An array of string values. 1720 If the operator is In or NotIn, 1721 the values array must be non-empty. 1722 If the operator is Exists or DoesNotExist, 1723 the values array must be empty. 1724 If the operator is Gt or Lt, the 1725 values array must have a single 1726 element, which will be interpreted 1727 as an integer. This array is replaced 1728 during a strategic merge patch. 1729 items: 1730 type: string 1731 type: array 1732 required: 1733 - key 1734 - operator 1735 type: object 1736 type: array 1737 matchFields: 1738 description: A list of node selector requirements 1739 by node's fields. 1740 items: 1741 description: A node selector requirement 1742 is a selector that contains values, 1743 a key, and an operator that relates 1744 the key and values. 1745 properties: 1746 key: 1747 description: The label key that the 1748 selector applies to. 1749 type: string 1750 operator: 1751 description: Represents a key's relationship 1752 to a set of values. Valid operators 1753 are In, NotIn, Exists, DoesNotExist. 1754 Gt, and Lt. 1755 type: string 1756 values: 1757 description: An array of string values. 1758 If the operator is In or NotIn, 1759 the values array must be non-empty. 1760 If the operator is Exists or DoesNotExist, 1761 the values array must be empty. 1762 If the operator is Gt or Lt, the 1763 values array must have a single 1764 element, which will be interpreted 1765 as an integer. This array is replaced 1766 during a strategic merge patch. 1767 items: 1768 type: string 1769 type: array 1770 required: 1771 - key 1772 - operator 1773 type: object 1774 type: array 1775 type: object 1776 x-kubernetes-map-type: atomic 1777 weight: 1778 description: Weight associated with matching 1779 the corresponding nodeSelectorTerm, in the 1780 range 1-100. 1781 format: int32 1782 type: integer 1783 required: 1784 - preference 1785 - weight 1786 type: object 1787 type: array 1788 requiredDuringSchedulingIgnoredDuringExecution: 1789 description: If the affinity requirements specified 1790 by this field are not met at scheduling time, the 1791 pod will not be scheduled onto the node. If the 1792 affinity requirements specified by this field cease 1793 to be met at some point during pod execution (e.g. 1794 due to an update), the system may or may not try 1795 to eventually evict the pod from its node. 1796 properties: 1797 nodeSelectorTerms: 1798 description: Required. A list of node selector 1799 terms. The terms are ORed. 1800 items: 1801 description: A null or empty node selector term 1802 matches no objects. The requirements of them 1803 are ANDed. The TopologySelectorTerm type implements 1804 a subset of the NodeSelectorTerm. 1805 properties: 1806 matchExpressions: 1807 description: A list of node selector requirements 1808 by node's labels. 1809 items: 1810 description: A node selector requirement 1811 is a selector that contains values, 1812 a key, and an operator that relates 1813 the key and values. 1814 properties: 1815 key: 1816 description: The label key that the 1817 selector applies to. 1818 type: string 1819 operator: 1820 description: Represents a key's relationship 1821 to a set of values. Valid operators 1822 are In, NotIn, Exists, DoesNotExist. 1823 Gt, and Lt. 1824 type: string 1825 values: 1826 description: An array of string values. 1827 If the operator is In or NotIn, 1828 the values array must be non-empty. 1829 If the operator is Exists or DoesNotExist, 1830 the values array must be empty. 1831 If the operator is Gt or Lt, the 1832 values array must have a single 1833 element, which will be interpreted 1834 as an integer. This array is replaced 1835 during a strategic merge patch. 1836 items: 1837 type: string 1838 type: array 1839 required: 1840 - key 1841 - operator 1842 type: object 1843 type: array 1844 matchFields: 1845 description: A list of node selector requirements 1846 by node's fields. 1847 items: 1848 description: A node selector requirement 1849 is a selector that contains values, 1850 a key, and an operator that relates 1851 the key and values. 1852 properties: 1853 key: 1854 description: The label key that the 1855 selector applies to. 1856 type: string 1857 operator: 1858 description: Represents a key's relationship 1859 to a set of values. Valid operators 1860 are In, NotIn, Exists, DoesNotExist. 1861 Gt, and Lt. 1862 type: string 1863 values: 1864 description: An array of string values. 1865 If the operator is In or NotIn, 1866 the values array must be non-empty. 1867 If the operator is Exists or DoesNotExist, 1868 the values array must be empty. 1869 If the operator is Gt or Lt, the 1870 values array must have a single 1871 element, which will be interpreted 1872 as an integer. This array is replaced 1873 during a strategic merge patch. 1874 items: 1875 type: string 1876 type: array 1877 required: 1878 - key 1879 - operator 1880 type: object 1881 type: array 1882 type: object 1883 x-kubernetes-map-type: atomic 1884 type: array 1885 required: 1886 - nodeSelectorTerms 1887 type: object 1888 x-kubernetes-map-type: atomic 1889 type: object 1890 podAffinity: 1891 description: Describes pod affinity scheduling rules (e.g. 1892 co-locate this pod in the same node, zone, etc. as some 1893 other pod(s)). 1894 properties: 1895 preferredDuringSchedulingIgnoredDuringExecution: 1896 description: The scheduler will prefer to schedule 1897 pods to nodes that satisfy the affinity expressions 1898 specified by this field, but it may choose a node 1899 that violates one or more of the expressions. The 1900 node that is most preferred is the one with the 1901 greatest sum of weights, i.e. for each node that 1902 meets all of the scheduling requirements (resource 1903 request, requiredDuringScheduling affinity expressions, 1904 etc.), compute a sum by iterating through the elements 1905 of this field and adding "weight" to the sum if 1906 the node has pods which matches the corresponding 1907 podAffinityTerm; the node(s) with the highest sum 1908 are the most preferred. 1909 items: 1910 description: The weights of all of the matched WeightedPodAffinityTerm 1911 fields are added per-node to find the most preferred 1912 node(s) 1913 properties: 1914 podAffinityTerm: 1915 description: Required. A pod affinity term, 1916 associated with the corresponding weight. 1917 properties: 1918 labelSelector: 1919 description: A label query over a set of 1920 resources, in this case pods. 1921 properties: 1922 matchExpressions: 1923 description: matchExpressions is a list 1924 of label selector requirements. The 1925 requirements are ANDed. 1926 items: 1927 description: A label selector requirement 1928 is a selector that contains values, 1929 a key, and an operator that relates 1930 the key and values. 1931 properties: 1932 key: 1933 description: key is the label 1934 key that the selector applies 1935 to. 1936 type: string 1937 operator: 1938 description: operator represents 1939 a key's relationship to a set 1940 of values. Valid operators are 1941 In, NotIn, Exists and DoesNotExist. 1942 type: string 1943 values: 1944 description: values is an array 1945 of string values. If the operator 1946 is In or NotIn, the values array 1947 must be non-empty. If the operator 1948 is Exists or DoesNotExist, the 1949 values array must be empty. 1950 This array is replaced during 1951 a strategic merge patch. 1952 items: 1953 type: string 1954 type: array 1955 required: 1956 - key 1957 - operator 1958 type: object 1959 type: array 1960 matchLabels: 1961 additionalProperties: 1962 type: string 1963 description: matchLabels is a map of 1964 {key,value} pairs. A single {key,value} 1965 in the matchLabels map is equivalent 1966 to an element of matchExpressions, 1967 whose key field is "key", the operator 1968 is "In", and the values array contains 1969 only "value". The requirements are 1970 ANDed. 1971 type: object 1972 type: object 1973 x-kubernetes-map-type: atomic 1974 namespaceSelector: 1975 description: A label query over the set 1976 of namespaces that the term applies to. 1977 The term is applied to the union of the 1978 namespaces selected by this field and 1979 the ones listed in the namespaces field. 1980 null selector and null or empty namespaces 1981 list means "this pod's namespace". An 1982 empty selector ({}) matches all namespaces. 1983 properties: 1984 matchExpressions: 1985 description: matchExpressions is a list 1986 of label selector requirements. The 1987 requirements are ANDed. 1988 items: 1989 description: A label selector requirement 1990 is a selector that contains values, 1991 a key, and an operator that relates 1992 the key and values. 1993 properties: 1994 key: 1995 description: key is the label 1996 key that the selector applies 1997 to. 1998 type: string 1999 operator: 2000 description: operator represents 2001 a key's relationship to a set 2002 of values. Valid operators are 2003 In, NotIn, Exists and DoesNotExist. 2004 type: string 2005 values: 2006 description: values is an array 2007 of string values. If the operator 2008 is In or NotIn, the values array 2009 must be non-empty. If the operator 2010 is Exists or DoesNotExist, the 2011 values array must be empty. 2012 This array is replaced during 2013 a strategic merge patch. 2014 items: 2015 type: string 2016 type: array 2017 required: 2018 - key 2019 - operator 2020 type: object 2021 type: array 2022 matchLabels: 2023 additionalProperties: 2024 type: string 2025 description: matchLabels is a map of 2026 {key,value} pairs. A single {key,value} 2027 in the matchLabels map is equivalent 2028 to an element of matchExpressions, 2029 whose key field is "key", the operator 2030 is "In", and the values array contains 2031 only "value". The requirements are 2032 ANDed. 2033 type: object 2034 type: object 2035 x-kubernetes-map-type: atomic 2036 namespaces: 2037 description: namespaces specifies a static 2038 list of namespace names that the term 2039 applies to. The term is applied to the 2040 union of the namespaces listed in this 2041 field and the ones selected by namespaceSelector. 2042 null or empty namespaces list and null 2043 namespaceSelector means "this pod's namespace". 2044 items: 2045 type: string 2046 type: array 2047 topologyKey: 2048 description: This pod should be co-located 2049 (affinity) or not co-located (anti-affinity) 2050 with the pods matching the labelSelector 2051 in the specified namespaces, where co-located 2052 is defined as running on a node whose 2053 value of the label with key topologyKey 2054 matches that of any node on which any 2055 of the selected pods is running. Empty 2056 topologyKey is not allowed. 2057 type: string 2058 required: 2059 - topologyKey 2060 type: object 2061 weight: 2062 description: weight associated with matching 2063 the corresponding podAffinityTerm, in the 2064 range 1-100. 2065 format: int32 2066 type: integer 2067 required: 2068 - podAffinityTerm 2069 - weight 2070 type: object 2071 type: array 2072 requiredDuringSchedulingIgnoredDuringExecution: 2073 description: If the affinity requirements specified 2074 by this field are not met at scheduling time, the 2075 pod will not be scheduled onto the node. If the 2076 affinity requirements specified by this field cease 2077 to be met at some point during pod execution (e.g. 2078 due to a pod label update), the system may or may 2079 not try to eventually evict the pod from its node. 2080 When there are multiple elements, the lists of nodes 2081 corresponding to each podAffinityTerm are intersected, 2082 i.e. all terms must be satisfied. 2083 items: 2084 description: Defines a set of pods (namely those 2085 matching the labelSelector relative to the given 2086 namespace(s)) that this pod should be co-located 2087 (affinity) or not co-located (anti-affinity) with, 2088 where co-located is defined as running on a node 2089 whose value of the label with key <topologyKey> 2090 matches that of any node on which a pod of the 2091 set of pods is running 2092 properties: 2093 labelSelector: 2094 description: A label query over a set of resources, 2095 in this case pods. 2096 properties: 2097 matchExpressions: 2098 description: matchExpressions is a list 2099 of label selector requirements. The requirements 2100 are ANDed. 2101 items: 2102 description: A label selector requirement 2103 is a selector that contains values, 2104 a key, and an operator that relates 2105 the key and values. 2106 properties: 2107 key: 2108 description: key is the label key 2109 that the selector applies to. 2110 type: string 2111 operator: 2112 description: operator represents a 2113 key's relationship to a set of values. 2114 Valid operators are In, NotIn, Exists 2115 and DoesNotExist. 2116 type: string 2117 values: 2118 description: values is an array of 2119 string values. If the operator is 2120 In or NotIn, the values array must 2121 be non-empty. If the operator is 2122 Exists or DoesNotExist, the values 2123 array must be empty. This array 2124 is replaced during a strategic merge 2125 patch. 2126 items: 2127 type: string 2128 type: array 2129 required: 2130 - key 2131 - operator 2132 type: object 2133 type: array 2134 matchLabels: 2135 additionalProperties: 2136 type: string 2137 description: matchLabels is a map of {key,value} 2138 pairs. A single {key,value} in the matchLabels 2139 map is equivalent to an element of matchExpressions, 2140 whose key field is "key", the operator 2141 is "In", and the values array contains 2142 only "value". The requirements are ANDed. 2143 type: object 2144 type: object 2145 x-kubernetes-map-type: atomic 2146 namespaceSelector: 2147 description: A label query over the set of namespaces 2148 that the term applies to. The term is applied 2149 to the union of the namespaces selected by 2150 this field and the ones listed in the namespaces 2151 field. null selector and null or empty namespaces 2152 list means "this pod's namespace". An empty 2153 selector ({}) matches all namespaces. 2154 properties: 2155 matchExpressions: 2156 description: matchExpressions is a list 2157 of label selector requirements. The requirements 2158 are ANDed. 2159 items: 2160 description: A label selector requirement 2161 is a selector that contains values, 2162 a key, and an operator that relates 2163 the key and values. 2164 properties: 2165 key: 2166 description: key is the label key 2167 that the selector applies to. 2168 type: string 2169 operator: 2170 description: operator represents a 2171 key's relationship to a set of values. 2172 Valid operators are In, NotIn, Exists 2173 and DoesNotExist. 2174 type: string 2175 values: 2176 description: values is an array of 2177 string values. If the operator is 2178 In or NotIn, the values array must 2179 be non-empty. If the operator is 2180 Exists or DoesNotExist, the values 2181 array must be empty. This array 2182 is replaced during a strategic merge 2183 patch. 2184 items: 2185 type: string 2186 type: array 2187 required: 2188 - key 2189 - operator 2190 type: object 2191 type: array 2192 matchLabels: 2193 additionalProperties: 2194 type: string 2195 description: matchLabels is a map of {key,value} 2196 pairs. A single {key,value} in the matchLabels 2197 map is equivalent to an element of matchExpressions, 2198 whose key field is "key", the operator 2199 is "In", and the values array contains 2200 only "value". The requirements are ANDed. 2201 type: object 2202 type: object 2203 x-kubernetes-map-type: atomic 2204 namespaces: 2205 description: namespaces specifies a static list 2206 of namespace names that the term applies to. 2207 The term is applied to the union of the namespaces 2208 listed in this field and the ones selected 2209 by namespaceSelector. null or empty namespaces 2210 list and null namespaceSelector means "this 2211 pod's namespace". 2212 items: 2213 type: string 2214 type: array 2215 topologyKey: 2216 description: This pod should be co-located (affinity) 2217 or not co-located (anti-affinity) with the 2218 pods matching the labelSelector in the specified 2219 namespaces, where co-located is defined as 2220 running on a node whose value of the label 2221 with key topologyKey matches that of any node 2222 on which any of the selected pods is running. 2223 Empty topologyKey is not allowed. 2224 type: string 2225 required: 2226 - topologyKey 2227 type: object 2228 type: array 2229 type: object 2230 podAntiAffinity: 2231 description: Describes pod anti-affinity scheduling rules 2232 (e.g. avoid putting this pod in the same node, zone, 2233 etc. as some other pod(s)). 2234 properties: 2235 preferredDuringSchedulingIgnoredDuringExecution: 2236 description: The scheduler will prefer to schedule 2237 pods to nodes that satisfy the anti-affinity expressions 2238 specified by this field, but it may choose a node 2239 that violates one or more of the expressions. The 2240 node that is most preferred is the one with the 2241 greatest sum of weights, i.e. for each node that 2242 meets all of the scheduling requirements (resource 2243 request, requiredDuringScheduling anti-affinity 2244 expressions, etc.), compute a sum by iterating through 2245 the elements of this field and adding "weight" to 2246 the sum if the node has pods which matches the corresponding 2247 podAffinityTerm; the node(s) with the highest sum 2248 are the most preferred. 2249 items: 2250 description: The weights of all of the matched WeightedPodAffinityTerm 2251 fields are added per-node to find the most preferred 2252 node(s) 2253 properties: 2254 podAffinityTerm: 2255 description: Required. A pod affinity term, 2256 associated with the corresponding weight. 2257 properties: 2258 labelSelector: 2259 description: A label query over a set of 2260 resources, in this case pods. 2261 properties: 2262 matchExpressions: 2263 description: matchExpressions is a list 2264 of label selector requirements. The 2265 requirements are ANDed. 2266 items: 2267 description: A label selector requirement 2268 is a selector that contains values, 2269 a key, and an operator that relates 2270 the key and values. 2271 properties: 2272 key: 2273 description: key is the label 2274 key that the selector applies 2275 to. 2276 type: string 2277 operator: 2278 description: operator represents 2279 a key's relationship to a set 2280 of values. Valid operators are 2281 In, NotIn, Exists and DoesNotExist. 2282 type: string 2283 values: 2284 description: values is an array 2285 of string values. If the operator 2286 is In or NotIn, the values array 2287 must be non-empty. If the operator 2288 is Exists or DoesNotExist, the 2289 values array must be empty. 2290 This array is replaced during 2291 a strategic merge patch. 2292 items: 2293 type: string 2294 type: array 2295 required: 2296 - key 2297 - operator 2298 type: object 2299 type: array 2300 matchLabels: 2301 additionalProperties: 2302 type: string 2303 description: matchLabels is a map of 2304 {key,value} pairs. A single {key,value} 2305 in the matchLabels map is equivalent 2306 to an element of matchExpressions, 2307 whose key field is "key", the operator 2308 is "In", and the values array contains 2309 only "value". The requirements are 2310 ANDed. 2311 type: object 2312 type: object 2313 x-kubernetes-map-type: atomic 2314 namespaceSelector: 2315 description: A label query over the set 2316 of namespaces that the term applies to. 2317 The term is applied to the union of the 2318 namespaces selected by this field and 2319 the ones listed in the namespaces field. 2320 null selector and null or empty namespaces 2321 list means "this pod's namespace". An 2322 empty selector ({}) matches all namespaces. 2323 properties: 2324 matchExpressions: 2325 description: matchExpressions is a list 2326 of label selector requirements. The 2327 requirements are ANDed. 2328 items: 2329 description: A label selector requirement 2330 is a selector that contains values, 2331 a key, and an operator that relates 2332 the key and values. 2333 properties: 2334 key: 2335 description: key is the label 2336 key that the selector applies 2337 to. 2338 type: string 2339 operator: 2340 description: operator represents 2341 a key's relationship to a set 2342 of values. Valid operators are 2343 In, NotIn, Exists and DoesNotExist. 2344 type: string 2345 values: 2346 description: values is an array 2347 of string values. If the operator 2348 is In or NotIn, the values array 2349 must be non-empty. If the operator 2350 is Exists or DoesNotExist, the 2351 values array must be empty. 2352 This array is replaced during 2353 a strategic merge patch. 2354 items: 2355 type: string 2356 type: array 2357 required: 2358 - key 2359 - operator 2360 type: object 2361 type: array 2362 matchLabels: 2363 additionalProperties: 2364 type: string 2365 description: matchLabels is a map of 2366 {key,value} pairs. A single {key,value} 2367 in the matchLabels map is equivalent 2368 to an element of matchExpressions, 2369 whose key field is "key", the operator 2370 is "In", and the values array contains 2371 only "value". The requirements are 2372 ANDed. 2373 type: object 2374 type: object 2375 x-kubernetes-map-type: atomic 2376 namespaces: 2377 description: namespaces specifies a static 2378 list of namespace names that the term 2379 applies to. The term is applied to the 2380 union of the namespaces listed in this 2381 field and the ones selected by namespaceSelector. 2382 null or empty namespaces list and null 2383 namespaceSelector means "this pod's namespace". 2384 items: 2385 type: string 2386 type: array 2387 topologyKey: 2388 description: This pod should be co-located 2389 (affinity) or not co-located (anti-affinity) 2390 with the pods matching the labelSelector 2391 in the specified namespaces, where co-located 2392 is defined as running on a node whose 2393 value of the label with key topologyKey 2394 matches that of any node on which any 2395 of the selected pods is running. Empty 2396 topologyKey is not allowed. 2397 type: string 2398 required: 2399 - topologyKey 2400 type: object 2401 weight: 2402 description: weight associated with matching 2403 the corresponding podAffinityTerm, in the 2404 range 1-100. 2405 format: int32 2406 type: integer 2407 required: 2408 - podAffinityTerm 2409 - weight 2410 type: object 2411 type: array 2412 requiredDuringSchedulingIgnoredDuringExecution: 2413 description: If the anti-affinity requirements specified 2414 by this field are not met at scheduling time, the 2415 pod will not be scheduled onto the node. If the 2416 anti-affinity requirements specified by this field 2417 cease to be met at some point during pod execution 2418 (e.g. due to a pod label update), the system may 2419 or may not try to eventually evict the pod from 2420 its node. When there are multiple elements, the 2421 lists of nodes corresponding to each podAffinityTerm 2422 are intersected, i.e. all terms must be satisfied. 2423 items: 2424 description: Defines a set of pods (namely those 2425 matching the labelSelector relative to the given 2426 namespace(s)) that this pod should be co-located 2427 (affinity) or not co-located (anti-affinity) with, 2428 where co-located is defined as running on a node 2429 whose value of the label with key <topologyKey> 2430 matches that of any node on which a pod of the 2431 set of pods is running 2432 properties: 2433 labelSelector: 2434 description: A label query over a set of resources, 2435 in this case pods. 2436 properties: 2437 matchExpressions: 2438 description: matchExpressions is a list 2439 of label selector requirements. The requirements 2440 are ANDed. 2441 items: 2442 description: A label selector requirement 2443 is a selector that contains values, 2444 a key, and an operator that relates 2445 the key and values. 2446 properties: 2447 key: 2448 description: key is the label key 2449 that the selector applies to. 2450 type: string 2451 operator: 2452 description: operator represents a 2453 key's relationship to a set of values. 2454 Valid operators are In, NotIn, Exists 2455 and DoesNotExist. 2456 type: string 2457 values: 2458 description: values is an array of 2459 string values. If the operator is 2460 In or NotIn, the values array must 2461 be non-empty. If the operator is 2462 Exists or DoesNotExist, the values 2463 array must be empty. This array 2464 is replaced during a strategic merge 2465 patch. 2466 items: 2467 type: string 2468 type: array 2469 required: 2470 - key 2471 - operator 2472 type: object 2473 type: array 2474 matchLabels: 2475 additionalProperties: 2476 type: string 2477 description: matchLabels is a map of {key,value} 2478 pairs. A single {key,value} in the matchLabels 2479 map is equivalent to an element of matchExpressions, 2480 whose key field is "key", the operator 2481 is "In", and the values array contains 2482 only "value". The requirements are ANDed. 2483 type: object 2484 type: object 2485 x-kubernetes-map-type: atomic 2486 namespaceSelector: 2487 description: A label query over the set of namespaces 2488 that the term applies to. The term is applied 2489 to the union of the namespaces selected by 2490 this field and the ones listed in the namespaces 2491 field. null selector and null or empty namespaces 2492 list means "this pod's namespace". An empty 2493 selector ({}) matches all namespaces. 2494 properties: 2495 matchExpressions: 2496 description: matchExpressions is a list 2497 of label selector requirements. The requirements 2498 are ANDed. 2499 items: 2500 description: A label selector requirement 2501 is a selector that contains values, 2502 a key, and an operator that relates 2503 the key and values. 2504 properties: 2505 key: 2506 description: key is the label key 2507 that the selector applies to. 2508 type: string 2509 operator: 2510 description: operator represents a 2511 key's relationship to a set of values. 2512 Valid operators are In, NotIn, Exists 2513 and DoesNotExist. 2514 type: string 2515 values: 2516 description: values is an array of 2517 string values. If the operator is 2518 In or NotIn, the values array must 2519 be non-empty. If the operator is 2520 Exists or DoesNotExist, the values 2521 array must be empty. This array 2522 is replaced during a strategic merge 2523 patch. 2524 items: 2525 type: string 2526 type: array 2527 required: 2528 - key 2529 - operator 2530 type: object 2531 type: array 2532 matchLabels: 2533 additionalProperties: 2534 type: string 2535 description: matchLabels is a map of {key,value} 2536 pairs. A single {key,value} in the matchLabels 2537 map is equivalent to an element of matchExpressions, 2538 whose key field is "key", the operator 2539 is "In", and the values array contains 2540 only "value". The requirements are ANDed. 2541 type: object 2542 type: object 2543 x-kubernetes-map-type: atomic 2544 namespaces: 2545 description: namespaces specifies a static list 2546 of namespace names that the term applies to. 2547 The term is applied to the union of the namespaces 2548 listed in this field and the ones selected 2549 by namespaceSelector. null or empty namespaces 2550 list and null namespaceSelector means "this 2551 pod's namespace". 2552 items: 2553 type: string 2554 type: array 2555 topologyKey: 2556 description: This pod should be co-located (affinity) 2557 or not co-located (anti-affinity) with the 2558 pods matching the labelSelector in the specified 2559 namespaces, where co-located is defined as 2560 running on a node whose value of the label 2561 with key topologyKey matches that of any node 2562 on which any of the selected pods is running. 2563 Empty topologyKey is not allowed. 2564 type: string 2565 required: 2566 - topologyKey 2567 type: object 2568 type: array 2569 type: object 2570 type: object 2571 automountServiceAccountToken: 2572 description: AutomountServiceAccountToken indicates whether 2573 a service account token should be automatically mounted. 2574 type: boolean 2575 containers: 2576 description: List of containers belonging to the pod. Containers 2577 cannot currently be added or removed. There must be at least 2578 one container in a Pod. Cannot be updated. 2579 items: 2580 description: A single application container that you want 2581 to run within a pod. 2582 properties: 2583 args: 2584 description: 'Arguments to the entrypoint. The container 2585 image''s CMD is used if this is not provided. Variable 2586 references $(VAR_NAME) are expanded using the container''s 2587 environment. If a variable cannot be resolved, the 2588 reference in the input string will be unchanged. Double 2589 $$ are reduced to a single $, which allows for escaping 2590 the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce 2591 the string literal "$(VAR_NAME)". Escaped references 2592 will never be expanded, regardless of whether the 2593 variable exists or not. Cannot be updated. More info: 2594 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2595 items: 2596 type: string 2597 type: array 2598 command: 2599 description: 'Entrypoint array. Not executed within 2600 a shell. The container image''s ENTRYPOINT is used 2601 if this is not provided. Variable references $(VAR_NAME) 2602 are expanded using the container''s environment. If 2603 a variable cannot be resolved, the reference in the 2604 input string will be unchanged. Double $$ are reduced 2605 to a single $, which allows for escaping the $(VAR_NAME) 2606 syntax: i.e. "$$(VAR_NAME)" will produce the string 2607 literal "$(VAR_NAME)". Escaped references will never 2608 be expanded, regardless of whether the variable exists 2609 or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2610 items: 2611 type: string 2612 type: array 2613 env: 2614 description: List of environment variables to set in 2615 the container. Cannot be updated. 2616 items: 2617 description: EnvVar represents an environment variable 2618 present in a Container. 2619 properties: 2620 name: 2621 description: Name of the environment variable. 2622 Must be a C_IDENTIFIER. 2623 type: string 2624 value: 2625 description: 'Variable references $(VAR_NAME) 2626 are expanded using the previously defined environment 2627 variables in the container and any service environment 2628 variables. If a variable cannot be resolved, 2629 the reference in the input string will be unchanged. 2630 Double $$ are reduced to a single $, which allows 2631 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 2632 will produce the string literal "$(VAR_NAME)". 2633 Escaped references will never be expanded, regardless 2634 of whether the variable exists or not. Defaults 2635 to "".' 2636 type: string 2637 valueFrom: 2638 description: Source for the environment variable's 2639 value. Cannot be used if value is not empty. 2640 properties: 2641 configMapKeyRef: 2642 description: Selects a key of a ConfigMap. 2643 properties: 2644 key: 2645 description: The key to select. 2646 type: string 2647 name: 2648 description: 'Name of the referent. More 2649 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2650 TODO: Add other useful fields. apiVersion, 2651 kind, uid?' 2652 type: string 2653 optional: 2654 description: Specify whether the ConfigMap 2655 or its key must be defined 2656 type: boolean 2657 required: 2658 - key 2659 type: object 2660 x-kubernetes-map-type: atomic 2661 fieldRef: 2662 description: 'Selects a field of the pod: 2663 supports metadata.name, metadata.namespace, 2664 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 2665 spec.nodeName, spec.serviceAccountName, 2666 status.hostIP, status.podIP, status.podIPs.' 2667 properties: 2668 apiVersion: 2669 description: Version of the schema the 2670 FieldPath is written in terms of, defaults 2671 to "v1". 2672 type: string 2673 fieldPath: 2674 description: Path of the field to select 2675 in the specified API version. 2676 type: string 2677 required: 2678 - fieldPath 2679 type: object 2680 x-kubernetes-map-type: atomic 2681 resourceFieldRef: 2682 description: 'Selects a resource of the container: 2683 only resources limits and requests (limits.cpu, 2684 limits.memory, limits.ephemeral-storage, 2685 requests.cpu, requests.memory and requests.ephemeral-storage) 2686 are currently supported.' 2687 properties: 2688 containerName: 2689 description: 'Container name: required 2690 for volumes, optional for env vars' 2691 type: string 2692 divisor: 2693 anyOf: 2694 - type: integer 2695 - type: string 2696 description: Specifies the output format 2697 of the exposed resources, defaults to 2698 "1" 2699 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2700 x-kubernetes-int-or-string: true 2701 resource: 2702 description: 'Required: resource to select' 2703 type: string 2704 required: 2705 - resource 2706 type: object 2707 x-kubernetes-map-type: atomic 2708 secretKeyRef: 2709 description: Selects a key of a secret in 2710 the pod's namespace 2711 properties: 2712 key: 2713 description: The key of the secret to 2714 select from. Must be a valid secret 2715 key. 2716 type: string 2717 name: 2718 description: 'Name of the referent. More 2719 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2720 TODO: Add other useful fields. apiVersion, 2721 kind, uid?' 2722 type: string 2723 optional: 2724 description: Specify whether the Secret 2725 or its key must be defined 2726 type: boolean 2727 required: 2728 - key 2729 type: object 2730 x-kubernetes-map-type: atomic 2731 type: object 2732 required: 2733 - name 2734 type: object 2735 type: array 2736 envFrom: 2737 description: List of sources to populate environment 2738 variables in the container. The keys defined within 2739 a source must be a C_IDENTIFIER. All invalid keys 2740 will be reported as an event when the container is 2741 starting. When a key exists in multiple sources, the 2742 value associated with the last source will take precedence. 2743 Values defined by an Env with a duplicate key will 2744 take precedence. Cannot be updated. 2745 items: 2746 description: EnvFromSource represents the source of 2747 a set of ConfigMaps 2748 properties: 2749 configMapRef: 2750 description: The ConfigMap to select from 2751 properties: 2752 name: 2753 description: 'Name of the referent. More info: 2754 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2755 TODO: Add other useful fields. apiVersion, 2756 kind, uid?' 2757 type: string 2758 optional: 2759 description: Specify whether the ConfigMap 2760 must be defined 2761 type: boolean 2762 type: object 2763 x-kubernetes-map-type: atomic 2764 prefix: 2765 description: An optional identifier to prepend 2766 to each key in the ConfigMap. Must be a C_IDENTIFIER. 2767 type: string 2768 secretRef: 2769 description: The Secret to select from 2770 properties: 2771 name: 2772 description: 'Name of the referent. More info: 2773 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2774 TODO: Add other useful fields. apiVersion, 2775 kind, uid?' 2776 type: string 2777 optional: 2778 description: Specify whether the Secret must 2779 be defined 2780 type: boolean 2781 type: object 2782 x-kubernetes-map-type: atomic 2783 type: object 2784 type: array 2785 image: 2786 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 2787 This field is optional to allow higher level config 2788 management to default or override container images 2789 in workload controllers like Deployments and StatefulSets.' 2790 type: string 2791 imagePullPolicy: 2792 description: 'Image pull policy. One of Always, Never, 2793 IfNotPresent. Defaults to Always if :latest tag is 2794 specified, or IfNotPresent otherwise. Cannot be updated. 2795 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2796 type: string 2797 lifecycle: 2798 description: Actions that the management system should 2799 take in response to container lifecycle events. Cannot 2800 be updated. 2801 properties: 2802 postStart: 2803 description: 'PostStart is called immediately after 2804 a container is created. If the handler fails, 2805 the container is terminated and restarted according 2806 to its restart policy. Other management of the 2807 container blocks until the hook completes. More 2808 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2809 properties: 2810 exec: 2811 description: Exec specifies the action to take. 2812 properties: 2813 command: 2814 description: Command is the command line 2815 to execute inside the container, the working 2816 directory for the command is root ('/') 2817 in the container's filesystem. The command 2818 is simply exec'd, it is not run inside 2819 a shell, so traditional shell instructions 2820 ('|', etc) won't work. To use a shell, 2821 you need to explicitly call out to that 2822 shell. Exit status of 0 is treated as 2823 live/healthy and non-zero is unhealthy. 2824 items: 2825 type: string 2826 type: array 2827 type: object 2828 httpGet: 2829 description: HTTPGet specifies the http request 2830 to perform. 2831 properties: 2832 host: 2833 description: Host name to connect to, defaults 2834 to the pod IP. You probably want to set 2835 "Host" in httpHeaders instead. 2836 type: string 2837 httpHeaders: 2838 description: Custom headers to set in the 2839 request. HTTP allows repeated headers. 2840 items: 2841 description: HTTPHeader describes a custom 2842 header to be used in HTTP probes 2843 properties: 2844 name: 2845 description: The header field name. 2846 This will be canonicalized upon 2847 output, so case-variant names will 2848 be understood as the same header. 2849 type: string 2850 value: 2851 description: The header field value 2852 type: string 2853 required: 2854 - name 2855 - value 2856 type: object 2857 type: array 2858 path: 2859 description: Path to access on the HTTP 2860 server. 2861 type: string 2862 port: 2863 anyOf: 2864 - type: integer 2865 - type: string 2866 description: Name or number of the port 2867 to access on the container. Number must 2868 be in the range 1 to 65535. Name must 2869 be an IANA_SVC_NAME. 2870 x-kubernetes-int-or-string: true 2871 scheme: 2872 description: Scheme to use for connecting 2873 to the host. Defaults to HTTP. 2874 type: string 2875 required: 2876 - port 2877 type: object 2878 tcpSocket: 2879 description: Deprecated. TCPSocket is NOT supported 2880 as a LifecycleHandler and kept for the backward 2881 compatibility. There are no validation of 2882 this field and lifecycle hooks will fail in 2883 runtime when tcp handler is specified. 2884 properties: 2885 host: 2886 description: 'Optional: Host name to connect 2887 to, defaults to the pod IP.' 2888 type: string 2889 port: 2890 anyOf: 2891 - type: integer 2892 - type: string 2893 description: Number or name of the port 2894 to access on the container. Number must 2895 be in the range 1 to 65535. Name must 2896 be an IANA_SVC_NAME. 2897 x-kubernetes-int-or-string: true 2898 required: 2899 - port 2900 type: object 2901 type: object 2902 preStop: 2903 description: 'PreStop is called immediately before 2904 a container is terminated due to an API request 2905 or management event such as liveness/startup probe 2906 failure, preemption, resource contention, etc. 2907 The handler is not called if the container crashes 2908 or exits. The Pod''s termination grace period 2909 countdown begins before the PreStop hook is executed. 2910 Regardless of the outcome of the handler, the 2911 container will eventually terminate within the 2912 Pod''s termination grace period (unless delayed 2913 by finalizers). Other management of the container 2914 blocks until the hook completes or until the termination 2915 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2916 properties: 2917 exec: 2918 description: Exec specifies the action to take. 2919 properties: 2920 command: 2921 description: Command is the command line 2922 to execute inside the container, the working 2923 directory for the command is root ('/') 2924 in the container's filesystem. The command 2925 is simply exec'd, it is not run inside 2926 a shell, so traditional shell instructions 2927 ('|', etc) won't work. To use a shell, 2928 you need to explicitly call out to that 2929 shell. Exit status of 0 is treated as 2930 live/healthy and non-zero is unhealthy. 2931 items: 2932 type: string 2933 type: array 2934 type: object 2935 httpGet: 2936 description: HTTPGet specifies the http request 2937 to perform. 2938 properties: 2939 host: 2940 description: Host name to connect to, defaults 2941 to the pod IP. You probably want to set 2942 "Host" in httpHeaders instead. 2943 type: string 2944 httpHeaders: 2945 description: Custom headers to set in the 2946 request. HTTP allows repeated headers. 2947 items: 2948 description: HTTPHeader describes a custom 2949 header to be used in HTTP probes 2950 properties: 2951 name: 2952 description: The header field name. 2953 This will be canonicalized upon 2954 output, so case-variant names will 2955 be understood as the same header. 2956 type: string 2957 value: 2958 description: The header field value 2959 type: string 2960 required: 2961 - name 2962 - value 2963 type: object 2964 type: array 2965 path: 2966 description: Path to access on the HTTP 2967 server. 2968 type: string 2969 port: 2970 anyOf: 2971 - type: integer 2972 - type: string 2973 description: Name or number of the port 2974 to access on the container. Number must 2975 be in the range 1 to 65535. Name must 2976 be an IANA_SVC_NAME. 2977 x-kubernetes-int-or-string: true 2978 scheme: 2979 description: Scheme to use for connecting 2980 to the host. Defaults to HTTP. 2981 type: string 2982 required: 2983 - port 2984 type: object 2985 tcpSocket: 2986 description: Deprecated. TCPSocket is NOT supported 2987 as a LifecycleHandler and kept for the backward 2988 compatibility. There are no validation of 2989 this field and lifecycle hooks will fail in 2990 runtime when tcp handler is specified. 2991 properties: 2992 host: 2993 description: 'Optional: Host name to connect 2994 to, defaults to the pod IP.' 2995 type: string 2996 port: 2997 anyOf: 2998 - type: integer 2999 - type: string 3000 description: Number or name of the port 3001 to access on the container. Number must 3002 be in the range 1 to 65535. Name must 3003 be an IANA_SVC_NAME. 3004 x-kubernetes-int-or-string: true 3005 required: 3006 - port 3007 type: object 3008 type: object 3009 type: object 3010 livenessProbe: 3011 description: 'Periodic probe of container liveness. 3012 Container will be restarted if the probe fails. Cannot 3013 be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3014 properties: 3015 exec: 3016 description: Exec specifies the action to take. 3017 properties: 3018 command: 3019 description: Command is the command line to 3020 execute inside the container, the working 3021 directory for the command is root ('/') in 3022 the container's filesystem. The command is 3023 simply exec'd, it is not run inside a shell, 3024 so traditional shell instructions ('|', etc) 3025 won't work. To use a shell, you need to explicitly 3026 call out to that shell. Exit status of 0 is 3027 treated as live/healthy and non-zero is unhealthy. 3028 items: 3029 type: string 3030 type: array 3031 type: object 3032 failureThreshold: 3033 description: Minimum consecutive failures for the 3034 probe to be considered failed after having succeeded. 3035 Defaults to 3. Minimum value is 1. 3036 format: int32 3037 type: integer 3038 grpc: 3039 description: GRPC specifies an action involving 3040 a GRPC port. 3041 properties: 3042 port: 3043 description: Port number of the gRPC service. 3044 Number must be in the range 1 to 65535. 3045 format: int32 3046 type: integer 3047 service: 3048 description: "Service is the name of the service 3049 to place in the gRPC HealthCheckRequest (see 3050 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3051 \n If this is not specified, the default behavior 3052 is defined by gRPC." 3053 type: string 3054 required: 3055 - port 3056 type: object 3057 httpGet: 3058 description: HTTPGet specifies the http request 3059 to perform. 3060 properties: 3061 host: 3062 description: Host name to connect to, defaults 3063 to the pod IP. You probably want to set "Host" 3064 in httpHeaders instead. 3065 type: string 3066 httpHeaders: 3067 description: Custom headers to set in the request. 3068 HTTP allows repeated headers. 3069 items: 3070 description: HTTPHeader describes a custom 3071 header to be used in HTTP probes 3072 properties: 3073 name: 3074 description: The header field name. This 3075 will be canonicalized upon output, so 3076 case-variant names will be understood 3077 as the same header. 3078 type: string 3079 value: 3080 description: The header field value 3081 type: string 3082 required: 3083 - name 3084 - value 3085 type: object 3086 type: array 3087 path: 3088 description: Path to access on the HTTP server. 3089 type: string 3090 port: 3091 anyOf: 3092 - type: integer 3093 - type: string 3094 description: Name or number of the port to access 3095 on the container. Number must be in the range 3096 1 to 65535. Name must be an IANA_SVC_NAME. 3097 x-kubernetes-int-or-string: true 3098 scheme: 3099 description: Scheme to use for connecting to 3100 the host. Defaults to HTTP. 3101 type: string 3102 required: 3103 - port 3104 type: object 3105 initialDelaySeconds: 3106 description: 'Number of seconds after the container 3107 has started before liveness probes are initiated. 3108 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3109 format: int32 3110 type: integer 3111 periodSeconds: 3112 description: How often (in seconds) to perform the 3113 probe. Default to 10 seconds. Minimum value is 3114 1. 3115 format: int32 3116 type: integer 3117 successThreshold: 3118 description: Minimum consecutive successes for the 3119 probe to be considered successful after having 3120 failed. Defaults to 1. Must be 1 for liveness 3121 and startup. Minimum value is 1. 3122 format: int32 3123 type: integer 3124 tcpSocket: 3125 description: TCPSocket specifies an action involving 3126 a TCP port. 3127 properties: 3128 host: 3129 description: 'Optional: Host name to connect 3130 to, defaults to the pod IP.' 3131 type: string 3132 port: 3133 anyOf: 3134 - type: integer 3135 - type: string 3136 description: Number or name of the port to access 3137 on the container. Number must be in the range 3138 1 to 65535. Name must be an IANA_SVC_NAME. 3139 x-kubernetes-int-or-string: true 3140 required: 3141 - port 3142 type: object 3143 terminationGracePeriodSeconds: 3144 description: Optional duration in seconds the pod 3145 needs to terminate gracefully upon probe failure. 3146 The grace period is the duration in seconds after 3147 the processes running in the pod are sent a termination 3148 signal and the time when the processes are forcibly 3149 halted with a kill signal. Set this value longer 3150 than the expected cleanup time for your process. 3151 If this value is nil, the pod's terminationGracePeriodSeconds 3152 will be used. Otherwise, this value overrides 3153 the value provided by the pod spec. Value must 3154 be non-negative integer. The value zero indicates 3155 stop immediately via the kill signal (no opportunity 3156 to shut down). This is a beta field and requires 3157 enabling ProbeTerminationGracePeriod feature gate. 3158 Minimum value is 1. spec.terminationGracePeriodSeconds 3159 is used if unset. 3160 format: int64 3161 type: integer 3162 timeoutSeconds: 3163 description: 'Number of seconds after which the 3164 probe times out. Defaults to 1 second. Minimum 3165 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3166 format: int32 3167 type: integer 3168 type: object 3169 name: 3170 description: Name of the container specified as a DNS_LABEL. 3171 Each container in a pod must have a unique name (DNS_LABEL). 3172 Cannot be updated. 3173 type: string 3174 ports: 3175 description: List of ports to expose from the container. 3176 Not specifying a port here DOES NOT prevent that port 3177 from being exposed. Any port which is listening on 3178 the default "0.0.0.0" address inside a container will 3179 be accessible from the network. Modifying this array 3180 with strategic merge patch may corrupt the data. For 3181 more information See https://github.com/kubernetes/kubernetes/issues/108255. 3182 Cannot be updated. 3183 items: 3184 description: ContainerPort represents a network port 3185 in a single container. 3186 properties: 3187 containerPort: 3188 description: Number of port to expose on the pod's 3189 IP address. This must be a valid port number, 3190 0 < x < 65536. 3191 format: int32 3192 type: integer 3193 hostIP: 3194 description: What host IP to bind the external 3195 port to. 3196 type: string 3197 hostPort: 3198 description: Number of port to expose on the host. 3199 If specified, this must be a valid port number, 3200 0 < x < 65536. If HostNetwork is specified, 3201 this must match ContainerPort. Most containers 3202 do not need this. 3203 format: int32 3204 type: integer 3205 name: 3206 description: If specified, this must be an IANA_SVC_NAME 3207 and unique within the pod. Each named port in 3208 a pod must have a unique name. Name for the 3209 port that can be referred to by services. 3210 type: string 3211 protocol: 3212 default: TCP 3213 description: Protocol for port. Must be UDP, TCP, 3214 or SCTP. Defaults to "TCP". 3215 type: string 3216 required: 3217 - containerPort 3218 type: object 3219 type: array 3220 x-kubernetes-list-map-keys: 3221 - containerPort 3222 - protocol 3223 x-kubernetes-list-type: map 3224 readinessProbe: 3225 description: 'Periodic probe of container service readiness. 3226 Container will be removed from service endpoints if 3227 the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3228 properties: 3229 exec: 3230 description: Exec specifies the action to take. 3231 properties: 3232 command: 3233 description: Command is the command line to 3234 execute inside the container, the working 3235 directory for the command is root ('/') in 3236 the container's filesystem. The command is 3237 simply exec'd, it is not run inside a shell, 3238 so traditional shell instructions ('|', etc) 3239 won't work. To use a shell, you need to explicitly 3240 call out to that shell. Exit status of 0 is 3241 treated as live/healthy and non-zero is unhealthy. 3242 items: 3243 type: string 3244 type: array 3245 type: object 3246 failureThreshold: 3247 description: Minimum consecutive failures for the 3248 probe to be considered failed after having succeeded. 3249 Defaults to 3. Minimum value is 1. 3250 format: int32 3251 type: integer 3252 grpc: 3253 description: GRPC specifies an action involving 3254 a GRPC port. 3255 properties: 3256 port: 3257 description: Port number of the gRPC service. 3258 Number must be in the range 1 to 65535. 3259 format: int32 3260 type: integer 3261 service: 3262 description: "Service is the name of the service 3263 to place in the gRPC HealthCheckRequest (see 3264 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3265 \n If this is not specified, the default behavior 3266 is defined by gRPC." 3267 type: string 3268 required: 3269 - port 3270 type: object 3271 httpGet: 3272 description: HTTPGet specifies the http request 3273 to perform. 3274 properties: 3275 host: 3276 description: Host name to connect to, defaults 3277 to the pod IP. You probably want to set "Host" 3278 in httpHeaders instead. 3279 type: string 3280 httpHeaders: 3281 description: Custom headers to set in the request. 3282 HTTP allows repeated headers. 3283 items: 3284 description: HTTPHeader describes a custom 3285 header to be used in HTTP probes 3286 properties: 3287 name: 3288 description: The header field name. This 3289 will be canonicalized upon output, so 3290 case-variant names will be understood 3291 as the same header. 3292 type: string 3293 value: 3294 description: The header field value 3295 type: string 3296 required: 3297 - name 3298 - value 3299 type: object 3300 type: array 3301 path: 3302 description: Path to access on the HTTP server. 3303 type: string 3304 port: 3305 anyOf: 3306 - type: integer 3307 - type: string 3308 description: Name or number of the port to access 3309 on the container. Number must be in the range 3310 1 to 65535. Name must be an IANA_SVC_NAME. 3311 x-kubernetes-int-or-string: true 3312 scheme: 3313 description: Scheme to use for connecting to 3314 the host. Defaults to HTTP. 3315 type: string 3316 required: 3317 - port 3318 type: object 3319 initialDelaySeconds: 3320 description: 'Number of seconds after the container 3321 has started before liveness probes are initiated. 3322 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3323 format: int32 3324 type: integer 3325 periodSeconds: 3326 description: How often (in seconds) to perform the 3327 probe. Default to 10 seconds. Minimum value is 3328 1. 3329 format: int32 3330 type: integer 3331 successThreshold: 3332 description: Minimum consecutive successes for the 3333 probe to be considered successful after having 3334 failed. Defaults to 1. Must be 1 for liveness 3335 and startup. Minimum value is 1. 3336 format: int32 3337 type: integer 3338 tcpSocket: 3339 description: TCPSocket specifies an action involving 3340 a TCP port. 3341 properties: 3342 host: 3343 description: 'Optional: Host name to connect 3344 to, defaults to the pod IP.' 3345 type: string 3346 port: 3347 anyOf: 3348 - type: integer 3349 - type: string 3350 description: Number or name of the port to access 3351 on the container. Number must be in the range 3352 1 to 65535. Name must be an IANA_SVC_NAME. 3353 x-kubernetes-int-or-string: true 3354 required: 3355 - port 3356 type: object 3357 terminationGracePeriodSeconds: 3358 description: Optional duration in seconds the pod 3359 needs to terminate gracefully upon probe failure. 3360 The grace period is the duration in seconds after 3361 the processes running in the pod are sent a termination 3362 signal and the time when the processes are forcibly 3363 halted with a kill signal. Set this value longer 3364 than the expected cleanup time for your process. 3365 If this value is nil, the pod's terminationGracePeriodSeconds 3366 will be used. Otherwise, this value overrides 3367 the value provided by the pod spec. Value must 3368 be non-negative integer. The value zero indicates 3369 stop immediately via the kill signal (no opportunity 3370 to shut down). This is a beta field and requires 3371 enabling ProbeTerminationGracePeriod feature gate. 3372 Minimum value is 1. spec.terminationGracePeriodSeconds 3373 is used if unset. 3374 format: int64 3375 type: integer 3376 timeoutSeconds: 3377 description: 'Number of seconds after which the 3378 probe times out. Defaults to 1 second. Minimum 3379 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3380 format: int32 3381 type: integer 3382 type: object 3383 resizePolicy: 3384 description: Resources resize policy for the container. 3385 items: 3386 description: ContainerResizePolicy represents resource 3387 resize policy for the container. 3388 properties: 3389 resourceName: 3390 description: 'Name of the resource to which this 3391 resource resize policy applies. Supported values: 3392 cpu, memory.' 3393 type: string 3394 restartPolicy: 3395 description: Restart policy to apply when specified 3396 resource is resized. If not specified, it defaults 3397 to NotRequired. 3398 type: string 3399 required: 3400 - resourceName 3401 - restartPolicy 3402 type: object 3403 type: array 3404 x-kubernetes-list-type: atomic 3405 resources: 3406 description: 'Compute Resources required by this container. 3407 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3408 properties: 3409 claims: 3410 description: "Claims lists the names of resources, 3411 defined in spec.resourceClaims, that are used 3412 by this container. \n This is an alpha field and 3413 requires enabling the DynamicResourceAllocation 3414 feature gate. \n This field is immutable. It can 3415 only be set for containers." 3416 items: 3417 description: ResourceClaim references one entry 3418 in PodSpec.ResourceClaims. 3419 properties: 3420 name: 3421 description: Name must match the name of one 3422 entry in pod.spec.resourceClaims of the 3423 Pod where this field is used. It makes that 3424 resource available inside a container. 3425 type: string 3426 required: 3427 - name 3428 type: object 3429 type: array 3430 x-kubernetes-list-map-keys: 3431 - name 3432 x-kubernetes-list-type: map 3433 limits: 3434 additionalProperties: 3435 anyOf: 3436 - type: integer 3437 - type: string 3438 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3439 x-kubernetes-int-or-string: true 3440 description: 'Limits describes the maximum amount 3441 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3442 type: object 3443 requests: 3444 additionalProperties: 3445 anyOf: 3446 - type: integer 3447 - type: string 3448 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3449 x-kubernetes-int-or-string: true 3450 description: 'Requests describes the minimum amount 3451 of compute resources required. If Requests is 3452 omitted for a container, it defaults to Limits 3453 if that is explicitly specified, otherwise to 3454 an implementation-defined value. Requests cannot 3455 exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3456 type: object 3457 type: object 3458 restartPolicy: 3459 description: 'RestartPolicy defines the restart behavior 3460 of individual containers in a pod. This field may 3461 only be set for init containers, and the only allowed 3462 value is "Always". For non-init containers or when 3463 this field is not specified, the restart behavior 3464 is defined by the Pod''s restart policy and the container 3465 type. Setting the RestartPolicy as "Always" for the 3466 init container will have the following effect: this 3467 init container will be continually restarted on exit 3468 until all regular containers have terminated. Once 3469 all regular containers have completed, all init containers 3470 with restartPolicy "Always" will be shut down. This 3471 lifecycle differs from normal init containers and 3472 is often referred to as a "sidecar" container. Although 3473 this init container still starts in the init container 3474 sequence, it does not wait for the container to complete 3475 before proceeding to the next init container. Instead, 3476 the next init container starts immediately after this 3477 init container is started, or after any startupProbe 3478 has successfully completed.' 3479 type: string 3480 securityContext: 3481 description: 'SecurityContext defines the security options 3482 the container should be run with. If set, the fields 3483 of SecurityContext override the equivalent fields 3484 of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 3485 properties: 3486 allowPrivilegeEscalation: 3487 description: 'AllowPrivilegeEscalation controls 3488 whether a process can gain more privileges than 3489 its parent process. This bool directly controls 3490 if the no_new_privs flag will be set on the container 3491 process. AllowPrivilegeEscalation is true always 3492 when the container is: 1) run as Privileged 2) 3493 has CAP_SYS_ADMIN Note that this field cannot 3494 be set when spec.os.name is windows.' 3495 type: boolean 3496 capabilities: 3497 description: The capabilities to add/drop when running 3498 containers. Defaults to the default set of capabilities 3499 granted by the container runtime. Note that this 3500 field cannot be set when spec.os.name is windows. 3501 properties: 3502 add: 3503 description: Added capabilities 3504 items: 3505 description: Capability represent POSIX capabilities 3506 type 3507 type: string 3508 type: array 3509 drop: 3510 description: Removed capabilities 3511 items: 3512 description: Capability represent POSIX capabilities 3513 type 3514 type: string 3515 type: array 3516 type: object 3517 privileged: 3518 description: Run container in privileged mode. Processes 3519 in privileged containers are essentially equivalent 3520 to root on the host. Defaults to false. Note that 3521 this field cannot be set when spec.os.name is 3522 windows. 3523 type: boolean 3524 procMount: 3525 description: procMount denotes the type of proc 3526 mount to use for the containers. The default is 3527 DefaultProcMount which uses the container runtime 3528 defaults for readonly paths and masked paths. 3529 This requires the ProcMountType feature flag to 3530 be enabled. Note that this field cannot be set 3531 when spec.os.name is windows. 3532 type: string 3533 readOnlyRootFilesystem: 3534 description: Whether this container has a read-only 3535 root filesystem. Default is false. Note that this 3536 field cannot be set when spec.os.name is windows. 3537 type: boolean 3538 runAsGroup: 3539 description: The GID to run the entrypoint of the 3540 container process. Uses runtime default if unset. 3541 May also be set in PodSecurityContext. If set 3542 in both SecurityContext and PodSecurityContext, 3543 the value specified in SecurityContext takes precedence. 3544 Note that this field cannot be set when spec.os.name 3545 is windows. 3546 format: int64 3547 type: integer 3548 runAsNonRoot: 3549 description: Indicates that the container must run 3550 as a non-root user. If true, the Kubelet will 3551 validate the image at runtime to ensure that it 3552 does not run as UID 0 (root) and fail to start 3553 the container if it does. If unset or false, no 3554 such validation will be performed. May also be 3555 set in PodSecurityContext. If set in both SecurityContext 3556 and PodSecurityContext, the value specified in 3557 SecurityContext takes precedence. 3558 type: boolean 3559 runAsUser: 3560 description: The UID to run the entrypoint of the 3561 container process. Defaults to user specified 3562 in image metadata if unspecified. May also be 3563 set in PodSecurityContext. If set in both SecurityContext 3564 and PodSecurityContext, the value specified in 3565 SecurityContext takes precedence. Note that this 3566 field cannot be set when spec.os.name is windows. 3567 format: int64 3568 type: integer 3569 seLinuxOptions: 3570 description: The SELinux context to be applied to 3571 the container. If unspecified, the container runtime 3572 will allocate a random SELinux context for each 3573 container. May also be set in PodSecurityContext. If 3574 set in both SecurityContext and PodSecurityContext, 3575 the value specified in SecurityContext takes precedence. 3576 Note that this field cannot be set when spec.os.name 3577 is windows. 3578 properties: 3579 level: 3580 description: Level is SELinux level label that 3581 applies to the container. 3582 type: string 3583 role: 3584 description: Role is a SELinux role label that 3585 applies to the container. 3586 type: string 3587 type: 3588 description: Type is a SELinux type label that 3589 applies to the container. 3590 type: string 3591 user: 3592 description: User is a SELinux user label that 3593 applies to the container. 3594 type: string 3595 type: object 3596 seccompProfile: 3597 description: The seccomp options to use by this 3598 container. If seccomp options are provided at 3599 both the pod & container level, the container 3600 options override the pod options. Note that this 3601 field cannot be set when spec.os.name is windows. 3602 properties: 3603 localhostProfile: 3604 description: localhostProfile indicates a profile 3605 defined in a file on the node should be used. 3606 The profile must be preconfigured on the node 3607 to work. Must be a descending path, relative 3608 to the kubelet's configured seccomp profile 3609 location. Must be set if type is "Localhost". 3610 Must NOT be set for any other type. 3611 type: string 3612 type: 3613 description: "type indicates which kind of seccomp 3614 profile will be applied. Valid options are: 3615 \n Localhost - a profile defined in a file 3616 on the node should be used. RuntimeDefault 3617 - the container runtime default profile should 3618 be used. Unconfined - no profile should be 3619 applied." 3620 type: string 3621 required: 3622 - type 3623 type: object 3624 windowsOptions: 3625 description: The Windows specific settings applied 3626 to all containers. If unspecified, the options 3627 from the PodSecurityContext will be used. If set 3628 in both SecurityContext and PodSecurityContext, 3629 the value specified in SecurityContext takes precedence. 3630 Note that this field cannot be set when spec.os.name 3631 is linux. 3632 properties: 3633 gmsaCredentialSpec: 3634 description: GMSACredentialSpec is where the 3635 GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 3636 inlines the contents of the GMSA credential 3637 spec named by the GMSACredentialSpecName field. 3638 type: string 3639 gmsaCredentialSpecName: 3640 description: GMSACredentialSpecName is the name 3641 of the GMSA credential spec to use. 3642 type: string 3643 hostProcess: 3644 description: HostProcess determines if a container 3645 should be run as a 'Host Process' container. 3646 All of a Pod's containers must have the same 3647 effective HostProcess value (it is not allowed 3648 to have a mix of HostProcess containers and 3649 non-HostProcess containers). In addition, 3650 if HostProcess is true then HostNetwork must 3651 also be set to true. 3652 type: boolean 3653 runAsUserName: 3654 description: The UserName in Windows to run 3655 the entrypoint of the container process. Defaults 3656 to the user specified in image metadata if 3657 unspecified. May also be set in PodSecurityContext. 3658 If set in both SecurityContext and PodSecurityContext, 3659 the value specified in SecurityContext takes 3660 precedence. 3661 type: string 3662 type: object 3663 type: object 3664 startupProbe: 3665 description: 'StartupProbe indicates that the Pod has 3666 successfully initialized. If specified, no other probes 3667 are executed until this completes successfully. If 3668 this probe fails, the Pod will be restarted, just 3669 as if the livenessProbe failed. This can be used to 3670 provide different probe parameters at the beginning 3671 of a Pod''s lifecycle, when it might take a long time 3672 to load data or warm a cache, than during steady-state 3673 operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3674 properties: 3675 exec: 3676 description: Exec specifies the action to take. 3677 properties: 3678 command: 3679 description: Command is the command line to 3680 execute inside the container, the working 3681 directory for the command is root ('/') in 3682 the container's filesystem. The command is 3683 simply exec'd, it is not run inside a shell, 3684 so traditional shell instructions ('|', etc) 3685 won't work. To use a shell, you need to explicitly 3686 call out to that shell. Exit status of 0 is 3687 treated as live/healthy and non-zero is unhealthy. 3688 items: 3689 type: string 3690 type: array 3691 type: object 3692 failureThreshold: 3693 description: Minimum consecutive failures for the 3694 probe to be considered failed after having succeeded. 3695 Defaults to 3. Minimum value is 1. 3696 format: int32 3697 type: integer 3698 grpc: 3699 description: GRPC specifies an action involving 3700 a GRPC port. 3701 properties: 3702 port: 3703 description: Port number of the gRPC service. 3704 Number must be in the range 1 to 65535. 3705 format: int32 3706 type: integer 3707 service: 3708 description: "Service is the name of the service 3709 to place in the gRPC HealthCheckRequest (see 3710 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3711 \n If this is not specified, the default behavior 3712 is defined by gRPC." 3713 type: string 3714 required: 3715 - port 3716 type: object 3717 httpGet: 3718 description: HTTPGet specifies the http request 3719 to perform. 3720 properties: 3721 host: 3722 description: Host name to connect to, defaults 3723 to the pod IP. You probably want to set "Host" 3724 in httpHeaders instead. 3725 type: string 3726 httpHeaders: 3727 description: Custom headers to set in the request. 3728 HTTP allows repeated headers. 3729 items: 3730 description: HTTPHeader describes a custom 3731 header to be used in HTTP probes 3732 properties: 3733 name: 3734 description: The header field name. This 3735 will be canonicalized upon output, so 3736 case-variant names will be understood 3737 as the same header. 3738 type: string 3739 value: 3740 description: The header field value 3741 type: string 3742 required: 3743 - name 3744 - value 3745 type: object 3746 type: array 3747 path: 3748 description: Path to access on the HTTP server. 3749 type: string 3750 port: 3751 anyOf: 3752 - type: integer 3753 - type: string 3754 description: Name or number of the port to access 3755 on the container. Number must be in the range 3756 1 to 65535. Name must be an IANA_SVC_NAME. 3757 x-kubernetes-int-or-string: true 3758 scheme: 3759 description: Scheme to use for connecting to 3760 the host. Defaults to HTTP. 3761 type: string 3762 required: 3763 - port 3764 type: object 3765 initialDelaySeconds: 3766 description: 'Number of seconds after the container 3767 has started before liveness probes are initiated. 3768 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3769 format: int32 3770 type: integer 3771 periodSeconds: 3772 description: How often (in seconds) to perform the 3773 probe. Default to 10 seconds. Minimum value is 3774 1. 3775 format: int32 3776 type: integer 3777 successThreshold: 3778 description: Minimum consecutive successes for the 3779 probe to be considered successful after having 3780 failed. Defaults to 1. Must be 1 for liveness 3781 and startup. Minimum value is 1. 3782 format: int32 3783 type: integer 3784 tcpSocket: 3785 description: TCPSocket specifies an action involving 3786 a TCP port. 3787 properties: 3788 host: 3789 description: 'Optional: Host name to connect 3790 to, defaults to the pod IP.' 3791 type: string 3792 port: 3793 anyOf: 3794 - type: integer 3795 - type: string 3796 description: Number or name of the port to access 3797 on the container. Number must be in the range 3798 1 to 65535. Name must be an IANA_SVC_NAME. 3799 x-kubernetes-int-or-string: true 3800 required: 3801 - port 3802 type: object 3803 terminationGracePeriodSeconds: 3804 description: Optional duration in seconds the pod 3805 needs to terminate gracefully upon probe failure. 3806 The grace period is the duration in seconds after 3807 the processes running in the pod are sent a termination 3808 signal and the time when the processes are forcibly 3809 halted with a kill signal. Set this value longer 3810 than the expected cleanup time for your process. 3811 If this value is nil, the pod's terminationGracePeriodSeconds 3812 will be used. Otherwise, this value overrides 3813 the value provided by the pod spec. Value must 3814 be non-negative integer. The value zero indicates 3815 stop immediately via the kill signal (no opportunity 3816 to shut down). This is a beta field and requires 3817 enabling ProbeTerminationGracePeriod feature gate. 3818 Minimum value is 1. spec.terminationGracePeriodSeconds 3819 is used if unset. 3820 format: int64 3821 type: integer 3822 timeoutSeconds: 3823 description: 'Number of seconds after which the 3824 probe times out. Defaults to 1 second. Minimum 3825 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3826 format: int32 3827 type: integer 3828 type: object 3829 stdin: 3830 description: Whether this container should allocate 3831 a buffer for stdin in the container runtime. If this 3832 is not set, reads from stdin in the container will 3833 always result in EOF. Default is false. 3834 type: boolean 3835 stdinOnce: 3836 description: Whether the container runtime should close 3837 the stdin channel after it has been opened by a single 3838 attach. When stdin is true the stdin stream will remain 3839 open across multiple attach sessions. If stdinOnce 3840 is set to true, stdin is opened on container start, 3841 is empty until the first client attaches to stdin, 3842 and then remains open and accepts data until the client 3843 disconnects, at which time stdin is closed and remains 3844 closed until the container is restarted. If this flag 3845 is false, a container processes that reads from stdin 3846 will never receive an EOF. Default is false 3847 type: boolean 3848 terminationMessagePath: 3849 description: 'Optional: Path at which the file to which 3850 the container''s termination message will be written 3851 is mounted into the container''s filesystem. Message 3852 written is intended to be brief final status, such 3853 as an assertion failure message. Will be truncated 3854 by the node if greater than 4096 bytes. The total 3855 message length across all containers will be limited 3856 to 12kb. Defaults to /dev/termination-log. Cannot 3857 be updated.' 3858 type: string 3859 terminationMessagePolicy: 3860 description: Indicate how the termination message should 3861 be populated. File will use the contents of terminationMessagePath 3862 to populate the container status message on both success 3863 and failure. FallbackToLogsOnError will use the last 3864 chunk of container log output if the termination message 3865 file is empty and the container exited with an error. 3866 The log output is limited to 2048 bytes or 80 lines, 3867 whichever is smaller. Defaults to File. Cannot be 3868 updated. 3869 type: string 3870 tty: 3871 description: Whether this container should allocate 3872 a TTY for itself, also requires 'stdin' to be true. 3873 Default is false. 3874 type: boolean 3875 volumeDevices: 3876 description: volumeDevices is the list of block devices 3877 to be used by the container. 3878 items: 3879 description: volumeDevice describes a mapping of a 3880 raw block device within a container. 3881 properties: 3882 devicePath: 3883 description: devicePath is the path inside of 3884 the container that the device will be mapped 3885 to. 3886 type: string 3887 name: 3888 description: name must match the name of a persistentVolumeClaim 3889 in the pod 3890 type: string 3891 required: 3892 - devicePath 3893 - name 3894 type: object 3895 type: array 3896 volumeMounts: 3897 description: Pod volumes to mount into the container's 3898 filesystem. Cannot be updated. 3899 items: 3900 description: VolumeMount describes a mounting of a 3901 Volume within a container. 3902 properties: 3903 mountPath: 3904 description: Path within the container at which 3905 the volume should be mounted. Must not contain 3906 ':'. 3907 type: string 3908 mountPropagation: 3909 description: mountPropagation determines how mounts 3910 are propagated from the host to container and 3911 the other way around. When not set, MountPropagationNone 3912 is used. This field is beta in 1.10. 3913 type: string 3914 name: 3915 description: This must match the Name of a Volume. 3916 type: string 3917 readOnly: 3918 description: Mounted read-only if true, read-write 3919 otherwise (false or unspecified). Defaults to 3920 false. 3921 type: boolean 3922 subPath: 3923 description: Path within the volume from which 3924 the container's volume should be mounted. Defaults 3925 to "" (volume's root). 3926 type: string 3927 subPathExpr: 3928 description: Expanded path within the volume from 3929 which the container's volume should be mounted. 3930 Behaves similarly to SubPath but environment 3931 variable references $(VAR_NAME) are expanded 3932 using the container's environment. Defaults 3933 to "" (volume's root). SubPathExpr and SubPath 3934 are mutually exclusive. 3935 type: string 3936 required: 3937 - mountPath 3938 - name 3939 type: object 3940 type: array 3941 workingDir: 3942 description: Container's working directory. If not specified, 3943 the container runtime's default will be used, which 3944 might be configured in the container image. Cannot 3945 be updated. 3946 type: string 3947 required: 3948 - name 3949 type: object 3950 type: array 3951 dnsConfig: 3952 description: Specifies the DNS parameters of a pod. Parameters 3953 specified here will be merged to the generated DNS configuration 3954 based on DNSPolicy. 3955 properties: 3956 nameservers: 3957 description: A list of DNS name server IP addresses. This 3958 will be appended to the base nameservers generated from 3959 DNSPolicy. Duplicated nameservers will be removed. 3960 items: 3961 type: string 3962 type: array 3963 options: 3964 description: A list of DNS resolver options. This will 3965 be merged with the base options generated from DNSPolicy. 3966 Duplicated entries will be removed. Resolution options 3967 given in Options will override those that appear in 3968 the base DNSPolicy. 3969 items: 3970 description: PodDNSConfigOption defines DNS resolver 3971 options of a pod. 3972 properties: 3973 name: 3974 description: Required. 3975 type: string 3976 value: 3977 type: string 3978 type: object 3979 type: array 3980 searches: 3981 description: A list of DNS search domains for host-name 3982 lookup. This will be appended to the base search paths 3983 generated from DNSPolicy. Duplicated search paths will 3984 be removed. 3985 items: 3986 type: string 3987 type: array 3988 type: object 3989 dnsPolicy: 3990 description: Set DNS policy for the pod. Defaults to "ClusterFirst". 3991 Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 3992 'Default' or 'None'. DNS parameters given in DNSConfig will 3993 be merged with the policy selected with DNSPolicy. To have 3994 DNS options set along with hostNetwork, you have to specify 3995 DNS policy explicitly to 'ClusterFirstWithHostNet'. 3996 type: string 3997 enableServiceLinks: 3998 description: 'EnableServiceLinks indicates whether information 3999 about services should be injected into pod''s environment 4000 variables, matching the syntax of Docker links. Optional: 4001 Defaults to true.' 4002 type: boolean 4003 ephemeralContainers: 4004 description: List of ephemeral containers run in this pod. 4005 Ephemeral containers may be run in an existing pod to perform 4006 user-initiated actions such as debugging. This list cannot 4007 be specified when creating a pod, and it cannot be modified 4008 by updating the pod spec. In order to add an ephemeral container 4009 to an existing pod, use the pod's ephemeralcontainers subresource. 4010 items: 4011 description: "An EphemeralContainer is a temporary container 4012 that you may add to an existing Pod for user-initiated 4013 activities such as debugging. Ephemeral containers have 4014 no resource or scheduling guarantees, and they will not 4015 be restarted when they exit or when a Pod is removed or 4016 restarted. The kubelet may evict a Pod if an ephemeral 4017 container causes the Pod to exceed its resource allocation. 4018 \n To add an ephemeral container, use the ephemeralcontainers 4019 subresource of an existing Pod. Ephemeral containers may 4020 not be removed or restarted." 4021 properties: 4022 args: 4023 description: 'Arguments to the entrypoint. The image''s 4024 CMD is used if this is not provided. Variable references 4025 $(VAR_NAME) are expanded using the container''s environment. 4026 If a variable cannot be resolved, the reference in 4027 the input string will be unchanged. Double $$ are 4028 reduced to a single $, which allows for escaping the 4029 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce 4030 the string literal "$(VAR_NAME)". Escaped references 4031 will never be expanded, regardless of whether the 4032 variable exists or not. Cannot be updated. More info: 4033 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4034 items: 4035 type: string 4036 type: array 4037 command: 4038 description: 'Entrypoint array. Not executed within 4039 a shell. The image''s ENTRYPOINT is used if this is 4040 not provided. Variable references $(VAR_NAME) are 4041 expanded using the container''s environment. If a 4042 variable cannot be resolved, the reference in the 4043 input string will be unchanged. Double $$ are reduced 4044 to a single $, which allows for escaping the $(VAR_NAME) 4045 syntax: i.e. "$$(VAR_NAME)" will produce the string 4046 literal "$(VAR_NAME)". Escaped references will never 4047 be expanded, regardless of whether the variable exists 4048 or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4049 items: 4050 type: string 4051 type: array 4052 env: 4053 description: List of environment variables to set in 4054 the container. Cannot be updated. 4055 items: 4056 description: EnvVar represents an environment variable 4057 present in a Container. 4058 properties: 4059 name: 4060 description: Name of the environment variable. 4061 Must be a C_IDENTIFIER. 4062 type: string 4063 value: 4064 description: 'Variable references $(VAR_NAME) 4065 are expanded using the previously defined environment 4066 variables in the container and any service environment 4067 variables. If a variable cannot be resolved, 4068 the reference in the input string will be unchanged. 4069 Double $$ are reduced to a single $, which allows 4070 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 4071 will produce the string literal "$(VAR_NAME)". 4072 Escaped references will never be expanded, regardless 4073 of whether the variable exists or not. Defaults 4074 to "".' 4075 type: string 4076 valueFrom: 4077 description: Source for the environment variable's 4078 value. Cannot be used if value is not empty. 4079 properties: 4080 configMapKeyRef: 4081 description: Selects a key of a ConfigMap. 4082 properties: 4083 key: 4084 description: The key to select. 4085 type: string 4086 name: 4087 description: 'Name of the referent. More 4088 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4089 TODO: Add other useful fields. apiVersion, 4090 kind, uid?' 4091 type: string 4092 optional: 4093 description: Specify whether the ConfigMap 4094 or its key must be defined 4095 type: boolean 4096 required: 4097 - key 4098 type: object 4099 x-kubernetes-map-type: atomic 4100 fieldRef: 4101 description: 'Selects a field of the pod: 4102 supports metadata.name, metadata.namespace, 4103 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 4104 spec.nodeName, spec.serviceAccountName, 4105 status.hostIP, status.podIP, status.podIPs.' 4106 properties: 4107 apiVersion: 4108 description: Version of the schema the 4109 FieldPath is written in terms of, defaults 4110 to "v1". 4111 type: string 4112 fieldPath: 4113 description: Path of the field to select 4114 in the specified API version. 4115 type: string 4116 required: 4117 - fieldPath 4118 type: object 4119 x-kubernetes-map-type: atomic 4120 resourceFieldRef: 4121 description: 'Selects a resource of the container: 4122 only resources limits and requests (limits.cpu, 4123 limits.memory, limits.ephemeral-storage, 4124 requests.cpu, requests.memory and requests.ephemeral-storage) 4125 are currently supported.' 4126 properties: 4127 containerName: 4128 description: 'Container name: required 4129 for volumes, optional for env vars' 4130 type: string 4131 divisor: 4132 anyOf: 4133 - type: integer 4134 - type: string 4135 description: Specifies the output format 4136 of the exposed resources, defaults to 4137 "1" 4138 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4139 x-kubernetes-int-or-string: true 4140 resource: 4141 description: 'Required: resource to select' 4142 type: string 4143 required: 4144 - resource 4145 type: object 4146 x-kubernetes-map-type: atomic 4147 secretKeyRef: 4148 description: Selects a key of a secret in 4149 the pod's namespace 4150 properties: 4151 key: 4152 description: The key of the secret to 4153 select from. Must be a valid secret 4154 key. 4155 type: string 4156 name: 4157 description: 'Name of the referent. More 4158 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4159 TODO: Add other useful fields. apiVersion, 4160 kind, uid?' 4161 type: string 4162 optional: 4163 description: Specify whether the Secret 4164 or its key must be defined 4165 type: boolean 4166 required: 4167 - key 4168 type: object 4169 x-kubernetes-map-type: atomic 4170 type: object 4171 required: 4172 - name 4173 type: object 4174 type: array 4175 envFrom: 4176 description: List of sources to populate environment 4177 variables in the container. The keys defined within 4178 a source must be a C_IDENTIFIER. All invalid keys 4179 will be reported as an event when the container is 4180 starting. When a key exists in multiple sources, the 4181 value associated with the last source will take precedence. 4182 Values defined by an Env with a duplicate key will 4183 take precedence. Cannot be updated. 4184 items: 4185 description: EnvFromSource represents the source of 4186 a set of ConfigMaps 4187 properties: 4188 configMapRef: 4189 description: The ConfigMap to select from 4190 properties: 4191 name: 4192 description: 'Name of the referent. More info: 4193 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4194 TODO: Add other useful fields. apiVersion, 4195 kind, uid?' 4196 type: string 4197 optional: 4198 description: Specify whether the ConfigMap 4199 must be defined 4200 type: boolean 4201 type: object 4202 x-kubernetes-map-type: atomic 4203 prefix: 4204 description: An optional identifier to prepend 4205 to each key in the ConfigMap. Must be a C_IDENTIFIER. 4206 type: string 4207 secretRef: 4208 description: The Secret to select from 4209 properties: 4210 name: 4211 description: 'Name of the referent. More info: 4212 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4213 TODO: Add other useful fields. apiVersion, 4214 kind, uid?' 4215 type: string 4216 optional: 4217 description: Specify whether the Secret must 4218 be defined 4219 type: boolean 4220 type: object 4221 x-kubernetes-map-type: atomic 4222 type: object 4223 type: array 4224 image: 4225 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' 4226 type: string 4227 imagePullPolicy: 4228 description: 'Image pull policy. One of Always, Never, 4229 IfNotPresent. Defaults to Always if :latest tag is 4230 specified, or IfNotPresent otherwise. Cannot be updated. 4231 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 4232 type: string 4233 lifecycle: 4234 description: Lifecycle is not allowed for ephemeral 4235 containers. 4236 properties: 4237 postStart: 4238 description: 'PostStart is called immediately after 4239 a container is created. If the handler fails, 4240 the container is terminated and restarted according 4241 to its restart policy. Other management of the 4242 container blocks until the hook completes. More 4243 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4244 properties: 4245 exec: 4246 description: Exec specifies the action to take. 4247 properties: 4248 command: 4249 description: Command is the command line 4250 to execute inside the container, the working 4251 directory for the command is root ('/') 4252 in the container's filesystem. The command 4253 is simply exec'd, it is not run inside 4254 a shell, so traditional shell instructions 4255 ('|', etc) won't work. To use a shell, 4256 you need to explicitly call out to that 4257 shell. Exit status of 0 is treated as 4258 live/healthy and non-zero is unhealthy. 4259 items: 4260 type: string 4261 type: array 4262 type: object 4263 httpGet: 4264 description: HTTPGet specifies the http request 4265 to perform. 4266 properties: 4267 host: 4268 description: Host name to connect to, defaults 4269 to the pod IP. You probably want to set 4270 "Host" in httpHeaders instead. 4271 type: string 4272 httpHeaders: 4273 description: Custom headers to set in the 4274 request. HTTP allows repeated headers. 4275 items: 4276 description: HTTPHeader describes a custom 4277 header to be used in HTTP probes 4278 properties: 4279 name: 4280 description: The header field name. 4281 This will be canonicalized upon 4282 output, so case-variant names will 4283 be understood as the same header. 4284 type: string 4285 value: 4286 description: The header field value 4287 type: string 4288 required: 4289 - name 4290 - value 4291 type: object 4292 type: array 4293 path: 4294 description: Path to access on the HTTP 4295 server. 4296 type: string 4297 port: 4298 anyOf: 4299 - type: integer 4300 - type: string 4301 description: Name or number of the port 4302 to access on the container. Number must 4303 be in the range 1 to 65535. Name must 4304 be an IANA_SVC_NAME. 4305 x-kubernetes-int-or-string: true 4306 scheme: 4307 description: Scheme to use for connecting 4308 to the host. Defaults to HTTP. 4309 type: string 4310 required: 4311 - port 4312 type: object 4313 tcpSocket: 4314 description: Deprecated. TCPSocket is NOT supported 4315 as a LifecycleHandler and kept for the backward 4316 compatibility. There are no validation of 4317 this field and lifecycle hooks will fail in 4318 runtime when tcp handler is specified. 4319 properties: 4320 host: 4321 description: 'Optional: Host name to connect 4322 to, defaults to the pod IP.' 4323 type: string 4324 port: 4325 anyOf: 4326 - type: integer 4327 - type: string 4328 description: Number or name of the port 4329 to access on the container. Number must 4330 be in the range 1 to 65535. Name must 4331 be an IANA_SVC_NAME. 4332 x-kubernetes-int-or-string: true 4333 required: 4334 - port 4335 type: object 4336 type: object 4337 preStop: 4338 description: 'PreStop is called immediately before 4339 a container is terminated due to an API request 4340 or management event such as liveness/startup probe 4341 failure, preemption, resource contention, etc. 4342 The handler is not called if the container crashes 4343 or exits. The Pod''s termination grace period 4344 countdown begins before the PreStop hook is executed. 4345 Regardless of the outcome of the handler, the 4346 container will eventually terminate within the 4347 Pod''s termination grace period (unless delayed 4348 by finalizers). Other management of the container 4349 blocks until the hook completes or until the termination 4350 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4351 properties: 4352 exec: 4353 description: Exec specifies the action to take. 4354 properties: 4355 command: 4356 description: Command is the command line 4357 to execute inside the container, the working 4358 directory for the command is root ('/') 4359 in the container's filesystem. The command 4360 is simply exec'd, it is not run inside 4361 a shell, so traditional shell instructions 4362 ('|', etc) won't work. To use a shell, 4363 you need to explicitly call out to that 4364 shell. Exit status of 0 is treated as 4365 live/healthy and non-zero is unhealthy. 4366 items: 4367 type: string 4368 type: array 4369 type: object 4370 httpGet: 4371 description: HTTPGet specifies the http request 4372 to perform. 4373 properties: 4374 host: 4375 description: Host name to connect to, defaults 4376 to the pod IP. You probably want to set 4377 "Host" in httpHeaders instead. 4378 type: string 4379 httpHeaders: 4380 description: Custom headers to set in the 4381 request. HTTP allows repeated headers. 4382 items: 4383 description: HTTPHeader describes a custom 4384 header to be used in HTTP probes 4385 properties: 4386 name: 4387 description: The header field name. 4388 This will be canonicalized upon 4389 output, so case-variant names will 4390 be understood as the same header. 4391 type: string 4392 value: 4393 description: The header field value 4394 type: string 4395 required: 4396 - name 4397 - value 4398 type: object 4399 type: array 4400 path: 4401 description: Path to access on the HTTP 4402 server. 4403 type: string 4404 port: 4405 anyOf: 4406 - type: integer 4407 - type: string 4408 description: Name or number of the port 4409 to access on the container. Number must 4410 be in the range 1 to 65535. Name must 4411 be an IANA_SVC_NAME. 4412 x-kubernetes-int-or-string: true 4413 scheme: 4414 description: Scheme to use for connecting 4415 to the host. Defaults to HTTP. 4416 type: string 4417 required: 4418 - port 4419 type: object 4420 tcpSocket: 4421 description: Deprecated. TCPSocket is NOT supported 4422 as a LifecycleHandler and kept for the backward 4423 compatibility. There are no validation of 4424 this field and lifecycle hooks will fail in 4425 runtime when tcp handler is specified. 4426 properties: 4427 host: 4428 description: 'Optional: Host name to connect 4429 to, defaults to the pod IP.' 4430 type: string 4431 port: 4432 anyOf: 4433 - type: integer 4434 - type: string 4435 description: Number or name of the port 4436 to access on the container. Number must 4437 be in the range 1 to 65535. Name must 4438 be an IANA_SVC_NAME. 4439 x-kubernetes-int-or-string: true 4440 required: 4441 - port 4442 type: object 4443 type: object 4444 type: object 4445 livenessProbe: 4446 description: Probes are not allowed for ephemeral containers. 4447 properties: 4448 exec: 4449 description: Exec specifies the action to take. 4450 properties: 4451 command: 4452 description: Command is the command line to 4453 execute inside the container, the working 4454 directory for the command is root ('/') in 4455 the container's filesystem. The command is 4456 simply exec'd, it is not run inside a shell, 4457 so traditional shell instructions ('|', etc) 4458 won't work. To use a shell, you need to explicitly 4459 call out to that shell. Exit status of 0 is 4460 treated as live/healthy and non-zero is unhealthy. 4461 items: 4462 type: string 4463 type: array 4464 type: object 4465 failureThreshold: 4466 description: Minimum consecutive failures for the 4467 probe to be considered failed after having succeeded. 4468 Defaults to 3. Minimum value is 1. 4469 format: int32 4470 type: integer 4471 grpc: 4472 description: GRPC specifies an action involving 4473 a GRPC port. 4474 properties: 4475 port: 4476 description: Port number of the gRPC service. 4477 Number must be in the range 1 to 65535. 4478 format: int32 4479 type: integer 4480 service: 4481 description: "Service is the name of the service 4482 to place in the gRPC HealthCheckRequest (see 4483 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4484 \n If this is not specified, the default behavior 4485 is defined by gRPC." 4486 type: string 4487 required: 4488 - port 4489 type: object 4490 httpGet: 4491 description: HTTPGet specifies the http request 4492 to perform. 4493 properties: 4494 host: 4495 description: Host name to connect to, defaults 4496 to the pod IP. You probably want to set "Host" 4497 in httpHeaders instead. 4498 type: string 4499 httpHeaders: 4500 description: Custom headers to set in the request. 4501 HTTP allows repeated headers. 4502 items: 4503 description: HTTPHeader describes a custom 4504 header to be used in HTTP probes 4505 properties: 4506 name: 4507 description: The header field name. This 4508 will be canonicalized upon output, so 4509 case-variant names will be understood 4510 as the same header. 4511 type: string 4512 value: 4513 description: The header field value 4514 type: string 4515 required: 4516 - name 4517 - value 4518 type: object 4519 type: array 4520 path: 4521 description: Path to access on the HTTP server. 4522 type: string 4523 port: 4524 anyOf: 4525 - type: integer 4526 - type: string 4527 description: Name or number of the port to access 4528 on the container. Number must be in the range 4529 1 to 65535. Name must be an IANA_SVC_NAME. 4530 x-kubernetes-int-or-string: true 4531 scheme: 4532 description: Scheme to use for connecting to 4533 the host. Defaults to HTTP. 4534 type: string 4535 required: 4536 - port 4537 type: object 4538 initialDelaySeconds: 4539 description: 'Number of seconds after the container 4540 has started before liveness probes are initiated. 4541 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4542 format: int32 4543 type: integer 4544 periodSeconds: 4545 description: How often (in seconds) to perform the 4546 probe. Default to 10 seconds. Minimum value is 4547 1. 4548 format: int32 4549 type: integer 4550 successThreshold: 4551 description: Minimum consecutive successes for the 4552 probe to be considered successful after having 4553 failed. Defaults to 1. Must be 1 for liveness 4554 and startup. Minimum value is 1. 4555 format: int32 4556 type: integer 4557 tcpSocket: 4558 description: TCPSocket specifies an action involving 4559 a TCP port. 4560 properties: 4561 host: 4562 description: 'Optional: Host name to connect 4563 to, defaults to the pod IP.' 4564 type: string 4565 port: 4566 anyOf: 4567 - type: integer 4568 - type: string 4569 description: Number or name of the port to access 4570 on the container. Number must be in the range 4571 1 to 65535. Name must be an IANA_SVC_NAME. 4572 x-kubernetes-int-or-string: true 4573 required: 4574 - port 4575 type: object 4576 terminationGracePeriodSeconds: 4577 description: Optional duration in seconds the pod 4578 needs to terminate gracefully upon probe failure. 4579 The grace period is the duration in seconds after 4580 the processes running in the pod are sent a termination 4581 signal and the time when the processes are forcibly 4582 halted with a kill signal. Set this value longer 4583 than the expected cleanup time for your process. 4584 If this value is nil, the pod's terminationGracePeriodSeconds 4585 will be used. Otherwise, this value overrides 4586 the value provided by the pod spec. Value must 4587 be non-negative integer. The value zero indicates 4588 stop immediately via the kill signal (no opportunity 4589 to shut down). This is a beta field and requires 4590 enabling ProbeTerminationGracePeriod feature gate. 4591 Minimum value is 1. spec.terminationGracePeriodSeconds 4592 is used if unset. 4593 format: int64 4594 type: integer 4595 timeoutSeconds: 4596 description: 'Number of seconds after which the 4597 probe times out. Defaults to 1 second. Minimum 4598 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4599 format: int32 4600 type: integer 4601 type: object 4602 name: 4603 description: Name of the ephemeral container specified 4604 as a DNS_LABEL. This name must be unique among all 4605 containers, init containers and ephemeral containers. 4606 type: string 4607 ports: 4608 description: Ports are not allowed for ephemeral containers. 4609 items: 4610 description: ContainerPort represents a network port 4611 in a single container. 4612 properties: 4613 containerPort: 4614 description: Number of port to expose on the pod's 4615 IP address. This must be a valid port number, 4616 0 < x < 65536. 4617 format: int32 4618 type: integer 4619 hostIP: 4620 description: What host IP to bind the external 4621 port to. 4622 type: string 4623 hostPort: 4624 description: Number of port to expose on the host. 4625 If specified, this must be a valid port number, 4626 0 < x < 65536. If HostNetwork is specified, 4627 this must match ContainerPort. Most containers 4628 do not need this. 4629 format: int32 4630 type: integer 4631 name: 4632 description: If specified, this must be an IANA_SVC_NAME 4633 and unique within the pod. Each named port in 4634 a pod must have a unique name. Name for the 4635 port that can be referred to by services. 4636 type: string 4637 protocol: 4638 default: TCP 4639 description: Protocol for port. Must be UDP, TCP, 4640 or SCTP. Defaults to "TCP". 4641 type: string 4642 required: 4643 - containerPort 4644 type: object 4645 type: array 4646 x-kubernetes-list-map-keys: 4647 - containerPort 4648 - protocol 4649 x-kubernetes-list-type: map 4650 readinessProbe: 4651 description: Probes are not allowed for ephemeral containers. 4652 properties: 4653 exec: 4654 description: Exec specifies the action to take. 4655 properties: 4656 command: 4657 description: Command is the command line to 4658 execute inside the container, the working 4659 directory for the command is root ('/') in 4660 the container's filesystem. The command is 4661 simply exec'd, it is not run inside a shell, 4662 so traditional shell instructions ('|', etc) 4663 won't work. To use a shell, you need to explicitly 4664 call out to that shell. Exit status of 0 is 4665 treated as live/healthy and non-zero is unhealthy. 4666 items: 4667 type: string 4668 type: array 4669 type: object 4670 failureThreshold: 4671 description: Minimum consecutive failures for the 4672 probe to be considered failed after having succeeded. 4673 Defaults to 3. Minimum value is 1. 4674 format: int32 4675 type: integer 4676 grpc: 4677 description: GRPC specifies an action involving 4678 a GRPC port. 4679 properties: 4680 port: 4681 description: Port number of the gRPC service. 4682 Number must be in the range 1 to 65535. 4683 format: int32 4684 type: integer 4685 service: 4686 description: "Service is the name of the service 4687 to place in the gRPC HealthCheckRequest (see 4688 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4689 \n If this is not specified, the default behavior 4690 is defined by gRPC." 4691 type: string 4692 required: 4693 - port 4694 type: object 4695 httpGet: 4696 description: HTTPGet specifies the http request 4697 to perform. 4698 properties: 4699 host: 4700 description: Host name to connect to, defaults 4701 to the pod IP. You probably want to set "Host" 4702 in httpHeaders instead. 4703 type: string 4704 httpHeaders: 4705 description: Custom headers to set in the request. 4706 HTTP allows repeated headers. 4707 items: 4708 description: HTTPHeader describes a custom 4709 header to be used in HTTP probes 4710 properties: 4711 name: 4712 description: The header field name. This 4713 will be canonicalized upon output, so 4714 case-variant names will be understood 4715 as the same header. 4716 type: string 4717 value: 4718 description: The header field value 4719 type: string 4720 required: 4721 - name 4722 - value 4723 type: object 4724 type: array 4725 path: 4726 description: Path to access on the HTTP server. 4727 type: string 4728 port: 4729 anyOf: 4730 - type: integer 4731 - type: string 4732 description: Name or number of the port to access 4733 on the container. Number must be in the range 4734 1 to 65535. Name must be an IANA_SVC_NAME. 4735 x-kubernetes-int-or-string: true 4736 scheme: 4737 description: Scheme to use for connecting to 4738 the host. Defaults to HTTP. 4739 type: string 4740 required: 4741 - port 4742 type: object 4743 initialDelaySeconds: 4744 description: 'Number of seconds after the container 4745 has started before liveness probes are initiated. 4746 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4747 format: int32 4748 type: integer 4749 periodSeconds: 4750 description: How often (in seconds) to perform the 4751 probe. Default to 10 seconds. Minimum value is 4752 1. 4753 format: int32 4754 type: integer 4755 successThreshold: 4756 description: Minimum consecutive successes for the 4757 probe to be considered successful after having 4758 failed. Defaults to 1. Must be 1 for liveness 4759 and startup. Minimum value is 1. 4760 format: int32 4761 type: integer 4762 tcpSocket: 4763 description: TCPSocket specifies an action involving 4764 a TCP port. 4765 properties: 4766 host: 4767 description: 'Optional: Host name to connect 4768 to, defaults to the pod IP.' 4769 type: string 4770 port: 4771 anyOf: 4772 - type: integer 4773 - type: string 4774 description: Number or name of the port to access 4775 on the container. Number must be in the range 4776 1 to 65535. Name must be an IANA_SVC_NAME. 4777 x-kubernetes-int-or-string: true 4778 required: 4779 - port 4780 type: object 4781 terminationGracePeriodSeconds: 4782 description: Optional duration in seconds the pod 4783 needs to terminate gracefully upon probe failure. 4784 The grace period is the duration in seconds after 4785 the processes running in the pod are sent a termination 4786 signal and the time when the processes are forcibly 4787 halted with a kill signal. Set this value longer 4788 than the expected cleanup time for your process. 4789 If this value is nil, the pod's terminationGracePeriodSeconds 4790 will be used. Otherwise, this value overrides 4791 the value provided by the pod spec. Value must 4792 be non-negative integer. The value zero indicates 4793 stop immediately via the kill signal (no opportunity 4794 to shut down). This is a beta field and requires 4795 enabling ProbeTerminationGracePeriod feature gate. 4796 Minimum value is 1. spec.terminationGracePeriodSeconds 4797 is used if unset. 4798 format: int64 4799 type: integer 4800 timeoutSeconds: 4801 description: 'Number of seconds after which the 4802 probe times out. Defaults to 1 second. Minimum 4803 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4804 format: int32 4805 type: integer 4806 type: object 4807 resizePolicy: 4808 description: Resources resize policy for the container. 4809 items: 4810 description: ContainerResizePolicy represents resource 4811 resize policy for the container. 4812 properties: 4813 resourceName: 4814 description: 'Name of the resource to which this 4815 resource resize policy applies. Supported values: 4816 cpu, memory.' 4817 type: string 4818 restartPolicy: 4819 description: Restart policy to apply when specified 4820 resource is resized. If not specified, it defaults 4821 to NotRequired. 4822 type: string 4823 required: 4824 - resourceName 4825 - restartPolicy 4826 type: object 4827 type: array 4828 x-kubernetes-list-type: atomic 4829 resources: 4830 description: Resources are not allowed for ephemeral 4831 containers. Ephemeral containers use spare resources 4832 already allocated to the pod. 4833 properties: 4834 claims: 4835 description: "Claims lists the names of resources, 4836 defined in spec.resourceClaims, that are used 4837 by this container. \n This is an alpha field and 4838 requires enabling the DynamicResourceAllocation 4839 feature gate. \n This field is immutable. It can 4840 only be set for containers." 4841 items: 4842 description: ResourceClaim references one entry 4843 in PodSpec.ResourceClaims. 4844 properties: 4845 name: 4846 description: Name must match the name of one 4847 entry in pod.spec.resourceClaims of the 4848 Pod where this field is used. It makes that 4849 resource available inside a container. 4850 type: string 4851 required: 4852 - name 4853 type: object 4854 type: array 4855 x-kubernetes-list-map-keys: 4856 - name 4857 x-kubernetes-list-type: map 4858 limits: 4859 additionalProperties: 4860 anyOf: 4861 - type: integer 4862 - type: string 4863 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4864 x-kubernetes-int-or-string: true 4865 description: 'Limits describes the maximum amount 4866 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4867 type: object 4868 requests: 4869 additionalProperties: 4870 anyOf: 4871 - type: integer 4872 - type: string 4873 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4874 x-kubernetes-int-or-string: true 4875 description: 'Requests describes the minimum amount 4876 of compute resources required. If Requests is 4877 omitted for a container, it defaults to Limits 4878 if that is explicitly specified, otherwise to 4879 an implementation-defined value. Requests cannot 4880 exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4881 type: object 4882 type: object 4883 restartPolicy: 4884 description: Restart policy for the container to manage 4885 the restart behavior of each container within a pod. 4886 This may only be set for init containers. You cannot 4887 set this field on ephemeral containers. 4888 type: string 4889 securityContext: 4890 description: 'Optional: SecurityContext defines the 4891 security options the ephemeral container should be 4892 run with. If set, the fields of SecurityContext override 4893 the equivalent fields of PodSecurityContext.' 4894 properties: 4895 allowPrivilegeEscalation: 4896 description: 'AllowPrivilegeEscalation controls 4897 whether a process can gain more privileges than 4898 its parent process. This bool directly controls 4899 if the no_new_privs flag will be set on the container 4900 process. AllowPrivilegeEscalation is true always 4901 when the container is: 1) run as Privileged 2) 4902 has CAP_SYS_ADMIN Note that this field cannot 4903 be set when spec.os.name is windows.' 4904 type: boolean 4905 capabilities: 4906 description: The capabilities to add/drop when running 4907 containers. Defaults to the default set of capabilities 4908 granted by the container runtime. Note that this 4909 field cannot be set when spec.os.name is windows. 4910 properties: 4911 add: 4912 description: Added capabilities 4913 items: 4914 description: Capability represent POSIX capabilities 4915 type 4916 type: string 4917 type: array 4918 drop: 4919 description: Removed capabilities 4920 items: 4921 description: Capability represent POSIX capabilities 4922 type 4923 type: string 4924 type: array 4925 type: object 4926 privileged: 4927 description: Run container in privileged mode. Processes 4928 in privileged containers are essentially equivalent 4929 to root on the host. Defaults to false. Note that 4930 this field cannot be set when spec.os.name is 4931 windows. 4932 type: boolean 4933 procMount: 4934 description: procMount denotes the type of proc 4935 mount to use for the containers. The default is 4936 DefaultProcMount which uses the container runtime 4937 defaults for readonly paths and masked paths. 4938 This requires the ProcMountType feature flag to 4939 be enabled. Note that this field cannot be set 4940 when spec.os.name is windows. 4941 type: string 4942 readOnlyRootFilesystem: 4943 description: Whether this container has a read-only 4944 root filesystem. Default is false. Note that this 4945 field cannot be set when spec.os.name is windows. 4946 type: boolean 4947 runAsGroup: 4948 description: The GID to run the entrypoint of the 4949 container process. Uses runtime default if unset. 4950 May also be set in PodSecurityContext. If set 4951 in both SecurityContext and PodSecurityContext, 4952 the value specified in SecurityContext takes precedence. 4953 Note that this field cannot be set when spec.os.name 4954 is windows. 4955 format: int64 4956 type: integer 4957 runAsNonRoot: 4958 description: Indicates that the container must run 4959 as a non-root user. If true, the Kubelet will 4960 validate the image at runtime to ensure that it 4961 does not run as UID 0 (root) and fail to start 4962 the container if it does. If unset or false, no 4963 such validation will be performed. May also be 4964 set in PodSecurityContext. If set in both SecurityContext 4965 and PodSecurityContext, the value specified in 4966 SecurityContext takes precedence. 4967 type: boolean 4968 runAsUser: 4969 description: The UID to run the entrypoint of the 4970 container process. Defaults to user specified 4971 in image metadata if unspecified. May also be 4972 set in PodSecurityContext. If set in both SecurityContext 4973 and PodSecurityContext, the value specified in 4974 SecurityContext takes precedence. Note that this 4975 field cannot be set when spec.os.name is windows. 4976 format: int64 4977 type: integer 4978 seLinuxOptions: 4979 description: The SELinux context to be applied to 4980 the container. If unspecified, the container runtime 4981 will allocate a random SELinux context for each 4982 container. May also be set in PodSecurityContext. If 4983 set in both SecurityContext and PodSecurityContext, 4984 the value specified in SecurityContext takes precedence. 4985 Note that this field cannot be set when spec.os.name 4986 is windows. 4987 properties: 4988 level: 4989 description: Level is SELinux level label that 4990 applies to the container. 4991 type: string 4992 role: 4993 description: Role is a SELinux role label that 4994 applies to the container. 4995 type: string 4996 type: 4997 description: Type is a SELinux type label that 4998 applies to the container. 4999 type: string 5000 user: 5001 description: User is a SELinux user label that 5002 applies to the container. 5003 type: string 5004 type: object 5005 seccompProfile: 5006 description: The seccomp options to use by this 5007 container. If seccomp options are provided at 5008 both the pod & container level, the container 5009 options override the pod options. Note that this 5010 field cannot be set when spec.os.name is windows. 5011 properties: 5012 localhostProfile: 5013 description: localhostProfile indicates a profile 5014 defined in a file on the node should be used. 5015 The profile must be preconfigured on the node 5016 to work. Must be a descending path, relative 5017 to the kubelet's configured seccomp profile 5018 location. Must be set if type is "Localhost". 5019 Must NOT be set for any other type. 5020 type: string 5021 type: 5022 description: "type indicates which kind of seccomp 5023 profile will be applied. Valid options are: 5024 \n Localhost - a profile defined in a file 5025 on the node should be used. RuntimeDefault 5026 - the container runtime default profile should 5027 be used. Unconfined - no profile should be 5028 applied." 5029 type: string 5030 required: 5031 - type 5032 type: object 5033 windowsOptions: 5034 description: The Windows specific settings applied 5035 to all containers. If unspecified, the options 5036 from the PodSecurityContext will be used. If set 5037 in both SecurityContext and PodSecurityContext, 5038 the value specified in SecurityContext takes precedence. 5039 Note that this field cannot be set when spec.os.name 5040 is linux. 5041 properties: 5042 gmsaCredentialSpec: 5043 description: GMSACredentialSpec is where the 5044 GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5045 inlines the contents of the GMSA credential 5046 spec named by the GMSACredentialSpecName field. 5047 type: string 5048 gmsaCredentialSpecName: 5049 description: GMSACredentialSpecName is the name 5050 of the GMSA credential spec to use. 5051 type: string 5052 hostProcess: 5053 description: HostProcess determines if a container 5054 should be run as a 'Host Process' container. 5055 All of a Pod's containers must have the same 5056 effective HostProcess value (it is not allowed 5057 to have a mix of HostProcess containers and 5058 non-HostProcess containers). In addition, 5059 if HostProcess is true then HostNetwork must 5060 also be set to true. 5061 type: boolean 5062 runAsUserName: 5063 description: The UserName in Windows to run 5064 the entrypoint of the container process. Defaults 5065 to the user specified in image metadata if 5066 unspecified. May also be set in PodSecurityContext. 5067 If set in both SecurityContext and PodSecurityContext, 5068 the value specified in SecurityContext takes 5069 precedence. 5070 type: string 5071 type: object 5072 type: object 5073 startupProbe: 5074 description: Probes are not allowed for ephemeral containers. 5075 properties: 5076 exec: 5077 description: Exec specifies the action to take. 5078 properties: 5079 command: 5080 description: Command is the command line to 5081 execute inside the container, the working 5082 directory for the command is root ('/') in 5083 the container's filesystem. The command is 5084 simply exec'd, it is not run inside a shell, 5085 so traditional shell instructions ('|', etc) 5086 won't work. To use a shell, you need to explicitly 5087 call out to that shell. Exit status of 0 is 5088 treated as live/healthy and non-zero is unhealthy. 5089 items: 5090 type: string 5091 type: array 5092 type: object 5093 failureThreshold: 5094 description: Minimum consecutive failures for the 5095 probe to be considered failed after having succeeded. 5096 Defaults to 3. Minimum value is 1. 5097 format: int32 5098 type: integer 5099 grpc: 5100 description: GRPC specifies an action involving 5101 a GRPC port. 5102 properties: 5103 port: 5104 description: Port number of the gRPC service. 5105 Number must be in the range 1 to 65535. 5106 format: int32 5107 type: integer 5108 service: 5109 description: "Service is the name of the service 5110 to place in the gRPC HealthCheckRequest (see 5111 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5112 \n If this is not specified, the default behavior 5113 is defined by gRPC." 5114 type: string 5115 required: 5116 - port 5117 type: object 5118 httpGet: 5119 description: HTTPGet specifies the http request 5120 to perform. 5121 properties: 5122 host: 5123 description: Host name to connect to, defaults 5124 to the pod IP. You probably want to set "Host" 5125 in httpHeaders instead. 5126 type: string 5127 httpHeaders: 5128 description: Custom headers to set in the request. 5129 HTTP allows repeated headers. 5130 items: 5131 description: HTTPHeader describes a custom 5132 header to be used in HTTP probes 5133 properties: 5134 name: 5135 description: The header field name. This 5136 will be canonicalized upon output, so 5137 case-variant names will be understood 5138 as the same header. 5139 type: string 5140 value: 5141 description: The header field value 5142 type: string 5143 required: 5144 - name 5145 - value 5146 type: object 5147 type: array 5148 path: 5149 description: Path to access on the HTTP server. 5150 type: string 5151 port: 5152 anyOf: 5153 - type: integer 5154 - type: string 5155 description: Name or number of the port to access 5156 on the container. Number must be in the range 5157 1 to 65535. Name must be an IANA_SVC_NAME. 5158 x-kubernetes-int-or-string: true 5159 scheme: 5160 description: Scheme to use for connecting to 5161 the host. Defaults to HTTP. 5162 type: string 5163 required: 5164 - port 5165 type: object 5166 initialDelaySeconds: 5167 description: 'Number of seconds after the container 5168 has started before liveness probes are initiated. 5169 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5170 format: int32 5171 type: integer 5172 periodSeconds: 5173 description: How often (in seconds) to perform the 5174 probe. Default to 10 seconds. Minimum value is 5175 1. 5176 format: int32 5177 type: integer 5178 successThreshold: 5179 description: Minimum consecutive successes for the 5180 probe to be considered successful after having 5181 failed. Defaults to 1. Must be 1 for liveness 5182 and startup. Minimum value is 1. 5183 format: int32 5184 type: integer 5185 tcpSocket: 5186 description: TCPSocket specifies an action involving 5187 a TCP port. 5188 properties: 5189 host: 5190 description: 'Optional: Host name to connect 5191 to, defaults to the pod IP.' 5192 type: string 5193 port: 5194 anyOf: 5195 - type: integer 5196 - type: string 5197 description: Number or name of the port to access 5198 on the container. Number must be in the range 5199 1 to 65535. Name must be an IANA_SVC_NAME. 5200 x-kubernetes-int-or-string: true 5201 required: 5202 - port 5203 type: object 5204 terminationGracePeriodSeconds: 5205 description: Optional duration in seconds the pod 5206 needs to terminate gracefully upon probe failure. 5207 The grace period is the duration in seconds after 5208 the processes running in the pod are sent a termination 5209 signal and the time when the processes are forcibly 5210 halted with a kill signal. Set this value longer 5211 than the expected cleanup time for your process. 5212 If this value is nil, the pod's terminationGracePeriodSeconds 5213 will be used. Otherwise, this value overrides 5214 the value provided by the pod spec. Value must 5215 be non-negative integer. The value zero indicates 5216 stop immediately via the kill signal (no opportunity 5217 to shut down). This is a beta field and requires 5218 enabling ProbeTerminationGracePeriod feature gate. 5219 Minimum value is 1. spec.terminationGracePeriodSeconds 5220 is used if unset. 5221 format: int64 5222 type: integer 5223 timeoutSeconds: 5224 description: 'Number of seconds after which the 5225 probe times out. Defaults to 1 second. Minimum 5226 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5227 format: int32 5228 type: integer 5229 type: object 5230 stdin: 5231 description: Whether this container should allocate 5232 a buffer for stdin in the container runtime. If this 5233 is not set, reads from stdin in the container will 5234 always result in EOF. Default is false. 5235 type: boolean 5236 stdinOnce: 5237 description: Whether the container runtime should close 5238 the stdin channel after it has been opened by a single 5239 attach. When stdin is true the stdin stream will remain 5240 open across multiple attach sessions. If stdinOnce 5241 is set to true, stdin is opened on container start, 5242 is empty until the first client attaches to stdin, 5243 and then remains open and accepts data until the client 5244 disconnects, at which time stdin is closed and remains 5245 closed until the container is restarted. If this flag 5246 is false, a container processes that reads from stdin 5247 will never receive an EOF. Default is false 5248 type: boolean 5249 targetContainerName: 5250 description: "If set, the name of the container from 5251 PodSpec that this ephemeral container targets. The 5252 ephemeral container will be run in the namespaces 5253 (IPC, PID, etc) of this container. If not set then 5254 the ephemeral container uses the namespaces configured 5255 in the Pod spec. \n The container runtime must implement 5256 support for this feature. If the runtime does not 5257 support namespace targeting then the result of setting 5258 this field is undefined." 5259 type: string 5260 terminationMessagePath: 5261 description: 'Optional: Path at which the file to which 5262 the container''s termination message will be written 5263 is mounted into the container''s filesystem. Message 5264 written is intended to be brief final status, such 5265 as an assertion failure message. Will be truncated 5266 by the node if greater than 4096 bytes. The total 5267 message length across all containers will be limited 5268 to 12kb. Defaults to /dev/termination-log. Cannot 5269 be updated.' 5270 type: string 5271 terminationMessagePolicy: 5272 description: Indicate how the termination message should 5273 be populated. File will use the contents of terminationMessagePath 5274 to populate the container status message on both success 5275 and failure. FallbackToLogsOnError will use the last 5276 chunk of container log output if the termination message 5277 file is empty and the container exited with an error. 5278 The log output is limited to 2048 bytes or 80 lines, 5279 whichever is smaller. Defaults to File. Cannot be 5280 updated. 5281 type: string 5282 tty: 5283 description: Whether this container should allocate 5284 a TTY for itself, also requires 'stdin' to be true. 5285 Default is false. 5286 type: boolean 5287 volumeDevices: 5288 description: volumeDevices is the list of block devices 5289 to be used by the container. 5290 items: 5291 description: volumeDevice describes a mapping of a 5292 raw block device within a container. 5293 properties: 5294 devicePath: 5295 description: devicePath is the path inside of 5296 the container that the device will be mapped 5297 to. 5298 type: string 5299 name: 5300 description: name must match the name of a persistentVolumeClaim 5301 in the pod 5302 type: string 5303 required: 5304 - devicePath 5305 - name 5306 type: object 5307 type: array 5308 volumeMounts: 5309 description: Pod volumes to mount into the container's 5310 filesystem. Subpath mounts are not allowed for ephemeral 5311 containers. Cannot be updated. 5312 items: 5313 description: VolumeMount describes a mounting of a 5314 Volume within a container. 5315 properties: 5316 mountPath: 5317 description: Path within the container at which 5318 the volume should be mounted. Must not contain 5319 ':'. 5320 type: string 5321 mountPropagation: 5322 description: mountPropagation determines how mounts 5323 are propagated from the host to container and 5324 the other way around. When not set, MountPropagationNone 5325 is used. This field is beta in 1.10. 5326 type: string 5327 name: 5328 description: This must match the Name of a Volume. 5329 type: string 5330 readOnly: 5331 description: Mounted read-only if true, read-write 5332 otherwise (false or unspecified). Defaults to 5333 false. 5334 type: boolean 5335 subPath: 5336 description: Path within the volume from which 5337 the container's volume should be mounted. Defaults 5338 to "" (volume's root). 5339 type: string 5340 subPathExpr: 5341 description: Expanded path within the volume from 5342 which the container's volume should be mounted. 5343 Behaves similarly to SubPath but environment 5344 variable references $(VAR_NAME) are expanded 5345 using the container's environment. Defaults 5346 to "" (volume's root). SubPathExpr and SubPath 5347 are mutually exclusive. 5348 type: string 5349 required: 5350 - mountPath 5351 - name 5352 type: object 5353 type: array 5354 workingDir: 5355 description: Container's working directory. If not specified, 5356 the container runtime's default will be used, which 5357 might be configured in the container image. Cannot 5358 be updated. 5359 type: string 5360 required: 5361 - name 5362 type: object 5363 type: array 5364 hostAliases: 5365 description: HostAliases is an optional list of hosts and 5366 IPs that will be injected into the pod's hosts file if specified. 5367 This is only valid for non-hostNetwork pods. 5368 items: 5369 description: HostAlias holds the mapping between IP and 5370 hostnames that will be injected as an entry in the pod's 5371 hosts file. 5372 properties: 5373 hostnames: 5374 description: Hostnames for the above IP address. 5375 items: 5376 type: string 5377 type: array 5378 ip: 5379 description: IP address of the host file entry. 5380 type: string 5381 type: object 5382 type: array 5383 hostIPC: 5384 description: 'Use the host''s ipc namespace. Optional: Default 5385 to false.' 5386 type: boolean 5387 hostNetwork: 5388 description: Host networking requested for this pod. Use the 5389 host's network namespace. If this option is set, the ports 5390 that will be used must be specified. Default to false. 5391 type: boolean 5392 hostPID: 5393 description: 'Use the host''s pid namespace. Optional: Default 5394 to false.' 5395 type: boolean 5396 hostUsers: 5397 description: 'Use the host''s user namespace. Optional: Default 5398 to true. If set to true or not present, the pod will be 5399 run in the host user namespace, useful for when the pod 5400 needs a feature only available to the host user namespace, 5401 such as loading a kernel module with CAP_SYS_MODULE. When 5402 set to false, a new userns is created for the pod. Setting 5403 false is useful for mitigating container breakout vulnerabilities 5404 even allowing users to run their containers as root without 5405 actually having root privileges on the host. This field 5406 is alpha-level and is only honored by servers that enable 5407 the UserNamespacesSupport feature.' 5408 type: boolean 5409 hostname: 5410 description: Specifies the hostname of the Pod If not specified, 5411 the pod's hostname will be set to a system-defined value. 5412 type: string 5413 imagePullSecrets: 5414 description: 'ImagePullSecrets is an optional list of references 5415 to secrets in the same namespace to use for pulling any 5416 of the images used by this PodSpec. If specified, these 5417 secrets will be passed to individual puller implementations 5418 for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 5419 items: 5420 description: LocalObjectReference contains enough information 5421 to let you locate the referenced object inside the same 5422 namespace. 5423 properties: 5424 name: 5425 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5426 TODO: Add other useful fields. apiVersion, kind, uid?' 5427 type: string 5428 type: object 5429 x-kubernetes-map-type: atomic 5430 type: array 5431 initContainers: 5432 description: 'List of initialization containers belonging 5433 to the pod. Init containers are executed in order prior 5434 to containers being started. If any init container fails, 5435 the pod is considered to have failed and is handled according 5436 to its restartPolicy. The name for an init container or 5437 normal container must be unique among all containers. Init 5438 containers may not have Lifecycle actions, Readiness probes, 5439 Liveness probes, or Startup probes. The resourceRequirements 5440 of an init container are taken into account during scheduling 5441 by finding the highest request/limit for each resource type, 5442 and then using the max of of that value or the sum of the 5443 normal containers. Limits are applied to init containers 5444 in a similar fashion. Init containers cannot currently be 5445 added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' 5446 items: 5447 description: A single application container that you want 5448 to run within a pod. 5449 properties: 5450 args: 5451 description: 'Arguments to the entrypoint. The container 5452 image''s CMD is used if this is not provided. Variable 5453 references $(VAR_NAME) are expanded using the container''s 5454 environment. If a variable cannot be resolved, the 5455 reference in the input string will be unchanged. Double 5456 $$ are reduced to a single $, which allows for escaping 5457 the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce 5458 the string literal "$(VAR_NAME)". Escaped references 5459 will never be expanded, regardless of whether the 5460 variable exists or not. Cannot be updated. More info: 5461 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 5462 items: 5463 type: string 5464 type: array 5465 command: 5466 description: 'Entrypoint array. Not executed within 5467 a shell. The container image''s ENTRYPOINT is used 5468 if this is not provided. Variable references $(VAR_NAME) 5469 are expanded using the container''s environment. If 5470 a variable cannot be resolved, the reference in the 5471 input string will be unchanged. Double $$ are reduced 5472 to a single $, which allows for escaping the $(VAR_NAME) 5473 syntax: i.e. "$$(VAR_NAME)" will produce the string 5474 literal "$(VAR_NAME)". Escaped references will never 5475 be expanded, regardless of whether the variable exists 5476 or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 5477 items: 5478 type: string 5479 type: array 5480 env: 5481 description: List of environment variables to set in 5482 the container. Cannot be updated. 5483 items: 5484 description: EnvVar represents an environment variable 5485 present in a Container. 5486 properties: 5487 name: 5488 description: Name of the environment variable. 5489 Must be a C_IDENTIFIER. 5490 type: string 5491 value: 5492 description: 'Variable references $(VAR_NAME) 5493 are expanded using the previously defined environment 5494 variables in the container and any service environment 5495 variables. If a variable cannot be resolved, 5496 the reference in the input string will be unchanged. 5497 Double $$ are reduced to a single $, which allows 5498 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 5499 will produce the string literal "$(VAR_NAME)". 5500 Escaped references will never be expanded, regardless 5501 of whether the variable exists or not. Defaults 5502 to "".' 5503 type: string 5504 valueFrom: 5505 description: Source for the environment variable's 5506 value. Cannot be used if value is not empty. 5507 properties: 5508 configMapKeyRef: 5509 description: Selects a key of a ConfigMap. 5510 properties: 5511 key: 5512 description: The key to select. 5513 type: string 5514 name: 5515 description: 'Name of the referent. More 5516 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5517 TODO: Add other useful fields. apiVersion, 5518 kind, uid?' 5519 type: string 5520 optional: 5521 description: Specify whether the ConfigMap 5522 or its key must be defined 5523 type: boolean 5524 required: 5525 - key 5526 type: object 5527 x-kubernetes-map-type: atomic 5528 fieldRef: 5529 description: 'Selects a field of the pod: 5530 supports metadata.name, metadata.namespace, 5531 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 5532 spec.nodeName, spec.serviceAccountName, 5533 status.hostIP, status.podIP, status.podIPs.' 5534 properties: 5535 apiVersion: 5536 description: Version of the schema the 5537 FieldPath is written in terms of, defaults 5538 to "v1". 5539 type: string 5540 fieldPath: 5541 description: Path of the field to select 5542 in the specified API version. 5543 type: string 5544 required: 5545 - fieldPath 5546 type: object 5547 x-kubernetes-map-type: atomic 5548 resourceFieldRef: 5549 description: 'Selects a resource of the container: 5550 only resources limits and requests (limits.cpu, 5551 limits.memory, limits.ephemeral-storage, 5552 requests.cpu, requests.memory and requests.ephemeral-storage) 5553 are currently supported.' 5554 properties: 5555 containerName: 5556 description: 'Container name: required 5557 for volumes, optional for env vars' 5558 type: string 5559 divisor: 5560 anyOf: 5561 - type: integer 5562 - type: string 5563 description: Specifies the output format 5564 of the exposed resources, defaults to 5565 "1" 5566 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5567 x-kubernetes-int-or-string: true 5568 resource: 5569 description: 'Required: resource to select' 5570 type: string 5571 required: 5572 - resource 5573 type: object 5574 x-kubernetes-map-type: atomic 5575 secretKeyRef: 5576 description: Selects a key of a secret in 5577 the pod's namespace 5578 properties: 5579 key: 5580 description: The key of the secret to 5581 select from. Must be a valid secret 5582 key. 5583 type: string 5584 name: 5585 description: 'Name of the referent. More 5586 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5587 TODO: Add other useful fields. apiVersion, 5588 kind, uid?' 5589 type: string 5590 optional: 5591 description: Specify whether the Secret 5592 or its key must be defined 5593 type: boolean 5594 required: 5595 - key 5596 type: object 5597 x-kubernetes-map-type: atomic 5598 type: object 5599 required: 5600 - name 5601 type: object 5602 type: array 5603 envFrom: 5604 description: List of sources to populate environment 5605 variables in the container. The keys defined within 5606 a source must be a C_IDENTIFIER. All invalid keys 5607 will be reported as an event when the container is 5608 starting. When a key exists in multiple sources, the 5609 value associated with the last source will take precedence. 5610 Values defined by an Env with a duplicate key will 5611 take precedence. Cannot be updated. 5612 items: 5613 description: EnvFromSource represents the source of 5614 a set of ConfigMaps 5615 properties: 5616 configMapRef: 5617 description: The ConfigMap to select from 5618 properties: 5619 name: 5620 description: 'Name of the referent. More info: 5621 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5622 TODO: Add other useful fields. apiVersion, 5623 kind, uid?' 5624 type: string 5625 optional: 5626 description: Specify whether the ConfigMap 5627 must be defined 5628 type: boolean 5629 type: object 5630 x-kubernetes-map-type: atomic 5631 prefix: 5632 description: An optional identifier to prepend 5633 to each key in the ConfigMap. Must be a C_IDENTIFIER. 5634 type: string 5635 secretRef: 5636 description: The Secret to select from 5637 properties: 5638 name: 5639 description: 'Name of the referent. More info: 5640 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5641 TODO: Add other useful fields. apiVersion, 5642 kind, uid?' 5643 type: string 5644 optional: 5645 description: Specify whether the Secret must 5646 be defined 5647 type: boolean 5648 type: object 5649 x-kubernetes-map-type: atomic 5650 type: object 5651 type: array 5652 image: 5653 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 5654 This field is optional to allow higher level config 5655 management to default or override container images 5656 in workload controllers like Deployments and StatefulSets.' 5657 type: string 5658 imagePullPolicy: 5659 description: 'Image pull policy. One of Always, Never, 5660 IfNotPresent. Defaults to Always if :latest tag is 5661 specified, or IfNotPresent otherwise. Cannot be updated. 5662 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 5663 type: string 5664 lifecycle: 5665 description: Actions that the management system should 5666 take in response to container lifecycle events. Cannot 5667 be updated. 5668 properties: 5669 postStart: 5670 description: 'PostStart is called immediately after 5671 a container is created. If the handler fails, 5672 the container is terminated and restarted according 5673 to its restart policy. Other management of the 5674 container blocks until the hook completes. More 5675 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 5676 properties: 5677 exec: 5678 description: Exec specifies the action to take. 5679 properties: 5680 command: 5681 description: Command is the command line 5682 to execute inside the container, the working 5683 directory for the command is root ('/') 5684 in the container's filesystem. The command 5685 is simply exec'd, it is not run inside 5686 a shell, so traditional shell instructions 5687 ('|', etc) won't work. To use a shell, 5688 you need to explicitly call out to that 5689 shell. Exit status of 0 is treated as 5690 live/healthy and non-zero is unhealthy. 5691 items: 5692 type: string 5693 type: array 5694 type: object 5695 httpGet: 5696 description: HTTPGet specifies the http request 5697 to perform. 5698 properties: 5699 host: 5700 description: Host name to connect to, defaults 5701 to the pod IP. You probably want to set 5702 "Host" in httpHeaders instead. 5703 type: string 5704 httpHeaders: 5705 description: Custom headers to set in the 5706 request. HTTP allows repeated headers. 5707 items: 5708 description: HTTPHeader describes a custom 5709 header to be used in HTTP probes 5710 properties: 5711 name: 5712 description: The header field name. 5713 This will be canonicalized upon 5714 output, so case-variant names will 5715 be understood as the same header. 5716 type: string 5717 value: 5718 description: The header field value 5719 type: string 5720 required: 5721 - name 5722 - value 5723 type: object 5724 type: array 5725 path: 5726 description: Path to access on the HTTP 5727 server. 5728 type: string 5729 port: 5730 anyOf: 5731 - type: integer 5732 - type: string 5733 description: Name or number of the port 5734 to access on the container. Number must 5735 be in the range 1 to 65535. Name must 5736 be an IANA_SVC_NAME. 5737 x-kubernetes-int-or-string: true 5738 scheme: 5739 description: Scheme to use for connecting 5740 to the host. Defaults to HTTP. 5741 type: string 5742 required: 5743 - port 5744 type: object 5745 tcpSocket: 5746 description: Deprecated. TCPSocket is NOT supported 5747 as a LifecycleHandler and kept for the backward 5748 compatibility. There are no validation of 5749 this field and lifecycle hooks will fail in 5750 runtime when tcp handler is specified. 5751 properties: 5752 host: 5753 description: 'Optional: Host name to connect 5754 to, defaults to the pod IP.' 5755 type: string 5756 port: 5757 anyOf: 5758 - type: integer 5759 - type: string 5760 description: Number or name of the port 5761 to access on the container. Number must 5762 be in the range 1 to 65535. Name must 5763 be an IANA_SVC_NAME. 5764 x-kubernetes-int-or-string: true 5765 required: 5766 - port 5767 type: object 5768 type: object 5769 preStop: 5770 description: 'PreStop is called immediately before 5771 a container is terminated due to an API request 5772 or management event such as liveness/startup probe 5773 failure, preemption, resource contention, etc. 5774 The handler is not called if the container crashes 5775 or exits. The Pod''s termination grace period 5776 countdown begins before the PreStop hook is executed. 5777 Regardless of the outcome of the handler, the 5778 container will eventually terminate within the 5779 Pod''s termination grace period (unless delayed 5780 by finalizers). Other management of the container 5781 blocks until the hook completes or until the termination 5782 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 5783 properties: 5784 exec: 5785 description: Exec specifies the action to take. 5786 properties: 5787 command: 5788 description: Command is the command line 5789 to execute inside the container, the working 5790 directory for the command is root ('/') 5791 in the container's filesystem. The command 5792 is simply exec'd, it is not run inside 5793 a shell, so traditional shell instructions 5794 ('|', etc) won't work. To use a shell, 5795 you need to explicitly call out to that 5796 shell. Exit status of 0 is treated as 5797 live/healthy and non-zero is unhealthy. 5798 items: 5799 type: string 5800 type: array 5801 type: object 5802 httpGet: 5803 description: HTTPGet specifies the http request 5804 to perform. 5805 properties: 5806 host: 5807 description: Host name to connect to, defaults 5808 to the pod IP. You probably want to set 5809 "Host" in httpHeaders instead. 5810 type: string 5811 httpHeaders: 5812 description: Custom headers to set in the 5813 request. HTTP allows repeated headers. 5814 items: 5815 description: HTTPHeader describes a custom 5816 header to be used in HTTP probes 5817 properties: 5818 name: 5819 description: The header field name. 5820 This will be canonicalized upon 5821 output, so case-variant names will 5822 be understood as the same header. 5823 type: string 5824 value: 5825 description: The header field value 5826 type: string 5827 required: 5828 - name 5829 - value 5830 type: object 5831 type: array 5832 path: 5833 description: Path to access on the HTTP 5834 server. 5835 type: string 5836 port: 5837 anyOf: 5838 - type: integer 5839 - type: string 5840 description: Name or number of the port 5841 to access on the container. Number must 5842 be in the range 1 to 65535. Name must 5843 be an IANA_SVC_NAME. 5844 x-kubernetes-int-or-string: true 5845 scheme: 5846 description: Scheme to use for connecting 5847 to the host. Defaults to HTTP. 5848 type: string 5849 required: 5850 - port 5851 type: object 5852 tcpSocket: 5853 description: Deprecated. TCPSocket is NOT supported 5854 as a LifecycleHandler and kept for the backward 5855 compatibility. There are no validation of 5856 this field and lifecycle hooks will fail in 5857 runtime when tcp handler is specified. 5858 properties: 5859 host: 5860 description: 'Optional: Host name to connect 5861 to, defaults to the pod IP.' 5862 type: string 5863 port: 5864 anyOf: 5865 - type: integer 5866 - type: string 5867 description: Number or name of the port 5868 to access on the container. Number must 5869 be in the range 1 to 65535. Name must 5870 be an IANA_SVC_NAME. 5871 x-kubernetes-int-or-string: true 5872 required: 5873 - port 5874 type: object 5875 type: object 5876 type: object 5877 livenessProbe: 5878 description: 'Periodic probe of container liveness. 5879 Container will be restarted if the probe fails. Cannot 5880 be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5881 properties: 5882 exec: 5883 description: Exec specifies the action to take. 5884 properties: 5885 command: 5886 description: Command is the command line to 5887 execute inside the container, the working 5888 directory for the command is root ('/') in 5889 the container's filesystem. The command is 5890 simply exec'd, it is not run inside a shell, 5891 so traditional shell instructions ('|', etc) 5892 won't work. To use a shell, you need to explicitly 5893 call out to that shell. Exit status of 0 is 5894 treated as live/healthy and non-zero is unhealthy. 5895 items: 5896 type: string 5897 type: array 5898 type: object 5899 failureThreshold: 5900 description: Minimum consecutive failures for the 5901 probe to be considered failed after having succeeded. 5902 Defaults to 3. Minimum value is 1. 5903 format: int32 5904 type: integer 5905 grpc: 5906 description: GRPC specifies an action involving 5907 a GRPC port. 5908 properties: 5909 port: 5910 description: Port number of the gRPC service. 5911 Number must be in the range 1 to 65535. 5912 format: int32 5913 type: integer 5914 service: 5915 description: "Service is the name of the service 5916 to place in the gRPC HealthCheckRequest (see 5917 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5918 \n If this is not specified, the default behavior 5919 is defined by gRPC." 5920 type: string 5921 required: 5922 - port 5923 type: object 5924 httpGet: 5925 description: HTTPGet specifies the http request 5926 to perform. 5927 properties: 5928 host: 5929 description: Host name to connect to, defaults 5930 to the pod IP. You probably want to set "Host" 5931 in httpHeaders instead. 5932 type: string 5933 httpHeaders: 5934 description: Custom headers to set in the request. 5935 HTTP allows repeated headers. 5936 items: 5937 description: HTTPHeader describes a custom 5938 header to be used in HTTP probes 5939 properties: 5940 name: 5941 description: The header field name. This 5942 will be canonicalized upon output, so 5943 case-variant names will be understood 5944 as the same header. 5945 type: string 5946 value: 5947 description: The header field value 5948 type: string 5949 required: 5950 - name 5951 - value 5952 type: object 5953 type: array 5954 path: 5955 description: Path to access on the HTTP server. 5956 type: string 5957 port: 5958 anyOf: 5959 - type: integer 5960 - type: string 5961 description: Name or number of the port to access 5962 on the container. Number must be in the range 5963 1 to 65535. Name must be an IANA_SVC_NAME. 5964 x-kubernetes-int-or-string: true 5965 scheme: 5966 description: Scheme to use for connecting to 5967 the host. Defaults to HTTP. 5968 type: string 5969 required: 5970 - port 5971 type: object 5972 initialDelaySeconds: 5973 description: 'Number of seconds after the container 5974 has started before liveness probes are initiated. 5975 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5976 format: int32 5977 type: integer 5978 periodSeconds: 5979 description: How often (in seconds) to perform the 5980 probe. Default to 10 seconds. Minimum value is 5981 1. 5982 format: int32 5983 type: integer 5984 successThreshold: 5985 description: Minimum consecutive successes for the 5986 probe to be considered successful after having 5987 failed. Defaults to 1. Must be 1 for liveness 5988 and startup. Minimum value is 1. 5989 format: int32 5990 type: integer 5991 tcpSocket: 5992 description: TCPSocket specifies an action involving 5993 a TCP port. 5994 properties: 5995 host: 5996 description: 'Optional: Host name to connect 5997 to, defaults to the pod IP.' 5998 type: string 5999 port: 6000 anyOf: 6001 - type: integer 6002 - type: string 6003 description: Number or name of the port to access 6004 on the container. Number must be in the range 6005 1 to 65535. Name must be an IANA_SVC_NAME. 6006 x-kubernetes-int-or-string: true 6007 required: 6008 - port 6009 type: object 6010 terminationGracePeriodSeconds: 6011 description: Optional duration in seconds the pod 6012 needs to terminate gracefully upon probe failure. 6013 The grace period is the duration in seconds after 6014 the processes running in the pod are sent a termination 6015 signal and the time when the processes are forcibly 6016 halted with a kill signal. Set this value longer 6017 than the expected cleanup time for your process. 6018 If this value is nil, the pod's terminationGracePeriodSeconds 6019 will be used. Otherwise, this value overrides 6020 the value provided by the pod spec. Value must 6021 be non-negative integer. The value zero indicates 6022 stop immediately via the kill signal (no opportunity 6023 to shut down). This is a beta field and requires 6024 enabling ProbeTerminationGracePeriod feature gate. 6025 Minimum value is 1. spec.terminationGracePeriodSeconds 6026 is used if unset. 6027 format: int64 6028 type: integer 6029 timeoutSeconds: 6030 description: 'Number of seconds after which the 6031 probe times out. Defaults to 1 second. Minimum 6032 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6033 format: int32 6034 type: integer 6035 type: object 6036 name: 6037 description: Name of the container specified as a DNS_LABEL. 6038 Each container in a pod must have a unique name (DNS_LABEL). 6039 Cannot be updated. 6040 type: string 6041 ports: 6042 description: List of ports to expose from the container. 6043 Not specifying a port here DOES NOT prevent that port 6044 from being exposed. Any port which is listening on 6045 the default "0.0.0.0" address inside a container will 6046 be accessible from the network. Modifying this array 6047 with strategic merge patch may corrupt the data. For 6048 more information See https://github.com/kubernetes/kubernetes/issues/108255. 6049 Cannot be updated. 6050 items: 6051 description: ContainerPort represents a network port 6052 in a single container. 6053 properties: 6054 containerPort: 6055 description: Number of port to expose on the pod's 6056 IP address. This must be a valid port number, 6057 0 < x < 65536. 6058 format: int32 6059 type: integer 6060 hostIP: 6061 description: What host IP to bind the external 6062 port to. 6063 type: string 6064 hostPort: 6065 description: Number of port to expose on the host. 6066 If specified, this must be a valid port number, 6067 0 < x < 65536. If HostNetwork is specified, 6068 this must match ContainerPort. Most containers 6069 do not need this. 6070 format: int32 6071 type: integer 6072 name: 6073 description: If specified, this must be an IANA_SVC_NAME 6074 and unique within the pod. Each named port in 6075 a pod must have a unique name. Name for the 6076 port that can be referred to by services. 6077 type: string 6078 protocol: 6079 default: TCP 6080 description: Protocol for port. Must be UDP, TCP, 6081 or SCTP. Defaults to "TCP". 6082 type: string 6083 required: 6084 - containerPort 6085 type: object 6086 type: array 6087 x-kubernetes-list-map-keys: 6088 - containerPort 6089 - protocol 6090 x-kubernetes-list-type: map 6091 readinessProbe: 6092 description: 'Periodic probe of container service readiness. 6093 Container will be removed from service endpoints if 6094 the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6095 properties: 6096 exec: 6097 description: Exec specifies the action to take. 6098 properties: 6099 command: 6100 description: Command is the command line to 6101 execute inside the container, the working 6102 directory for the command is root ('/') in 6103 the container's filesystem. The command is 6104 simply exec'd, it is not run inside a shell, 6105 so traditional shell instructions ('|', etc) 6106 won't work. To use a shell, you need to explicitly 6107 call out to that shell. Exit status of 0 is 6108 treated as live/healthy and non-zero is unhealthy. 6109 items: 6110 type: string 6111 type: array 6112 type: object 6113 failureThreshold: 6114 description: Minimum consecutive failures for the 6115 probe to be considered failed after having succeeded. 6116 Defaults to 3. Minimum value is 1. 6117 format: int32 6118 type: integer 6119 grpc: 6120 description: GRPC specifies an action involving 6121 a GRPC port. 6122 properties: 6123 port: 6124 description: Port number of the gRPC service. 6125 Number must be in the range 1 to 65535. 6126 format: int32 6127 type: integer 6128 service: 6129 description: "Service is the name of the service 6130 to place in the gRPC HealthCheckRequest (see 6131 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 6132 \n If this is not specified, the default behavior 6133 is defined by gRPC." 6134 type: string 6135 required: 6136 - port 6137 type: object 6138 httpGet: 6139 description: HTTPGet specifies the http request 6140 to perform. 6141 properties: 6142 host: 6143 description: Host name to connect to, defaults 6144 to the pod IP. You probably want to set "Host" 6145 in httpHeaders instead. 6146 type: string 6147 httpHeaders: 6148 description: Custom headers to set in the request. 6149 HTTP allows repeated headers. 6150 items: 6151 description: HTTPHeader describes a custom 6152 header to be used in HTTP probes 6153 properties: 6154 name: 6155 description: The header field name. This 6156 will be canonicalized upon output, so 6157 case-variant names will be understood 6158 as the same header. 6159 type: string 6160 value: 6161 description: The header field value 6162 type: string 6163 required: 6164 - name 6165 - value 6166 type: object 6167 type: array 6168 path: 6169 description: Path to access on the HTTP server. 6170 type: string 6171 port: 6172 anyOf: 6173 - type: integer 6174 - type: string 6175 description: Name or number of the port to access 6176 on the container. Number must be in the range 6177 1 to 65535. Name must be an IANA_SVC_NAME. 6178 x-kubernetes-int-or-string: true 6179 scheme: 6180 description: Scheme to use for connecting to 6181 the host. Defaults to HTTP. 6182 type: string 6183 required: 6184 - port 6185 type: object 6186 initialDelaySeconds: 6187 description: 'Number of seconds after the container 6188 has started before liveness probes are initiated. 6189 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6190 format: int32 6191 type: integer 6192 periodSeconds: 6193 description: How often (in seconds) to perform the 6194 probe. Default to 10 seconds. Minimum value is 6195 1. 6196 format: int32 6197 type: integer 6198 successThreshold: 6199 description: Minimum consecutive successes for the 6200 probe to be considered successful after having 6201 failed. Defaults to 1. Must be 1 for liveness 6202 and startup. Minimum value is 1. 6203 format: int32 6204 type: integer 6205 tcpSocket: 6206 description: TCPSocket specifies an action involving 6207 a TCP port. 6208 properties: 6209 host: 6210 description: 'Optional: Host name to connect 6211 to, defaults to the pod IP.' 6212 type: string 6213 port: 6214 anyOf: 6215 - type: integer 6216 - type: string 6217 description: Number or name of the port to access 6218 on the container. Number must be in the range 6219 1 to 65535. Name must be an IANA_SVC_NAME. 6220 x-kubernetes-int-or-string: true 6221 required: 6222 - port 6223 type: object 6224 terminationGracePeriodSeconds: 6225 description: Optional duration in seconds the pod 6226 needs to terminate gracefully upon probe failure. 6227 The grace period is the duration in seconds after 6228 the processes running in the pod are sent a termination 6229 signal and the time when the processes are forcibly 6230 halted with a kill signal. Set this value longer 6231 than the expected cleanup time for your process. 6232 If this value is nil, the pod's terminationGracePeriodSeconds 6233 will be used. Otherwise, this value overrides 6234 the value provided by the pod spec. Value must 6235 be non-negative integer. The value zero indicates 6236 stop immediately via the kill signal (no opportunity 6237 to shut down). This is a beta field and requires 6238 enabling ProbeTerminationGracePeriod feature gate. 6239 Minimum value is 1. spec.terminationGracePeriodSeconds 6240 is used if unset. 6241 format: int64 6242 type: integer 6243 timeoutSeconds: 6244 description: 'Number of seconds after which the 6245 probe times out. Defaults to 1 second. Minimum 6246 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6247 format: int32 6248 type: integer 6249 type: object 6250 resizePolicy: 6251 description: Resources resize policy for the container. 6252 items: 6253 description: ContainerResizePolicy represents resource 6254 resize policy for the container. 6255 properties: 6256 resourceName: 6257 description: 'Name of the resource to which this 6258 resource resize policy applies. Supported values: 6259 cpu, memory.' 6260 type: string 6261 restartPolicy: 6262 description: Restart policy to apply when specified 6263 resource is resized. If not specified, it defaults 6264 to NotRequired. 6265 type: string 6266 required: 6267 - resourceName 6268 - restartPolicy 6269 type: object 6270 type: array 6271 x-kubernetes-list-type: atomic 6272 resources: 6273 description: 'Compute Resources required by this container. 6274 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6275 properties: 6276 claims: 6277 description: "Claims lists the names of resources, 6278 defined in spec.resourceClaims, that are used 6279 by this container. \n This is an alpha field and 6280 requires enabling the DynamicResourceAllocation 6281 feature gate. \n This field is immutable. It can 6282 only be set for containers." 6283 items: 6284 description: ResourceClaim references one entry 6285 in PodSpec.ResourceClaims. 6286 properties: 6287 name: 6288 description: Name must match the name of one 6289 entry in pod.spec.resourceClaims of the 6290 Pod where this field is used. It makes that 6291 resource available inside a container. 6292 type: string 6293 required: 6294 - name 6295 type: object 6296 type: array 6297 x-kubernetes-list-map-keys: 6298 - name 6299 x-kubernetes-list-type: map 6300 limits: 6301 additionalProperties: 6302 anyOf: 6303 - type: integer 6304 - type: string 6305 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6306 x-kubernetes-int-or-string: true 6307 description: 'Limits describes the maximum amount 6308 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6309 type: object 6310 requests: 6311 additionalProperties: 6312 anyOf: 6313 - type: integer 6314 - type: string 6315 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6316 x-kubernetes-int-or-string: true 6317 description: 'Requests describes the minimum amount 6318 of compute resources required. If Requests is 6319 omitted for a container, it defaults to Limits 6320 if that is explicitly specified, otherwise to 6321 an implementation-defined value. Requests cannot 6322 exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6323 type: object 6324 type: object 6325 restartPolicy: 6326 description: 'RestartPolicy defines the restart behavior 6327 of individual containers in a pod. This field may 6328 only be set for init containers, and the only allowed 6329 value is "Always". For non-init containers or when 6330 this field is not specified, the restart behavior 6331 is defined by the Pod''s restart policy and the container 6332 type. Setting the RestartPolicy as "Always" for the 6333 init container will have the following effect: this 6334 init container will be continually restarted on exit 6335 until all regular containers have terminated. Once 6336 all regular containers have completed, all init containers 6337 with restartPolicy "Always" will be shut down. This 6338 lifecycle differs from normal init containers and 6339 is often referred to as a "sidecar" container. Although 6340 this init container still starts in the init container 6341 sequence, it does not wait for the container to complete 6342 before proceeding to the next init container. Instead, 6343 the next init container starts immediately after this 6344 init container is started, or after any startupProbe 6345 has successfully completed.' 6346 type: string 6347 securityContext: 6348 description: 'SecurityContext defines the security options 6349 the container should be run with. If set, the fields 6350 of SecurityContext override the equivalent fields 6351 of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 6352 properties: 6353 allowPrivilegeEscalation: 6354 description: 'AllowPrivilegeEscalation controls 6355 whether a process can gain more privileges than 6356 its parent process. This bool directly controls 6357 if the no_new_privs flag will be set on the container 6358 process. AllowPrivilegeEscalation is true always 6359 when the container is: 1) run as Privileged 2) 6360 has CAP_SYS_ADMIN Note that this field cannot 6361 be set when spec.os.name is windows.' 6362 type: boolean 6363 capabilities: 6364 description: The capabilities to add/drop when running 6365 containers. Defaults to the default set of capabilities 6366 granted by the container runtime. Note that this 6367 field cannot be set when spec.os.name is windows. 6368 properties: 6369 add: 6370 description: Added capabilities 6371 items: 6372 description: Capability represent POSIX capabilities 6373 type 6374 type: string 6375 type: array 6376 drop: 6377 description: Removed capabilities 6378 items: 6379 description: Capability represent POSIX capabilities 6380 type 6381 type: string 6382 type: array 6383 type: object 6384 privileged: 6385 description: Run container in privileged mode. Processes 6386 in privileged containers are essentially equivalent 6387 to root on the host. Defaults to false. Note that 6388 this field cannot be set when spec.os.name is 6389 windows. 6390 type: boolean 6391 procMount: 6392 description: procMount denotes the type of proc 6393 mount to use for the containers. The default is 6394 DefaultProcMount which uses the container runtime 6395 defaults for readonly paths and masked paths. 6396 This requires the ProcMountType feature flag to 6397 be enabled. Note that this field cannot be set 6398 when spec.os.name is windows. 6399 type: string 6400 readOnlyRootFilesystem: 6401 description: Whether this container has a read-only 6402 root filesystem. Default is false. Note that this 6403 field cannot be set when spec.os.name is windows. 6404 type: boolean 6405 runAsGroup: 6406 description: The GID to run the entrypoint of the 6407 container process. Uses runtime default if unset. 6408 May also be set in PodSecurityContext. If set 6409 in both SecurityContext and PodSecurityContext, 6410 the value specified in SecurityContext takes precedence. 6411 Note that this field cannot be set when spec.os.name 6412 is windows. 6413 format: int64 6414 type: integer 6415 runAsNonRoot: 6416 description: Indicates that the container must run 6417 as a non-root user. If true, the Kubelet will 6418 validate the image at runtime to ensure that it 6419 does not run as UID 0 (root) and fail to start 6420 the container if it does. If unset or false, no 6421 such validation will be performed. May also be 6422 set in PodSecurityContext. If set in both SecurityContext 6423 and PodSecurityContext, the value specified in 6424 SecurityContext takes precedence. 6425 type: boolean 6426 runAsUser: 6427 description: The UID to run the entrypoint of the 6428 container process. Defaults to user specified 6429 in image metadata if unspecified. May also be 6430 set in PodSecurityContext. If set in both SecurityContext 6431 and PodSecurityContext, the value specified in 6432 SecurityContext takes precedence. Note that this 6433 field cannot be set when spec.os.name is windows. 6434 format: int64 6435 type: integer 6436 seLinuxOptions: 6437 description: The SELinux context to be applied to 6438 the container. If unspecified, the container runtime 6439 will allocate a random SELinux context for each 6440 container. May also be set in PodSecurityContext. If 6441 set in both SecurityContext and PodSecurityContext, 6442 the value specified in SecurityContext takes precedence. 6443 Note that this field cannot be set when spec.os.name 6444 is windows. 6445 properties: 6446 level: 6447 description: Level is SELinux level label that 6448 applies to the container. 6449 type: string 6450 role: 6451 description: Role is a SELinux role label that 6452 applies to the container. 6453 type: string 6454 type: 6455 description: Type is a SELinux type label that 6456 applies to the container. 6457 type: string 6458 user: 6459 description: User is a SELinux user label that 6460 applies to the container. 6461 type: string 6462 type: object 6463 seccompProfile: 6464 description: The seccomp options to use by this 6465 container. If seccomp options are provided at 6466 both the pod & container level, the container 6467 options override the pod options. Note that this 6468 field cannot be set when spec.os.name is windows. 6469 properties: 6470 localhostProfile: 6471 description: localhostProfile indicates a profile 6472 defined in a file on the node should be used. 6473 The profile must be preconfigured on the node 6474 to work. Must be a descending path, relative 6475 to the kubelet's configured seccomp profile 6476 location. Must be set if type is "Localhost". 6477 Must NOT be set for any other type. 6478 type: string 6479 type: 6480 description: "type indicates which kind of seccomp 6481 profile will be applied. Valid options are: 6482 \n Localhost - a profile defined in a file 6483 on the node should be used. RuntimeDefault 6484 - the container runtime default profile should 6485 be used. Unconfined - no profile should be 6486 applied." 6487 type: string 6488 required: 6489 - type 6490 type: object 6491 windowsOptions: 6492 description: The Windows specific settings applied 6493 to all containers. If unspecified, the options 6494 from the PodSecurityContext will be used. If set 6495 in both SecurityContext and PodSecurityContext, 6496 the value specified in SecurityContext takes precedence. 6497 Note that this field cannot be set when spec.os.name 6498 is linux. 6499 properties: 6500 gmsaCredentialSpec: 6501 description: GMSACredentialSpec is where the 6502 GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 6503 inlines the contents of the GMSA credential 6504 spec named by the GMSACredentialSpecName field. 6505 type: string 6506 gmsaCredentialSpecName: 6507 description: GMSACredentialSpecName is the name 6508 of the GMSA credential spec to use. 6509 type: string 6510 hostProcess: 6511 description: HostProcess determines if a container 6512 should be run as a 'Host Process' container. 6513 All of a Pod's containers must have the same 6514 effective HostProcess value (it is not allowed 6515 to have a mix of HostProcess containers and 6516 non-HostProcess containers). In addition, 6517 if HostProcess is true then HostNetwork must 6518 also be set to true. 6519 type: boolean 6520 runAsUserName: 6521 description: The UserName in Windows to run 6522 the entrypoint of the container process. Defaults 6523 to the user specified in image metadata if 6524 unspecified. May also be set in PodSecurityContext. 6525 If set in both SecurityContext and PodSecurityContext, 6526 the value specified in SecurityContext takes 6527 precedence. 6528 type: string 6529 type: object 6530 type: object 6531 startupProbe: 6532 description: 'StartupProbe indicates that the Pod has 6533 successfully initialized. If specified, no other probes 6534 are executed until this completes successfully. If 6535 this probe fails, the Pod will be restarted, just 6536 as if the livenessProbe failed. This can be used to 6537 provide different probe parameters at the beginning 6538 of a Pod''s lifecycle, when it might take a long time 6539 to load data or warm a cache, than during steady-state 6540 operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6541 properties: 6542 exec: 6543 description: Exec specifies the action to take. 6544 properties: 6545 command: 6546 description: Command is the command line to 6547 execute inside the container, the working 6548 directory for the command is root ('/') in 6549 the container's filesystem. The command is 6550 simply exec'd, it is not run inside a shell, 6551 so traditional shell instructions ('|', etc) 6552 won't work. To use a shell, you need to explicitly 6553 call out to that shell. Exit status of 0 is 6554 treated as live/healthy and non-zero is unhealthy. 6555 items: 6556 type: string 6557 type: array 6558 type: object 6559 failureThreshold: 6560 description: Minimum consecutive failures for the 6561 probe to be considered failed after having succeeded. 6562 Defaults to 3. Minimum value is 1. 6563 format: int32 6564 type: integer 6565 grpc: 6566 description: GRPC specifies an action involving 6567 a GRPC port. 6568 properties: 6569 port: 6570 description: Port number of the gRPC service. 6571 Number must be in the range 1 to 65535. 6572 format: int32 6573 type: integer 6574 service: 6575 description: "Service is the name of the service 6576 to place in the gRPC HealthCheckRequest (see 6577 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 6578 \n If this is not specified, the default behavior 6579 is defined by gRPC." 6580 type: string 6581 required: 6582 - port 6583 type: object 6584 httpGet: 6585 description: HTTPGet specifies the http request 6586 to perform. 6587 properties: 6588 host: 6589 description: Host name to connect to, defaults 6590 to the pod IP. You probably want to set "Host" 6591 in httpHeaders instead. 6592 type: string 6593 httpHeaders: 6594 description: Custom headers to set in the request. 6595 HTTP allows repeated headers. 6596 items: 6597 description: HTTPHeader describes a custom 6598 header to be used in HTTP probes 6599 properties: 6600 name: 6601 description: The header field name. This 6602 will be canonicalized upon output, so 6603 case-variant names will be understood 6604 as the same header. 6605 type: string 6606 value: 6607 description: The header field value 6608 type: string 6609 required: 6610 - name 6611 - value 6612 type: object 6613 type: array 6614 path: 6615 description: Path to access on the HTTP server. 6616 type: string 6617 port: 6618 anyOf: 6619 - type: integer 6620 - type: string 6621 description: Name or number of the port to access 6622 on the container. Number must be in the range 6623 1 to 65535. Name must be an IANA_SVC_NAME. 6624 x-kubernetes-int-or-string: true 6625 scheme: 6626 description: Scheme to use for connecting to 6627 the host. Defaults to HTTP. 6628 type: string 6629 required: 6630 - port 6631 type: object 6632 initialDelaySeconds: 6633 description: 'Number of seconds after the container 6634 has started before liveness probes are initiated. 6635 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6636 format: int32 6637 type: integer 6638 periodSeconds: 6639 description: How often (in seconds) to perform the 6640 probe. Default to 10 seconds. Minimum value is 6641 1. 6642 format: int32 6643 type: integer 6644 successThreshold: 6645 description: Minimum consecutive successes for the 6646 probe to be considered successful after having 6647 failed. Defaults to 1. Must be 1 for liveness 6648 and startup. Minimum value is 1. 6649 format: int32 6650 type: integer 6651 tcpSocket: 6652 description: TCPSocket specifies an action involving 6653 a TCP port. 6654 properties: 6655 host: 6656 description: 'Optional: Host name to connect 6657 to, defaults to the pod IP.' 6658 type: string 6659 port: 6660 anyOf: 6661 - type: integer 6662 - type: string 6663 description: Number or name of the port to access 6664 on the container. Number must be in the range 6665 1 to 65535. Name must be an IANA_SVC_NAME. 6666 x-kubernetes-int-or-string: true 6667 required: 6668 - port 6669 type: object 6670 terminationGracePeriodSeconds: 6671 description: Optional duration in seconds the pod 6672 needs to terminate gracefully upon probe failure. 6673 The grace period is the duration in seconds after 6674 the processes running in the pod are sent a termination 6675 signal and the time when the processes are forcibly 6676 halted with a kill signal. Set this value longer 6677 than the expected cleanup time for your process. 6678 If this value is nil, the pod's terminationGracePeriodSeconds 6679 will be used. Otherwise, this value overrides 6680 the value provided by the pod spec. Value must 6681 be non-negative integer. The value zero indicates 6682 stop immediately via the kill signal (no opportunity 6683 to shut down). This is a beta field and requires 6684 enabling ProbeTerminationGracePeriod feature gate. 6685 Minimum value is 1. spec.terminationGracePeriodSeconds 6686 is used if unset. 6687 format: int64 6688 type: integer 6689 timeoutSeconds: 6690 description: 'Number of seconds after which the 6691 probe times out. Defaults to 1 second. Minimum 6692 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6693 format: int32 6694 type: integer 6695 type: object 6696 stdin: 6697 description: Whether this container should allocate 6698 a buffer for stdin in the container runtime. If this 6699 is not set, reads from stdin in the container will 6700 always result in EOF. Default is false. 6701 type: boolean 6702 stdinOnce: 6703 description: Whether the container runtime should close 6704 the stdin channel after it has been opened by a single 6705 attach. When stdin is true the stdin stream will remain 6706 open across multiple attach sessions. If stdinOnce 6707 is set to true, stdin is opened on container start, 6708 is empty until the first client attaches to stdin, 6709 and then remains open and accepts data until the client 6710 disconnects, at which time stdin is closed and remains 6711 closed until the container is restarted. If this flag 6712 is false, a container processes that reads from stdin 6713 will never receive an EOF. Default is false 6714 type: boolean 6715 terminationMessagePath: 6716 description: 'Optional: Path at which the file to which 6717 the container''s termination message will be written 6718 is mounted into the container''s filesystem. Message 6719 written is intended to be brief final status, such 6720 as an assertion failure message. Will be truncated 6721 by the node if greater than 4096 bytes. The total 6722 message length across all containers will be limited 6723 to 12kb. Defaults to /dev/termination-log. Cannot 6724 be updated.' 6725 type: string 6726 terminationMessagePolicy: 6727 description: Indicate how the termination message should 6728 be populated. File will use the contents of terminationMessagePath 6729 to populate the container status message on both success 6730 and failure. FallbackToLogsOnError will use the last 6731 chunk of container log output if the termination message 6732 file is empty and the container exited with an error. 6733 The log output is limited to 2048 bytes or 80 lines, 6734 whichever is smaller. Defaults to File. Cannot be 6735 updated. 6736 type: string 6737 tty: 6738 description: Whether this container should allocate 6739 a TTY for itself, also requires 'stdin' to be true. 6740 Default is false. 6741 type: boolean 6742 volumeDevices: 6743 description: volumeDevices is the list of block devices 6744 to be used by the container. 6745 items: 6746 description: volumeDevice describes a mapping of a 6747 raw block device within a container. 6748 properties: 6749 devicePath: 6750 description: devicePath is the path inside of 6751 the container that the device will be mapped 6752 to. 6753 type: string 6754 name: 6755 description: name must match the name of a persistentVolumeClaim 6756 in the pod 6757 type: string 6758 required: 6759 - devicePath 6760 - name 6761 type: object 6762 type: array 6763 volumeMounts: 6764 description: Pod volumes to mount into the container's 6765 filesystem. Cannot be updated. 6766 items: 6767 description: VolumeMount describes a mounting of a 6768 Volume within a container. 6769 properties: 6770 mountPath: 6771 description: Path within the container at which 6772 the volume should be mounted. Must not contain 6773 ':'. 6774 type: string 6775 mountPropagation: 6776 description: mountPropagation determines how mounts 6777 are propagated from the host to container and 6778 the other way around. When not set, MountPropagationNone 6779 is used. This field is beta in 1.10. 6780 type: string 6781 name: 6782 description: This must match the Name of a Volume. 6783 type: string 6784 readOnly: 6785 description: Mounted read-only if true, read-write 6786 otherwise (false or unspecified). Defaults to 6787 false. 6788 type: boolean 6789 subPath: 6790 description: Path within the volume from which 6791 the container's volume should be mounted. Defaults 6792 to "" (volume's root). 6793 type: string 6794 subPathExpr: 6795 description: Expanded path within the volume from 6796 which the container's volume should be mounted. 6797 Behaves similarly to SubPath but environment 6798 variable references $(VAR_NAME) are expanded 6799 using the container's environment. Defaults 6800 to "" (volume's root). SubPathExpr and SubPath 6801 are mutually exclusive. 6802 type: string 6803 required: 6804 - mountPath 6805 - name 6806 type: object 6807 type: array 6808 workingDir: 6809 description: Container's working directory. If not specified, 6810 the container runtime's default will be used, which 6811 might be configured in the container image. Cannot 6812 be updated. 6813 type: string 6814 required: 6815 - name 6816 type: object 6817 type: array 6818 nodeName: 6819 description: NodeName is a request to schedule this pod onto 6820 a specific node. If it is non-empty, the scheduler simply 6821 schedules this pod onto that node, assuming that it fits 6822 resource requirements. 6823 type: string 6824 nodeSelector: 6825 additionalProperties: 6826 type: string 6827 description: 'NodeSelector is a selector which must be true 6828 for the pod to fit on a node. Selector which must match 6829 a node''s labels for the pod to be scheduled on that node. 6830 More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 6831 type: object 6832 x-kubernetes-map-type: atomic 6833 os: 6834 description: "Specifies the OS of the containers in the pod. 6835 Some pod and container fields are restricted if this is 6836 set. \n If the OS field is set to linux, the following fields 6837 must be unset: -securityContext.windowsOptions \n If the 6838 OS field is set to windows, following fields must be unset: 6839 - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions 6840 - spec.securityContext.seccompProfile - spec.securityContext.fsGroup 6841 - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls 6842 - spec.shareProcessNamespace - spec.securityContext.runAsUser 6843 - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups 6844 - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile 6845 - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem 6846 - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation 6847 - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser 6848 - spec.containers[*].securityContext.runAsGroup" 6849 properties: 6850 name: 6851 description: 'Name is the name of the operating system. 6852 The currently supported values are linux and windows. 6853 Additional value may be defined in future and can be 6854 one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration 6855 Clients should expect to handle additional values and 6856 treat unrecognized values in this field as os: null' 6857 type: string 6858 required: 6859 - name 6860 type: object 6861 overhead: 6862 additionalProperties: 6863 anyOf: 6864 - type: integer 6865 - type: string 6866 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6867 x-kubernetes-int-or-string: true 6868 description: 'Overhead represents the resource overhead associated 6869 with running a pod for a given RuntimeClass. This field 6870 will be autopopulated at admission time by the RuntimeClass 6871 admission controller. If the RuntimeClass admission controller 6872 is enabled, overhead must not be set in Pod create requests. 6873 The RuntimeClass admission controller will reject Pod create 6874 requests which have the overhead already set. If RuntimeClass 6875 is configured and selected in the PodSpec, Overhead will 6876 be set to the value defined in the corresponding RuntimeClass, 6877 otherwise it will remain unset and treated as zero. More 6878 info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' 6879 type: object 6880 preemptionPolicy: 6881 description: PreemptionPolicy is the Policy for preempting 6882 pods with lower priority. One of Never, PreemptLowerPriority. 6883 Defaults to PreemptLowerPriority if unset. 6884 type: string 6885 priority: 6886 description: The priority value. Various system components 6887 use this field to find the priority of the pod. When Priority 6888 Admission Controller is enabled, it prevents users from 6889 setting this field. The admission controller populates this 6890 field from PriorityClassName. The higher the value, the 6891 higher the priority. 6892 format: int32 6893 type: integer 6894 priorityClassName: 6895 description: If specified, indicates the pod's priority. "system-node-critical" 6896 and "system-cluster-critical" are two special keywords which 6897 indicate the highest priorities with the former being the 6898 highest priority. Any other name must be defined by creating 6899 a PriorityClass object with that name. If not specified, 6900 the pod priority will be default or zero if there is no 6901 default. 6902 type: string 6903 readinessGates: 6904 description: 'If specified, all readiness gates will be evaluated 6905 for pod readiness. A pod is ready when all its containers 6906 are ready AND all conditions specified in the readiness 6907 gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' 6908 items: 6909 description: PodReadinessGate contains the reference to 6910 a pod condition 6911 properties: 6912 conditionType: 6913 description: ConditionType refers to a condition in 6914 the pod's condition list with matching type. 6915 type: string 6916 required: 6917 - conditionType 6918 type: object 6919 type: array 6920 resourceClaims: 6921 description: "ResourceClaims defines which ResourceClaims 6922 must be allocated and reserved before the Pod is allowed 6923 to start. The resources will be made available to those 6924 containers which consume them by name. \n This is an alpha 6925 field and requires enabling the DynamicResourceAllocation 6926 feature gate. \n This field is immutable." 6927 items: 6928 description: PodResourceClaim references exactly one ResourceClaim 6929 through a ClaimSource. It adds a name to it that uniquely 6930 identifies the ResourceClaim inside the Pod. Containers 6931 that need access to the ResourceClaim reference it with 6932 this name. 6933 properties: 6934 name: 6935 description: Name uniquely identifies this resource 6936 claim inside the pod. This must be a DNS_LABEL. 6937 type: string 6938 source: 6939 description: Source describes where to find the ResourceClaim. 6940 properties: 6941 resourceClaimName: 6942 description: ResourceClaimName is the name of a 6943 ResourceClaim object in the same namespace as 6944 this pod. 6945 type: string 6946 resourceClaimTemplateName: 6947 description: "ResourceClaimTemplateName is the name 6948 of a ResourceClaimTemplate object in the same 6949 namespace as this pod. \n The template will be 6950 used to create a new ResourceClaim, which will 6951 be bound to this pod. When this pod is deleted, 6952 the ResourceClaim will also be deleted. The pod 6953 name and resource name, along with a generated 6954 component, will be used to form a unique name 6955 for the ResourceClaim, which will be recorded 6956 in pod.status.resourceClaimStatuses. \n This field 6957 is immutable and no changes will be made to the 6958 corresponding ResourceClaim by the control plane 6959 after creating the ResourceClaim." 6960 type: string 6961 type: object 6962 required: 6963 - name 6964 type: object 6965 type: array 6966 x-kubernetes-list-map-keys: 6967 - name 6968 x-kubernetes-list-type: map 6969 restartPolicy: 6970 description: 'Restart policy for all containers within the 6971 pod. One of Always, OnFailure, Never. In some contexts, 6972 only a subset of those values may be permitted. Default 6973 to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 6974 type: string 6975 runtimeClassName: 6976 description: 'RuntimeClassName refers to a RuntimeClass object 6977 in the node.k8s.io group, which should be used to run this 6978 pod. If no RuntimeClass resource matches the named class, 6979 the pod will not be run. If unset or empty, the "legacy" 6980 RuntimeClass will be used, which is an implicit class with 6981 an empty definition that uses the default runtime handler. 6982 More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' 6983 type: string 6984 schedulerName: 6985 description: If specified, the pod will be dispatched by specified 6986 scheduler. If not specified, the pod will be dispatched 6987 by default scheduler. 6988 type: string 6989 schedulingGates: 6990 description: "SchedulingGates is an opaque list of values 6991 that if specified will block scheduling the pod. If schedulingGates 6992 is not empty, the pod will stay in the SchedulingGated state 6993 and the scheduler will not attempt to schedule the pod. 6994 \n SchedulingGates can only be set at pod creation time, 6995 and be removed only afterwards. \n This is a beta feature 6996 enabled by the PodSchedulingReadiness feature gate." 6997 items: 6998 description: PodSchedulingGate is associated to a Pod to 6999 guard its scheduling. 7000 properties: 7001 name: 7002 description: Name of the scheduling gate. Each scheduling 7003 gate must have a unique name field. 7004 type: string 7005 required: 7006 - name 7007 type: object 7008 type: array 7009 x-kubernetes-list-map-keys: 7010 - name 7011 x-kubernetes-list-type: map 7012 securityContext: 7013 description: 'SecurityContext holds pod-level security attributes 7014 and common container settings. Optional: Defaults to empty. See 7015 type description for default values of each field.' 7016 properties: 7017 fsGroup: 7018 description: "A special supplemental group that applies 7019 to all containers in a pod. Some volume types allow 7020 the Kubelet to change the ownership of that volume to 7021 be owned by the pod: \n 1. The owning GID will be the 7022 FSGroup 2. The setgid bit is set (new files created 7023 in the volume will be owned by FSGroup) 3. The permission 7024 bits are OR'd with rw-rw---- \n If unset, the Kubelet 7025 will not modify the ownership and permissions of any 7026 volume. Note that this field cannot be set when spec.os.name 7027 is windows." 7028 format: int64 7029 type: integer 7030 fsGroupChangePolicy: 7031 description: 'fsGroupChangePolicy defines behavior of 7032 changing ownership and permission of the volume before 7033 being exposed inside Pod. This field will only apply 7034 to volume types which support fsGroup based ownership(and 7035 permissions). It will have no effect on ephemeral volume 7036 types such as: secret, configmaps and emptydir. Valid 7037 values are "OnRootMismatch" and "Always". If not specified, 7038 "Always" is used. Note that this field cannot be set 7039 when spec.os.name is windows.' 7040 type: string 7041 runAsGroup: 7042 description: The GID to run the entrypoint of the container 7043 process. Uses runtime default if unset. May also be 7044 set in SecurityContext. If set in both SecurityContext 7045 and PodSecurityContext, the value specified in SecurityContext 7046 takes precedence for that container. Note that this 7047 field cannot be set when spec.os.name is windows. 7048 format: int64 7049 type: integer 7050 runAsNonRoot: 7051 description: Indicates that the container must run as 7052 a non-root user. If true, the Kubelet will validate 7053 the image at runtime to ensure that it does not run 7054 as UID 0 (root) and fail to start the container if it 7055 does. If unset or false, no such validation will be 7056 performed. May also be set in SecurityContext. If set 7057 in both SecurityContext and PodSecurityContext, the 7058 value specified in SecurityContext takes precedence. 7059 type: boolean 7060 runAsUser: 7061 description: The UID to run the entrypoint of the container 7062 process. Defaults to user specified in image metadata 7063 if unspecified. May also be set in SecurityContext. If 7064 set in both SecurityContext and PodSecurityContext, 7065 the value specified in SecurityContext takes precedence 7066 for that container. Note that this field cannot be set 7067 when spec.os.name is windows. 7068 format: int64 7069 type: integer 7070 seLinuxOptions: 7071 description: The SELinux context to be applied to all 7072 containers. If unspecified, the container runtime will 7073 allocate a random SELinux context for each container. May 7074 also be set in SecurityContext. If set in both SecurityContext 7075 and PodSecurityContext, the value specified in SecurityContext 7076 takes precedence for that container. Note that this 7077 field cannot be set when spec.os.name is windows. 7078 properties: 7079 level: 7080 description: Level is SELinux level label that applies 7081 to the container. 7082 type: string 7083 role: 7084 description: Role is a SELinux role label that applies 7085 to the container. 7086 type: string 7087 type: 7088 description: Type is a SELinux type label that applies 7089 to the container. 7090 type: string 7091 user: 7092 description: User is a SELinux user label that applies 7093 to the container. 7094 type: string 7095 type: object 7096 seccompProfile: 7097 description: The seccomp options to use by the containers 7098 in this pod. Note that this field cannot be set when 7099 spec.os.name is windows. 7100 properties: 7101 localhostProfile: 7102 description: localhostProfile indicates a profile 7103 defined in a file on the node should be used. The 7104 profile must be preconfigured on the node to work. 7105 Must be a descending path, relative to the kubelet's 7106 configured seccomp profile location. Must be set 7107 if type is "Localhost". Must NOT be set for any 7108 other type. 7109 type: string 7110 type: 7111 description: "type indicates which kind of seccomp 7112 profile will be applied. Valid options are: \n Localhost 7113 - a profile defined in a file on the node should 7114 be used. RuntimeDefault - the container runtime 7115 default profile should be used. Unconfined - no 7116 profile should be applied." 7117 type: string 7118 required: 7119 - type 7120 type: object 7121 supplementalGroups: 7122 description: A list of groups applied to the first process 7123 run in each container, in addition to the container's 7124 primary GID, the fsGroup (if specified), and group memberships 7125 defined in the container image for the uid of the container 7126 process. If unspecified, no additional groups are added 7127 to any container. Note that group memberships defined 7128 in the container image for the uid of the container 7129 process are still effective, even if they are not included 7130 in this list. Note that this field cannot be set when 7131 spec.os.name is windows. 7132 items: 7133 format: int64 7134 type: integer 7135 type: array 7136 sysctls: 7137 description: Sysctls hold a list of namespaced sysctls 7138 used for the pod. Pods with unsupported sysctls (by 7139 the container runtime) might fail to launch. Note that 7140 this field cannot be set when spec.os.name is windows. 7141 items: 7142 description: Sysctl defines a kernel parameter to be 7143 set 7144 properties: 7145 name: 7146 description: Name of a property to set 7147 type: string 7148 value: 7149 description: Value of a property to set 7150 type: string 7151 required: 7152 - name 7153 - value 7154 type: object 7155 type: array 7156 windowsOptions: 7157 description: The Windows specific settings applied to 7158 all containers. If unspecified, the options within a 7159 container's SecurityContext will be used. If set in 7160 both SecurityContext and PodSecurityContext, the value 7161 specified in SecurityContext takes precedence. Note 7162 that this field cannot be set when spec.os.name is linux. 7163 properties: 7164 gmsaCredentialSpec: 7165 description: GMSACredentialSpec is where the GMSA 7166 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 7167 inlines the contents of the GMSA credential spec 7168 named by the GMSACredentialSpecName field. 7169 type: string 7170 gmsaCredentialSpecName: 7171 description: GMSACredentialSpecName is the name of 7172 the GMSA credential spec to use. 7173 type: string 7174 hostProcess: 7175 description: HostProcess determines if a container 7176 should be run as a 'Host Process' container. All 7177 of a Pod's containers must have the same effective 7178 HostProcess value (it is not allowed to have a mix 7179 of HostProcess containers and non-HostProcess containers). 7180 In addition, if HostProcess is true then HostNetwork 7181 must also be set to true. 7182 type: boolean 7183 runAsUserName: 7184 description: The UserName in Windows to run the entrypoint 7185 of the container process. Defaults to the user specified 7186 in image metadata if unspecified. May also be set 7187 in PodSecurityContext. If set in both SecurityContext 7188 and PodSecurityContext, the value specified in SecurityContext 7189 takes precedence. 7190 type: string 7191 type: object 7192 type: object 7193 serviceAccount: 7194 description: 'DeprecatedServiceAccount is a depreciated alias 7195 for ServiceAccountName. Deprecated: Use serviceAccountName 7196 instead.' 7197 type: string 7198 serviceAccountName: 7199 description: 'ServiceAccountName is the name of the ServiceAccount 7200 to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 7201 type: string 7202 setHostnameAsFQDN: 7203 description: If true the pod's hostname will be configured 7204 as the pod's FQDN, rather than the leaf name (the default). 7205 In Linux containers, this means setting the FQDN in the 7206 hostname field of the kernel (the nodename field of struct 7207 utsname). In Windows containers, this means setting the 7208 registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters 7209 to FQDN. If a pod does not have FQDN, this has no effect. 7210 Default to false. 7211 type: boolean 7212 shareProcessNamespace: 7213 description: 'Share a single process namespace between all 7214 of the containers in a pod. When this is set containers 7215 will be able to view and signal processes from other containers 7216 in the same pod, and the first process in each container 7217 will not be assigned PID 1. HostPID and ShareProcessNamespace 7218 cannot both be set. Optional: Default to false.' 7219 type: boolean 7220 subdomain: 7221 description: If specified, the fully qualified Pod hostname 7222 will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster 7223 domain>". If not specified, the pod will not have a domainname 7224 at all. 7225 type: string 7226 terminationGracePeriodSeconds: 7227 description: Optional duration in seconds the pod needs to 7228 terminate gracefully. May be decreased in delete request. 7229 Value must be non-negative integer. The value zero indicates 7230 stop immediately via the kill signal (no opportunity to 7231 shut down). If this value is nil, the default grace period 7232 will be used instead. The grace period is the duration in 7233 seconds after the processes running in the pod are sent 7234 a termination signal and the time when the processes are 7235 forcibly halted with a kill signal. Set this value longer 7236 than the expected cleanup time for your process. Defaults 7237 to 30 seconds. 7238 format: int64 7239 type: integer 7240 tolerations: 7241 description: If specified, the pod's tolerations. 7242 items: 7243 description: The pod this Toleration is attached to tolerates 7244 any taint that matches the triple <key,value,effect> using 7245 the matching operator <operator>. 7246 properties: 7247 effect: 7248 description: Effect indicates the taint effect to match. 7249 Empty means match all taint effects. When specified, 7250 allowed values are NoSchedule, PreferNoSchedule and 7251 NoExecute. 7252 type: string 7253 key: 7254 description: Key is the taint key that the toleration 7255 applies to. Empty means match all taint keys. If the 7256 key is empty, operator must be Exists; this combination 7257 means to match all values and all keys. 7258 type: string 7259 operator: 7260 description: Operator represents a key's relationship 7261 to the value. Valid operators are Exists and Equal. 7262 Defaults to Equal. Exists is equivalent to wildcard 7263 for value, so that a pod can tolerate all taints of 7264 a particular category. 7265 type: string 7266 tolerationSeconds: 7267 description: TolerationSeconds represents the period 7268 of time the toleration (which must be of effect NoExecute, 7269 otherwise this field is ignored) tolerates the taint. 7270 By default, it is not set, which means tolerate the 7271 taint forever (do not evict). Zero and negative values 7272 will be treated as 0 (evict immediately) by the system. 7273 format: int64 7274 type: integer 7275 value: 7276 description: Value is the taint value the toleration 7277 matches to. If the operator is Exists, the value should 7278 be empty, otherwise just a regular string. 7279 type: string 7280 type: object 7281 type: array 7282 topologySpreadConstraints: 7283 description: TopologySpreadConstraints describes how a group 7284 of pods ought to spread across topology domains. Scheduler 7285 will schedule pods in a way which abides by the constraints. 7286 All topologySpreadConstraints are ANDed. 7287 items: 7288 description: TopologySpreadConstraint specifies how to spread 7289 matching pods among the given topology. 7290 properties: 7291 labelSelector: 7292 description: LabelSelector is used to find matching 7293 pods. Pods that match this label selector are counted 7294 to determine the number of pods in their corresponding 7295 topology domain. 7296 properties: 7297 matchExpressions: 7298 description: matchExpressions is a list of label 7299 selector requirements. The requirements are ANDed. 7300 items: 7301 description: A label selector requirement is a 7302 selector that contains values, a key, and an 7303 operator that relates the key and values. 7304 properties: 7305 key: 7306 description: key is the label key that the 7307 selector applies to. 7308 type: string 7309 operator: 7310 description: operator represents a key's relationship 7311 to a set of values. Valid operators are 7312 In, NotIn, Exists and DoesNotExist. 7313 type: string 7314 values: 7315 description: values is an array of string 7316 values. If the operator is In or NotIn, 7317 the values array must be non-empty. If the 7318 operator is Exists or DoesNotExist, the 7319 values array must be empty. This array is 7320 replaced during a strategic merge patch. 7321 items: 7322 type: string 7323 type: array 7324 required: 7325 - key 7326 - operator 7327 type: object 7328 type: array 7329 matchLabels: 7330 additionalProperties: 7331 type: string 7332 description: matchLabels is a map of {key,value} 7333 pairs. A single {key,value} in the matchLabels 7334 map is equivalent to an element of matchExpressions, 7335 whose key field is "key", the operator is "In", 7336 and the values array contains only "value". The 7337 requirements are ANDed. 7338 type: object 7339 type: object 7340 x-kubernetes-map-type: atomic 7341 matchLabelKeys: 7342 description: "MatchLabelKeys is a set of pod label keys 7343 to select the pods over which spreading will be calculated. 7344 The keys are used to lookup values from the incoming 7345 pod labels, those key-value labels are ANDed with 7346 labelSelector to select the group of existing pods 7347 over which spreading will be calculated for the incoming 7348 pod. The same key is forbidden to exist in both MatchLabelKeys 7349 and LabelSelector. MatchLabelKeys cannot be set when 7350 LabelSelector isn't set. Keys that don't exist in 7351 the incoming pod labels will be ignored. A null or 7352 empty list means only match against labelSelector. 7353 \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread 7354 feature gate to be enabled (enabled by default)." 7355 items: 7356 type: string 7357 type: array 7358 x-kubernetes-list-type: atomic 7359 maxSkew: 7360 description: 'MaxSkew describes the degree to which 7361 pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 7362 it is the maximum permitted difference between the 7363 number of matching pods in the target topology and 7364 the global minimum. The global minimum is the minimum 7365 number of matching pods in an eligible domain or zero 7366 if the number of eligible domains is less than MinDomains. 7367 For example, in a 3-zone cluster, MaxSkew is set to 7368 1, and pods with the same labelSelector spread as 7369 2/2/1: In this case, the global minimum is 1. | zone1 7370 | zone2 | zone3 | | P P | P P | P | - if MaxSkew 7371 is 1, incoming pod can only be scheduled to zone3 7372 to become 2/2/2; scheduling it onto zone1(zone2) would 7373 make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). 7374 - if MaxSkew is 2, incoming pod can be scheduled onto 7375 any zone. When `whenUnsatisfiable=ScheduleAnyway`, 7376 it is used to give higher precedence to topologies 7377 that satisfy it. It''s a required field. Default value 7378 is 1 and 0 is not allowed.' 7379 format: int32 7380 type: integer 7381 minDomains: 7382 description: "MinDomains indicates a minimum number 7383 of eligible domains. When the number of eligible domains 7384 with matching topology keys is less than minDomains, 7385 Pod Topology Spread treats \"global minimum\" as 0, 7386 and then the calculation of Skew is performed. And 7387 when the number of eligible domains with matching 7388 topology keys equals or greater than minDomains, this 7389 value has no effect on scheduling. As a result, when 7390 the number of eligible domains is less than minDomains, 7391 scheduler won't schedule more than maxSkew Pods to 7392 those domains. If value is nil, the constraint behaves 7393 as if MinDomains is equal to 1. Valid values are integers 7394 greater than 0. When value is not nil, WhenUnsatisfiable 7395 must be DoNotSchedule. \n For example, in a 3-zone 7396 cluster, MaxSkew is set to 2, MinDomains is set to 7397 5 and pods with the same labelSelector spread as 2/2/2: 7398 | zone1 | zone2 | zone3 | | P P | P P | P P | 7399 The number of domains is less than 5(MinDomains), 7400 so \"global minimum\" is treated as 0. In this situation, 7401 new pod with the same labelSelector cannot be scheduled, 7402 because computed skew will be 3(3 - 0) if new Pod 7403 is scheduled to any of the three zones, it will violate 7404 MaxSkew. \n This is a beta field and requires the 7405 MinDomainsInPodTopologySpread feature gate to be enabled 7406 (enabled by default)." 7407 format: int32 7408 type: integer 7409 nodeAffinityPolicy: 7410 description: "NodeAffinityPolicy indicates how we will 7411 treat Pod's nodeAffinity/nodeSelector when calculating 7412 pod topology spread skew. Options are: - Honor: only 7413 nodes matching nodeAffinity/nodeSelector are included 7414 in the calculations. - Ignore: nodeAffinity/nodeSelector 7415 are ignored. All nodes are included in the calculations. 7416 \n If this value is nil, the behavior is equivalent 7417 to the Honor policy. This is a beta-level feature 7418 default enabled by the NodeInclusionPolicyInPodTopologySpread 7419 feature flag." 7420 type: string 7421 nodeTaintsPolicy: 7422 description: "NodeTaintsPolicy indicates how we will 7423 treat node taints when calculating pod topology spread 7424 skew. Options are: - Honor: nodes without taints, 7425 along with tainted nodes for which the incoming pod 7426 has a toleration, are included. - Ignore: node taints 7427 are ignored. All nodes are included. \n If this value 7428 is nil, the behavior is equivalent to the Ignore policy. 7429 This is a beta-level feature default enabled by the 7430 NodeInclusionPolicyInPodTopologySpread feature flag." 7431 type: string 7432 topologyKey: 7433 description: TopologyKey is the key of node labels. 7434 Nodes that have a label with this key and identical 7435 values are considered to be in the same topology. 7436 We consider each <key, value> as a "bucket", and try 7437 to put balanced number of pods into each bucket. We 7438 define a domain as a particular instance of a topology. 7439 Also, we define an eligible domain as a domain whose 7440 nodes meet the requirements of nodeAffinityPolicy 7441 and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", 7442 each Node is a domain of that topology. And, if TopologyKey 7443 is "topology.kubernetes.io/zone", each zone is a domain 7444 of that topology. It's a required field. 7445 type: string 7446 whenUnsatisfiable: 7447 description: 'WhenUnsatisfiable indicates how to deal 7448 with a pod if it doesn''t satisfy the spread constraint. 7449 - DoNotSchedule (default) tells the scheduler not 7450 to schedule it. - ScheduleAnyway tells the scheduler 7451 to schedule the pod in any location, but giving higher 7452 precedence to topologies that would help reduce the 7453 skew. A constraint is considered "Unsatisfiable" for 7454 an incoming pod if and only if every possible node 7455 assignment for that pod would violate "MaxSkew" on 7456 some topology. For example, in a 3-zone cluster, MaxSkew 7457 is set to 1, and pods with the same labelSelector 7458 spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P 7459 | P | P | If WhenUnsatisfiable is set to DoNotSchedule, 7460 incoming pod can only be scheduled to zone2(zone3) 7461 to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) 7462 satisfies MaxSkew(1). In other words, the cluster 7463 can still be imbalanced, but scheduler won''t make 7464 it *more* imbalanced. It''s a required field.' 7465 type: string 7466 required: 7467 - maxSkew 7468 - topologyKey 7469 - whenUnsatisfiable 7470 type: object 7471 type: array 7472 x-kubernetes-list-map-keys: 7473 - topologyKey 7474 - whenUnsatisfiable 7475 x-kubernetes-list-type: map 7476 volumes: 7477 description: 'List of volumes that can be mounted by containers 7478 belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 7479 items: 7480 description: Volume represents a named volume in a pod that 7481 may be accessed by any container in the pod. 7482 properties: 7483 awsElasticBlockStore: 7484 description: 'awsElasticBlockStore represents an AWS 7485 Disk resource that is attached to a kubelet''s host 7486 machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 7487 properties: 7488 fsType: 7489 description: 'fsType is the filesystem type of the 7490 volume that you want to mount. Tip: Ensure that 7491 the filesystem type is supported by the host operating 7492 system. Examples: "ext4", "xfs", "ntfs". Implicitly 7493 inferred to be "ext4" if unspecified. More info: 7494 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 7495 TODO: how do we prevent errors in the filesystem 7496 from compromising the machine' 7497 type: string 7498 partition: 7499 description: 'partition is the partition in the 7500 volume that you want to mount. If omitted, the 7501 default is to mount by volume name. Examples: 7502 For volume /dev/sda1, you specify the partition 7503 as "1". Similarly, the volume partition for /dev/sda 7504 is "0" (or you can leave the property empty).' 7505 format: int32 7506 type: integer 7507 readOnly: 7508 description: 'readOnly value true will force the 7509 readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 7510 type: boolean 7511 volumeID: 7512 description: 'volumeID is unique ID of the persistent 7513 disk resource in AWS (Amazon EBS volume). More 7514 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 7515 type: string 7516 required: 7517 - volumeID 7518 type: object 7519 azureDisk: 7520 description: azureDisk represents an Azure Data Disk 7521 mount on the host and bind mount to the pod. 7522 properties: 7523 cachingMode: 7524 description: 'cachingMode is the Host Caching mode: 7525 None, Read Only, Read Write.' 7526 type: string 7527 diskName: 7528 description: diskName is the Name of the data disk 7529 in the blob storage 7530 type: string 7531 diskURI: 7532 description: diskURI is the URI of data disk in 7533 the blob storage 7534 type: string 7535 fsType: 7536 description: fsType is Filesystem type to mount. 7537 Must be a filesystem type supported by the host 7538 operating system. Ex. "ext4", "xfs", "ntfs". Implicitly 7539 inferred to be "ext4" if unspecified. 7540 type: string 7541 kind: 7542 description: 'kind expected values are Shared: multiple 7543 blob disks per storage account Dedicated: single 7544 blob disk per storage account Managed: azure 7545 managed data disk (only in managed availability 7546 set). defaults to shared' 7547 type: string 7548 readOnly: 7549 description: readOnly Defaults to false (read/write). 7550 ReadOnly here will force the ReadOnly setting 7551 in VolumeMounts. 7552 type: boolean 7553 required: 7554 - diskName 7555 - diskURI 7556 type: object 7557 azureFile: 7558 description: azureFile represents an Azure File Service 7559 mount on the host and bind mount to the pod. 7560 properties: 7561 readOnly: 7562 description: readOnly defaults to false (read/write). 7563 ReadOnly here will force the ReadOnly setting 7564 in VolumeMounts. 7565 type: boolean 7566 secretName: 7567 description: secretName is the name of secret that 7568 contains Azure Storage Account Name and Key 7569 type: string 7570 shareName: 7571 description: shareName is the azure share Name 7572 type: string 7573 required: 7574 - secretName 7575 - shareName 7576 type: object 7577 cephfs: 7578 description: cephFS represents a Ceph FS mount on the 7579 host that shares a pod's lifetime 7580 properties: 7581 monitors: 7582 description: 'monitors is Required: Monitors is 7583 a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 7584 items: 7585 type: string 7586 type: array 7587 path: 7588 description: 'path is Optional: Used as the mounted 7589 root, rather than the full Ceph tree, default 7590 is /' 7591 type: string 7592 readOnly: 7593 description: 'readOnly is Optional: Defaults to 7594 false (read/write). ReadOnly here will force the 7595 ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 7596 type: boolean 7597 secretFile: 7598 description: 'secretFile is Optional: SecretFile 7599 is the path to key ring for User, default is /etc/ceph/user.secret 7600 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 7601 type: string 7602 secretRef: 7603 description: 'secretRef is Optional: SecretRef is 7604 reference to the authentication secret for User, 7605 default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 7606 properties: 7607 name: 7608 description: 'Name of the referent. More info: 7609 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7610 TODO: Add other useful fields. apiVersion, 7611 kind, uid?' 7612 type: string 7613 type: object 7614 x-kubernetes-map-type: atomic 7615 user: 7616 description: 'user is optional: User is the rados 7617 user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 7618 type: string 7619 required: 7620 - monitors 7621 type: object 7622 cinder: 7623 description: 'cinder represents a cinder volume attached 7624 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 7625 properties: 7626 fsType: 7627 description: 'fsType is the filesystem type to mount. 7628 Must be a filesystem type supported by the host 7629 operating system. Examples: "ext4", "xfs", "ntfs". 7630 Implicitly inferred to be "ext4" if unspecified. 7631 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 7632 type: string 7633 readOnly: 7634 description: 'readOnly defaults to false (read/write). 7635 ReadOnly here will force the ReadOnly setting 7636 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 7637 type: boolean 7638 secretRef: 7639 description: 'secretRef is optional: points to a 7640 secret object containing parameters used to connect 7641 to OpenStack.' 7642 properties: 7643 name: 7644 description: 'Name of the referent. More info: 7645 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7646 TODO: Add other useful fields. apiVersion, 7647 kind, uid?' 7648 type: string 7649 type: object 7650 x-kubernetes-map-type: atomic 7651 volumeID: 7652 description: 'volumeID used to identify the volume 7653 in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 7654 type: string 7655 required: 7656 - volumeID 7657 type: object 7658 configMap: 7659 description: configMap represents a configMap that should 7660 populate this volume 7661 properties: 7662 defaultMode: 7663 description: 'defaultMode is optional: mode bits 7664 used to set permissions on created files by default. 7665 Must be an octal value between 0000 and 0777 or 7666 a decimal value between 0 and 511. YAML accepts 7667 both octal and decimal values, JSON requires decimal 7668 values for mode bits. Defaults to 0644. Directories 7669 within the path are not affected by this setting. 7670 This might be in conflict with other options that 7671 affect the file mode, like fsGroup, and the result 7672 can be other mode bits set.' 7673 format: int32 7674 type: integer 7675 items: 7676 description: items if unspecified, each key-value 7677 pair in the Data field of the referenced ConfigMap 7678 will be projected into the volume as a file whose 7679 name is the key and content is the value. If specified, 7680 the listed keys will be projected into the specified 7681 paths, and unlisted keys will not be present. 7682 If a key is specified which is not present in 7683 the ConfigMap, the volume setup will error unless 7684 it is marked optional. Paths must be relative 7685 and may not contain the '..' path or start with 7686 '..'. 7687 items: 7688 description: Maps a string key to a path within 7689 a volume. 7690 properties: 7691 key: 7692 description: key is the key to project. 7693 type: string 7694 mode: 7695 description: 'mode is Optional: mode bits 7696 used to set permissions on this file. Must 7697 be an octal value between 0000 and 0777 7698 or a decimal value between 0 and 511. YAML 7699 accepts both octal and decimal values, JSON 7700 requires decimal values for mode bits. If 7701 not specified, the volume defaultMode will 7702 be used. This might be in conflict with 7703 other options that affect the file mode, 7704 like fsGroup, and the result can be other 7705 mode bits set.' 7706 format: int32 7707 type: integer 7708 path: 7709 description: path is the relative path of 7710 the file to map the key to. May not be an 7711 absolute path. May not contain the path 7712 element '..'. May not start with the string 7713 '..'. 7714 type: string 7715 required: 7716 - key 7717 - path 7718 type: object 7719 type: array 7720 name: 7721 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7722 TODO: Add other useful fields. apiVersion, kind, 7723 uid?' 7724 type: string 7725 optional: 7726 description: optional specify whether the ConfigMap 7727 or its keys must be defined 7728 type: boolean 7729 type: object 7730 x-kubernetes-map-type: atomic 7731 csi: 7732 description: csi (Container Storage Interface) represents 7733 ephemeral storage that is handled by certain external 7734 CSI drivers (Beta feature). 7735 properties: 7736 driver: 7737 description: driver is the name of the CSI driver 7738 that handles this volume. Consult with your admin 7739 for the correct name as registered in the cluster. 7740 type: string 7741 fsType: 7742 description: fsType to mount. Ex. "ext4", "xfs", 7743 "ntfs". If not provided, the empty value is passed 7744 to the associated CSI driver which will determine 7745 the default filesystem to apply. 7746 type: string 7747 nodePublishSecretRef: 7748 description: nodePublishSecretRef is a reference 7749 to the secret object containing sensitive information 7750 to pass to the CSI driver to complete the CSI 7751 NodePublishVolume and NodeUnpublishVolume calls. 7752 This field is optional, and may be empty if no 7753 secret is required. If the secret object contains 7754 more than one secret, all secret references are 7755 passed. 7756 properties: 7757 name: 7758 description: 'Name of the referent. More info: 7759 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7760 TODO: Add other useful fields. apiVersion, 7761 kind, uid?' 7762 type: string 7763 type: object 7764 x-kubernetes-map-type: atomic 7765 readOnly: 7766 description: readOnly specifies a read-only configuration 7767 for the volume. Defaults to false (read/write). 7768 type: boolean 7769 volumeAttributes: 7770 additionalProperties: 7771 type: string 7772 description: volumeAttributes stores driver-specific 7773 properties that are passed to the CSI driver. 7774 Consult your driver's documentation for supported 7775 values. 7776 type: object 7777 required: 7778 - driver 7779 type: object 7780 downwardAPI: 7781 description: downwardAPI represents downward API about 7782 the pod that should populate this volume 7783 properties: 7784 defaultMode: 7785 description: 'Optional: mode bits to use on created 7786 files by default. Must be a Optional: mode bits 7787 used to set permissions on created files by default. 7788 Must be an octal value between 0000 and 0777 or 7789 a decimal value between 0 and 511. YAML accepts 7790 both octal and decimal values, JSON requires decimal 7791 values for mode bits. Defaults to 0644. Directories 7792 within the path are not affected by this setting. 7793 This might be in conflict with other options that 7794 affect the file mode, like fsGroup, and the result 7795 can be other mode bits set.' 7796 format: int32 7797 type: integer 7798 items: 7799 description: Items is a list of downward API volume 7800 file 7801 items: 7802 description: DownwardAPIVolumeFile represents 7803 information to create the file containing the 7804 pod field 7805 properties: 7806 fieldRef: 7807 description: 'Required: Selects a field of 7808 the pod: only annotations, labels, name 7809 and namespace are supported.' 7810 properties: 7811 apiVersion: 7812 description: Version of the schema the 7813 FieldPath is written in terms of, defaults 7814 to "v1". 7815 type: string 7816 fieldPath: 7817 description: Path of the field to select 7818 in the specified API version. 7819 type: string 7820 required: 7821 - fieldPath 7822 type: object 7823 x-kubernetes-map-type: atomic 7824 mode: 7825 description: 'Optional: mode bits used to 7826 set permissions on this file, must be an 7827 octal value between 0000 and 0777 or a decimal 7828 value between 0 and 511. YAML accepts both 7829 octal and decimal values, JSON requires 7830 decimal values for mode bits. If not specified, 7831 the volume defaultMode will be used. This 7832 might be in conflict with other options 7833 that affect the file mode, like fsGroup, 7834 and the result can be other mode bits set.' 7835 format: int32 7836 type: integer 7837 path: 7838 description: 'Required: Path is the relative 7839 path name of the file to be created. Must 7840 not be absolute or contain the ''..'' path. 7841 Must be utf-8 encoded. The first item of 7842 the relative path must not start with ''..''' 7843 type: string 7844 resourceFieldRef: 7845 description: 'Selects a resource of the container: 7846 only resources limits and requests (limits.cpu, 7847 limits.memory, requests.cpu and requests.memory) 7848 are currently supported.' 7849 properties: 7850 containerName: 7851 description: 'Container name: required 7852 for volumes, optional for env vars' 7853 type: string 7854 divisor: 7855 anyOf: 7856 - type: integer 7857 - type: string 7858 description: Specifies the output format 7859 of the exposed resources, defaults to 7860 "1" 7861 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7862 x-kubernetes-int-or-string: true 7863 resource: 7864 description: 'Required: resource to select' 7865 type: string 7866 required: 7867 - resource 7868 type: object 7869 x-kubernetes-map-type: atomic 7870 required: 7871 - path 7872 type: object 7873 type: array 7874 type: object 7875 emptyDir: 7876 description: 'emptyDir represents a temporary directory 7877 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 7878 properties: 7879 medium: 7880 description: 'medium represents what type of storage 7881 medium should back this directory. The default 7882 is "" which means to use the node''s default medium. 7883 Must be an empty string (default) or Memory. More 7884 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 7885 type: string 7886 sizeLimit: 7887 anyOf: 7888 - type: integer 7889 - type: string 7890 description: 'sizeLimit is the total amount of local 7891 storage required for this EmptyDir volume. The 7892 size limit is also applicable for memory medium. 7893 The maximum usage on memory medium EmptyDir would 7894 be the minimum value between the SizeLimit specified 7895 here and the sum of memory limits of all containers 7896 in a pod. The default is nil which means that 7897 the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 7898 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7899 x-kubernetes-int-or-string: true 7900 type: object 7901 ephemeral: 7902 description: "ephemeral represents a volume that is 7903 handled by a cluster storage driver. The volume's 7904 lifecycle is tied to the pod that defines it - it 7905 will be created before the pod starts, and deleted 7906 when the pod is removed. \n Use this if: a) the volume 7907 is only needed while the pod runs, b) features of 7908 normal volumes like restoring from snapshot or capacity 7909 tracking are needed, c) the storage driver is specified 7910 through a storage class, and d) the storage driver 7911 supports dynamic volume provisioning through a PersistentVolumeClaim 7912 (see EphemeralVolumeSource for more information on 7913 the connection between this volume type and PersistentVolumeClaim). 7914 \n Use PersistentVolumeClaim or one of the vendor-specific 7915 APIs for volumes that persist for longer than the 7916 lifecycle of an individual pod. \n Use CSI for light-weight 7917 local ephemeral volumes if the CSI driver is meant 7918 to be used that way - see the documentation of the 7919 driver for more information. \n A pod can use both 7920 types of ephemeral volumes and persistent volumes 7921 at the same time." 7922 properties: 7923 volumeClaimTemplate: 7924 description: "Will be used to create a stand-alone 7925 PVC to provision the volume. The pod in which 7926 this EphemeralVolumeSource is embedded will be 7927 the owner of the PVC, i.e. the PVC will be deleted 7928 together with the pod. The name of the PVC will 7929 be `<pod name>-<volume name>` where `<volume name>` 7930 is the name from the `PodSpec.Volumes` array entry. 7931 Pod validation will reject the pod if the concatenated 7932 name is not valid for a PVC (for example, too 7933 long). \n An existing PVC with that name that 7934 is not owned by the pod will *not* be used for 7935 the pod to avoid using an unrelated volume by 7936 mistake. Starting the pod is then blocked until 7937 the unrelated PVC is removed. If such a pre-created 7938 PVC is meant to be used by the pod, the PVC has 7939 to updated with an owner reference to the pod 7940 once the pod exists. Normally this should not 7941 be necessary, but it may be useful when manually 7942 reconstructing a broken cluster. \n This field 7943 is read-only and no changes will be made by Kubernetes 7944 to the PVC after it has been created. \n Required, 7945 must not be nil." 7946 properties: 7947 metadata: 7948 description: May contain labels and annotations 7949 that will be copied into the PVC when creating 7950 it. No other fields are allowed and will be 7951 rejected during validation. 7952 properties: 7953 annotations: 7954 additionalProperties: 7955 type: string 7956 type: object 7957 finalizers: 7958 items: 7959 type: string 7960 type: array 7961 labels: 7962 additionalProperties: 7963 type: string 7964 type: object 7965 name: 7966 type: string 7967 namespace: 7968 type: string 7969 type: object 7970 spec: 7971 description: The specification for the PersistentVolumeClaim. 7972 The entire content is copied unchanged into 7973 the PVC that gets created from this template. 7974 The same fields as in a PersistentVolumeClaim 7975 are also valid here. 7976 properties: 7977 accessModes: 7978 description: 'accessModes contains the desired 7979 access modes the volume should have. More 7980 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 7981 items: 7982 type: string 7983 type: array 7984 dataSource: 7985 description: 'dataSource field can be used 7986 to specify either: * An existing VolumeSnapshot 7987 object (snapshot.storage.k8s.io/VolumeSnapshot) 7988 * An existing PVC (PersistentVolumeClaim) 7989 If the provisioner or an external controller 7990 can support the specified data source, 7991 it will create a new volume based on the 7992 contents of the specified data source. 7993 When the AnyVolumeDataSource feature gate 7994 is enabled, dataSource contents will be 7995 copied to dataSourceRef, and dataSourceRef 7996 contents will be copied to dataSource 7997 when dataSourceRef.namespace is not specified. 7998 If the namespace is specified, then dataSourceRef 7999 will not be copied to dataSource.' 8000 properties: 8001 apiGroup: 8002 description: APIGroup is the group for 8003 the resource being referenced. If 8004 APIGroup is not specified, the specified 8005 Kind must be in the core API group. 8006 For any other third-party types, APIGroup 8007 is required. 8008 type: string 8009 kind: 8010 description: Kind is the type of resource 8011 being referenced 8012 type: string 8013 name: 8014 description: Name is the name of resource 8015 being referenced 8016 type: string 8017 required: 8018 - kind 8019 - name 8020 type: object 8021 x-kubernetes-map-type: atomic 8022 dataSourceRef: 8023 description: 'dataSourceRef specifies the 8024 object from which to populate the volume 8025 with data, if a non-empty volume is desired. 8026 This may be any object from a non-empty 8027 API group (non core object) or a PersistentVolumeClaim 8028 object. When this field is specified, 8029 volume binding will only succeed if the 8030 type of the specified object matches some 8031 installed volume populator or dynamic 8032 provisioner. This field will replace the 8033 functionality of the dataSource field 8034 and as such if both fields are non-empty, 8035 they must have the same value. For backwards 8036 compatibility, when namespace isn''t specified 8037 in dataSourceRef, both fields (dataSource 8038 and dataSourceRef) will be set to the 8039 same value automatically if one of them 8040 is empty and the other is non-empty. When 8041 namespace is specified in dataSourceRef, 8042 dataSource isn''t set to the same value 8043 and must be empty. There are three important 8044 differences between dataSource and dataSourceRef: 8045 * While dataSource only allows two specific 8046 types of objects, dataSourceRef allows 8047 any non-core object, as well as PersistentVolumeClaim 8048 objects. * While dataSource ignores disallowed 8049 values (dropping them), dataSourceRef 8050 preserves all values, and generates an 8051 error if a disallowed value is specified. 8052 * While dataSource only allows local objects, 8053 dataSourceRef allows objects in any namespaces. 8054 (Beta) Using this field requires the AnyVolumeDataSource 8055 feature gate to be enabled. (Alpha) Using 8056 the namespace field of dataSourceRef requires 8057 the CrossNamespaceVolumeDataSource feature 8058 gate to be enabled.' 8059 properties: 8060 apiGroup: 8061 description: APIGroup is the group for 8062 the resource being referenced. If 8063 APIGroup is not specified, the specified 8064 Kind must be in the core API group. 8065 For any other third-party types, APIGroup 8066 is required. 8067 type: string 8068 kind: 8069 description: Kind is the type of resource 8070 being referenced 8071 type: string 8072 name: 8073 description: Name is the name of resource 8074 being referenced 8075 type: string 8076 namespace: 8077 description: Namespace is the namespace 8078 of resource being referenced Note 8079 that when a namespace is specified, 8080 a gateway.networking.k8s.io/ReferenceGrant 8081 object is required in the referent 8082 namespace to allow that namespace's 8083 owner to accept the reference. See 8084 the ReferenceGrant documentation for 8085 details. (Alpha) This field requires 8086 the CrossNamespaceVolumeDataSource 8087 feature gate to be enabled. 8088 type: string 8089 required: 8090 - kind 8091 - name 8092 type: object 8093 resources: 8094 description: 'resources represents the minimum 8095 resources the volume should have. If RecoverVolumeExpansionFailure 8096 feature is enabled users are allowed to 8097 specify resource requirements that are 8098 lower than previous value but must still 8099 be higher than capacity recorded in the 8100 status field of the claim. More info: 8101 https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 8102 properties: 8103 claims: 8104 description: "Claims lists the names 8105 of resources, defined in spec.resourceClaims, 8106 that are used by this container. \n 8107 This is an alpha field and requires 8108 enabling the DynamicResourceAllocation 8109 feature gate. \n This field is immutable. 8110 It can only be set for containers." 8111 items: 8112 description: ResourceClaim references 8113 one entry in PodSpec.ResourceClaims. 8114 properties: 8115 name: 8116 description: Name must match the 8117 name of one entry in pod.spec.resourceClaims 8118 of the Pod where this field 8119 is used. It makes that resource 8120 available inside a container. 8121 type: string 8122 required: 8123 - name 8124 type: object 8125 type: array 8126 x-kubernetes-list-map-keys: 8127 - name 8128 x-kubernetes-list-type: map 8129 limits: 8130 additionalProperties: 8131 anyOf: 8132 - type: integer 8133 - type: string 8134 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8135 x-kubernetes-int-or-string: true 8136 description: 'Limits describes the maximum 8137 amount of compute resources allowed. 8138 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8139 type: object 8140 requests: 8141 additionalProperties: 8142 anyOf: 8143 - type: integer 8144 - type: string 8145 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8146 x-kubernetes-int-or-string: true 8147 description: 'Requests describes the 8148 minimum amount of compute resources 8149 required. If Requests is omitted for 8150 a container, it defaults to Limits 8151 if that is explicitly specified, otherwise 8152 to an implementation-defined value. 8153 Requests cannot exceed Limits. More 8154 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8155 type: object 8156 type: object 8157 selector: 8158 description: selector is a label query over 8159 volumes to consider for binding. 8160 properties: 8161 matchExpressions: 8162 description: matchExpressions is a list 8163 of label selector requirements. The 8164 requirements are ANDed. 8165 items: 8166 description: A label selector requirement 8167 is a selector that contains values, 8168 a key, and an operator that relates 8169 the key and values. 8170 properties: 8171 key: 8172 description: key is the label 8173 key that the selector applies 8174 to. 8175 type: string 8176 operator: 8177 description: operator represents 8178 a key's relationship to a set 8179 of values. Valid operators are 8180 In, NotIn, Exists and DoesNotExist. 8181 type: string 8182 values: 8183 description: values is an array 8184 of string values. If the operator 8185 is In or NotIn, the values array 8186 must be non-empty. If the operator 8187 is Exists or DoesNotExist, the 8188 values array must be empty. 8189 This array is replaced during 8190 a strategic merge patch. 8191 items: 8192 type: string 8193 type: array 8194 required: 8195 - key 8196 - operator 8197 type: object 8198 type: array 8199 matchLabels: 8200 additionalProperties: 8201 type: string 8202 description: matchLabels is a map of 8203 {key,value} pairs. A single {key,value} 8204 in the matchLabels map is equivalent 8205 to an element of matchExpressions, 8206 whose key field is "key", the operator 8207 is "In", and the values array contains 8208 only "value". The requirements are 8209 ANDed. 8210 type: object 8211 type: object 8212 x-kubernetes-map-type: atomic 8213 storageClassName: 8214 description: 'storageClassName is the name 8215 of the StorageClass required by the claim. 8216 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 8217 type: string 8218 volumeMode: 8219 description: volumeMode defines what type 8220 of volume is required by the claim. Value 8221 of Filesystem is implied when not included 8222 in claim spec. 8223 type: string 8224 volumeName: 8225 description: volumeName is the binding reference 8226 to the PersistentVolume backing this claim. 8227 type: string 8228 type: object 8229 required: 8230 - spec 8231 type: object 8232 type: object 8233 fc: 8234 description: fc represents a Fibre Channel resource 8235 that is attached to a kubelet's host machine and then 8236 exposed to the pod. 8237 properties: 8238 fsType: 8239 description: 'fsType is the filesystem type to mount. 8240 Must be a filesystem type supported by the host 8241 operating system. Ex. "ext4", "xfs", "ntfs". Implicitly 8242 inferred to be "ext4" if unspecified. TODO: how 8243 do we prevent errors in the filesystem from compromising 8244 the machine' 8245 type: string 8246 lun: 8247 description: 'lun is Optional: FC target lun number' 8248 format: int32 8249 type: integer 8250 readOnly: 8251 description: 'readOnly is Optional: Defaults to 8252 false (read/write). ReadOnly here will force the 8253 ReadOnly setting in VolumeMounts.' 8254 type: boolean 8255 targetWWNs: 8256 description: 'targetWWNs is Optional: FC target 8257 worldwide names (WWNs)' 8258 items: 8259 type: string 8260 type: array 8261 wwids: 8262 description: 'wwids Optional: FC volume world wide 8263 identifiers (wwids) Either wwids or combination 8264 of targetWWNs and lun must be set, but not both 8265 simultaneously.' 8266 items: 8267 type: string 8268 type: array 8269 type: object 8270 flexVolume: 8271 description: flexVolume represents a generic volume 8272 resource that is provisioned/attached using an exec 8273 based plugin. 8274 properties: 8275 driver: 8276 description: driver is the name of the driver to 8277 use for this volume. 8278 type: string 8279 fsType: 8280 description: fsType is the filesystem type to mount. 8281 Must be a filesystem type supported by the host 8282 operating system. Ex. "ext4", "xfs", "ntfs". The 8283 default filesystem depends on FlexVolume script. 8284 type: string 8285 options: 8286 additionalProperties: 8287 type: string 8288 description: 'options is Optional: this field holds 8289 extra command options if any.' 8290 type: object 8291 readOnly: 8292 description: 'readOnly is Optional: defaults to 8293 false (read/write). ReadOnly here will force the 8294 ReadOnly setting in VolumeMounts.' 8295 type: boolean 8296 secretRef: 8297 description: 'secretRef is Optional: secretRef is 8298 reference to the secret object containing sensitive 8299 information to pass to the plugin scripts. This 8300 may be empty if no secret object is specified. 8301 If the secret object contains more than one secret, 8302 all secrets are passed to the plugin scripts.' 8303 properties: 8304 name: 8305 description: 'Name of the referent. More info: 8306 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8307 TODO: Add other useful fields. apiVersion, 8308 kind, uid?' 8309 type: string 8310 type: object 8311 x-kubernetes-map-type: atomic 8312 required: 8313 - driver 8314 type: object 8315 flocker: 8316 description: flocker represents a Flocker volume attached 8317 to a kubelet's host machine. This depends on the Flocker 8318 control service being running 8319 properties: 8320 datasetName: 8321 description: datasetName is Name of the dataset 8322 stored as metadata -> name on the dataset for 8323 Flocker should be considered as deprecated 8324 type: string 8325 datasetUUID: 8326 description: datasetUUID is the UUID of the dataset. 8327 This is unique identifier of a Flocker dataset 8328 type: string 8329 type: object 8330 gcePersistentDisk: 8331 description: 'gcePersistentDisk represents a GCE Disk 8332 resource that is attached to a kubelet''s host machine 8333 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 8334 properties: 8335 fsType: 8336 description: 'fsType is filesystem type of the volume 8337 that you want to mount. Tip: Ensure that the filesystem 8338 type is supported by the host operating system. 8339 Examples: "ext4", "xfs", "ntfs". Implicitly inferred 8340 to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 8341 TODO: how do we prevent errors in the filesystem 8342 from compromising the machine' 8343 type: string 8344 partition: 8345 description: 'partition is the partition in the 8346 volume that you want to mount. If omitted, the 8347 default is to mount by volume name. Examples: 8348 For volume /dev/sda1, you specify the partition 8349 as "1". Similarly, the volume partition for /dev/sda 8350 is "0" (or you can leave the property empty). 8351 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 8352 format: int32 8353 type: integer 8354 pdName: 8355 description: 'pdName is unique name of the PD resource 8356 in GCE. Used to identify the disk in GCE. More 8357 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 8358 type: string 8359 readOnly: 8360 description: 'readOnly here will force the ReadOnly 8361 setting in VolumeMounts. Defaults to false. More 8362 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 8363 type: boolean 8364 required: 8365 - pdName 8366 type: object 8367 gitRepo: 8368 description: 'gitRepo represents a git repository at 8369 a particular revision. DEPRECATED: GitRepo is deprecated. 8370 To provision a container with a git repo, mount an 8371 EmptyDir into an InitContainer that clones the repo 8372 using git, then mount the EmptyDir into the Pod''s 8373 container.' 8374 properties: 8375 directory: 8376 description: directory is the target directory name. 8377 Must not contain or start with '..'. If '.' is 8378 supplied, the volume directory will be the git 8379 repository. Otherwise, if specified, the volume 8380 will contain the git repository in the subdirectory 8381 with the given name. 8382 type: string 8383 repository: 8384 description: repository is the URL 8385 type: string 8386 revision: 8387 description: revision is the commit hash for the 8388 specified revision. 8389 type: string 8390 required: 8391 - repository 8392 type: object 8393 glusterfs: 8394 description: 'glusterfs represents a Glusterfs mount 8395 on the host that shares a pod''s lifetime. More info: 8396 https://examples.k8s.io/volumes/glusterfs/README.md' 8397 properties: 8398 endpoints: 8399 description: 'endpoints is the endpoint name that 8400 details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 8401 type: string 8402 path: 8403 description: 'path is the Glusterfs volume path. 8404 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 8405 type: string 8406 readOnly: 8407 description: 'readOnly here will force the Glusterfs 8408 volume to be mounted with read-only permissions. 8409 Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 8410 type: boolean 8411 required: 8412 - endpoints 8413 - path 8414 type: object 8415 hostPath: 8416 description: 'hostPath represents a pre-existing file 8417 or directory on the host machine that is directly 8418 exposed to the container. This is generally used for 8419 system agents or other privileged things that are 8420 allowed to see the host machine. Most containers will 8421 NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 8422 --- TODO(jonesdl) We need to restrict who can use 8423 host directory mounts and who can/can not mount host 8424 directories as read/write.' 8425 properties: 8426 path: 8427 description: 'path of the directory on the host. 8428 If the path is a symlink, it will follow the link 8429 to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 8430 type: string 8431 type: 8432 description: 'type for HostPath Volume Defaults 8433 to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 8434 type: string 8435 required: 8436 - path 8437 type: object 8438 iscsi: 8439 description: 'iscsi represents an ISCSI Disk resource 8440 that is attached to a kubelet''s host machine and 8441 then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 8442 properties: 8443 chapAuthDiscovery: 8444 description: chapAuthDiscovery defines whether support 8445 iSCSI Discovery CHAP authentication 8446 type: boolean 8447 chapAuthSession: 8448 description: chapAuthSession defines whether support 8449 iSCSI Session CHAP authentication 8450 type: boolean 8451 fsType: 8452 description: 'fsType is the filesystem type of the 8453 volume that you want to mount. Tip: Ensure that 8454 the filesystem type is supported by the host operating 8455 system. Examples: "ext4", "xfs", "ntfs". Implicitly 8456 inferred to be "ext4" if unspecified. More info: 8457 https://kubernetes.io/docs/concepts/storage/volumes#iscsi 8458 TODO: how do we prevent errors in the filesystem 8459 from compromising the machine' 8460 type: string 8461 initiatorName: 8462 description: initiatorName is the custom iSCSI Initiator 8463 Name. If initiatorName is specified with iscsiInterface 8464 simultaneously, new iSCSI interface <target portal>:<volume 8465 name> will be created for the connection. 8466 type: string 8467 iqn: 8468 description: iqn is the target iSCSI Qualified Name. 8469 type: string 8470 iscsiInterface: 8471 description: iscsiInterface is the interface Name 8472 that uses an iSCSI transport. Defaults to 'default' 8473 (tcp). 8474 type: string 8475 lun: 8476 description: lun represents iSCSI Target Lun number. 8477 format: int32 8478 type: integer 8479 portals: 8480 description: portals is the iSCSI Target Portal 8481 List. The portal is either an IP or ip_addr:port 8482 if the port is other than default (typically TCP 8483 ports 860 and 3260). 8484 items: 8485 type: string 8486 type: array 8487 readOnly: 8488 description: readOnly here will force the ReadOnly 8489 setting in VolumeMounts. Defaults to false. 8490 type: boolean 8491 secretRef: 8492 description: secretRef is the CHAP Secret for iSCSI 8493 target and initiator authentication 8494 properties: 8495 name: 8496 description: 'Name of the referent. More info: 8497 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8498 TODO: Add other useful fields. apiVersion, 8499 kind, uid?' 8500 type: string 8501 type: object 8502 x-kubernetes-map-type: atomic 8503 targetPortal: 8504 description: targetPortal is iSCSI Target Portal. 8505 The Portal is either an IP or ip_addr:port if 8506 the port is other than default (typically TCP 8507 ports 860 and 3260). 8508 type: string 8509 required: 8510 - iqn 8511 - lun 8512 - targetPortal 8513 type: object 8514 name: 8515 description: 'name of the volume. Must be a DNS_LABEL 8516 and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 8517 type: string 8518 nfs: 8519 description: 'nfs represents an NFS mount on the host 8520 that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 8521 properties: 8522 path: 8523 description: 'path that is exported by the NFS server. 8524 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 8525 type: string 8526 readOnly: 8527 description: 'readOnly here will force the NFS export 8528 to be mounted with read-only permissions. Defaults 8529 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 8530 type: boolean 8531 server: 8532 description: 'server is the hostname or IP address 8533 of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 8534 type: string 8535 required: 8536 - path 8537 - server 8538 type: object 8539 persistentVolumeClaim: 8540 description: 'persistentVolumeClaimVolumeSource represents 8541 a reference to a PersistentVolumeClaim in the same 8542 namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 8543 properties: 8544 claimName: 8545 description: 'claimName is the name of a PersistentVolumeClaim 8546 in the same namespace as the pod using this volume. 8547 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 8548 type: string 8549 readOnly: 8550 description: readOnly Will force the ReadOnly setting 8551 in VolumeMounts. Default false. 8552 type: boolean 8553 required: 8554 - claimName 8555 type: object 8556 photonPersistentDisk: 8557 description: photonPersistentDisk represents a PhotonController 8558 persistent disk attached and mounted on kubelets host 8559 machine 8560 properties: 8561 fsType: 8562 description: fsType is the filesystem type to mount. 8563 Must be a filesystem type supported by the host 8564 operating system. Ex. "ext4", "xfs", "ntfs". Implicitly 8565 inferred to be "ext4" if unspecified. 8566 type: string 8567 pdID: 8568 description: pdID is the ID that identifies Photon 8569 Controller persistent disk 8570 type: string 8571 required: 8572 - pdID 8573 type: object 8574 portworxVolume: 8575 description: portworxVolume represents a portworx volume 8576 attached and mounted on kubelets host machine 8577 properties: 8578 fsType: 8579 description: fSType represents the filesystem type 8580 to mount Must be a filesystem type supported by 8581 the host operating system. Ex. "ext4", "xfs". 8582 Implicitly inferred to be "ext4" if unspecified. 8583 type: string 8584 readOnly: 8585 description: readOnly defaults to false (read/write). 8586 ReadOnly here will force the ReadOnly setting 8587 in VolumeMounts. 8588 type: boolean 8589 volumeID: 8590 description: volumeID uniquely identifies a Portworx 8591 volume 8592 type: string 8593 required: 8594 - volumeID 8595 type: object 8596 projected: 8597 description: projected items for all in one resources 8598 secrets, configmaps, and downward API 8599 properties: 8600 defaultMode: 8601 description: defaultMode are the mode bits used 8602 to set permissions on created files by default. 8603 Must be an octal value between 0000 and 0777 or 8604 a decimal value between 0 and 511. YAML accepts 8605 both octal and decimal values, JSON requires decimal 8606 values for mode bits. Directories within the path 8607 are not affected by this setting. This might be 8608 in conflict with other options that affect the 8609 file mode, like fsGroup, and the result can be 8610 other mode bits set. 8611 format: int32 8612 type: integer 8613 sources: 8614 description: sources is the list of volume projections 8615 items: 8616 description: Projection that may be projected 8617 along with other supported volume types 8618 properties: 8619 configMap: 8620 description: configMap information about the 8621 configMap data to project 8622 properties: 8623 items: 8624 description: items if unspecified, each 8625 key-value pair in the Data field of 8626 the referenced ConfigMap will be projected 8627 into the volume as a file whose name 8628 is the key and content is the value. 8629 If specified, the listed keys will be 8630 projected into the specified paths, 8631 and unlisted keys will not be present. 8632 If a key is specified which is not present 8633 in the ConfigMap, the volume setup will 8634 error unless it is marked optional. 8635 Paths must be relative and may not contain 8636 the '..' path or start with '..'. 8637 items: 8638 description: Maps a string key to a 8639 path within a volume. 8640 properties: 8641 key: 8642 description: key is the key to project. 8643 type: string 8644 mode: 8645 description: 'mode is Optional: 8646 mode bits used to set permissions 8647 on this file. Must be an octal 8648 value between 0000 and 0777 or 8649 a decimal value between 0 and 8650 511. YAML accepts both octal and 8651 decimal values, JSON requires 8652 decimal values for mode bits. 8653 If not specified, the volume defaultMode 8654 will be used. This might be in 8655 conflict with other options that 8656 affect the file mode, like fsGroup, 8657 and the result can be other mode 8658 bits set.' 8659 format: int32 8660 type: integer 8661 path: 8662 description: path is the relative 8663 path of the file to map the key 8664 to. May not be an absolute path. 8665 May not contain the path element 8666 '..'. May not start with the string 8667 '..'. 8668 type: string 8669 required: 8670 - key 8671 - path 8672 type: object 8673 type: array 8674 name: 8675 description: 'Name of the referent. More 8676 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8677 TODO: Add other useful fields. apiVersion, 8678 kind, uid?' 8679 type: string 8680 optional: 8681 description: optional specify whether 8682 the ConfigMap or its keys must be defined 8683 type: boolean 8684 type: object 8685 x-kubernetes-map-type: atomic 8686 downwardAPI: 8687 description: downwardAPI information about 8688 the downwardAPI data to project 8689 properties: 8690 items: 8691 description: Items is a list of DownwardAPIVolume 8692 file 8693 items: 8694 description: DownwardAPIVolumeFile represents 8695 information to create the file containing 8696 the pod field 8697 properties: 8698 fieldRef: 8699 description: 'Required: Selects 8700 a field of the pod: only annotations, 8701 labels, name and namespace are 8702 supported.' 8703 properties: 8704 apiVersion: 8705 description: Version of the 8706 schema the FieldPath is written 8707 in terms of, defaults to "v1". 8708 type: string 8709 fieldPath: 8710 description: Path of the field 8711 to select in the specified 8712 API version. 8713 type: string 8714 required: 8715 - fieldPath 8716 type: object 8717 x-kubernetes-map-type: atomic 8718 mode: 8719 description: 'Optional: mode bits 8720 used to set permissions on this 8721 file, must be an octal value between 8722 0000 and 0777 or a decimal value 8723 between 0 and 511. YAML accepts 8724 both octal and decimal values, 8725 JSON requires decimal values for 8726 mode bits. If not specified, the 8727 volume defaultMode will be used. 8728 This might be in conflict with 8729 other options that affect the 8730 file mode, like fsGroup, and the 8731 result can be other mode bits 8732 set.' 8733 format: int32 8734 type: integer 8735 path: 8736 description: 'Required: Path is the 8737 relative path name of the file 8738 to be created. Must not be absolute 8739 or contain the ''..'' path. Must 8740 be utf-8 encoded. The first item 8741 of the relative path must not 8742 start with ''..''' 8743 type: string 8744 resourceFieldRef: 8745 description: 'Selects a resource 8746 of the container: only resources 8747 limits and requests (limits.cpu, 8748 limits.memory, requests.cpu and 8749 requests.memory) are currently 8750 supported.' 8751 properties: 8752 containerName: 8753 description: 'Container name: 8754 required for volumes, optional 8755 for env vars' 8756 type: string 8757 divisor: 8758 anyOf: 8759 - type: integer 8760 - type: string 8761 description: Specifies the output 8762 format of the exposed resources, 8763 defaults to "1" 8764 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8765 x-kubernetes-int-or-string: true 8766 resource: 8767 description: 'Required: resource 8768 to select' 8769 type: string 8770 required: 8771 - resource 8772 type: object 8773 x-kubernetes-map-type: atomic 8774 required: 8775 - path 8776 type: object 8777 type: array 8778 type: object 8779 secret: 8780 description: secret information about the 8781 secret data to project 8782 properties: 8783 items: 8784 description: items if unspecified, each 8785 key-value pair in the Data field of 8786 the referenced Secret will be projected 8787 into the volume as a file whose name 8788 is the key and content is the value. 8789 If specified, the listed keys will be 8790 projected into the specified paths, 8791 and unlisted keys will not be present. 8792 If a key is specified which is not present 8793 in the Secret, the volume setup will 8794 error unless it is marked optional. 8795 Paths must be relative and may not contain 8796 the '..' path or start with '..'. 8797 items: 8798 description: Maps a string key to a 8799 path within a volume. 8800 properties: 8801 key: 8802 description: key is the key to project. 8803 type: string 8804 mode: 8805 description: 'mode is Optional: 8806 mode bits used to set permissions 8807 on this file. Must be an octal 8808 value between 0000 and 0777 or 8809 a decimal value between 0 and 8810 511. YAML accepts both octal and 8811 decimal values, JSON requires 8812 decimal values for mode bits. 8813 If not specified, the volume defaultMode 8814 will be used. This might be in 8815 conflict with other options that 8816 affect the file mode, like fsGroup, 8817 and the result can be other mode 8818 bits set.' 8819 format: int32 8820 type: integer 8821 path: 8822 description: path is the relative 8823 path of the file to map the key 8824 to. May not be an absolute path. 8825 May not contain the path element 8826 '..'. May not start with the string 8827 '..'. 8828 type: string 8829 required: 8830 - key 8831 - path 8832 type: object 8833 type: array 8834 name: 8835 description: 'Name of the referent. More 8836 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8837 TODO: Add other useful fields. apiVersion, 8838 kind, uid?' 8839 type: string 8840 optional: 8841 description: optional field specify whether 8842 the Secret or its key must be defined 8843 type: boolean 8844 type: object 8845 x-kubernetes-map-type: atomic 8846 serviceAccountToken: 8847 description: serviceAccountToken is information 8848 about the serviceAccountToken data to project 8849 properties: 8850 audience: 8851 description: audience is the intended 8852 audience of the token. A recipient of 8853 a token must identify itself with an 8854 identifier specified in the audience 8855 of the token, and otherwise should reject 8856 the token. The audience defaults to 8857 the identifier of the apiserver. 8858 type: string 8859 expirationSeconds: 8860 description: expirationSeconds is the 8861 requested duration of validity of the 8862 service account token. As the token 8863 approaches expiration, the kubelet volume 8864 plugin will proactively rotate the service 8865 account token. The kubelet will start 8866 trying to rotate the token if the token 8867 is older than 80 percent of its time 8868 to live or if the token is older than 8869 24 hours.Defaults to 1 hour and must 8870 be at least 10 minutes. 8871 format: int64 8872 type: integer 8873 path: 8874 description: path is the path relative 8875 to the mount point of the file to project 8876 the token into. 8877 type: string 8878 required: 8879 - path 8880 type: object 8881 type: object 8882 type: array 8883 type: object 8884 quobyte: 8885 description: quobyte represents a Quobyte mount on the 8886 host that shares a pod's lifetime 8887 properties: 8888 group: 8889 description: group to map volume access to Default 8890 is no group 8891 type: string 8892 readOnly: 8893 description: readOnly here will force the Quobyte 8894 volume to be mounted with read-only permissions. 8895 Defaults to false. 8896 type: boolean 8897 registry: 8898 description: registry represents a single or multiple 8899 Quobyte Registry services specified as a string 8900 as host:port pair (multiple entries are separated 8901 with commas) which acts as the central registry 8902 for volumes 8903 type: string 8904 tenant: 8905 description: tenant owning the given Quobyte volume 8906 in the Backend Used with dynamically provisioned 8907 Quobyte volumes, value is set by the plugin 8908 type: string 8909 user: 8910 description: user to map volume access to Defaults 8911 to serivceaccount user 8912 type: string 8913 volume: 8914 description: volume is a string that references 8915 an already created Quobyte volume by name. 8916 type: string 8917 required: 8918 - registry 8919 - volume 8920 type: object 8921 rbd: 8922 description: 'rbd represents a Rados Block Device mount 8923 on the host that shares a pod''s lifetime. More info: 8924 https://examples.k8s.io/volumes/rbd/README.md' 8925 properties: 8926 fsType: 8927 description: 'fsType is the filesystem type of the 8928 volume that you want to mount. Tip: Ensure that 8929 the filesystem type is supported by the host operating 8930 system. Examples: "ext4", "xfs", "ntfs". Implicitly 8931 inferred to be "ext4" if unspecified. More info: 8932 https://kubernetes.io/docs/concepts/storage/volumes#rbd 8933 TODO: how do we prevent errors in the filesystem 8934 from compromising the machine' 8935 type: string 8936 image: 8937 description: 'image is the rados image name. More 8938 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8939 type: string 8940 keyring: 8941 description: 'keyring is the path to key ring for 8942 RBDUser. Default is /etc/ceph/keyring. More info: 8943 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8944 type: string 8945 monitors: 8946 description: 'monitors is a collection of Ceph monitors. 8947 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8948 items: 8949 type: string 8950 type: array 8951 pool: 8952 description: 'pool is the rados pool name. Default 8953 is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8954 type: string 8955 readOnly: 8956 description: 'readOnly here will force the ReadOnly 8957 setting in VolumeMounts. Defaults to false. More 8958 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8959 type: boolean 8960 secretRef: 8961 description: 'secretRef is name of the authentication 8962 secret for RBDUser. If provided overrides keyring. 8963 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8964 properties: 8965 name: 8966 description: 'Name of the referent. More info: 8967 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8968 TODO: Add other useful fields. apiVersion, 8969 kind, uid?' 8970 type: string 8971 type: object 8972 x-kubernetes-map-type: atomic 8973 user: 8974 description: 'user is the rados user name. Default 8975 is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8976 type: string 8977 required: 8978 - image 8979 - monitors 8980 type: object 8981 scaleIO: 8982 description: scaleIO represents a ScaleIO persistent 8983 volume attached and mounted on Kubernetes nodes. 8984 properties: 8985 fsType: 8986 description: fsType is the filesystem type to mount. 8987 Must be a filesystem type supported by the host 8988 operating system. Ex. "ext4", "xfs", "ntfs". Default 8989 is "xfs". 8990 type: string 8991 gateway: 8992 description: gateway is the host address of the 8993 ScaleIO API Gateway. 8994 type: string 8995 protectionDomain: 8996 description: protectionDomain is the name of the 8997 ScaleIO Protection Domain for the configured storage. 8998 type: string 8999 readOnly: 9000 description: readOnly Defaults to false (read/write). 9001 ReadOnly here will force the ReadOnly setting 9002 in VolumeMounts. 9003 type: boolean 9004 secretRef: 9005 description: secretRef references to the secret 9006 for ScaleIO user and other sensitive information. 9007 If this is not provided, Login operation will 9008 fail. 9009 properties: 9010 name: 9011 description: 'Name of the referent. More info: 9012 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9013 TODO: Add other useful fields. apiVersion, 9014 kind, uid?' 9015 type: string 9016 type: object 9017 x-kubernetes-map-type: atomic 9018 sslEnabled: 9019 description: sslEnabled Flag enable/disable SSL 9020 communication with Gateway, default false 9021 type: boolean 9022 storageMode: 9023 description: storageMode indicates whether the storage 9024 for a volume should be ThickProvisioned or ThinProvisioned. 9025 Default is ThinProvisioned. 9026 type: string 9027 storagePool: 9028 description: storagePool is the ScaleIO Storage 9029 Pool associated with the protection domain. 9030 type: string 9031 system: 9032 description: system is the name of the storage system 9033 as configured in ScaleIO. 9034 type: string 9035 volumeName: 9036 description: volumeName is the name of a volume 9037 already created in the ScaleIO system that is 9038 associated with this volume source. 9039 type: string 9040 required: 9041 - gateway 9042 - secretRef 9043 - system 9044 type: object 9045 secret: 9046 description: 'secret represents a secret that should 9047 populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 9048 properties: 9049 defaultMode: 9050 description: 'defaultMode is Optional: mode bits 9051 used to set permissions on created files by default. 9052 Must be an octal value between 0000 and 0777 or 9053 a decimal value between 0 and 511. YAML accepts 9054 both octal and decimal values, JSON requires decimal 9055 values for mode bits. Defaults to 0644. Directories 9056 within the path are not affected by this setting. 9057 This might be in conflict with other options that 9058 affect the file mode, like fsGroup, and the result 9059 can be other mode bits set.' 9060 format: int32 9061 type: integer 9062 items: 9063 description: items If unspecified, each key-value 9064 pair in the Data field of the referenced Secret 9065 will be projected into the volume as a file whose 9066 name is the key and content is the value. If specified, 9067 the listed keys will be projected into the specified 9068 paths, and unlisted keys will not be present. 9069 If a key is specified which is not present in 9070 the Secret, the volume setup will error unless 9071 it is marked optional. Paths must be relative 9072 and may not contain the '..' path or start with 9073 '..'. 9074 items: 9075 description: Maps a string key to a path within 9076 a volume. 9077 properties: 9078 key: 9079 description: key is the key to project. 9080 type: string 9081 mode: 9082 description: 'mode is Optional: mode bits 9083 used to set permissions on this file. Must 9084 be an octal value between 0000 and 0777 9085 or a decimal value between 0 and 511. YAML 9086 accepts both octal and decimal values, JSON 9087 requires decimal values for mode bits. If 9088 not specified, the volume defaultMode will 9089 be used. This might be in conflict with 9090 other options that affect the file mode, 9091 like fsGroup, and the result can be other 9092 mode bits set.' 9093 format: int32 9094 type: integer 9095 path: 9096 description: path is the relative path of 9097 the file to map the key to. May not be an 9098 absolute path. May not contain the path 9099 element '..'. May not start with the string 9100 '..'. 9101 type: string 9102 required: 9103 - key 9104 - path 9105 type: object 9106 type: array 9107 optional: 9108 description: optional field specify whether the 9109 Secret or its keys must be defined 9110 type: boolean 9111 secretName: 9112 description: 'secretName is the name of the secret 9113 in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 9114 type: string 9115 type: object 9116 storageos: 9117 description: storageOS represents a StorageOS volume 9118 attached and mounted on Kubernetes nodes. 9119 properties: 9120 fsType: 9121 description: fsType is the filesystem type to mount. 9122 Must be a filesystem type supported by the host 9123 operating system. Ex. "ext4", "xfs", "ntfs". Implicitly 9124 inferred to be "ext4" if unspecified. 9125 type: string 9126 readOnly: 9127 description: readOnly defaults to false (read/write). 9128 ReadOnly here will force the ReadOnly setting 9129 in VolumeMounts. 9130 type: boolean 9131 secretRef: 9132 description: secretRef specifies the secret to use 9133 for obtaining the StorageOS API credentials. If 9134 not specified, default values will be attempted. 9135 properties: 9136 name: 9137 description: 'Name of the referent. More info: 9138 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9139 TODO: Add other useful fields. apiVersion, 9140 kind, uid?' 9141 type: string 9142 type: object 9143 x-kubernetes-map-type: atomic 9144 volumeName: 9145 description: volumeName is the human-readable name 9146 of the StorageOS volume. Volume names are only 9147 unique within a namespace. 9148 type: string 9149 volumeNamespace: 9150 description: volumeNamespace specifies the scope 9151 of the volume within StorageOS. If no namespace 9152 is specified then the Pod's namespace will be 9153 used. This allows the Kubernetes name scoping 9154 to be mirrored within StorageOS for tighter integration. 9155 Set VolumeName to any name to override the default 9156 behaviour. Set to "default" if you are not using 9157 namespaces within StorageOS. Namespaces that do 9158 not pre-exist within StorageOS will be created. 9159 type: string 9160 type: object 9161 vsphereVolume: 9162 description: vsphereVolume represents a vSphere volume 9163 attached and mounted on kubelets host machine 9164 properties: 9165 fsType: 9166 description: fsType is filesystem type to mount. 9167 Must be a filesystem type supported by the host 9168 operating system. Ex. "ext4", "xfs", "ntfs". Implicitly 9169 inferred to be "ext4" if unspecified. 9170 type: string 9171 storagePolicyID: 9172 description: storagePolicyID is the storage Policy 9173 Based Management (SPBM) profile ID associated 9174 with the StoragePolicyName. 9175 type: string 9176 storagePolicyName: 9177 description: storagePolicyName is the storage Policy 9178 Based Management (SPBM) profile name. 9179 type: string 9180 volumePath: 9181 description: volumePath is the path that identifies 9182 vSphere volume vmdk 9183 type: string 9184 required: 9185 - volumePath 9186 type: object 9187 required: 9188 - name 9189 type: object 9190 type: array 9191 required: 9192 - containers 9193 type: object 9194 type: object 9195 updateStrategy: 9196 description: updateStrategy indicates the StatefulSetUpdateStrategy 9197 that will be employed to update Pods in the RSM when a revision 9198 is made to Template. UpdateStrategy.Type will be set to appsv1.OnDeleteStatefulSetStrategyType 9199 if MemberUpdateStrategy is not nil 9200 properties: 9201 rollingUpdate: 9202 description: RollingUpdate is used to communicate parameters when 9203 Type is RollingUpdateStatefulSetStrategyType. 9204 properties: 9205 maxUnavailable: 9206 anyOf: 9207 - type: integer 9208 - type: string 9209 description: 'The maximum number of pods that can be unavailable 9210 during the update. Value can be an absolute number (ex: 9211 5) or a percentage of desired pods (ex: 10%). Absolute number 9212 is calculated from percentage by rounding up. This can not 9213 be 0. Defaults to 1. This field is alpha-level and is only 9214 honored by servers that enable the MaxUnavailableStatefulSet 9215 feature. The field applies to all pods in the range 0 to 9216 Replicas-1. That means if there is any unavailable pod in 9217 the range 0 to Replicas-1, it will be counted towards MaxUnavailable.' 9218 x-kubernetes-int-or-string: true 9219 partition: 9220 description: Partition indicates the ordinal at which the 9221 StatefulSet should be partitioned for updates. During a 9222 rolling update, all pods from ordinal Replicas-1 to Partition 9223 are updated. All pods from ordinal Partition-1 to 0 remain 9224 untouched. This is helpful in being able to do a canary 9225 based deployment. The default value is 0. 9226 format: int32 9227 type: integer 9228 type: object 9229 type: 9230 description: Type indicates the type of the StatefulSetUpdateStrategy. 9231 Default is RollingUpdate. 9232 type: string 9233 type: object 9234 volumeClaimTemplates: 9235 description: volumeClaimTemplates is a list of claims that pods are 9236 allowed to reference. The ReplicatedStateMachine controller is responsible 9237 for mapping network identities to claims in a way that maintains 9238 the identity of a pod. Every claim in this list must have at least 9239 one matching (by name) volumeMount in one container in the template. 9240 A claim in this list takes precedence over any volumes in the template, 9241 with the same name. 9242 items: 9243 description: PersistentVolumeClaim is a user's request for and claim 9244 to a persistent volume 9245 properties: 9246 apiVersion: 9247 description: 'APIVersion defines the versioned schema of this 9248 representation of an object. Servers should convert recognized 9249 schemas to the latest internal value, and may reject unrecognized 9250 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 9251 type: string 9252 kind: 9253 description: 'Kind is a string value representing the REST resource 9254 this object represents. Servers may infer this from the endpoint 9255 the client submits requests to. Cannot be updated. In CamelCase. 9256 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 9257 type: string 9258 metadata: 9259 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 9260 properties: 9261 annotations: 9262 additionalProperties: 9263 type: string 9264 type: object 9265 finalizers: 9266 items: 9267 type: string 9268 type: array 9269 labels: 9270 additionalProperties: 9271 type: string 9272 type: object 9273 name: 9274 type: string 9275 namespace: 9276 type: string 9277 type: object 9278 spec: 9279 description: 'spec defines the desired characteristics of a 9280 volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 9281 properties: 9282 accessModes: 9283 description: 'accessModes contains the desired access modes 9284 the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 9285 items: 9286 type: string 9287 type: array 9288 dataSource: 9289 description: 'dataSource field can be used to specify either: 9290 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 9291 * An existing PVC (PersistentVolumeClaim) If the provisioner 9292 or an external controller can support the specified data 9293 source, it will create a new volume based on the contents 9294 of the specified data source. When the AnyVolumeDataSource 9295 feature gate is enabled, dataSource contents will be copied 9296 to dataSourceRef, and dataSourceRef contents will be copied 9297 to dataSource when dataSourceRef.namespace is not specified. 9298 If the namespace is specified, then dataSourceRef will 9299 not be copied to dataSource.' 9300 properties: 9301 apiGroup: 9302 description: APIGroup is the group for the resource 9303 being referenced. If APIGroup is not specified, the 9304 specified Kind must be in the core API group. For 9305 any other third-party types, APIGroup is required. 9306 type: string 9307 kind: 9308 description: Kind is the type of resource being referenced 9309 type: string 9310 name: 9311 description: Name is the name of resource being referenced 9312 type: string 9313 required: 9314 - kind 9315 - name 9316 type: object 9317 x-kubernetes-map-type: atomic 9318 dataSourceRef: 9319 description: 'dataSourceRef specifies the object from which 9320 to populate the volume with data, if a non-empty volume 9321 is desired. This may be any object from a non-empty API 9322 group (non core object) or a PersistentVolumeClaim object. 9323 When this field is specified, volume binding will only 9324 succeed if the type of the specified object matches some 9325 installed volume populator or dynamic provisioner. This 9326 field will replace the functionality of the dataSource 9327 field and as such if both fields are non-empty, they must 9328 have the same value. For backwards compatibility, when 9329 namespace isn''t specified in dataSourceRef, both fields 9330 (dataSource and dataSourceRef) will be set to the same 9331 value automatically if one of them is empty and the other 9332 is non-empty. When namespace is specified in dataSourceRef, 9333 dataSource isn''t set to the same value and must be empty. 9334 There are three important differences between dataSource 9335 and dataSourceRef: * While dataSource only allows two 9336 specific types of objects, dataSourceRef allows any non-core 9337 object, as well as PersistentVolumeClaim objects. * While 9338 dataSource ignores disallowed values (dropping them), 9339 dataSourceRef preserves all values, and generates an error 9340 if a disallowed value is specified. * While dataSource 9341 only allows local objects, dataSourceRef allows objects 9342 in any namespaces. (Beta) Using this field requires the 9343 AnyVolumeDataSource feature gate to be enabled. (Alpha) 9344 Using the namespace field of dataSourceRef requires the 9345 CrossNamespaceVolumeDataSource feature gate to be enabled.' 9346 properties: 9347 apiGroup: 9348 description: APIGroup is the group for the resource 9349 being referenced. If APIGroup is not specified, the 9350 specified Kind must be in the core API group. For 9351 any other third-party types, APIGroup is required. 9352 type: string 9353 kind: 9354 description: Kind is the type of resource being referenced 9355 type: string 9356 name: 9357 description: Name is the name of resource being referenced 9358 type: string 9359 namespace: 9360 description: Namespace is the namespace of resource 9361 being referenced Note that when a namespace is specified, 9362 a gateway.networking.k8s.io/ReferenceGrant object 9363 is required in the referent namespace to allow that 9364 namespace's owner to accept the reference. See the 9365 ReferenceGrant documentation for details. (Alpha) 9366 This field requires the CrossNamespaceVolumeDataSource 9367 feature gate to be enabled. 9368 type: string 9369 required: 9370 - kind 9371 - name 9372 type: object 9373 resources: 9374 description: 'resources represents the minimum resources 9375 the volume should have. If RecoverVolumeExpansionFailure 9376 feature is enabled users are allowed to specify resource 9377 requirements that are lower than previous value but must 9378 still be higher than capacity recorded in the status field 9379 of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 9380 properties: 9381 claims: 9382 description: "Claims lists the names of resources, defined 9383 in spec.resourceClaims, that are used by this container. 9384 \n This is an alpha field and requires enabling the 9385 DynamicResourceAllocation feature gate. \n This field 9386 is immutable. It can only be set for containers." 9387 items: 9388 description: ResourceClaim references one entry in 9389 PodSpec.ResourceClaims. 9390 properties: 9391 name: 9392 description: Name must match the name of one entry 9393 in pod.spec.resourceClaims of the Pod where 9394 this field is used. It makes that resource available 9395 inside a container. 9396 type: string 9397 required: 9398 - name 9399 type: object 9400 type: array 9401 x-kubernetes-list-map-keys: 9402 - name 9403 x-kubernetes-list-type: map 9404 limits: 9405 additionalProperties: 9406 anyOf: 9407 - type: integer 9408 - type: string 9409 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9410 x-kubernetes-int-or-string: true 9411 description: 'Limits describes the maximum amount of 9412 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9413 type: object 9414 requests: 9415 additionalProperties: 9416 anyOf: 9417 - type: integer 9418 - type: string 9419 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9420 x-kubernetes-int-or-string: true 9421 description: 'Requests describes the minimum amount 9422 of compute resources required. If Requests is omitted 9423 for a container, it defaults to Limits if that is 9424 explicitly specified, otherwise to an implementation-defined 9425 value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9426 type: object 9427 type: object 9428 selector: 9429 description: selector is a label query over volumes to consider 9430 for binding. 9431 properties: 9432 matchExpressions: 9433 description: matchExpressions is a list of label selector 9434 requirements. The requirements are ANDed. 9435 items: 9436 description: A label selector requirement is a selector 9437 that contains values, a key, and an operator that 9438 relates the key and values. 9439 properties: 9440 key: 9441 description: key is the label key that the selector 9442 applies to. 9443 type: string 9444 operator: 9445 description: operator represents a key's relationship 9446 to a set of values. Valid operators are In, 9447 NotIn, Exists and DoesNotExist. 9448 type: string 9449 values: 9450 description: values is an array of string values. 9451 If the operator is In or NotIn, the values array 9452 must be non-empty. If the operator is Exists 9453 or DoesNotExist, the values array must be empty. 9454 This array is replaced during a strategic merge 9455 patch. 9456 items: 9457 type: string 9458 type: array 9459 required: 9460 - key 9461 - operator 9462 type: object 9463 type: array 9464 matchLabels: 9465 additionalProperties: 9466 type: string 9467 description: matchLabels is a map of {key,value} pairs. 9468 A single {key,value} in the matchLabels map is equivalent 9469 to an element of matchExpressions, whose key field 9470 is "key", the operator is "In", and the values array 9471 contains only "value". The requirements are ANDed. 9472 type: object 9473 type: object 9474 x-kubernetes-map-type: atomic 9475 storageClassName: 9476 description: 'storageClassName is the name of the StorageClass 9477 required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 9478 type: string 9479 volumeMode: 9480 description: volumeMode defines what type of volume is required 9481 by the claim. Value of Filesystem is implied when not 9482 included in claim spec. 9483 type: string 9484 volumeName: 9485 description: volumeName is the binding reference to the 9486 PersistentVolume backing this claim. 9487 type: string 9488 type: object 9489 status: 9490 description: 'status represents the current information/status 9491 of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 9492 properties: 9493 accessModes: 9494 description: 'accessModes contains the actual access modes 9495 the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 9496 items: 9497 type: string 9498 type: array 9499 allocatedResourceStatuses: 9500 additionalProperties: 9501 description: When a controller receives persistentvolume 9502 claim update with ClaimResourceStatus for a resource 9503 that it does not recognizes, then it should ignore that 9504 update and let other controllers handle it. 9505 type: string 9506 description: "allocatedResourceStatuses stores status of 9507 resource being resized for the given PVC. Key names follow 9508 standard Kubernetes label syntax. Valid values are either: 9509 * Un-prefixed keys: - storage - the capacity of the volume. 9510 * Custom resources must use implementation-defined prefixed 9511 names such as \"example.com/my-custom-resource\" Apart 9512 from above values - keys that are unprefixed or have kubernetes.io 9513 prefix are considered reserved and hence may not be used. 9514 \n ClaimResourceStatus can be in any of following states: 9515 - ControllerResizeInProgress: State set when resize controller 9516 starts resizing the volume in control-plane. - ControllerResizeFailed: 9517 State set when resize has failed in resize controller 9518 with a terminal error. - NodeResizePending: State set 9519 when resize controller has finished resizing the volume 9520 but further resizing of volume is needed on the node. 9521 - NodeResizeInProgress: State set when kubelet starts 9522 resizing the volume. - NodeResizeFailed: State set when 9523 resizing has failed in kubelet with a terminal error. 9524 Transient errors don't set NodeResizeFailed. For example: 9525 if expanding a PVC for more capacity - this field can 9526 be one of the following states: - pvc.status.allocatedResourceStatus['storage'] 9527 = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] 9528 = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] 9529 = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] 9530 = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] 9531 = \"NodeResizeFailed\" When this field is not set, it 9532 means that no resize operation is in progress for the 9533 given PVC. \n A controller that receives PVC update with 9534 previously unknown resourceName or ClaimResourceStatus 9535 should ignore the update for the purpose it was designed. 9536 For example - a controller that only is responsible for 9537 resizing capacity of the volume, should ignore PVC updates 9538 that change other valid resources associated with PVC. 9539 \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure 9540 feature." 9541 type: object 9542 x-kubernetes-map-type: granular 9543 allocatedResources: 9544 additionalProperties: 9545 anyOf: 9546 - type: integer 9547 - type: string 9548 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9549 x-kubernetes-int-or-string: true 9550 description: "allocatedResources tracks the resources allocated 9551 to a PVC including its capacity. Key names follow standard 9552 Kubernetes label syntax. Valid values are either: * Un-prefixed 9553 keys: - storage - the capacity of the volume. * Custom 9554 resources must use implementation-defined prefixed names 9555 such as \"example.com/my-custom-resource\" Apart from 9556 above values - keys that are unprefixed or have kubernetes.io 9557 prefix are considered reserved and hence may not be used. 9558 \n Capacity reported here may be larger than the actual 9559 capacity when a volume expansion operation is requested. 9560 For storage quota, the larger value from allocatedResources 9561 and PVC.spec.resources is used. If allocatedResources 9562 is not set, PVC.spec.resources alone is used for quota 9563 calculation. If a volume expansion capacity request is 9564 lowered, allocatedResources is only lowered if there are 9565 no expansion operations in progress and if the actual 9566 volume capacity is equal or lower than the requested capacity. 9567 \n A controller that receives PVC update with previously 9568 unknown resourceName should ignore the update for the 9569 purpose it was designed. For example - a controller that 9570 only is responsible for resizing capacity of the volume, 9571 should ignore PVC updates that change other valid resources 9572 associated with PVC. \n This is an alpha field and requires 9573 enabling RecoverVolumeExpansionFailure feature." 9574 type: object 9575 capacity: 9576 additionalProperties: 9577 anyOf: 9578 - type: integer 9579 - type: string 9580 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9581 x-kubernetes-int-or-string: true 9582 description: capacity represents the actual resources of 9583 the underlying volume. 9584 type: object 9585 conditions: 9586 description: conditions is the current Condition of persistent 9587 volume claim. If underlying persistent volume is being 9588 resized then the Condition will be set to 'ResizeStarted'. 9589 items: 9590 description: PersistentVolumeClaimCondition contains details 9591 about state of pvc 9592 properties: 9593 lastProbeTime: 9594 description: lastProbeTime is the time we probed the 9595 condition. 9596 format: date-time 9597 type: string 9598 lastTransitionTime: 9599 description: lastTransitionTime is the time the condition 9600 transitioned from one status to another. 9601 format: date-time 9602 type: string 9603 message: 9604 description: message is the human-readable message 9605 indicating details about last transition. 9606 type: string 9607 reason: 9608 description: reason is a unique, this should be a 9609 short, machine understandable string that gives 9610 the reason for condition's last transition. If it 9611 reports "ResizeStarted" that means the underlying 9612 persistent volume is being resized. 9613 type: string 9614 status: 9615 type: string 9616 type: 9617 description: PersistentVolumeClaimConditionType is 9618 a valid value of PersistentVolumeClaimCondition.Type 9619 type: string 9620 required: 9621 - status 9622 - type 9623 type: object 9624 type: array 9625 phase: 9626 description: phase represents the current phase of PersistentVolumeClaim. 9627 type: string 9628 type: object 9629 type: object 9630 type: array 9631 required: 9632 - selector 9633 - serviceName 9634 - template 9635 type: object 9636 status: 9637 description: ReplicatedStateMachineStatus defines the observed state of 9638 ReplicatedStateMachine 9639 properties: 9640 availableReplicas: 9641 description: Total number of available pods (ready for at least minReadySeconds) 9642 targeted by this statefulset. 9643 format: int32 9644 type: integer 9645 collisionCount: 9646 description: collisionCount is the count of hash collisions for the 9647 StatefulSet. The StatefulSet controller uses this field as a collision 9648 avoidance mechanism when it needs to create the name for the newest 9649 ControllerRevision. 9650 format: int32 9651 type: integer 9652 conditions: 9653 description: Represents the latest available observations of a statefulset's 9654 current state. 9655 items: 9656 description: StatefulSetCondition describes the state of a statefulset 9657 at a certain point. 9658 properties: 9659 lastTransitionTime: 9660 description: Last time the condition transitioned from one status 9661 to another. 9662 format: date-time 9663 type: string 9664 message: 9665 description: A human readable message indicating details about 9666 the transition. 9667 type: string 9668 reason: 9669 description: The reason for the condition's last transition. 9670 type: string 9671 status: 9672 description: Status of the condition, one of True, False, Unknown. 9673 type: string 9674 type: 9675 description: Type of statefulset condition. 9676 type: string 9677 required: 9678 - status 9679 - type 9680 type: object 9681 type: array 9682 currentGeneration: 9683 description: CurrentGeneration, if not empty, indicates the version 9684 of the RSM used to generate the underlying workload 9685 format: int64 9686 type: integer 9687 currentReplicas: 9688 description: currentReplicas is the number of Pods created by the 9689 StatefulSet controller from the StatefulSet version indicated by 9690 currentRevision. 9691 format: int32 9692 type: integer 9693 currentRevision: 9694 description: currentRevision, if not empty, indicates the version 9695 of the StatefulSet used to generate Pods in the sequence [0,currentReplicas). 9696 type: string 9697 initReplicas: 9698 description: InitReplicas is the number of pods(members) when cluster 9699 first initialized it's set to spec.Replicas at object creation time 9700 and never changes 9701 format: int32 9702 type: integer 9703 membersStatus: 9704 description: members' status. 9705 items: 9706 properties: 9707 podName: 9708 default: Unknown 9709 description: PodName pod name. 9710 type: string 9711 role: 9712 properties: 9713 accessMode: 9714 default: ReadWrite 9715 description: AccessMode, what service this member capable. 9716 enum: 9717 - None 9718 - Readonly 9719 - ReadWrite 9720 type: string 9721 canVote: 9722 default: true 9723 description: CanVote, whether this member has voting rights 9724 type: boolean 9725 isLeader: 9726 default: false 9727 description: IsLeader, whether this member is the leader 9728 type: boolean 9729 name: 9730 default: leader 9731 description: Name, role name. 9732 type: string 9733 required: 9734 - accessMode 9735 - name 9736 type: object 9737 required: 9738 - podName 9739 - role 9740 type: object 9741 type: array 9742 observedGeneration: 9743 description: observedGeneration is the most recent generation observed 9744 for this StatefulSet. It corresponds to the StatefulSet's generation, 9745 which is updated on mutation by the API Server. 9746 format: int64 9747 type: integer 9748 readyInitReplicas: 9749 description: ReadyInitReplicas is the number of pods(members) already 9750 in MembersStatus in the cluster initialization stage will never 9751 change once equals to InitReplicas 9752 format: int32 9753 type: integer 9754 readyReplicas: 9755 description: readyReplicas is the number of pods created for this 9756 StatefulSet with a Ready Condition. 9757 format: int32 9758 type: integer 9759 replicas: 9760 description: replicas is the number of Pods created by the StatefulSet 9761 controller. 9762 format: int32 9763 type: integer 9764 updateRevision: 9765 description: updateRevision, if not empty, indicates the version of 9766 the StatefulSet used to generate Pods in the sequence [replicas-updatedReplicas,replicas) 9767 type: string 9768 updatedReplicas: 9769 description: updatedReplicas is the number of Pods created by the 9770 StatefulSet controller from the StatefulSet version indicated by 9771 updateRevision. 9772 format: int32 9773 type: integer 9774 required: 9775 - initReplicas 9776 - replicas 9777 type: object 9778 type: object 9779 served: true 9780 storage: true 9781 subresources: 9782 status: {}