github.com/argoproj-labs/argocd-operator@v0.10.0/config/crd/bases/argoproj.io_argocds.yaml (about) 1 2 --- 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.6.1 8 creationTimestamp: null 9 name: argocds.argoproj.io 10 spec: 11 group: argoproj.io 12 names: 13 kind: ArgoCD 14 listKind: ArgoCDList 15 plural: argocds 16 singular: argocd 17 scope: Namespaced 18 versions: 19 - deprecated: true 20 deprecationWarning: ArgoCD v1alpha1 version is deprecated and will be converted 21 to v1beta1 automatically. Moving forward, please use v1beta1 as the ArgoCD API 22 version. 23 name: v1alpha1 24 schema: 25 openAPIV3Schema: 26 description: ArgoCD is the Schema for the argocds API 27 properties: 28 apiVersion: 29 description: 'APIVersion defines the versioned schema of this representation 30 of an object. Servers should convert recognized schemas to the latest 31 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 32 type: string 33 kind: 34 description: 'Kind is a string value representing the REST resource this 35 object represents. Servers may infer this from the endpoint the client 36 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 37 type: string 38 metadata: 39 type: object 40 spec: 41 description: ArgoCDSpec defines the desired state of ArgoCD 42 properties: 43 applicationInstanceLabelKey: 44 description: ApplicationInstanceLabelKey is the key name where Argo 45 CD injects the app name as a tracking label. 46 type: string 47 applicationSet: 48 description: ArgoCDApplicationSet defines whether the Argo CD ApplicationSet 49 controller should be installed. 50 properties: 51 env: 52 description: Env lets you specify environment for applicationSet 53 controller pods 54 items: 55 description: EnvVar represents an environment variable present 56 in a Container. 57 properties: 58 name: 59 description: Name of the environment variable. Must be a 60 C_IDENTIFIER. 61 type: string 62 value: 63 description: 'Variable references $(VAR_NAME) are expanded 64 using the previously defined environment variables in 65 the container and any service environment variables. If 66 a variable cannot be resolved, the reference in the input 67 string will be unchanged. Double $$ are reduced to a single 68 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 69 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 70 Escaped references will never be expanded, regardless 71 of whether the variable exists or not. Defaults to "".' 72 type: string 73 valueFrom: 74 description: Source for the environment variable's value. 75 Cannot be used if value is not empty. 76 properties: 77 configMapKeyRef: 78 description: Selects a key of a ConfigMap. 79 properties: 80 key: 81 description: The key to select. 82 type: string 83 name: 84 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 85 TODO: Add other useful fields. apiVersion, kind, 86 uid?' 87 type: string 88 optional: 89 description: Specify whether the ConfigMap or its 90 key must be defined 91 type: boolean 92 required: 93 - key 94 type: object 95 fieldRef: 96 description: 'Selects a field of the pod: supports metadata.name, 97 metadata.namespace, `metadata.labels[''<KEY>'']`, 98 `metadata.annotations[''<KEY>'']`, spec.nodeName, 99 spec.serviceAccountName, status.hostIP, status.podIP, 100 status.podIPs.' 101 properties: 102 apiVersion: 103 description: Version of the schema the FieldPath 104 is written in terms of, defaults to "v1". 105 type: string 106 fieldPath: 107 description: Path of the field to select in the 108 specified API version. 109 type: string 110 required: 111 - fieldPath 112 type: object 113 resourceFieldRef: 114 description: 'Selects a resource of the container: only 115 resources limits and requests (limits.cpu, limits.memory, 116 limits.ephemeral-storage, requests.cpu, requests.memory 117 and requests.ephemeral-storage) are currently supported.' 118 properties: 119 containerName: 120 description: 'Container name: required for volumes, 121 optional for env vars' 122 type: string 123 divisor: 124 anyOf: 125 - type: integer 126 - type: string 127 description: Specifies the output format of the 128 exposed resources, defaults to "1" 129 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 130 x-kubernetes-int-or-string: true 131 resource: 132 description: 'Required: resource to select' 133 type: string 134 required: 135 - resource 136 type: object 137 secretKeyRef: 138 description: Selects a key of a secret in the pod's 139 namespace 140 properties: 141 key: 142 description: The key of the secret to select from. Must 143 be a valid secret key. 144 type: string 145 name: 146 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 147 TODO: Add other useful fields. apiVersion, kind, 148 uid?' 149 type: string 150 optional: 151 description: Specify whether the Secret or its key 152 must be defined 153 type: boolean 154 required: 155 - key 156 type: object 157 type: object 158 required: 159 - name 160 type: object 161 type: array 162 extraCommandArgs: 163 description: ExtraCommandArgs allows users to pass command line 164 arguments to ApplicationSet controller. They get added to default 165 command line arguments provided by the operator. Please note 166 that the command line arguments provided as part of ExtraCommandArgs 167 will not overwrite the default command line arguments. 168 items: 169 type: string 170 type: array 171 image: 172 description: Image is the Argo CD ApplicationSet image (optional) 173 type: string 174 logLevel: 175 description: LogLevel describes the log level that should be used 176 by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel 177 if not set. Valid options are debug,info, error, and warn. 178 type: string 179 resources: 180 description: Resources defines the Compute Resources required 181 by the container for ApplicationSet. 182 properties: 183 claims: 184 description: "Claims lists the names of resources, defined 185 in spec.resourceClaims, that are used by this container. 186 \n This is an alpha field and requires enabling the DynamicResourceAllocation 187 feature gate. \n This field is immutable. It can only be 188 set for containers." 189 items: 190 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 191 properties: 192 name: 193 description: Name must match the name of one entry in 194 pod.spec.resourceClaims of the Pod where this field 195 is used. It makes that resource available inside a 196 container. 197 type: string 198 required: 199 - name 200 type: object 201 type: array 202 x-kubernetes-list-map-keys: 203 - name 204 x-kubernetes-list-type: map 205 limits: 206 additionalProperties: 207 anyOf: 208 - type: integer 209 - type: string 210 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 211 x-kubernetes-int-or-string: true 212 description: 'Limits describes the maximum amount of compute 213 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 214 type: object 215 requests: 216 additionalProperties: 217 anyOf: 218 - type: integer 219 - type: string 220 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 221 x-kubernetes-int-or-string: true 222 description: 'Requests describes the minimum amount of compute 223 resources required. If Requests is omitted for a container, 224 it defaults to Limits if that is explicitly specified, otherwise 225 to an implementation-defined value. Requests cannot exceed 226 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 227 type: object 228 type: object 229 version: 230 description: Version is the Argo CD ApplicationSet image tag. 231 (optional) 232 type: string 233 webhookServer: 234 description: WebhookServerSpec defines the options for the ApplicationSet 235 Webhook Server component. 236 properties: 237 host: 238 description: Host is the hostname to use for Ingress/Route 239 resources. 240 type: string 241 ingress: 242 description: Ingress defines the desired state for an Ingress 243 for the Application set webhook component. 244 properties: 245 annotations: 246 additionalProperties: 247 type: string 248 description: Annotations is the map of annotations to 249 apply to the Ingress. 250 type: object 251 enabled: 252 description: Enabled will toggle the creation of the Ingress. 253 type: boolean 254 ingressClassName: 255 description: IngressClassName for the Ingress resource. 256 type: string 257 path: 258 description: Path used for the Ingress resource. 259 type: string 260 tls: 261 description: TLS configuration. Currently the Ingress 262 only supports a single TLS port, 443. If multiple members 263 of this list specify different hosts, they will be multiplexed 264 on the same port according to the hostname specified 265 through the SNI TLS extension, if the ingress controller 266 fulfilling the ingress supports SNI. 267 items: 268 description: IngressTLS describes the transport layer 269 security associated with an ingress. 270 properties: 271 hosts: 272 description: hosts is a list of hosts included in 273 the TLS certificate. The values in this list must 274 match the name/s used in the tlsSecret. Defaults 275 to the wildcard host setting for the loadbalancer 276 controller fulfilling this Ingress, if left unspecified. 277 items: 278 type: string 279 type: array 280 x-kubernetes-list-type: atomic 281 secretName: 282 description: secretName is the name of the secret 283 used to terminate TLS traffic on port 443. Field 284 is left optional to allow TLS routing based on 285 SNI hostname alone. If the SNI host in a listener 286 conflicts with the "Host" header field used by 287 an IngressRule, the SNI host is used for termination 288 and value of the "Host" header is used for routing. 289 type: string 290 type: object 291 type: array 292 required: 293 - enabled 294 type: object 295 route: 296 description: Route defines the desired state for an OpenShift 297 Route for the Application set webhook component. 298 properties: 299 annotations: 300 additionalProperties: 301 type: string 302 description: Annotations is the map of annotations to 303 use for the Route resource. 304 type: object 305 enabled: 306 description: Enabled will toggle the creation of the OpenShift 307 Route. 308 type: boolean 309 labels: 310 additionalProperties: 311 type: string 312 description: Labels is the map of labels to use for the 313 Route resource 314 type: object 315 path: 316 description: Path the router watches for, to route traffic 317 for to the service. 318 type: string 319 tls: 320 description: TLS provides the ability to configure certificates 321 and termination for the Route. 322 properties: 323 caCertificate: 324 description: caCertificate provides the cert authority 325 certificate contents 326 type: string 327 certificate: 328 description: certificate provides certificate contents 329 type: string 330 destinationCACertificate: 331 description: destinationCACertificate provides the 332 contents of the ca certificate of the final destination. When 333 using reencrypt termination this file should be 334 provided in order to have routers use it for health 335 checks on the secure connection. If this field is 336 not specified, the router may provide its own destination 337 CA and perform hostname validation using the short 338 service name (service.namespace.svc), which allows 339 infrastructure generated certificates to automatically 340 verify. 341 type: string 342 insecureEdgeTerminationPolicy: 343 description: "insecureEdgeTerminationPolicy indicates 344 the desired behavior for insecure connections to 345 a route. While each router may make its own decisions 346 on which ports to expose, this is normally port 347 80. \n * Allow - traffic is sent to the server on 348 the insecure port (default) * Disable - no traffic 349 is allowed on the insecure port. * Redirect - clients 350 are redirected to the secure port." 351 type: string 352 key: 353 description: key provides key file contents 354 type: string 355 termination: 356 description: termination indicates termination type. 357 type: string 358 required: 359 - termination 360 type: object 361 wildcardPolicy: 362 description: WildcardPolicy if any for the route. Currently 363 only 'Subdomain' or 'None' is allowed. 364 type: string 365 required: 366 - enabled 367 type: object 368 type: object 369 type: object 370 banner: 371 description: Banner defines an additional banner to be displayed in 372 Argo CD UI 373 properties: 374 content: 375 description: Content defines the banner message content to display 376 type: string 377 url: 378 description: URL defines an optional URL to be used as banner 379 message link 380 type: string 381 required: 382 - content 383 type: object 384 configManagementPlugins: 385 description: ConfigManagementPlugins is used to specify additional 386 config management plugins. 387 type: string 388 controller: 389 description: Controller defines the Application Controller options 390 for ArgoCD. 391 properties: 392 appSync: 393 description: "AppSync is used to control the sync frequency, by 394 default the ArgoCD controller polls Git every 3m. \n Set this 395 to a duration, e.g. 10m or 600s to control the synchronisation 396 frequency." 397 type: string 398 env: 399 description: Env lets you specify environment for application 400 controller pods 401 items: 402 description: EnvVar represents an environment variable present 403 in a Container. 404 properties: 405 name: 406 description: Name of the environment variable. Must be a 407 C_IDENTIFIER. 408 type: string 409 value: 410 description: 'Variable references $(VAR_NAME) are expanded 411 using the previously defined environment variables in 412 the container and any service environment variables. If 413 a variable cannot be resolved, the reference in the input 414 string will be unchanged. Double $$ are reduced to a single 415 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 416 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 417 Escaped references will never be expanded, regardless 418 of whether the variable exists or not. Defaults to "".' 419 type: string 420 valueFrom: 421 description: Source for the environment variable's value. 422 Cannot be used if value is not empty. 423 properties: 424 configMapKeyRef: 425 description: Selects a key of a ConfigMap. 426 properties: 427 key: 428 description: The key to select. 429 type: string 430 name: 431 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 432 TODO: Add other useful fields. apiVersion, kind, 433 uid?' 434 type: string 435 optional: 436 description: Specify whether the ConfigMap or its 437 key must be defined 438 type: boolean 439 required: 440 - key 441 type: object 442 fieldRef: 443 description: 'Selects a field of the pod: supports metadata.name, 444 metadata.namespace, `metadata.labels[''<KEY>'']`, 445 `metadata.annotations[''<KEY>'']`, spec.nodeName, 446 spec.serviceAccountName, status.hostIP, status.podIP, 447 status.podIPs.' 448 properties: 449 apiVersion: 450 description: Version of the schema the FieldPath 451 is written in terms of, defaults to "v1". 452 type: string 453 fieldPath: 454 description: Path of the field to select in the 455 specified API version. 456 type: string 457 required: 458 - fieldPath 459 type: object 460 resourceFieldRef: 461 description: 'Selects a resource of the container: only 462 resources limits and requests (limits.cpu, limits.memory, 463 limits.ephemeral-storage, requests.cpu, requests.memory 464 and requests.ephemeral-storage) are currently supported.' 465 properties: 466 containerName: 467 description: 'Container name: required for volumes, 468 optional for env vars' 469 type: string 470 divisor: 471 anyOf: 472 - type: integer 473 - type: string 474 description: Specifies the output format of the 475 exposed resources, defaults to "1" 476 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 477 x-kubernetes-int-or-string: true 478 resource: 479 description: 'Required: resource to select' 480 type: string 481 required: 482 - resource 483 type: object 484 secretKeyRef: 485 description: Selects a key of a secret in the pod's 486 namespace 487 properties: 488 key: 489 description: The key of the secret to select from. Must 490 be a valid secret key. 491 type: string 492 name: 493 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 494 TODO: Add other useful fields. apiVersion, kind, 495 uid?' 496 type: string 497 optional: 498 description: Specify whether the Secret or its key 499 must be defined 500 type: boolean 501 required: 502 - key 503 type: object 504 type: object 505 required: 506 - name 507 type: object 508 type: array 509 logFormat: 510 description: LogFormat refers to the log format used by the Application 511 Controller component. Defaults to ArgoCDDefaultLogFormat if 512 not configured. Valid options are text or json. 513 type: string 514 logLevel: 515 description: LogLevel refers to the log level used by the Application 516 Controller component. Defaults to ArgoCDDefaultLogLevel if not 517 configured. Valid options are debug, info, error, and warn. 518 type: string 519 parallelismLimit: 520 description: ParallelismLimit defines the limit for parallel kubectl 521 operations 522 format: int32 523 type: integer 524 processors: 525 description: Processors contains the options for the Application 526 Controller processors. 527 properties: 528 operation: 529 description: Operation is the number of application operation 530 processors. 531 format: int32 532 type: integer 533 status: 534 description: Status is the number of application status processors. 535 format: int32 536 type: integer 537 type: object 538 resources: 539 description: Resources defines the Compute Resources required 540 by the container for the Application Controller. 541 properties: 542 claims: 543 description: "Claims lists the names of resources, defined 544 in spec.resourceClaims, that are used by this container. 545 \n This is an alpha field and requires enabling the DynamicResourceAllocation 546 feature gate. \n This field is immutable. It can only be 547 set for containers." 548 items: 549 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 550 properties: 551 name: 552 description: Name must match the name of one entry in 553 pod.spec.resourceClaims of the Pod where this field 554 is used. It makes that resource available inside a 555 container. 556 type: string 557 required: 558 - name 559 type: object 560 type: array 561 x-kubernetes-list-map-keys: 562 - name 563 x-kubernetes-list-type: map 564 limits: 565 additionalProperties: 566 anyOf: 567 - type: integer 568 - type: string 569 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 570 x-kubernetes-int-or-string: true 571 description: 'Limits describes the maximum amount of compute 572 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 573 type: object 574 requests: 575 additionalProperties: 576 anyOf: 577 - type: integer 578 - type: string 579 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 580 x-kubernetes-int-or-string: true 581 description: 'Requests describes the minimum amount of compute 582 resources required. If Requests is omitted for a container, 583 it defaults to Limits if that is explicitly specified, otherwise 584 to an implementation-defined value. Requests cannot exceed 585 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 586 type: object 587 type: object 588 sharding: 589 description: Sharding contains the options for the Application 590 Controller sharding configuration. 591 properties: 592 clustersPerShard: 593 description: ClustersPerShard defines the maximum number of 594 clusters managed by each argocd shard 595 format: int32 596 minimum: 1 597 type: integer 598 dynamicScalingEnabled: 599 description: DynamicScalingEnabled defines whether dynamic 600 scaling should be enabled for Application Controller component 601 type: boolean 602 enabled: 603 description: Enabled defines whether sharding should be enabled 604 on the Application Controller component. 605 type: boolean 606 maxShards: 607 description: MaxShards defines the maximum number of shards 608 at any given point 609 format: int32 610 type: integer 611 minShards: 612 description: MinShards defines the minimum number of shards 613 at any given point 614 format: int32 615 minimum: 1 616 type: integer 617 replicas: 618 description: Replicas defines the number of replicas to run 619 in the Application controller shard. 620 format: int32 621 type: integer 622 type: object 623 type: object 624 dex: 625 description: Deprecated field. Support dropped in v1beta1 version. 626 Dex defines the Dex server options for ArgoCD. 627 properties: 628 config: 629 description: Config is the dex connector configuration. 630 type: string 631 groups: 632 description: Optional list of required groups a user must be a 633 member of 634 items: 635 type: string 636 type: array 637 image: 638 description: Image is the Dex container image. 639 type: string 640 openShiftOAuth: 641 description: OpenShiftOAuth enables OpenShift OAuth authentication 642 for the Dex server. 643 type: boolean 644 resources: 645 description: Resources defines the Compute Resources required 646 by the container for Dex. 647 properties: 648 claims: 649 description: "Claims lists the names of resources, defined 650 in spec.resourceClaims, that are used by this container. 651 \n This is an alpha field and requires enabling the DynamicResourceAllocation 652 feature gate. \n This field is immutable. It can only be 653 set for containers." 654 items: 655 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 656 properties: 657 name: 658 description: Name must match the name of one entry in 659 pod.spec.resourceClaims of the Pod where this field 660 is used. It makes that resource available inside a 661 container. 662 type: string 663 required: 664 - name 665 type: object 666 type: array 667 x-kubernetes-list-map-keys: 668 - name 669 x-kubernetes-list-type: map 670 limits: 671 additionalProperties: 672 anyOf: 673 - type: integer 674 - type: string 675 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 676 x-kubernetes-int-or-string: true 677 description: 'Limits describes the maximum amount of compute 678 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 679 type: object 680 requests: 681 additionalProperties: 682 anyOf: 683 - type: integer 684 - type: string 685 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 686 x-kubernetes-int-or-string: true 687 description: 'Requests describes the minimum amount of compute 688 resources required. If Requests is omitted for a container, 689 it defaults to Limits if that is explicitly specified, otherwise 690 to an implementation-defined value. Requests cannot exceed 691 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 692 type: object 693 type: object 694 version: 695 description: Version is the Dex container image tag. 696 type: string 697 type: object 698 disableAdmin: 699 description: DisableAdmin will disable the admin user. 700 type: boolean 701 extraConfig: 702 additionalProperties: 703 type: string 704 description: "ExtraConfig can be used to add fields to Argo CD configmap 705 that are not supported by Argo CD CRD. \n Note: ExtraConfig takes 706 precedence over Argo CD CRD. For example, A user sets `argocd.Spec.DisableAdmin` 707 = true and also `a.Spec.ExtraConfig[\"admin.enabled\"]` = true. 708 In this case, operator updates Argo CD Configmap as follows -> argocd-cm.Data[\"admin.enabled\"] 709 = true." 710 type: object 711 gaAnonymizeUsers: 712 description: GAAnonymizeUsers toggles user IDs being hashed before 713 sending to google analytics. 714 type: boolean 715 gaTrackingID: 716 description: GATrackingID is the google analytics tracking ID to use. 717 type: string 718 grafana: 719 description: 'Deprecated: Grafana defines the Grafana server options 720 for ArgoCD.' 721 properties: 722 enabled: 723 description: Enabled will toggle Grafana support globally for 724 ArgoCD. 725 type: boolean 726 host: 727 description: Host is the hostname to use for Ingress/Route resources. 728 type: string 729 image: 730 description: Image is the Grafana container image. 731 type: string 732 ingress: 733 description: Ingress defines the desired state for an Ingress 734 for the Grafana component. 735 properties: 736 annotations: 737 additionalProperties: 738 type: string 739 description: Annotations is the map of annotations to apply 740 to the Ingress. 741 type: object 742 enabled: 743 description: Enabled will toggle the creation of the Ingress. 744 type: boolean 745 ingressClassName: 746 description: IngressClassName for the Ingress resource. 747 type: string 748 path: 749 description: Path used for the Ingress resource. 750 type: string 751 tls: 752 description: TLS configuration. Currently the Ingress only 753 supports a single TLS port, 443. If multiple members of 754 this list specify different hosts, they will be multiplexed 755 on the same port according to the hostname specified through 756 the SNI TLS extension, if the ingress controller fulfilling 757 the ingress supports SNI. 758 items: 759 description: IngressTLS describes the transport layer security 760 associated with an ingress. 761 properties: 762 hosts: 763 description: hosts is a list of hosts included in the 764 TLS certificate. The values in this list must match 765 the name/s used in the tlsSecret. Defaults to the 766 wildcard host setting for the loadbalancer controller 767 fulfilling this Ingress, if left unspecified. 768 items: 769 type: string 770 type: array 771 x-kubernetes-list-type: atomic 772 secretName: 773 description: secretName is the name of the secret used 774 to terminate TLS traffic on port 443. Field is left 775 optional to allow TLS routing based on SNI hostname 776 alone. If the SNI host in a listener conflicts with 777 the "Host" header field used by an IngressRule, the 778 SNI host is used for termination and value of the 779 "Host" header is used for routing. 780 type: string 781 type: object 782 type: array 783 required: 784 - enabled 785 type: object 786 resources: 787 description: Resources defines the Compute Resources required 788 by the container for Grafana. 789 properties: 790 claims: 791 description: "Claims lists the names of resources, defined 792 in spec.resourceClaims, that are used by this container. 793 \n This is an alpha field and requires enabling the DynamicResourceAllocation 794 feature gate. \n This field is immutable. It can only be 795 set for containers." 796 items: 797 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 798 properties: 799 name: 800 description: Name must match the name of one entry in 801 pod.spec.resourceClaims of the Pod where this field 802 is used. It makes that resource available inside a 803 container. 804 type: string 805 required: 806 - name 807 type: object 808 type: array 809 x-kubernetes-list-map-keys: 810 - name 811 x-kubernetes-list-type: map 812 limits: 813 additionalProperties: 814 anyOf: 815 - type: integer 816 - type: string 817 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 818 x-kubernetes-int-or-string: true 819 description: 'Limits describes the maximum amount of compute 820 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 821 type: object 822 requests: 823 additionalProperties: 824 anyOf: 825 - type: integer 826 - type: string 827 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 828 x-kubernetes-int-or-string: true 829 description: 'Requests describes the minimum amount of compute 830 resources required. If Requests is omitted for a container, 831 it defaults to Limits if that is explicitly specified, otherwise 832 to an implementation-defined value. Requests cannot exceed 833 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 834 type: object 835 type: object 836 route: 837 description: Route defines the desired state for an OpenShift 838 Route for the Grafana component. 839 properties: 840 annotations: 841 additionalProperties: 842 type: string 843 description: Annotations is the map of annotations to use 844 for the Route resource. 845 type: object 846 enabled: 847 description: Enabled will toggle the creation of the OpenShift 848 Route. 849 type: boolean 850 labels: 851 additionalProperties: 852 type: string 853 description: Labels is the map of labels to use for the Route 854 resource 855 type: object 856 path: 857 description: Path the router watches for, to route traffic 858 for to the service. 859 type: string 860 tls: 861 description: TLS provides the ability to configure certificates 862 and termination for the Route. 863 properties: 864 caCertificate: 865 description: caCertificate provides the cert authority 866 certificate contents 867 type: string 868 certificate: 869 description: certificate provides certificate contents 870 type: string 871 destinationCACertificate: 872 description: destinationCACertificate provides the contents 873 of the ca certificate of the final destination. When 874 using reencrypt termination this file should be provided 875 in order to have routers use it for health checks on 876 the secure connection. If this field is not specified, 877 the router may provide its own destination CA and perform 878 hostname validation using the short service name (service.namespace.svc), 879 which allows infrastructure generated certificates to 880 automatically verify. 881 type: string 882 insecureEdgeTerminationPolicy: 883 description: "insecureEdgeTerminationPolicy indicates 884 the desired behavior for insecure connections to a route. 885 While each router may make its own decisions on which 886 ports to expose, this is normally port 80. \n * Allow 887 - traffic is sent to the server on the insecure port 888 (default) * Disable - no traffic is allowed on the insecure 889 port. * Redirect - clients are redirected to the secure 890 port." 891 type: string 892 key: 893 description: key provides key file contents 894 type: string 895 termination: 896 description: termination indicates termination type. 897 type: string 898 required: 899 - termination 900 type: object 901 wildcardPolicy: 902 description: WildcardPolicy if any for the route. Currently 903 only 'Subdomain' or 'None' is allowed. 904 type: string 905 required: 906 - enabled 907 type: object 908 size: 909 description: Size is the replica count for the Grafana Deployment. 910 format: int32 911 type: integer 912 version: 913 description: Version is the Grafana container image tag. 914 type: string 915 required: 916 - enabled 917 type: object 918 ha: 919 description: HA options for High Availability support for the Redis 920 component. 921 properties: 922 enabled: 923 description: Enabled will toggle HA support globally for Argo 924 CD. 925 type: boolean 926 redisProxyImage: 927 description: RedisProxyImage is the Redis HAProxy container image. 928 type: string 929 redisProxyVersion: 930 description: RedisProxyVersion is the Redis HAProxy container 931 image tag. 932 type: string 933 resources: 934 description: Resources defines the Compute Resources required 935 by the container for HA. 936 properties: 937 claims: 938 description: "Claims lists the names of resources, defined 939 in spec.resourceClaims, that are used by this container. 940 \n This is an alpha field and requires enabling the DynamicResourceAllocation 941 feature gate. \n This field is immutable. It can only be 942 set for containers." 943 items: 944 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 945 properties: 946 name: 947 description: Name must match the name of one entry in 948 pod.spec.resourceClaims of the Pod where this field 949 is used. It makes that resource available inside a 950 container. 951 type: string 952 required: 953 - name 954 type: object 955 type: array 956 x-kubernetes-list-map-keys: 957 - name 958 x-kubernetes-list-type: map 959 limits: 960 additionalProperties: 961 anyOf: 962 - type: integer 963 - type: string 964 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 965 x-kubernetes-int-or-string: true 966 description: 'Limits describes the maximum amount of compute 967 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 968 type: object 969 requests: 970 additionalProperties: 971 anyOf: 972 - type: integer 973 - type: string 974 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 975 x-kubernetes-int-or-string: true 976 description: 'Requests describes the minimum amount of compute 977 resources required. If Requests is omitted for a container, 978 it defaults to Limits if that is explicitly specified, otherwise 979 to an implementation-defined value. Requests cannot exceed 980 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 981 type: object 982 type: object 983 required: 984 - enabled 985 type: object 986 helpChatText: 987 description: HelpChatText is the text for getting chat help, defaults 988 to "Chat now!" 989 type: string 990 helpChatURL: 991 description: HelpChatURL is the URL for getting chat help, this will 992 typically be your Slack channel for support. 993 type: string 994 image: 995 description: Image is the ArgoCD container image for all ArgoCD components. 996 type: string 997 import: 998 description: Import is the import/restore options for ArgoCD. 999 properties: 1000 name: 1001 description: Name of an ArgoCDExport from which to import data. 1002 type: string 1003 namespace: 1004 description: Namespace for the ArgoCDExport, defaults to the same 1005 namespace as the ArgoCD. 1006 type: string 1007 required: 1008 - name 1009 type: object 1010 initialRepositories: 1011 description: InitialRepositories to configure Argo CD with upon creation 1012 of the cluster. 1013 type: string 1014 initialSSHKnownHosts: 1015 description: InitialSSHKnownHosts defines the SSH known hosts data 1016 upon creation of the cluster for connecting Git repositories via 1017 SSH. 1018 properties: 1019 excludedefaulthosts: 1020 description: ExcludeDefaultHosts describes whether you would like 1021 to include the default list of SSH Known Hosts provided by ArgoCD. 1022 type: boolean 1023 keys: 1024 description: Keys describes a custom set of SSH Known Hosts that 1025 you would like to have included in your ArgoCD server. 1026 type: string 1027 type: object 1028 kustomizeBuildOptions: 1029 description: KustomizeBuildOptions is used to specify build options/parameters 1030 to use with `kustomize build`. 1031 type: string 1032 kustomizeVersions: 1033 description: KustomizeVersions is a listing of configured versions 1034 of Kustomize to be made available within ArgoCD. 1035 items: 1036 description: KustomizeVersionSpec is used to specify information 1037 about a kustomize version to be used within ArgoCD. 1038 properties: 1039 path: 1040 description: Path is the path to a configured kustomize version 1041 on the filesystem of your repo server. 1042 type: string 1043 version: 1044 description: Version is a configured kustomize version in the 1045 format of vX.Y.Z 1046 type: string 1047 type: object 1048 type: array 1049 monitoring: 1050 description: Monitoring defines whether workload status monitoring 1051 configuration for this instance. 1052 properties: 1053 enabled: 1054 description: Enabled defines whether workload status monitoring 1055 is enabled for this instance or not 1056 type: boolean 1057 required: 1058 - enabled 1059 type: object 1060 nodePlacement: 1061 description: NodePlacement defines NodeSelectors and Taints for Argo 1062 CD workloads 1063 properties: 1064 nodeSelector: 1065 additionalProperties: 1066 type: string 1067 description: NodeSelector is a field of PodSpec, it is a map of 1068 key value pairs used for node selection 1069 type: object 1070 tolerations: 1071 description: Tolerations allow the pods to schedule onto nodes 1072 with matching taints 1073 items: 1074 description: The pod this Toleration is attached to tolerates 1075 any taint that matches the triple <key,value,effect> using 1076 the matching operator <operator>. 1077 properties: 1078 effect: 1079 description: Effect indicates the taint effect to match. 1080 Empty means match all taint effects. When specified, allowed 1081 values are NoSchedule, PreferNoSchedule and NoExecute. 1082 type: string 1083 key: 1084 description: Key is the taint key that the toleration applies 1085 to. Empty means match all taint keys. If the key is empty, 1086 operator must be Exists; this combination means to match 1087 all values and all keys. 1088 type: string 1089 operator: 1090 description: Operator represents a key's relationship to 1091 the value. Valid operators are Exists and Equal. Defaults 1092 to Equal. Exists is equivalent to wildcard for value, 1093 so that a pod can tolerate all taints of a particular 1094 category. 1095 type: string 1096 tolerationSeconds: 1097 description: TolerationSeconds represents the period of 1098 time the toleration (which must be of effect NoExecute, 1099 otherwise this field is ignored) tolerates the taint. 1100 By default, it is not set, which means tolerate the taint 1101 forever (do not evict). Zero and negative values will 1102 be treated as 0 (evict immediately) by the system. 1103 format: int64 1104 type: integer 1105 value: 1106 description: Value is the taint value the toleration matches 1107 to. If the operator is Exists, the value should be empty, 1108 otherwise just a regular string. 1109 type: string 1110 type: object 1111 type: array 1112 type: object 1113 notifications: 1114 description: Notifications defines whether the Argo CD Notifications 1115 controller should be installed. 1116 properties: 1117 enabled: 1118 description: Enabled defines whether argocd-notifications controller 1119 should be deployed or not 1120 type: boolean 1121 env: 1122 description: Env let you specify environment variables for Notifications 1123 pods 1124 items: 1125 description: EnvVar represents an environment variable present 1126 in a Container. 1127 properties: 1128 name: 1129 description: Name of the environment variable. Must be a 1130 C_IDENTIFIER. 1131 type: string 1132 value: 1133 description: 'Variable references $(VAR_NAME) are expanded 1134 using the previously defined environment variables in 1135 the container and any service environment variables. If 1136 a variable cannot be resolved, the reference in the input 1137 string will be unchanged. Double $$ are reduced to a single 1138 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 1139 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 1140 Escaped references will never be expanded, regardless 1141 of whether the variable exists or not. Defaults to "".' 1142 type: string 1143 valueFrom: 1144 description: Source for the environment variable's value. 1145 Cannot be used if value is not empty. 1146 properties: 1147 configMapKeyRef: 1148 description: Selects a key of a ConfigMap. 1149 properties: 1150 key: 1151 description: The key to select. 1152 type: string 1153 name: 1154 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1155 TODO: Add other useful fields. apiVersion, kind, 1156 uid?' 1157 type: string 1158 optional: 1159 description: Specify whether the ConfigMap or its 1160 key must be defined 1161 type: boolean 1162 required: 1163 - key 1164 type: object 1165 fieldRef: 1166 description: 'Selects a field of the pod: supports metadata.name, 1167 metadata.namespace, `metadata.labels[''<KEY>'']`, 1168 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1169 spec.serviceAccountName, status.hostIP, status.podIP, 1170 status.podIPs.' 1171 properties: 1172 apiVersion: 1173 description: Version of the schema the FieldPath 1174 is written in terms of, defaults to "v1". 1175 type: string 1176 fieldPath: 1177 description: Path of the field to select in the 1178 specified API version. 1179 type: string 1180 required: 1181 - fieldPath 1182 type: object 1183 resourceFieldRef: 1184 description: 'Selects a resource of the container: only 1185 resources limits and requests (limits.cpu, limits.memory, 1186 limits.ephemeral-storage, requests.cpu, requests.memory 1187 and requests.ephemeral-storage) are currently supported.' 1188 properties: 1189 containerName: 1190 description: 'Container name: required for volumes, 1191 optional for env vars' 1192 type: string 1193 divisor: 1194 anyOf: 1195 - type: integer 1196 - type: string 1197 description: Specifies the output format of the 1198 exposed resources, defaults to "1" 1199 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1200 x-kubernetes-int-or-string: true 1201 resource: 1202 description: 'Required: resource to select' 1203 type: string 1204 required: 1205 - resource 1206 type: object 1207 secretKeyRef: 1208 description: Selects a key of a secret in the pod's 1209 namespace 1210 properties: 1211 key: 1212 description: The key of the secret to select from. Must 1213 be a valid secret key. 1214 type: string 1215 name: 1216 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1217 TODO: Add other useful fields. apiVersion, kind, 1218 uid?' 1219 type: string 1220 optional: 1221 description: Specify whether the Secret or its key 1222 must be defined 1223 type: boolean 1224 required: 1225 - key 1226 type: object 1227 type: object 1228 required: 1229 - name 1230 type: object 1231 type: array 1232 image: 1233 description: Image is the Argo CD Notifications image (optional) 1234 type: string 1235 logLevel: 1236 description: LogLevel describes the log level that should be used 1237 by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel 1238 if not set. Valid options are debug,info, error, and warn. 1239 type: string 1240 replicas: 1241 description: Replicas defines the number of replicas to run for 1242 notifications-controller 1243 format: int32 1244 type: integer 1245 resources: 1246 description: Resources defines the Compute Resources required 1247 by the container for Argo CD Notifications. 1248 properties: 1249 claims: 1250 description: "Claims lists the names of resources, defined 1251 in spec.resourceClaims, that are used by this container. 1252 \n This is an alpha field and requires enabling the DynamicResourceAllocation 1253 feature gate. \n This field is immutable. It can only be 1254 set for containers." 1255 items: 1256 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1257 properties: 1258 name: 1259 description: Name must match the name of one entry in 1260 pod.spec.resourceClaims of the Pod where this field 1261 is used. It makes that resource available inside a 1262 container. 1263 type: string 1264 required: 1265 - name 1266 type: object 1267 type: array 1268 x-kubernetes-list-map-keys: 1269 - name 1270 x-kubernetes-list-type: map 1271 limits: 1272 additionalProperties: 1273 anyOf: 1274 - type: integer 1275 - type: string 1276 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1277 x-kubernetes-int-or-string: true 1278 description: 'Limits describes the maximum amount of compute 1279 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1280 type: object 1281 requests: 1282 additionalProperties: 1283 anyOf: 1284 - type: integer 1285 - type: string 1286 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1287 x-kubernetes-int-or-string: true 1288 description: 'Requests describes the minimum amount of compute 1289 resources required. If Requests is omitted for a container, 1290 it defaults to Limits if that is explicitly specified, otherwise 1291 to an implementation-defined value. Requests cannot exceed 1292 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1293 type: object 1294 type: object 1295 version: 1296 description: Version is the Argo CD Notifications image tag. (optional) 1297 type: string 1298 required: 1299 - enabled 1300 type: object 1301 oidcConfig: 1302 description: OIDCConfig is the OIDC configuration as an alternative 1303 to dex. 1304 type: string 1305 prometheus: 1306 description: Prometheus defines the Prometheus server options for 1307 ArgoCD. 1308 properties: 1309 enabled: 1310 description: Enabled will toggle Prometheus support globally for 1311 ArgoCD. 1312 type: boolean 1313 host: 1314 description: Host is the hostname to use for Ingress/Route resources. 1315 type: string 1316 ingress: 1317 description: Ingress defines the desired state for an Ingress 1318 for the Prometheus component. 1319 properties: 1320 annotations: 1321 additionalProperties: 1322 type: string 1323 description: Annotations is the map of annotations to apply 1324 to the Ingress. 1325 type: object 1326 enabled: 1327 description: Enabled will toggle the creation of the Ingress. 1328 type: boolean 1329 ingressClassName: 1330 description: IngressClassName for the Ingress resource. 1331 type: string 1332 path: 1333 description: Path used for the Ingress resource. 1334 type: string 1335 tls: 1336 description: TLS configuration. Currently the Ingress only 1337 supports a single TLS port, 443. If multiple members of 1338 this list specify different hosts, they will be multiplexed 1339 on the same port according to the hostname specified through 1340 the SNI TLS extension, if the ingress controller fulfilling 1341 the ingress supports SNI. 1342 items: 1343 description: IngressTLS describes the transport layer security 1344 associated with an ingress. 1345 properties: 1346 hosts: 1347 description: hosts is a list of hosts included in the 1348 TLS certificate. The values in this list must match 1349 the name/s used in the tlsSecret. Defaults to the 1350 wildcard host setting for the loadbalancer controller 1351 fulfilling this Ingress, if left unspecified. 1352 items: 1353 type: string 1354 type: array 1355 x-kubernetes-list-type: atomic 1356 secretName: 1357 description: secretName is the name of the secret used 1358 to terminate TLS traffic on port 443. Field is left 1359 optional to allow TLS routing based on SNI hostname 1360 alone. If the SNI host in a listener conflicts with 1361 the "Host" header field used by an IngressRule, the 1362 SNI host is used for termination and value of the 1363 "Host" header is used for routing. 1364 type: string 1365 type: object 1366 type: array 1367 required: 1368 - enabled 1369 type: object 1370 route: 1371 description: Route defines the desired state for an OpenShift 1372 Route for the Prometheus component. 1373 properties: 1374 annotations: 1375 additionalProperties: 1376 type: string 1377 description: Annotations is the map of annotations to use 1378 for the Route resource. 1379 type: object 1380 enabled: 1381 description: Enabled will toggle the creation of the OpenShift 1382 Route. 1383 type: boolean 1384 labels: 1385 additionalProperties: 1386 type: string 1387 description: Labels is the map of labels to use for the Route 1388 resource 1389 type: object 1390 path: 1391 description: Path the router watches for, to route traffic 1392 for to the service. 1393 type: string 1394 tls: 1395 description: TLS provides the ability to configure certificates 1396 and termination for the Route. 1397 properties: 1398 caCertificate: 1399 description: caCertificate provides the cert authority 1400 certificate contents 1401 type: string 1402 certificate: 1403 description: certificate provides certificate contents 1404 type: string 1405 destinationCACertificate: 1406 description: destinationCACertificate provides the contents 1407 of the ca certificate of the final destination. When 1408 using reencrypt termination this file should be provided 1409 in order to have routers use it for health checks on 1410 the secure connection. If this field is not specified, 1411 the router may provide its own destination CA and perform 1412 hostname validation using the short service name (service.namespace.svc), 1413 which allows infrastructure generated certificates to 1414 automatically verify. 1415 type: string 1416 insecureEdgeTerminationPolicy: 1417 description: "insecureEdgeTerminationPolicy indicates 1418 the desired behavior for insecure connections to a route. 1419 While each router may make its own decisions on which 1420 ports to expose, this is normally port 80. \n * Allow 1421 - traffic is sent to the server on the insecure port 1422 (default) * Disable - no traffic is allowed on the insecure 1423 port. * Redirect - clients are redirected to the secure 1424 port." 1425 type: string 1426 key: 1427 description: key provides key file contents 1428 type: string 1429 termination: 1430 description: termination indicates termination type. 1431 type: string 1432 required: 1433 - termination 1434 type: object 1435 wildcardPolicy: 1436 description: WildcardPolicy if any for the route. Currently 1437 only 'Subdomain' or 'None' is allowed. 1438 type: string 1439 required: 1440 - enabled 1441 type: object 1442 size: 1443 description: Size is the replica count for the Prometheus StatefulSet. 1444 format: int32 1445 type: integer 1446 required: 1447 - enabled 1448 type: object 1449 rbac: 1450 description: RBAC defines the RBAC configuration for Argo CD. 1451 properties: 1452 defaultPolicy: 1453 description: DefaultPolicy is the name of the default role which 1454 Argo CD will falls back to, when authorizing API requests (optional). 1455 If omitted or empty, users may be still be able to login, but 1456 will see no apps, projects, etc... 1457 type: string 1458 policy: 1459 description: 'Policy is CSV containing user-defined RBAC policies 1460 and role definitions. Policy rules are in the form: p, subject, 1461 resource, action, object, effect Role definitions and bindings 1462 are in the form: g, subject, inherited-subject See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md 1463 for additional information.' 1464 type: string 1465 policyMatcherMode: 1466 description: PolicyMatcherMode configures the matchers function 1467 mode for casbin. There are two options for this, 'glob' for 1468 glob matcher or 'regex' for regex matcher. 1469 type: string 1470 scopes: 1471 description: 'Scopes controls which OIDC scopes to examine during 1472 rbac enforcement (in addition to `sub` scope). If omitted, defaults 1473 to: ''[groups]''.' 1474 type: string 1475 type: object 1476 redis: 1477 description: Redis defines the Redis server options for ArgoCD. 1478 properties: 1479 autotls: 1480 description: 'AutoTLS specifies the method to use for automatic 1481 TLS configuration for the redis server The value specified here 1482 can currently be: - openshift - Use the OpenShift service CA 1483 to request TLS config' 1484 type: string 1485 disableTLSVerification: 1486 description: DisableTLSVerification defines whether redis server 1487 API should be accessed using strict TLS validation 1488 type: boolean 1489 image: 1490 description: Image is the Redis container image. 1491 type: string 1492 resources: 1493 description: Resources defines the Compute Resources required 1494 by the container for Redis. 1495 properties: 1496 claims: 1497 description: "Claims lists the names of resources, defined 1498 in spec.resourceClaims, that are used by this container. 1499 \n This is an alpha field and requires enabling the DynamicResourceAllocation 1500 feature gate. \n This field is immutable. It can only be 1501 set for containers." 1502 items: 1503 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1504 properties: 1505 name: 1506 description: Name must match the name of one entry in 1507 pod.spec.resourceClaims of the Pod where this field 1508 is used. It makes that resource available inside a 1509 container. 1510 type: string 1511 required: 1512 - name 1513 type: object 1514 type: array 1515 x-kubernetes-list-map-keys: 1516 - name 1517 x-kubernetes-list-type: map 1518 limits: 1519 additionalProperties: 1520 anyOf: 1521 - type: integer 1522 - type: string 1523 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1524 x-kubernetes-int-or-string: true 1525 description: 'Limits describes the maximum amount of compute 1526 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1527 type: object 1528 requests: 1529 additionalProperties: 1530 anyOf: 1531 - type: integer 1532 - type: string 1533 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1534 x-kubernetes-int-or-string: true 1535 description: 'Requests describes the minimum amount of compute 1536 resources required. If Requests is omitted for a container, 1537 it defaults to Limits if that is explicitly specified, otherwise 1538 to an implementation-defined value. Requests cannot exceed 1539 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1540 type: object 1541 type: object 1542 version: 1543 description: Version is the Redis container image tag. 1544 type: string 1545 type: object 1546 repo: 1547 description: Repo defines the repo server options for Argo CD. 1548 properties: 1549 autotls: 1550 description: 'AutoTLS specifies the method to use for automatic 1551 TLS configuration for the repo server The value specified here 1552 can currently be: - openshift - Use the OpenShift service CA 1553 to request TLS config' 1554 type: string 1555 env: 1556 description: Env lets you specify environment for repo server 1557 pods 1558 items: 1559 description: EnvVar represents an environment variable present 1560 in a Container. 1561 properties: 1562 name: 1563 description: Name of the environment variable. Must be a 1564 C_IDENTIFIER. 1565 type: string 1566 value: 1567 description: 'Variable references $(VAR_NAME) are expanded 1568 using the previously defined environment variables in 1569 the container and any service environment variables. If 1570 a variable cannot be resolved, the reference in the input 1571 string will be unchanged. Double $$ are reduced to a single 1572 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 1573 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 1574 Escaped references will never be expanded, regardless 1575 of whether the variable exists or not. Defaults to "".' 1576 type: string 1577 valueFrom: 1578 description: Source for the environment variable's value. 1579 Cannot be used if value is not empty. 1580 properties: 1581 configMapKeyRef: 1582 description: Selects a key of a ConfigMap. 1583 properties: 1584 key: 1585 description: The key to select. 1586 type: string 1587 name: 1588 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1589 TODO: Add other useful fields. apiVersion, kind, 1590 uid?' 1591 type: string 1592 optional: 1593 description: Specify whether the ConfigMap or its 1594 key must be defined 1595 type: boolean 1596 required: 1597 - key 1598 type: object 1599 fieldRef: 1600 description: 'Selects a field of the pod: supports metadata.name, 1601 metadata.namespace, `metadata.labels[''<KEY>'']`, 1602 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1603 spec.serviceAccountName, status.hostIP, status.podIP, 1604 status.podIPs.' 1605 properties: 1606 apiVersion: 1607 description: Version of the schema the FieldPath 1608 is written in terms of, defaults to "v1". 1609 type: string 1610 fieldPath: 1611 description: Path of the field to select in the 1612 specified API version. 1613 type: string 1614 required: 1615 - fieldPath 1616 type: object 1617 resourceFieldRef: 1618 description: 'Selects a resource of the container: only 1619 resources limits and requests (limits.cpu, limits.memory, 1620 limits.ephemeral-storage, requests.cpu, requests.memory 1621 and requests.ephemeral-storage) are currently supported.' 1622 properties: 1623 containerName: 1624 description: 'Container name: required for volumes, 1625 optional for env vars' 1626 type: string 1627 divisor: 1628 anyOf: 1629 - type: integer 1630 - type: string 1631 description: Specifies the output format of the 1632 exposed resources, defaults to "1" 1633 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1634 x-kubernetes-int-or-string: true 1635 resource: 1636 description: 'Required: resource to select' 1637 type: string 1638 required: 1639 - resource 1640 type: object 1641 secretKeyRef: 1642 description: Selects a key of a secret in the pod's 1643 namespace 1644 properties: 1645 key: 1646 description: The key of the secret to select from. Must 1647 be a valid secret key. 1648 type: string 1649 name: 1650 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1651 TODO: Add other useful fields. apiVersion, kind, 1652 uid?' 1653 type: string 1654 optional: 1655 description: Specify whether the Secret or its key 1656 must be defined 1657 type: boolean 1658 required: 1659 - key 1660 type: object 1661 type: object 1662 required: 1663 - name 1664 type: object 1665 type: array 1666 execTimeout: 1667 description: ExecTimeout specifies the timeout in seconds for 1668 tool execution 1669 type: integer 1670 extraRepoCommandArgs: 1671 description: Extra Command arguments allows users to pass command 1672 line arguments to repo server workload. They get added to default 1673 command line arguments provided by the operator. Please note 1674 that the command line arguments provided as part of ExtraRepoCommandArgs 1675 will not overwrite the default command line arguments. 1676 items: 1677 type: string 1678 type: array 1679 image: 1680 description: Image is the ArgoCD Repo Server container image. 1681 type: string 1682 initContainers: 1683 description: InitContainers defines the list of initialization 1684 containers for the repo server deployment 1685 items: 1686 description: A single application container that you want to 1687 run within a pod. 1688 properties: 1689 args: 1690 description: 'Arguments to the entrypoint. The container 1691 image''s CMD is used if this is not provided. Variable 1692 references $(VAR_NAME) are expanded using the container''s 1693 environment. If a variable cannot be resolved, the reference 1694 in the input string will be unchanged. Double $$ are reduced 1695 to a single $, which allows for escaping the $(VAR_NAME) 1696 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 1697 "$(VAR_NAME)". Escaped references will never be expanded, 1698 regardless of whether the variable exists or not. Cannot 1699 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1700 items: 1701 type: string 1702 type: array 1703 command: 1704 description: 'Entrypoint array. Not executed within a shell. 1705 The container image''s ENTRYPOINT is used if this is not 1706 provided. Variable references $(VAR_NAME) are expanded 1707 using the container''s environment. If a variable cannot 1708 be resolved, the reference in the input string will be 1709 unchanged. Double $$ are reduced to a single $, which 1710 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1711 will produce the string literal "$(VAR_NAME)". Escaped 1712 references will never be expanded, regardless of whether 1713 the variable exists or not. Cannot be updated. More info: 1714 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1715 items: 1716 type: string 1717 type: array 1718 env: 1719 description: List of environment variables to set in the 1720 container. Cannot be updated. 1721 items: 1722 description: EnvVar represents an environment variable 1723 present in a Container. 1724 properties: 1725 name: 1726 description: Name of the environment variable. Must 1727 be a C_IDENTIFIER. 1728 type: string 1729 value: 1730 description: 'Variable references $(VAR_NAME) are 1731 expanded using the previously defined environment 1732 variables in the container and any service environment 1733 variables. If a variable cannot be resolved, the 1734 reference in the input string will be unchanged. 1735 Double $$ are reduced to a single $, which allows 1736 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1737 will produce the string literal "$(VAR_NAME)". Escaped 1738 references will never be expanded, regardless of 1739 whether the variable exists or not. Defaults to 1740 "".' 1741 type: string 1742 valueFrom: 1743 description: Source for the environment variable's 1744 value. Cannot be used if value is not empty. 1745 properties: 1746 configMapKeyRef: 1747 description: Selects a key of a ConfigMap. 1748 properties: 1749 key: 1750 description: The key to select. 1751 type: string 1752 name: 1753 description: 'Name of the referent. More info: 1754 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1755 TODO: Add other useful fields. apiVersion, 1756 kind, uid?' 1757 type: string 1758 optional: 1759 description: Specify whether the ConfigMap 1760 or its key must be defined 1761 type: boolean 1762 required: 1763 - key 1764 type: object 1765 fieldRef: 1766 description: 'Selects a field of the pod: supports 1767 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 1768 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1769 spec.serviceAccountName, status.hostIP, status.podIP, 1770 status.podIPs.' 1771 properties: 1772 apiVersion: 1773 description: Version of the schema the FieldPath 1774 is written in terms of, defaults to "v1". 1775 type: string 1776 fieldPath: 1777 description: Path of the field to select in 1778 the specified API version. 1779 type: string 1780 required: 1781 - fieldPath 1782 type: object 1783 resourceFieldRef: 1784 description: 'Selects a resource of the container: 1785 only resources limits and requests (limits.cpu, 1786 limits.memory, limits.ephemeral-storage, requests.cpu, 1787 requests.memory and requests.ephemeral-storage) 1788 are currently supported.' 1789 properties: 1790 containerName: 1791 description: 'Container name: required for 1792 volumes, optional for env vars' 1793 type: string 1794 divisor: 1795 anyOf: 1796 - type: integer 1797 - type: string 1798 description: Specifies the output format of 1799 the exposed resources, defaults to "1" 1800 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1801 x-kubernetes-int-or-string: true 1802 resource: 1803 description: 'Required: resource to select' 1804 type: string 1805 required: 1806 - resource 1807 type: object 1808 secretKeyRef: 1809 description: Selects a key of a secret in the 1810 pod's namespace 1811 properties: 1812 key: 1813 description: The key of the secret to select 1814 from. Must be a valid secret key. 1815 type: string 1816 name: 1817 description: 'Name of the referent. More info: 1818 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1819 TODO: Add other useful fields. apiVersion, 1820 kind, uid?' 1821 type: string 1822 optional: 1823 description: Specify whether the Secret or 1824 its key must be defined 1825 type: boolean 1826 required: 1827 - key 1828 type: object 1829 type: object 1830 required: 1831 - name 1832 type: object 1833 type: array 1834 envFrom: 1835 description: List of sources to populate environment variables 1836 in the container. The keys defined within a source must 1837 be a C_IDENTIFIER. All invalid keys will be reported as 1838 an event when the container is starting. When a key exists 1839 in multiple sources, the value associated with the last 1840 source will take precedence. Values defined by an Env 1841 with a duplicate key will take precedence. Cannot be updated. 1842 items: 1843 description: EnvFromSource represents the source of a 1844 set of ConfigMaps 1845 properties: 1846 configMapRef: 1847 description: The ConfigMap to select from 1848 properties: 1849 name: 1850 description: 'Name of the referent. More info: 1851 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1852 TODO: Add other useful fields. apiVersion, kind, 1853 uid?' 1854 type: string 1855 optional: 1856 description: Specify whether the ConfigMap must 1857 be defined 1858 type: boolean 1859 type: object 1860 prefix: 1861 description: An optional identifier to prepend to 1862 each key in the ConfigMap. Must be a C_IDENTIFIER. 1863 type: string 1864 secretRef: 1865 description: The Secret to select from 1866 properties: 1867 name: 1868 description: 'Name of the referent. More info: 1869 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1870 TODO: Add other useful fields. apiVersion, kind, 1871 uid?' 1872 type: string 1873 optional: 1874 description: Specify whether the Secret must be 1875 defined 1876 type: boolean 1877 type: object 1878 type: object 1879 type: array 1880 image: 1881 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 1882 This field is optional to allow higher level config management 1883 to default or override container images in workload controllers 1884 like Deployments and StatefulSets.' 1885 type: string 1886 imagePullPolicy: 1887 description: 'Image pull policy. One of Always, Never, IfNotPresent. 1888 Defaults to Always if :latest tag is specified, or IfNotPresent 1889 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1890 type: string 1891 lifecycle: 1892 description: Actions that the management system should take 1893 in response to container lifecycle events. Cannot be updated. 1894 properties: 1895 postStart: 1896 description: 'PostStart is called immediately after 1897 a container is created. If the handler fails, the 1898 container is terminated and restarted according to 1899 its restart policy. Other management of the container 1900 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1901 properties: 1902 exec: 1903 description: Exec specifies the action to take. 1904 properties: 1905 command: 1906 description: Command is the command line to 1907 execute inside the container, the working 1908 directory for the command is root ('/') in 1909 the container's filesystem. The command is 1910 simply exec'd, it is not run inside a shell, 1911 so traditional shell instructions ('|', etc) 1912 won't work. To use a shell, you need to explicitly 1913 call out to that shell. Exit status of 0 is 1914 treated as live/healthy and non-zero is unhealthy. 1915 items: 1916 type: string 1917 type: array 1918 type: object 1919 httpGet: 1920 description: HTTPGet specifies the http request 1921 to perform. 1922 properties: 1923 host: 1924 description: Host name to connect to, defaults 1925 to the pod IP. You probably want to set "Host" 1926 in httpHeaders instead. 1927 type: string 1928 httpHeaders: 1929 description: Custom headers to set in the request. 1930 HTTP allows repeated headers. 1931 items: 1932 description: HTTPHeader describes a custom 1933 header to be used in HTTP probes 1934 properties: 1935 name: 1936 description: The header field name. This 1937 will be canonicalized upon output, so 1938 case-variant names will be understood 1939 as the same header. 1940 type: string 1941 value: 1942 description: The header field value 1943 type: string 1944 required: 1945 - name 1946 - value 1947 type: object 1948 type: array 1949 path: 1950 description: Path to access on the HTTP server. 1951 type: string 1952 port: 1953 anyOf: 1954 - type: integer 1955 - type: string 1956 description: Name or number of the port to access 1957 on the container. Number must be in the range 1958 1 to 65535. Name must be an IANA_SVC_NAME. 1959 x-kubernetes-int-or-string: true 1960 scheme: 1961 description: Scheme to use for connecting to 1962 the host. Defaults to HTTP. 1963 type: string 1964 required: 1965 - port 1966 type: object 1967 tcpSocket: 1968 description: Deprecated. TCPSocket is NOT supported 1969 as a LifecycleHandler and kept for the backward 1970 compatibility. There are no validation of this 1971 field and lifecycle hooks will fail in runtime 1972 when tcp handler is specified. 1973 properties: 1974 host: 1975 description: 'Optional: Host name to connect 1976 to, defaults to the pod IP.' 1977 type: string 1978 port: 1979 anyOf: 1980 - type: integer 1981 - type: string 1982 description: Number or name of the port to access 1983 on the container. Number must be in the range 1984 1 to 65535. Name must be an IANA_SVC_NAME. 1985 x-kubernetes-int-or-string: true 1986 required: 1987 - port 1988 type: object 1989 type: object 1990 preStop: 1991 description: 'PreStop is called immediately before a 1992 container is terminated due to an API request or management 1993 event such as liveness/startup probe failure, preemption, 1994 resource contention, etc. The handler is not called 1995 if the container crashes or exits. The Pod''s termination 1996 grace period countdown begins before the PreStop hook 1997 is executed. Regardless of the outcome of the handler, 1998 the container will eventually terminate within the 1999 Pod''s termination grace period (unless delayed by 2000 finalizers). Other management of the container blocks 2001 until the hook completes or until the termination 2002 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2003 properties: 2004 exec: 2005 description: Exec specifies the action to take. 2006 properties: 2007 command: 2008 description: Command is the command line to 2009 execute inside the container, the working 2010 directory for the command is root ('/') in 2011 the container's filesystem. The command is 2012 simply exec'd, it is not run inside a shell, 2013 so traditional shell instructions ('|', etc) 2014 won't work. To use a shell, you need to explicitly 2015 call out to that shell. Exit status of 0 is 2016 treated as live/healthy and non-zero is unhealthy. 2017 items: 2018 type: string 2019 type: array 2020 type: object 2021 httpGet: 2022 description: HTTPGet specifies the http request 2023 to perform. 2024 properties: 2025 host: 2026 description: Host name to connect to, defaults 2027 to the pod IP. You probably want to set "Host" 2028 in httpHeaders instead. 2029 type: string 2030 httpHeaders: 2031 description: Custom headers to set in the request. 2032 HTTP allows repeated headers. 2033 items: 2034 description: HTTPHeader describes a custom 2035 header to be used in HTTP probes 2036 properties: 2037 name: 2038 description: The header field name. This 2039 will be canonicalized upon output, so 2040 case-variant names will be understood 2041 as the same header. 2042 type: string 2043 value: 2044 description: The header field value 2045 type: string 2046 required: 2047 - name 2048 - value 2049 type: object 2050 type: array 2051 path: 2052 description: Path to access on the HTTP server. 2053 type: string 2054 port: 2055 anyOf: 2056 - type: integer 2057 - type: string 2058 description: Name or number of the port to access 2059 on the container. Number must be in the range 2060 1 to 65535. Name must be an IANA_SVC_NAME. 2061 x-kubernetes-int-or-string: true 2062 scheme: 2063 description: Scheme to use for connecting to 2064 the host. Defaults to HTTP. 2065 type: string 2066 required: 2067 - port 2068 type: object 2069 tcpSocket: 2070 description: Deprecated. TCPSocket is NOT supported 2071 as a LifecycleHandler and kept for the backward 2072 compatibility. There are no validation of this 2073 field and lifecycle hooks will fail in runtime 2074 when tcp handler is specified. 2075 properties: 2076 host: 2077 description: 'Optional: Host name to connect 2078 to, defaults to the pod IP.' 2079 type: string 2080 port: 2081 anyOf: 2082 - type: integer 2083 - type: string 2084 description: Number or name of the port to access 2085 on the container. Number must be in the range 2086 1 to 65535. Name must be an IANA_SVC_NAME. 2087 x-kubernetes-int-or-string: true 2088 required: 2089 - port 2090 type: object 2091 type: object 2092 type: object 2093 livenessProbe: 2094 description: 'Periodic probe of container liveness. Container 2095 will be restarted if the probe fails. Cannot be updated. 2096 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2097 properties: 2098 exec: 2099 description: Exec specifies the action to take. 2100 properties: 2101 command: 2102 description: Command is the command line to execute 2103 inside the container, the working directory for 2104 the command is root ('/') in the container's 2105 filesystem. The command is simply exec'd, it is 2106 not run inside a shell, so traditional shell instructions 2107 ('|', etc) won't work. To use a shell, you need 2108 to explicitly call out to that shell. Exit status 2109 of 0 is treated as live/healthy and non-zero is 2110 unhealthy. 2111 items: 2112 type: string 2113 type: array 2114 type: object 2115 failureThreshold: 2116 description: Minimum consecutive failures for the probe 2117 to be considered failed after having succeeded. Defaults 2118 to 3. Minimum value is 1. 2119 format: int32 2120 type: integer 2121 grpc: 2122 description: GRPC specifies an action involving a GRPC 2123 port. 2124 properties: 2125 port: 2126 description: Port number of the gRPC service. Number 2127 must be in the range 1 to 65535. 2128 format: int32 2129 type: integer 2130 service: 2131 description: "Service is the name of the service 2132 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2133 \n If this is not specified, the default behavior 2134 is defined by gRPC." 2135 type: string 2136 required: 2137 - port 2138 type: object 2139 httpGet: 2140 description: HTTPGet specifies the http request to perform. 2141 properties: 2142 host: 2143 description: Host name to connect to, defaults to 2144 the pod IP. You probably want to set "Host" in 2145 httpHeaders instead. 2146 type: string 2147 httpHeaders: 2148 description: Custom headers to set in the request. 2149 HTTP allows repeated headers. 2150 items: 2151 description: HTTPHeader describes a custom header 2152 to be used in HTTP probes 2153 properties: 2154 name: 2155 description: The header field name. This will 2156 be canonicalized upon output, so case-variant 2157 names will be understood as the same header. 2158 type: string 2159 value: 2160 description: The header field value 2161 type: string 2162 required: 2163 - name 2164 - value 2165 type: object 2166 type: array 2167 path: 2168 description: Path to access on the HTTP server. 2169 type: string 2170 port: 2171 anyOf: 2172 - type: integer 2173 - type: string 2174 description: Name or number of the port to access 2175 on the container. Number must be in the range 2176 1 to 65535. Name must be an IANA_SVC_NAME. 2177 x-kubernetes-int-or-string: true 2178 scheme: 2179 description: Scheme to use for connecting to the 2180 host. Defaults to HTTP. 2181 type: string 2182 required: 2183 - port 2184 type: object 2185 initialDelaySeconds: 2186 description: 'Number of seconds after the container 2187 has started before liveness probes are initiated. 2188 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2189 format: int32 2190 type: integer 2191 periodSeconds: 2192 description: How often (in seconds) to perform the probe. 2193 Default to 10 seconds. Minimum value is 1. 2194 format: int32 2195 type: integer 2196 successThreshold: 2197 description: Minimum consecutive successes for the probe 2198 to be considered successful after having failed. Defaults 2199 to 1. Must be 1 for liveness and startup. Minimum 2200 value is 1. 2201 format: int32 2202 type: integer 2203 tcpSocket: 2204 description: TCPSocket specifies an action involving 2205 a TCP port. 2206 properties: 2207 host: 2208 description: 'Optional: Host name to connect to, 2209 defaults to the pod IP.' 2210 type: string 2211 port: 2212 anyOf: 2213 - type: integer 2214 - type: string 2215 description: Number or name of the port to access 2216 on the container. Number must be in the range 2217 1 to 65535. Name must be an IANA_SVC_NAME. 2218 x-kubernetes-int-or-string: true 2219 required: 2220 - port 2221 type: object 2222 terminationGracePeriodSeconds: 2223 description: Optional duration in seconds the pod needs 2224 to terminate gracefully upon probe failure. The grace 2225 period is the duration in seconds after the processes 2226 running in the pod are sent a termination signal and 2227 the time when the processes are forcibly halted with 2228 a kill signal. Set this value longer than the expected 2229 cleanup time for your process. If this value is nil, 2230 the pod's terminationGracePeriodSeconds will be used. 2231 Otherwise, this value overrides the value provided 2232 by the pod spec. Value must be non-negative integer. 2233 The value zero indicates stop immediately via the 2234 kill signal (no opportunity to shut down). This is 2235 a beta field and requires enabling ProbeTerminationGracePeriod 2236 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2237 is used if unset. 2238 format: int64 2239 type: integer 2240 timeoutSeconds: 2241 description: 'Number of seconds after which the probe 2242 times out. Defaults to 1 second. Minimum value is 2243 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2244 format: int32 2245 type: integer 2246 type: object 2247 name: 2248 description: Name of the container specified as a DNS_LABEL. 2249 Each container in a pod must have a unique name (DNS_LABEL). 2250 Cannot be updated. 2251 type: string 2252 ports: 2253 description: List of ports to expose from the container. 2254 Not specifying a port here DOES NOT prevent that port 2255 from being exposed. Any port which is listening on the 2256 default "0.0.0.0" address inside a container will be accessible 2257 from the network. Modifying this array with strategic 2258 merge patch may corrupt the data. For more information 2259 See https://github.com/kubernetes/kubernetes/issues/108255. 2260 Cannot be updated. 2261 items: 2262 description: ContainerPort represents a network port in 2263 a single container. 2264 properties: 2265 containerPort: 2266 description: Number of port to expose on the pod's 2267 IP address. This must be a valid port number, 0 2268 < x < 65536. 2269 format: int32 2270 type: integer 2271 hostIP: 2272 description: What host IP to bind the external port 2273 to. 2274 type: string 2275 hostPort: 2276 description: Number of port to expose on the host. 2277 If specified, this must be a valid port number, 2278 0 < x < 65536. If HostNetwork is specified, this 2279 must match ContainerPort. Most containers do not 2280 need this. 2281 format: int32 2282 type: integer 2283 name: 2284 description: If specified, this must be an IANA_SVC_NAME 2285 and unique within the pod. Each named port in a 2286 pod must have a unique name. Name for the port that 2287 can be referred to by services. 2288 type: string 2289 protocol: 2290 default: TCP 2291 description: Protocol for port. Must be UDP, TCP, 2292 or SCTP. Defaults to "TCP". 2293 type: string 2294 required: 2295 - containerPort 2296 type: object 2297 type: array 2298 x-kubernetes-list-map-keys: 2299 - containerPort 2300 - protocol 2301 x-kubernetes-list-type: map 2302 readinessProbe: 2303 description: 'Periodic probe of container service readiness. 2304 Container will be removed from service endpoints if the 2305 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2306 properties: 2307 exec: 2308 description: Exec specifies the action to take. 2309 properties: 2310 command: 2311 description: Command is the command line to execute 2312 inside the container, the working directory for 2313 the command is root ('/') in the container's 2314 filesystem. The command is simply exec'd, it is 2315 not run inside a shell, so traditional shell instructions 2316 ('|', etc) won't work. To use a shell, you need 2317 to explicitly call out to that shell. Exit status 2318 of 0 is treated as live/healthy and non-zero is 2319 unhealthy. 2320 items: 2321 type: string 2322 type: array 2323 type: object 2324 failureThreshold: 2325 description: Minimum consecutive failures for the probe 2326 to be considered failed after having succeeded. Defaults 2327 to 3. Minimum value is 1. 2328 format: int32 2329 type: integer 2330 grpc: 2331 description: GRPC specifies an action involving a GRPC 2332 port. 2333 properties: 2334 port: 2335 description: Port number of the gRPC service. Number 2336 must be in the range 1 to 65535. 2337 format: int32 2338 type: integer 2339 service: 2340 description: "Service is the name of the service 2341 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2342 \n If this is not specified, the default behavior 2343 is defined by gRPC." 2344 type: string 2345 required: 2346 - port 2347 type: object 2348 httpGet: 2349 description: HTTPGet specifies the http request to perform. 2350 properties: 2351 host: 2352 description: Host name to connect to, defaults to 2353 the pod IP. You probably want to set "Host" in 2354 httpHeaders instead. 2355 type: string 2356 httpHeaders: 2357 description: Custom headers to set in the request. 2358 HTTP allows repeated headers. 2359 items: 2360 description: HTTPHeader describes a custom header 2361 to be used in HTTP probes 2362 properties: 2363 name: 2364 description: The header field name. This will 2365 be canonicalized upon output, so case-variant 2366 names will be understood as the same header. 2367 type: string 2368 value: 2369 description: The header field value 2370 type: string 2371 required: 2372 - name 2373 - value 2374 type: object 2375 type: array 2376 path: 2377 description: Path to access on the HTTP server. 2378 type: string 2379 port: 2380 anyOf: 2381 - type: integer 2382 - type: string 2383 description: Name or number of the port to access 2384 on the container. Number must be in the range 2385 1 to 65535. Name must be an IANA_SVC_NAME. 2386 x-kubernetes-int-or-string: true 2387 scheme: 2388 description: Scheme to use for connecting to the 2389 host. Defaults to HTTP. 2390 type: string 2391 required: 2392 - port 2393 type: object 2394 initialDelaySeconds: 2395 description: 'Number of seconds after the container 2396 has started before liveness probes are initiated. 2397 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2398 format: int32 2399 type: integer 2400 periodSeconds: 2401 description: How often (in seconds) to perform the probe. 2402 Default to 10 seconds. Minimum value is 1. 2403 format: int32 2404 type: integer 2405 successThreshold: 2406 description: Minimum consecutive successes for the probe 2407 to be considered successful after having failed. Defaults 2408 to 1. Must be 1 for liveness and startup. Minimum 2409 value is 1. 2410 format: int32 2411 type: integer 2412 tcpSocket: 2413 description: TCPSocket specifies an action involving 2414 a TCP port. 2415 properties: 2416 host: 2417 description: 'Optional: Host name to connect to, 2418 defaults to the pod IP.' 2419 type: string 2420 port: 2421 anyOf: 2422 - type: integer 2423 - type: string 2424 description: Number or name of the port to access 2425 on the container. Number must be in the range 2426 1 to 65535. Name must be an IANA_SVC_NAME. 2427 x-kubernetes-int-or-string: true 2428 required: 2429 - port 2430 type: object 2431 terminationGracePeriodSeconds: 2432 description: Optional duration in seconds the pod needs 2433 to terminate gracefully upon probe failure. The grace 2434 period is the duration in seconds after the processes 2435 running in the pod are sent a termination signal and 2436 the time when the processes are forcibly halted with 2437 a kill signal. Set this value longer than the expected 2438 cleanup time for your process. If this value is nil, 2439 the pod's terminationGracePeriodSeconds will be used. 2440 Otherwise, this value overrides the value provided 2441 by the pod spec. Value must be non-negative integer. 2442 The value zero indicates stop immediately via the 2443 kill signal (no opportunity to shut down). This is 2444 a beta field and requires enabling ProbeTerminationGracePeriod 2445 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2446 is used if unset. 2447 format: int64 2448 type: integer 2449 timeoutSeconds: 2450 description: 'Number of seconds after which the probe 2451 times out. Defaults to 1 second. Minimum value is 2452 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2453 format: int32 2454 type: integer 2455 type: object 2456 resizePolicy: 2457 description: Resources resize policy for the container. 2458 items: 2459 description: ContainerResizePolicy represents resource 2460 resize policy for the container. 2461 properties: 2462 resourceName: 2463 description: 'Name of the resource to which this resource 2464 resize policy applies. Supported values: cpu, memory.' 2465 type: string 2466 restartPolicy: 2467 description: Restart policy to apply when specified 2468 resource is resized. If not specified, it defaults 2469 to NotRequired. 2470 type: string 2471 required: 2472 - resourceName 2473 - restartPolicy 2474 type: object 2475 type: array 2476 x-kubernetes-list-type: atomic 2477 resources: 2478 description: 'Compute Resources required by this container. 2479 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2480 properties: 2481 claims: 2482 description: "Claims lists the names of resources, defined 2483 in spec.resourceClaims, that are used by this container. 2484 \n This is an alpha field and requires enabling the 2485 DynamicResourceAllocation feature gate. \n This field 2486 is immutable. It can only be set for containers." 2487 items: 2488 description: ResourceClaim references one entry in 2489 PodSpec.ResourceClaims. 2490 properties: 2491 name: 2492 description: Name must match the name of one entry 2493 in pod.spec.resourceClaims of the Pod where 2494 this field is used. It makes that resource available 2495 inside a container. 2496 type: string 2497 required: 2498 - name 2499 type: object 2500 type: array 2501 x-kubernetes-list-map-keys: 2502 - name 2503 x-kubernetes-list-type: map 2504 limits: 2505 additionalProperties: 2506 anyOf: 2507 - type: integer 2508 - type: string 2509 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2510 x-kubernetes-int-or-string: true 2511 description: 'Limits describes the maximum amount of 2512 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2513 type: object 2514 requests: 2515 additionalProperties: 2516 anyOf: 2517 - type: integer 2518 - type: string 2519 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2520 x-kubernetes-int-or-string: true 2521 description: 'Requests describes the minimum amount 2522 of compute resources required. If Requests is omitted 2523 for a container, it defaults to Limits if that is 2524 explicitly specified, otherwise to an implementation-defined 2525 value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2526 type: object 2527 type: object 2528 restartPolicy: 2529 description: 'RestartPolicy defines the restart behavior 2530 of individual containers in a pod. This field may only 2531 be set for init containers, and the only allowed value 2532 is "Always". For non-init containers or when this field 2533 is not specified, the restart behavior is defined by the 2534 Pod''s restart policy and the container type. Setting 2535 the RestartPolicy as "Always" for the init container will 2536 have the following effect: this init container will be 2537 continually restarted on exit until all regular containers 2538 have terminated. Once all regular containers have completed, 2539 all init containers with restartPolicy "Always" will be 2540 shut down. This lifecycle differs from normal init containers 2541 and is often referred to as a "sidecar" container. Although 2542 this init container still starts in the init container 2543 sequence, it does not wait for the container to complete 2544 before proceeding to the next init container. Instead, 2545 the next init container starts immediately after this 2546 init container is started, or after any startupProbe has 2547 successfully completed.' 2548 type: string 2549 securityContext: 2550 description: 'SecurityContext defines the security options 2551 the container should be run with. If set, the fields of 2552 SecurityContext override the equivalent fields of PodSecurityContext. 2553 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2554 properties: 2555 allowPrivilegeEscalation: 2556 description: 'AllowPrivilegeEscalation controls whether 2557 a process can gain more privileges than its parent 2558 process. This bool directly controls if the no_new_privs 2559 flag will be set on the container process. AllowPrivilegeEscalation 2560 is true always when the container is: 1) run as Privileged 2561 2) has CAP_SYS_ADMIN Note that this field cannot be 2562 set when spec.os.name is windows.' 2563 type: boolean 2564 capabilities: 2565 description: The capabilities to add/drop when running 2566 containers. Defaults to the default set of capabilities 2567 granted by the container runtime. Note that this field 2568 cannot be set when spec.os.name is windows. 2569 properties: 2570 add: 2571 description: Added capabilities 2572 items: 2573 description: Capability represent POSIX capabilities 2574 type 2575 type: string 2576 type: array 2577 drop: 2578 description: Removed capabilities 2579 items: 2580 description: Capability represent POSIX capabilities 2581 type 2582 type: string 2583 type: array 2584 type: object 2585 privileged: 2586 description: Run container in privileged mode. Processes 2587 in privileged containers are essentially equivalent 2588 to root on the host. Defaults to false. Note that 2589 this field cannot be set when spec.os.name is windows. 2590 type: boolean 2591 procMount: 2592 description: procMount denotes the type of proc mount 2593 to use for the containers. The default is DefaultProcMount 2594 which uses the container runtime defaults for readonly 2595 paths and masked paths. This requires the ProcMountType 2596 feature flag to be enabled. Note that this field cannot 2597 be set when spec.os.name is windows. 2598 type: string 2599 readOnlyRootFilesystem: 2600 description: Whether this container has a read-only 2601 root filesystem. Default is false. Note that this 2602 field cannot be set when spec.os.name is windows. 2603 type: boolean 2604 runAsGroup: 2605 description: The GID to run the entrypoint of the container 2606 process. Uses runtime default if unset. May also be 2607 set in PodSecurityContext. If set in both SecurityContext 2608 and PodSecurityContext, the value specified in SecurityContext 2609 takes precedence. Note that this field cannot be set 2610 when spec.os.name is windows. 2611 format: int64 2612 type: integer 2613 runAsNonRoot: 2614 description: Indicates that the container must run as 2615 a non-root user. If true, the Kubelet will validate 2616 the image at runtime to ensure that it does not run 2617 as UID 0 (root) and fail to start the container if 2618 it does. If unset or false, no such validation will 2619 be performed. May also be set in PodSecurityContext. If 2620 set in both SecurityContext and PodSecurityContext, 2621 the value specified in SecurityContext takes precedence. 2622 type: boolean 2623 runAsUser: 2624 description: The UID to run the entrypoint of the container 2625 process. Defaults to user specified in image metadata 2626 if unspecified. May also be set in PodSecurityContext. If 2627 set in both SecurityContext and PodSecurityContext, 2628 the value specified in SecurityContext takes precedence. 2629 Note that this field cannot be set when spec.os.name 2630 is windows. 2631 format: int64 2632 type: integer 2633 seLinuxOptions: 2634 description: The SELinux context to be applied to the 2635 container. If unspecified, the container runtime will 2636 allocate a random SELinux context for each container. May 2637 also be set in PodSecurityContext. If set in both 2638 SecurityContext and PodSecurityContext, the value 2639 specified in SecurityContext takes precedence. Note 2640 that this field cannot be set when spec.os.name is 2641 windows. 2642 properties: 2643 level: 2644 description: Level is SELinux level label that applies 2645 to the container. 2646 type: string 2647 role: 2648 description: Role is a SELinux role label that applies 2649 to the container. 2650 type: string 2651 type: 2652 description: Type is a SELinux type label that applies 2653 to the container. 2654 type: string 2655 user: 2656 description: User is a SELinux user label that applies 2657 to the container. 2658 type: string 2659 type: object 2660 seccompProfile: 2661 description: The seccomp options to use by this container. 2662 If seccomp options are provided at both the pod & 2663 container level, the container options override the 2664 pod options. Note that this field cannot be set when 2665 spec.os.name is windows. 2666 properties: 2667 localhostProfile: 2668 description: localhostProfile indicates a profile 2669 defined in a file on the node should be used. 2670 The profile must be preconfigured on the node 2671 to work. Must be a descending path, relative to 2672 the kubelet's configured seccomp profile location. 2673 Must be set if type is "Localhost". Must NOT be 2674 set for any other type. 2675 type: string 2676 type: 2677 description: "type indicates which kind of seccomp 2678 profile will be applied. Valid options are: \n 2679 Localhost - a profile defined in a file on the 2680 node should be used. RuntimeDefault - the container 2681 runtime default profile should be used. Unconfined 2682 - no profile should be applied." 2683 type: string 2684 required: 2685 - type 2686 type: object 2687 windowsOptions: 2688 description: The Windows specific settings applied to 2689 all containers. If unspecified, the options from the 2690 PodSecurityContext will be used. If set in both SecurityContext 2691 and PodSecurityContext, the value specified in SecurityContext 2692 takes precedence. Note that this field cannot be set 2693 when spec.os.name is linux. 2694 properties: 2695 gmsaCredentialSpec: 2696 description: GMSACredentialSpec is where the GMSA 2697 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2698 inlines the contents of the GMSA credential spec 2699 named by the GMSACredentialSpecName field. 2700 type: string 2701 gmsaCredentialSpecName: 2702 description: GMSACredentialSpecName is the name 2703 of the GMSA credential spec to use. 2704 type: string 2705 hostProcess: 2706 description: HostProcess determines if a container 2707 should be run as a 'Host Process' container. All 2708 of a Pod's containers must have the same effective 2709 HostProcess value (it is not allowed to have a 2710 mix of HostProcess containers and non-HostProcess 2711 containers). In addition, if HostProcess is true 2712 then HostNetwork must also be set to true. 2713 type: boolean 2714 runAsUserName: 2715 description: The UserName in Windows to run the 2716 entrypoint of the container process. Defaults 2717 to the user specified in image metadata if unspecified. 2718 May also be set in PodSecurityContext. If set 2719 in both SecurityContext and PodSecurityContext, 2720 the value specified in SecurityContext takes precedence. 2721 type: string 2722 type: object 2723 type: object 2724 startupProbe: 2725 description: 'StartupProbe indicates that the Pod has successfully 2726 initialized. If specified, no other probes are executed 2727 until this completes successfully. If this probe fails, 2728 the Pod will be restarted, just as if the livenessProbe 2729 failed. This can be used to provide different probe parameters 2730 at the beginning of a Pod''s lifecycle, when it might 2731 take a long time to load data or warm a cache, than during 2732 steady-state operation. This cannot be updated. More info: 2733 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2734 properties: 2735 exec: 2736 description: Exec specifies the action to take. 2737 properties: 2738 command: 2739 description: Command is the command line to execute 2740 inside the container, the working directory for 2741 the command is root ('/') in the container's 2742 filesystem. The command is simply exec'd, it is 2743 not run inside a shell, so traditional shell instructions 2744 ('|', etc) won't work. To use a shell, you need 2745 to explicitly call out to that shell. Exit status 2746 of 0 is treated as live/healthy and non-zero is 2747 unhealthy. 2748 items: 2749 type: string 2750 type: array 2751 type: object 2752 failureThreshold: 2753 description: Minimum consecutive failures for the probe 2754 to be considered failed after having succeeded. Defaults 2755 to 3. Minimum value is 1. 2756 format: int32 2757 type: integer 2758 grpc: 2759 description: GRPC specifies an action involving a GRPC 2760 port. 2761 properties: 2762 port: 2763 description: Port number of the gRPC service. Number 2764 must be in the range 1 to 65535. 2765 format: int32 2766 type: integer 2767 service: 2768 description: "Service is the name of the service 2769 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2770 \n If this is not specified, the default behavior 2771 is defined by gRPC." 2772 type: string 2773 required: 2774 - port 2775 type: object 2776 httpGet: 2777 description: HTTPGet specifies the http request to perform. 2778 properties: 2779 host: 2780 description: Host name to connect to, defaults to 2781 the pod IP. You probably want to set "Host" in 2782 httpHeaders instead. 2783 type: string 2784 httpHeaders: 2785 description: Custom headers to set in the request. 2786 HTTP allows repeated headers. 2787 items: 2788 description: HTTPHeader describes a custom header 2789 to be used in HTTP probes 2790 properties: 2791 name: 2792 description: The header field name. This will 2793 be canonicalized upon output, so case-variant 2794 names will be understood as the same header. 2795 type: string 2796 value: 2797 description: The header field value 2798 type: string 2799 required: 2800 - name 2801 - value 2802 type: object 2803 type: array 2804 path: 2805 description: Path to access on the HTTP server. 2806 type: string 2807 port: 2808 anyOf: 2809 - type: integer 2810 - type: string 2811 description: Name or number of the port to access 2812 on the container. Number must be in the range 2813 1 to 65535. Name must be an IANA_SVC_NAME. 2814 x-kubernetes-int-or-string: true 2815 scheme: 2816 description: Scheme to use for connecting to the 2817 host. Defaults to HTTP. 2818 type: string 2819 required: 2820 - port 2821 type: object 2822 initialDelaySeconds: 2823 description: 'Number of seconds after the container 2824 has started before liveness probes are initiated. 2825 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2826 format: int32 2827 type: integer 2828 periodSeconds: 2829 description: How often (in seconds) to perform the probe. 2830 Default to 10 seconds. Minimum value is 1. 2831 format: int32 2832 type: integer 2833 successThreshold: 2834 description: Minimum consecutive successes for the probe 2835 to be considered successful after having failed. Defaults 2836 to 1. Must be 1 for liveness and startup. Minimum 2837 value is 1. 2838 format: int32 2839 type: integer 2840 tcpSocket: 2841 description: TCPSocket specifies an action involving 2842 a TCP port. 2843 properties: 2844 host: 2845 description: 'Optional: Host name to connect to, 2846 defaults to the pod IP.' 2847 type: string 2848 port: 2849 anyOf: 2850 - type: integer 2851 - type: string 2852 description: Number or name of the port to access 2853 on the container. Number must be in the range 2854 1 to 65535. Name must be an IANA_SVC_NAME. 2855 x-kubernetes-int-or-string: true 2856 required: 2857 - port 2858 type: object 2859 terminationGracePeriodSeconds: 2860 description: Optional duration in seconds the pod needs 2861 to terminate gracefully upon probe failure. The grace 2862 period is the duration in seconds after the processes 2863 running in the pod are sent a termination signal and 2864 the time when the processes are forcibly halted with 2865 a kill signal. Set this value longer than the expected 2866 cleanup time for your process. If this value is nil, 2867 the pod's terminationGracePeriodSeconds will be used. 2868 Otherwise, this value overrides the value provided 2869 by the pod spec. Value must be non-negative integer. 2870 The value zero indicates stop immediately via the 2871 kill signal (no opportunity to shut down). This is 2872 a beta field and requires enabling ProbeTerminationGracePeriod 2873 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2874 is used if unset. 2875 format: int64 2876 type: integer 2877 timeoutSeconds: 2878 description: 'Number of seconds after which the probe 2879 times out. Defaults to 1 second. Minimum value is 2880 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2881 format: int32 2882 type: integer 2883 type: object 2884 stdin: 2885 description: Whether this container should allocate a buffer 2886 for stdin in the container runtime. If this is not set, 2887 reads from stdin in the container will always result in 2888 EOF. Default is false. 2889 type: boolean 2890 stdinOnce: 2891 description: Whether the container runtime should close 2892 the stdin channel after it has been opened by a single 2893 attach. When stdin is true the stdin stream will remain 2894 open across multiple attach sessions. If stdinOnce is 2895 set to true, stdin is opened on container start, is empty 2896 until the first client attaches to stdin, and then remains 2897 open and accepts data until the client disconnects, at 2898 which time stdin is closed and remains closed until the 2899 container is restarted. If this flag is false, a container 2900 processes that reads from stdin will never receive an 2901 EOF. Default is false 2902 type: boolean 2903 terminationMessagePath: 2904 description: 'Optional: Path at which the file to which 2905 the container''s termination message will be written is 2906 mounted into the container''s filesystem. Message written 2907 is intended to be brief final status, such as an assertion 2908 failure message. Will be truncated by the node if greater 2909 than 4096 bytes. The total message length across all containers 2910 will be limited to 12kb. Defaults to /dev/termination-log. 2911 Cannot be updated.' 2912 type: string 2913 terminationMessagePolicy: 2914 description: Indicate how the termination message should 2915 be populated. File will use the contents of terminationMessagePath 2916 to populate the container status message on both success 2917 and failure. FallbackToLogsOnError will use the last chunk 2918 of container log output if the termination message file 2919 is empty and the container exited with an error. The log 2920 output is limited to 2048 bytes or 80 lines, whichever 2921 is smaller. Defaults to File. Cannot be updated. 2922 type: string 2923 tty: 2924 description: Whether this container should allocate a TTY 2925 for itself, also requires 'stdin' to be true. Default 2926 is false. 2927 type: boolean 2928 volumeDevices: 2929 description: volumeDevices is the list of block devices 2930 to be used by the container. 2931 items: 2932 description: volumeDevice describes a mapping of a raw 2933 block device within a container. 2934 properties: 2935 devicePath: 2936 description: devicePath is the path inside of the 2937 container that the device will be mapped to. 2938 type: string 2939 name: 2940 description: name must match the name of a persistentVolumeClaim 2941 in the pod 2942 type: string 2943 required: 2944 - devicePath 2945 - name 2946 type: object 2947 type: array 2948 volumeMounts: 2949 description: Pod volumes to mount into the container's filesystem. 2950 Cannot be updated. 2951 items: 2952 description: VolumeMount describes a mounting of a Volume 2953 within a container. 2954 properties: 2955 mountPath: 2956 description: Path within the container at which the 2957 volume should be mounted. Must not contain ':'. 2958 type: string 2959 mountPropagation: 2960 description: mountPropagation determines how mounts 2961 are propagated from the host to container and the 2962 other way around. When not set, MountPropagationNone 2963 is used. This field is beta in 1.10. 2964 type: string 2965 name: 2966 description: This must match the Name of a Volume. 2967 type: string 2968 readOnly: 2969 description: Mounted read-only if true, read-write 2970 otherwise (false or unspecified). Defaults to false. 2971 type: boolean 2972 subPath: 2973 description: Path within the volume from which the 2974 container's volume should be mounted. Defaults to 2975 "" (volume's root). 2976 type: string 2977 subPathExpr: 2978 description: Expanded path within the volume from 2979 which the container's volume should be mounted. 2980 Behaves similarly to SubPath but environment variable 2981 references $(VAR_NAME) are expanded using the container's 2982 environment. Defaults to "" (volume's root). SubPathExpr 2983 and SubPath are mutually exclusive. 2984 type: string 2985 required: 2986 - mountPath 2987 - name 2988 type: object 2989 type: array 2990 workingDir: 2991 description: Container's working directory. If not specified, 2992 the container runtime's default will be used, which might 2993 be configured in the container image. Cannot be updated. 2994 type: string 2995 required: 2996 - name 2997 type: object 2998 type: array 2999 logFormat: 3000 description: LogFormat describes the log format that should be 3001 used by the Repo Server. Defaults to ArgoCDDefaultLogFormat 3002 if not configured. Valid options are text or json. 3003 type: string 3004 logLevel: 3005 description: LogLevel describes the log level that should be used 3006 by the Repo Server. Defaults to ArgoCDDefaultLogLevel if not 3007 set. Valid options are debug, info, error, and warn. 3008 type: string 3009 mountsatoken: 3010 description: MountSAToken describes whether you would like to 3011 have the Repo server mount the service account token 3012 type: boolean 3013 replicas: 3014 description: Replicas defines the number of replicas for argocd-repo-server. 3015 Value should be greater than or equal to 0. Default is nil. 3016 format: int32 3017 type: integer 3018 resources: 3019 description: Resources defines the Compute Resources required 3020 by the container for Redis. 3021 properties: 3022 claims: 3023 description: "Claims lists the names of resources, defined 3024 in spec.resourceClaims, that are used by this container. 3025 \n This is an alpha field and requires enabling the DynamicResourceAllocation 3026 feature gate. \n This field is immutable. It can only be 3027 set for containers." 3028 items: 3029 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 3030 properties: 3031 name: 3032 description: Name must match the name of one entry in 3033 pod.spec.resourceClaims of the Pod where this field 3034 is used. It makes that resource available inside a 3035 container. 3036 type: string 3037 required: 3038 - name 3039 type: object 3040 type: array 3041 x-kubernetes-list-map-keys: 3042 - name 3043 x-kubernetes-list-type: map 3044 limits: 3045 additionalProperties: 3046 anyOf: 3047 - type: integer 3048 - type: string 3049 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3050 x-kubernetes-int-or-string: true 3051 description: 'Limits describes the maximum amount of compute 3052 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3053 type: object 3054 requests: 3055 additionalProperties: 3056 anyOf: 3057 - type: integer 3058 - type: string 3059 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3060 x-kubernetes-int-or-string: true 3061 description: 'Requests describes the minimum amount of compute 3062 resources required. If Requests is omitted for a container, 3063 it defaults to Limits if that is explicitly specified, otherwise 3064 to an implementation-defined value. Requests cannot exceed 3065 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3066 type: object 3067 type: object 3068 serviceaccount: 3069 description: ServiceAccount defines the ServiceAccount user that 3070 you would like the Repo server to use 3071 type: string 3072 sidecarContainers: 3073 description: SidecarContainers defines the list of sidecar containers 3074 for the repo server deployment 3075 items: 3076 description: A single application container that you want to 3077 run within a pod. 3078 properties: 3079 args: 3080 description: 'Arguments to the entrypoint. The container 3081 image''s CMD is used if this is not provided. Variable 3082 references $(VAR_NAME) are expanded using the container''s 3083 environment. If a variable cannot be resolved, the reference 3084 in the input string will be unchanged. Double $$ are reduced 3085 to a single $, which allows for escaping the $(VAR_NAME) 3086 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 3087 "$(VAR_NAME)". Escaped references will never be expanded, 3088 regardless of whether the variable exists or not. Cannot 3089 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 3090 items: 3091 type: string 3092 type: array 3093 command: 3094 description: 'Entrypoint array. Not executed within a shell. 3095 The container image''s ENTRYPOINT is used if this is not 3096 provided. Variable references $(VAR_NAME) are expanded 3097 using the container''s environment. If a variable cannot 3098 be resolved, the reference in the input string will be 3099 unchanged. Double $$ are reduced to a single $, which 3100 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 3101 will produce the string literal "$(VAR_NAME)". Escaped 3102 references will never be expanded, regardless of whether 3103 the variable exists or not. Cannot be updated. More info: 3104 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 3105 items: 3106 type: string 3107 type: array 3108 env: 3109 description: List of environment variables to set in the 3110 container. Cannot be updated. 3111 items: 3112 description: EnvVar represents an environment variable 3113 present in a Container. 3114 properties: 3115 name: 3116 description: Name of the environment variable. Must 3117 be a C_IDENTIFIER. 3118 type: string 3119 value: 3120 description: 'Variable references $(VAR_NAME) are 3121 expanded using the previously defined environment 3122 variables in the container and any service environment 3123 variables. If a variable cannot be resolved, the 3124 reference in the input string will be unchanged. 3125 Double $$ are reduced to a single $, which allows 3126 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 3127 will produce the string literal "$(VAR_NAME)". Escaped 3128 references will never be expanded, regardless of 3129 whether the variable exists or not. Defaults to 3130 "".' 3131 type: string 3132 valueFrom: 3133 description: Source for the environment variable's 3134 value. Cannot be used if value is not empty. 3135 properties: 3136 configMapKeyRef: 3137 description: Selects a key of a ConfigMap. 3138 properties: 3139 key: 3140 description: The key to select. 3141 type: string 3142 name: 3143 description: 'Name of the referent. More info: 3144 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3145 TODO: Add other useful fields. apiVersion, 3146 kind, uid?' 3147 type: string 3148 optional: 3149 description: Specify whether the ConfigMap 3150 or its key must be defined 3151 type: boolean 3152 required: 3153 - key 3154 type: object 3155 fieldRef: 3156 description: 'Selects a field of the pod: supports 3157 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 3158 `metadata.annotations[''<KEY>'']`, spec.nodeName, 3159 spec.serviceAccountName, status.hostIP, status.podIP, 3160 status.podIPs.' 3161 properties: 3162 apiVersion: 3163 description: Version of the schema the FieldPath 3164 is written in terms of, defaults to "v1". 3165 type: string 3166 fieldPath: 3167 description: Path of the field to select in 3168 the specified API version. 3169 type: string 3170 required: 3171 - fieldPath 3172 type: object 3173 resourceFieldRef: 3174 description: 'Selects a resource of the container: 3175 only resources limits and requests (limits.cpu, 3176 limits.memory, limits.ephemeral-storage, requests.cpu, 3177 requests.memory and requests.ephemeral-storage) 3178 are currently supported.' 3179 properties: 3180 containerName: 3181 description: 'Container name: required for 3182 volumes, optional for env vars' 3183 type: string 3184 divisor: 3185 anyOf: 3186 - type: integer 3187 - type: string 3188 description: Specifies the output format of 3189 the exposed resources, defaults to "1" 3190 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3191 x-kubernetes-int-or-string: true 3192 resource: 3193 description: 'Required: resource to select' 3194 type: string 3195 required: 3196 - resource 3197 type: object 3198 secretKeyRef: 3199 description: Selects a key of a secret in the 3200 pod's namespace 3201 properties: 3202 key: 3203 description: The key of the secret to select 3204 from. Must be a valid secret key. 3205 type: string 3206 name: 3207 description: 'Name of the referent. More info: 3208 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3209 TODO: Add other useful fields. apiVersion, 3210 kind, uid?' 3211 type: string 3212 optional: 3213 description: Specify whether the Secret or 3214 its key must be defined 3215 type: boolean 3216 required: 3217 - key 3218 type: object 3219 type: object 3220 required: 3221 - name 3222 type: object 3223 type: array 3224 envFrom: 3225 description: List of sources to populate environment variables 3226 in the container. The keys defined within a source must 3227 be a C_IDENTIFIER. All invalid keys will be reported as 3228 an event when the container is starting. When a key exists 3229 in multiple sources, the value associated with the last 3230 source will take precedence. Values defined by an Env 3231 with a duplicate key will take precedence. Cannot be updated. 3232 items: 3233 description: EnvFromSource represents the source of a 3234 set of ConfigMaps 3235 properties: 3236 configMapRef: 3237 description: The ConfigMap to select from 3238 properties: 3239 name: 3240 description: 'Name of the referent. More info: 3241 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3242 TODO: Add other useful fields. apiVersion, kind, 3243 uid?' 3244 type: string 3245 optional: 3246 description: Specify whether the ConfigMap must 3247 be defined 3248 type: boolean 3249 type: object 3250 prefix: 3251 description: An optional identifier to prepend to 3252 each key in the ConfigMap. Must be a C_IDENTIFIER. 3253 type: string 3254 secretRef: 3255 description: The Secret to select from 3256 properties: 3257 name: 3258 description: 'Name of the referent. More info: 3259 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3260 TODO: Add other useful fields. apiVersion, kind, 3261 uid?' 3262 type: string 3263 optional: 3264 description: Specify whether the Secret must be 3265 defined 3266 type: boolean 3267 type: object 3268 type: object 3269 type: array 3270 image: 3271 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 3272 This field is optional to allow higher level config management 3273 to default or override container images in workload controllers 3274 like Deployments and StatefulSets.' 3275 type: string 3276 imagePullPolicy: 3277 description: 'Image pull policy. One of Always, Never, IfNotPresent. 3278 Defaults to Always if :latest tag is specified, or IfNotPresent 3279 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 3280 type: string 3281 lifecycle: 3282 description: Actions that the management system should take 3283 in response to container lifecycle events. Cannot be updated. 3284 properties: 3285 postStart: 3286 description: 'PostStart is called immediately after 3287 a container is created. If the handler fails, the 3288 container is terminated and restarted according to 3289 its restart policy. Other management of the container 3290 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3291 properties: 3292 exec: 3293 description: Exec specifies the action to take. 3294 properties: 3295 command: 3296 description: Command is the command line to 3297 execute inside the container, the working 3298 directory for the command is root ('/') in 3299 the container's filesystem. The command is 3300 simply exec'd, it is not run inside a shell, 3301 so traditional shell instructions ('|', etc) 3302 won't work. To use a shell, you need to explicitly 3303 call out to that shell. Exit status of 0 is 3304 treated as live/healthy and non-zero is unhealthy. 3305 items: 3306 type: string 3307 type: array 3308 type: object 3309 httpGet: 3310 description: HTTPGet specifies the http request 3311 to perform. 3312 properties: 3313 host: 3314 description: Host name to connect to, defaults 3315 to the pod IP. You probably want to set "Host" 3316 in httpHeaders instead. 3317 type: string 3318 httpHeaders: 3319 description: Custom headers to set in the request. 3320 HTTP allows repeated headers. 3321 items: 3322 description: HTTPHeader describes a custom 3323 header to be used in HTTP probes 3324 properties: 3325 name: 3326 description: The header field name. This 3327 will be canonicalized upon output, so 3328 case-variant names will be understood 3329 as the same header. 3330 type: string 3331 value: 3332 description: The header field value 3333 type: string 3334 required: 3335 - name 3336 - value 3337 type: object 3338 type: array 3339 path: 3340 description: Path to access on the HTTP server. 3341 type: string 3342 port: 3343 anyOf: 3344 - type: integer 3345 - type: string 3346 description: Name or number of the port to access 3347 on the container. Number must be in the range 3348 1 to 65535. Name must be an IANA_SVC_NAME. 3349 x-kubernetes-int-or-string: true 3350 scheme: 3351 description: Scheme to use for connecting to 3352 the host. Defaults to HTTP. 3353 type: string 3354 required: 3355 - port 3356 type: object 3357 tcpSocket: 3358 description: Deprecated. TCPSocket is NOT supported 3359 as a LifecycleHandler and kept for the backward 3360 compatibility. There are no validation of this 3361 field and lifecycle hooks will fail in runtime 3362 when tcp handler is specified. 3363 properties: 3364 host: 3365 description: 'Optional: Host name to connect 3366 to, defaults to the pod IP.' 3367 type: string 3368 port: 3369 anyOf: 3370 - type: integer 3371 - type: string 3372 description: Number or name of the port to access 3373 on the container. Number must be in the range 3374 1 to 65535. Name must be an IANA_SVC_NAME. 3375 x-kubernetes-int-or-string: true 3376 required: 3377 - port 3378 type: object 3379 type: object 3380 preStop: 3381 description: 'PreStop is called immediately before a 3382 container is terminated due to an API request or management 3383 event such as liveness/startup probe failure, preemption, 3384 resource contention, etc. The handler is not called 3385 if the container crashes or exits. The Pod''s termination 3386 grace period countdown begins before the PreStop hook 3387 is executed. Regardless of the outcome of the handler, 3388 the container will eventually terminate within the 3389 Pod''s termination grace period (unless delayed by 3390 finalizers). Other management of the container blocks 3391 until the hook completes or until the termination 3392 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3393 properties: 3394 exec: 3395 description: Exec specifies the action to take. 3396 properties: 3397 command: 3398 description: Command is the command line to 3399 execute inside the container, the working 3400 directory for the command is root ('/') in 3401 the container's filesystem. The command is 3402 simply exec'd, it is not run inside a shell, 3403 so traditional shell instructions ('|', etc) 3404 won't work. To use a shell, you need to explicitly 3405 call out to that shell. Exit status of 0 is 3406 treated as live/healthy and non-zero is unhealthy. 3407 items: 3408 type: string 3409 type: array 3410 type: object 3411 httpGet: 3412 description: HTTPGet specifies the http request 3413 to perform. 3414 properties: 3415 host: 3416 description: Host name to connect to, defaults 3417 to the pod IP. You probably want to set "Host" 3418 in httpHeaders instead. 3419 type: string 3420 httpHeaders: 3421 description: Custom headers to set in the request. 3422 HTTP allows repeated headers. 3423 items: 3424 description: HTTPHeader describes a custom 3425 header to be used in HTTP probes 3426 properties: 3427 name: 3428 description: The header field name. This 3429 will be canonicalized upon output, so 3430 case-variant names will be understood 3431 as the same header. 3432 type: string 3433 value: 3434 description: The header field value 3435 type: string 3436 required: 3437 - name 3438 - value 3439 type: object 3440 type: array 3441 path: 3442 description: Path to access on the HTTP server. 3443 type: string 3444 port: 3445 anyOf: 3446 - type: integer 3447 - type: string 3448 description: Name or number of the port to access 3449 on the container. Number must be in the range 3450 1 to 65535. Name must be an IANA_SVC_NAME. 3451 x-kubernetes-int-or-string: true 3452 scheme: 3453 description: Scheme to use for connecting to 3454 the host. Defaults to HTTP. 3455 type: string 3456 required: 3457 - port 3458 type: object 3459 tcpSocket: 3460 description: Deprecated. TCPSocket is NOT supported 3461 as a LifecycleHandler and kept for the backward 3462 compatibility. There are no validation of this 3463 field and lifecycle hooks will fail in runtime 3464 when tcp handler is specified. 3465 properties: 3466 host: 3467 description: 'Optional: Host name to connect 3468 to, defaults to the pod IP.' 3469 type: string 3470 port: 3471 anyOf: 3472 - type: integer 3473 - type: string 3474 description: Number or name of the port to access 3475 on the container. Number must be in the range 3476 1 to 65535. Name must be an IANA_SVC_NAME. 3477 x-kubernetes-int-or-string: true 3478 required: 3479 - port 3480 type: object 3481 type: object 3482 type: object 3483 livenessProbe: 3484 description: 'Periodic probe of container liveness. Container 3485 will be restarted if the probe fails. Cannot be updated. 3486 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3487 properties: 3488 exec: 3489 description: Exec specifies the action to take. 3490 properties: 3491 command: 3492 description: Command is the command line to execute 3493 inside the container, the working directory for 3494 the command is root ('/') in the container's 3495 filesystem. The command is simply exec'd, it is 3496 not run inside a shell, so traditional shell instructions 3497 ('|', etc) won't work. To use a shell, you need 3498 to explicitly call out to that shell. Exit status 3499 of 0 is treated as live/healthy and non-zero is 3500 unhealthy. 3501 items: 3502 type: string 3503 type: array 3504 type: object 3505 failureThreshold: 3506 description: Minimum consecutive failures for the probe 3507 to be considered failed after having succeeded. Defaults 3508 to 3. Minimum value is 1. 3509 format: int32 3510 type: integer 3511 grpc: 3512 description: GRPC specifies an action involving a GRPC 3513 port. 3514 properties: 3515 port: 3516 description: Port number of the gRPC service. Number 3517 must be in the range 1 to 65535. 3518 format: int32 3519 type: integer 3520 service: 3521 description: "Service is the name of the service 3522 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3523 \n If this is not specified, the default behavior 3524 is defined by gRPC." 3525 type: string 3526 required: 3527 - port 3528 type: object 3529 httpGet: 3530 description: HTTPGet specifies the http request to perform. 3531 properties: 3532 host: 3533 description: Host name to connect to, defaults to 3534 the pod IP. You probably want to set "Host" in 3535 httpHeaders instead. 3536 type: string 3537 httpHeaders: 3538 description: Custom headers to set in the request. 3539 HTTP allows repeated headers. 3540 items: 3541 description: HTTPHeader describes a custom header 3542 to be used in HTTP probes 3543 properties: 3544 name: 3545 description: The header field name. This will 3546 be canonicalized upon output, so case-variant 3547 names will be understood as the same header. 3548 type: string 3549 value: 3550 description: The header field value 3551 type: string 3552 required: 3553 - name 3554 - value 3555 type: object 3556 type: array 3557 path: 3558 description: Path to access on the HTTP server. 3559 type: string 3560 port: 3561 anyOf: 3562 - type: integer 3563 - type: string 3564 description: Name or number of the port to access 3565 on the container. Number must be in the range 3566 1 to 65535. Name must be an IANA_SVC_NAME. 3567 x-kubernetes-int-or-string: true 3568 scheme: 3569 description: Scheme to use for connecting to the 3570 host. Defaults to HTTP. 3571 type: string 3572 required: 3573 - port 3574 type: object 3575 initialDelaySeconds: 3576 description: 'Number of seconds after the container 3577 has started before liveness probes are initiated. 3578 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3579 format: int32 3580 type: integer 3581 periodSeconds: 3582 description: How often (in seconds) to perform the probe. 3583 Default to 10 seconds. Minimum value is 1. 3584 format: int32 3585 type: integer 3586 successThreshold: 3587 description: Minimum consecutive successes for the probe 3588 to be considered successful after having failed. Defaults 3589 to 1. Must be 1 for liveness and startup. Minimum 3590 value is 1. 3591 format: int32 3592 type: integer 3593 tcpSocket: 3594 description: TCPSocket specifies an action involving 3595 a TCP port. 3596 properties: 3597 host: 3598 description: 'Optional: Host name to connect to, 3599 defaults to the pod IP.' 3600 type: string 3601 port: 3602 anyOf: 3603 - type: integer 3604 - type: string 3605 description: Number or name of the port to access 3606 on the container. Number must be in the range 3607 1 to 65535. Name must be an IANA_SVC_NAME. 3608 x-kubernetes-int-or-string: true 3609 required: 3610 - port 3611 type: object 3612 terminationGracePeriodSeconds: 3613 description: Optional duration in seconds the pod needs 3614 to terminate gracefully upon probe failure. The grace 3615 period is the duration in seconds after the processes 3616 running in the pod are sent a termination signal and 3617 the time when the processes are forcibly halted with 3618 a kill signal. Set this value longer than the expected 3619 cleanup time for your process. If this value is nil, 3620 the pod's terminationGracePeriodSeconds will be used. 3621 Otherwise, this value overrides the value provided 3622 by the pod spec. Value must be non-negative integer. 3623 The value zero indicates stop immediately via the 3624 kill signal (no opportunity to shut down). This is 3625 a beta field and requires enabling ProbeTerminationGracePeriod 3626 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3627 is used if unset. 3628 format: int64 3629 type: integer 3630 timeoutSeconds: 3631 description: 'Number of seconds after which the probe 3632 times out. Defaults to 1 second. Minimum value is 3633 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3634 format: int32 3635 type: integer 3636 type: object 3637 name: 3638 description: Name of the container specified as a DNS_LABEL. 3639 Each container in a pod must have a unique name (DNS_LABEL). 3640 Cannot be updated. 3641 type: string 3642 ports: 3643 description: List of ports to expose from the container. 3644 Not specifying a port here DOES NOT prevent that port 3645 from being exposed. Any port which is listening on the 3646 default "0.0.0.0" address inside a container will be accessible 3647 from the network. Modifying this array with strategic 3648 merge patch may corrupt the data. For more information 3649 See https://github.com/kubernetes/kubernetes/issues/108255. 3650 Cannot be updated. 3651 items: 3652 description: ContainerPort represents a network port in 3653 a single container. 3654 properties: 3655 containerPort: 3656 description: Number of port to expose on the pod's 3657 IP address. This must be a valid port number, 0 3658 < x < 65536. 3659 format: int32 3660 type: integer 3661 hostIP: 3662 description: What host IP to bind the external port 3663 to. 3664 type: string 3665 hostPort: 3666 description: Number of port to expose on the host. 3667 If specified, this must be a valid port number, 3668 0 < x < 65536. If HostNetwork is specified, this 3669 must match ContainerPort. Most containers do not 3670 need this. 3671 format: int32 3672 type: integer 3673 name: 3674 description: If specified, this must be an IANA_SVC_NAME 3675 and unique within the pod. Each named port in a 3676 pod must have a unique name. Name for the port that 3677 can be referred to by services. 3678 type: string 3679 protocol: 3680 default: TCP 3681 description: Protocol for port. Must be UDP, TCP, 3682 or SCTP. Defaults to "TCP". 3683 type: string 3684 required: 3685 - containerPort 3686 type: object 3687 type: array 3688 x-kubernetes-list-map-keys: 3689 - containerPort 3690 - protocol 3691 x-kubernetes-list-type: map 3692 readinessProbe: 3693 description: 'Periodic probe of container service readiness. 3694 Container will be removed from service endpoints if the 3695 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3696 properties: 3697 exec: 3698 description: Exec specifies the action to take. 3699 properties: 3700 command: 3701 description: Command is the command line to execute 3702 inside the container, the working directory for 3703 the command is root ('/') in the container's 3704 filesystem. The command is simply exec'd, it is 3705 not run inside a shell, so traditional shell instructions 3706 ('|', etc) won't work. To use a shell, you need 3707 to explicitly call out to that shell. Exit status 3708 of 0 is treated as live/healthy and non-zero is 3709 unhealthy. 3710 items: 3711 type: string 3712 type: array 3713 type: object 3714 failureThreshold: 3715 description: Minimum consecutive failures for the probe 3716 to be considered failed after having succeeded. Defaults 3717 to 3. Minimum value is 1. 3718 format: int32 3719 type: integer 3720 grpc: 3721 description: GRPC specifies an action involving a GRPC 3722 port. 3723 properties: 3724 port: 3725 description: Port number of the gRPC service. Number 3726 must be in the range 1 to 65535. 3727 format: int32 3728 type: integer 3729 service: 3730 description: "Service is the name of the service 3731 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3732 \n If this is not specified, the default behavior 3733 is defined by gRPC." 3734 type: string 3735 required: 3736 - port 3737 type: object 3738 httpGet: 3739 description: HTTPGet specifies the http request to perform. 3740 properties: 3741 host: 3742 description: Host name to connect to, defaults to 3743 the pod IP. You probably want to set "Host" in 3744 httpHeaders instead. 3745 type: string 3746 httpHeaders: 3747 description: Custom headers to set in the request. 3748 HTTP allows repeated headers. 3749 items: 3750 description: HTTPHeader describes a custom header 3751 to be used in HTTP probes 3752 properties: 3753 name: 3754 description: The header field name. This will 3755 be canonicalized upon output, so case-variant 3756 names will be understood as the same header. 3757 type: string 3758 value: 3759 description: The header field value 3760 type: string 3761 required: 3762 - name 3763 - value 3764 type: object 3765 type: array 3766 path: 3767 description: Path to access on the HTTP server. 3768 type: string 3769 port: 3770 anyOf: 3771 - type: integer 3772 - type: string 3773 description: Name or number of the port to access 3774 on the container. Number must be in the range 3775 1 to 65535. Name must be an IANA_SVC_NAME. 3776 x-kubernetes-int-or-string: true 3777 scheme: 3778 description: Scheme to use for connecting to the 3779 host. Defaults to HTTP. 3780 type: string 3781 required: 3782 - port 3783 type: object 3784 initialDelaySeconds: 3785 description: 'Number of seconds after the container 3786 has started before liveness probes are initiated. 3787 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3788 format: int32 3789 type: integer 3790 periodSeconds: 3791 description: How often (in seconds) to perform the probe. 3792 Default to 10 seconds. Minimum value is 1. 3793 format: int32 3794 type: integer 3795 successThreshold: 3796 description: Minimum consecutive successes for the probe 3797 to be considered successful after having failed. Defaults 3798 to 1. Must be 1 for liveness and startup. Minimum 3799 value is 1. 3800 format: int32 3801 type: integer 3802 tcpSocket: 3803 description: TCPSocket specifies an action involving 3804 a TCP port. 3805 properties: 3806 host: 3807 description: 'Optional: Host name to connect to, 3808 defaults to the pod IP.' 3809 type: string 3810 port: 3811 anyOf: 3812 - type: integer 3813 - type: string 3814 description: Number or name of the port to access 3815 on the container. Number must be in the range 3816 1 to 65535. Name must be an IANA_SVC_NAME. 3817 x-kubernetes-int-or-string: true 3818 required: 3819 - port 3820 type: object 3821 terminationGracePeriodSeconds: 3822 description: Optional duration in seconds the pod needs 3823 to terminate gracefully upon probe failure. The grace 3824 period is the duration in seconds after the processes 3825 running in the pod are sent a termination signal and 3826 the time when the processes are forcibly halted with 3827 a kill signal. Set this value longer than the expected 3828 cleanup time for your process. If this value is nil, 3829 the pod's terminationGracePeriodSeconds will be used. 3830 Otherwise, this value overrides the value provided 3831 by the pod spec. Value must be non-negative integer. 3832 The value zero indicates stop immediately via the 3833 kill signal (no opportunity to shut down). This is 3834 a beta field and requires enabling ProbeTerminationGracePeriod 3835 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3836 is used if unset. 3837 format: int64 3838 type: integer 3839 timeoutSeconds: 3840 description: 'Number of seconds after which the probe 3841 times out. Defaults to 1 second. Minimum value is 3842 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3843 format: int32 3844 type: integer 3845 type: object 3846 resizePolicy: 3847 description: Resources resize policy for the container. 3848 items: 3849 description: ContainerResizePolicy represents resource 3850 resize policy for the container. 3851 properties: 3852 resourceName: 3853 description: 'Name of the resource to which this resource 3854 resize policy applies. Supported values: cpu, memory.' 3855 type: string 3856 restartPolicy: 3857 description: Restart policy to apply when specified 3858 resource is resized. If not specified, it defaults 3859 to NotRequired. 3860 type: string 3861 required: 3862 - resourceName 3863 - restartPolicy 3864 type: object 3865 type: array 3866 x-kubernetes-list-type: atomic 3867 resources: 3868 description: 'Compute Resources required by this container. 3869 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3870 properties: 3871 claims: 3872 description: "Claims lists the names of resources, defined 3873 in spec.resourceClaims, that are used by this container. 3874 \n This is an alpha field and requires enabling the 3875 DynamicResourceAllocation feature gate. \n This field 3876 is immutable. It can only be set for containers." 3877 items: 3878 description: ResourceClaim references one entry in 3879 PodSpec.ResourceClaims. 3880 properties: 3881 name: 3882 description: Name must match the name of one entry 3883 in pod.spec.resourceClaims of the Pod where 3884 this field is used. It makes that resource available 3885 inside a container. 3886 type: string 3887 required: 3888 - name 3889 type: object 3890 type: array 3891 x-kubernetes-list-map-keys: 3892 - name 3893 x-kubernetes-list-type: map 3894 limits: 3895 additionalProperties: 3896 anyOf: 3897 - type: integer 3898 - type: string 3899 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3900 x-kubernetes-int-or-string: true 3901 description: 'Limits describes the maximum amount of 3902 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3903 type: object 3904 requests: 3905 additionalProperties: 3906 anyOf: 3907 - type: integer 3908 - type: string 3909 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3910 x-kubernetes-int-or-string: true 3911 description: 'Requests describes the minimum amount 3912 of compute resources required. If Requests is omitted 3913 for a container, it defaults to Limits if that is 3914 explicitly specified, otherwise to an implementation-defined 3915 value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3916 type: object 3917 type: object 3918 restartPolicy: 3919 description: 'RestartPolicy defines the restart behavior 3920 of individual containers in a pod. This field may only 3921 be set for init containers, and the only allowed value 3922 is "Always". For non-init containers or when this field 3923 is not specified, the restart behavior is defined by the 3924 Pod''s restart policy and the container type. Setting 3925 the RestartPolicy as "Always" for the init container will 3926 have the following effect: this init container will be 3927 continually restarted on exit until all regular containers 3928 have terminated. Once all regular containers have completed, 3929 all init containers with restartPolicy "Always" will be 3930 shut down. This lifecycle differs from normal init containers 3931 and is often referred to as a "sidecar" container. Although 3932 this init container still starts in the init container 3933 sequence, it does not wait for the container to complete 3934 before proceeding to the next init container. Instead, 3935 the next init container starts immediately after this 3936 init container is started, or after any startupProbe has 3937 successfully completed.' 3938 type: string 3939 securityContext: 3940 description: 'SecurityContext defines the security options 3941 the container should be run with. If set, the fields of 3942 SecurityContext override the equivalent fields of PodSecurityContext. 3943 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 3944 properties: 3945 allowPrivilegeEscalation: 3946 description: 'AllowPrivilegeEscalation controls whether 3947 a process can gain more privileges than its parent 3948 process. This bool directly controls if the no_new_privs 3949 flag will be set on the container process. AllowPrivilegeEscalation 3950 is true always when the container is: 1) run as Privileged 3951 2) has CAP_SYS_ADMIN Note that this field cannot be 3952 set when spec.os.name is windows.' 3953 type: boolean 3954 capabilities: 3955 description: The capabilities to add/drop when running 3956 containers. Defaults to the default set of capabilities 3957 granted by the container runtime. Note that this field 3958 cannot be set when spec.os.name is windows. 3959 properties: 3960 add: 3961 description: Added capabilities 3962 items: 3963 description: Capability represent POSIX capabilities 3964 type 3965 type: string 3966 type: array 3967 drop: 3968 description: Removed capabilities 3969 items: 3970 description: Capability represent POSIX capabilities 3971 type 3972 type: string 3973 type: array 3974 type: object 3975 privileged: 3976 description: Run container in privileged mode. Processes 3977 in privileged containers are essentially equivalent 3978 to root on the host. Defaults to false. Note that 3979 this field cannot be set when spec.os.name is windows. 3980 type: boolean 3981 procMount: 3982 description: procMount denotes the type of proc mount 3983 to use for the containers. The default is DefaultProcMount 3984 which uses the container runtime defaults for readonly 3985 paths and masked paths. This requires the ProcMountType 3986 feature flag to be enabled. Note that this field cannot 3987 be set when spec.os.name is windows. 3988 type: string 3989 readOnlyRootFilesystem: 3990 description: Whether this container has a read-only 3991 root filesystem. Default is false. Note that this 3992 field cannot be set when spec.os.name is windows. 3993 type: boolean 3994 runAsGroup: 3995 description: The GID to run the entrypoint of the container 3996 process. Uses runtime default if unset. May also be 3997 set in PodSecurityContext. If set in both SecurityContext 3998 and PodSecurityContext, the value specified in SecurityContext 3999 takes precedence. Note that this field cannot be set 4000 when spec.os.name is windows. 4001 format: int64 4002 type: integer 4003 runAsNonRoot: 4004 description: Indicates that the container must run as 4005 a non-root user. If true, the Kubelet will validate 4006 the image at runtime to ensure that it does not run 4007 as UID 0 (root) and fail to start the container if 4008 it does. If unset or false, no such validation will 4009 be performed. May also be set in PodSecurityContext. If 4010 set in both SecurityContext and PodSecurityContext, 4011 the value specified in SecurityContext takes precedence. 4012 type: boolean 4013 runAsUser: 4014 description: The UID to run the entrypoint of the container 4015 process. Defaults to user specified in image metadata 4016 if unspecified. May also be set in PodSecurityContext. If 4017 set in both SecurityContext and PodSecurityContext, 4018 the value specified in SecurityContext takes precedence. 4019 Note that this field cannot be set when spec.os.name 4020 is windows. 4021 format: int64 4022 type: integer 4023 seLinuxOptions: 4024 description: The SELinux context to be applied to the 4025 container. If unspecified, the container runtime will 4026 allocate a random SELinux context for each container. May 4027 also be set in PodSecurityContext. If set in both 4028 SecurityContext and PodSecurityContext, the value 4029 specified in SecurityContext takes precedence. Note 4030 that this field cannot be set when spec.os.name is 4031 windows. 4032 properties: 4033 level: 4034 description: Level is SELinux level label that applies 4035 to the container. 4036 type: string 4037 role: 4038 description: Role is a SELinux role label that applies 4039 to the container. 4040 type: string 4041 type: 4042 description: Type is a SELinux type label that applies 4043 to the container. 4044 type: string 4045 user: 4046 description: User is a SELinux user label that applies 4047 to the container. 4048 type: string 4049 type: object 4050 seccompProfile: 4051 description: The seccomp options to use by this container. 4052 If seccomp options are provided at both the pod & 4053 container level, the container options override the 4054 pod options. Note that this field cannot be set when 4055 spec.os.name is windows. 4056 properties: 4057 localhostProfile: 4058 description: localhostProfile indicates a profile 4059 defined in a file on the node should be used. 4060 The profile must be preconfigured on the node 4061 to work. Must be a descending path, relative to 4062 the kubelet's configured seccomp profile location. 4063 Must be set if type is "Localhost". Must NOT be 4064 set for any other type. 4065 type: string 4066 type: 4067 description: "type indicates which kind of seccomp 4068 profile will be applied. Valid options are: \n 4069 Localhost - a profile defined in a file on the 4070 node should be used. RuntimeDefault - the container 4071 runtime default profile should be used. Unconfined 4072 - no profile should be applied." 4073 type: string 4074 required: 4075 - type 4076 type: object 4077 windowsOptions: 4078 description: The Windows specific settings applied to 4079 all containers. If unspecified, the options from the 4080 PodSecurityContext will be used. If set in both SecurityContext 4081 and PodSecurityContext, the value specified in SecurityContext 4082 takes precedence. Note that this field cannot be set 4083 when spec.os.name is linux. 4084 properties: 4085 gmsaCredentialSpec: 4086 description: GMSACredentialSpec is where the GMSA 4087 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 4088 inlines the contents of the GMSA credential spec 4089 named by the GMSACredentialSpecName field. 4090 type: string 4091 gmsaCredentialSpecName: 4092 description: GMSACredentialSpecName is the name 4093 of the GMSA credential spec to use. 4094 type: string 4095 hostProcess: 4096 description: HostProcess determines if a container 4097 should be run as a 'Host Process' container. All 4098 of a Pod's containers must have the same effective 4099 HostProcess value (it is not allowed to have a 4100 mix of HostProcess containers and non-HostProcess 4101 containers). In addition, if HostProcess is true 4102 then HostNetwork must also be set to true. 4103 type: boolean 4104 runAsUserName: 4105 description: The UserName in Windows to run the 4106 entrypoint of the container process. Defaults 4107 to the user specified in image metadata if unspecified. 4108 May also be set in PodSecurityContext. If set 4109 in both SecurityContext and PodSecurityContext, 4110 the value specified in SecurityContext takes precedence. 4111 type: string 4112 type: object 4113 type: object 4114 startupProbe: 4115 description: 'StartupProbe indicates that the Pod has successfully 4116 initialized. If specified, no other probes are executed 4117 until this completes successfully. If this probe fails, 4118 the Pod will be restarted, just as if the livenessProbe 4119 failed. This can be used to provide different probe parameters 4120 at the beginning of a Pod''s lifecycle, when it might 4121 take a long time to load data or warm a cache, than during 4122 steady-state operation. This cannot be updated. More info: 4123 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4124 properties: 4125 exec: 4126 description: Exec specifies the action to take. 4127 properties: 4128 command: 4129 description: Command is the command line to execute 4130 inside the container, the working directory for 4131 the command is root ('/') in the container's 4132 filesystem. The command is simply exec'd, it is 4133 not run inside a shell, so traditional shell instructions 4134 ('|', etc) won't work. To use a shell, you need 4135 to explicitly call out to that shell. Exit status 4136 of 0 is treated as live/healthy and non-zero is 4137 unhealthy. 4138 items: 4139 type: string 4140 type: array 4141 type: object 4142 failureThreshold: 4143 description: Minimum consecutive failures for the probe 4144 to be considered failed after having succeeded. Defaults 4145 to 3. Minimum value is 1. 4146 format: int32 4147 type: integer 4148 grpc: 4149 description: GRPC specifies an action involving a GRPC 4150 port. 4151 properties: 4152 port: 4153 description: Port number of the gRPC service. Number 4154 must be in the range 1 to 65535. 4155 format: int32 4156 type: integer 4157 service: 4158 description: "Service is the name of the service 4159 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4160 \n If this is not specified, the default behavior 4161 is defined by gRPC." 4162 type: string 4163 required: 4164 - port 4165 type: object 4166 httpGet: 4167 description: HTTPGet specifies the http request to perform. 4168 properties: 4169 host: 4170 description: Host name to connect to, defaults to 4171 the pod IP. You probably want to set "Host" in 4172 httpHeaders instead. 4173 type: string 4174 httpHeaders: 4175 description: Custom headers to set in the request. 4176 HTTP allows repeated headers. 4177 items: 4178 description: HTTPHeader describes a custom header 4179 to be used in HTTP probes 4180 properties: 4181 name: 4182 description: The header field name. This will 4183 be canonicalized upon output, so case-variant 4184 names will be understood as the same header. 4185 type: string 4186 value: 4187 description: The header field value 4188 type: string 4189 required: 4190 - name 4191 - value 4192 type: object 4193 type: array 4194 path: 4195 description: Path to access on the HTTP server. 4196 type: string 4197 port: 4198 anyOf: 4199 - type: integer 4200 - type: string 4201 description: Name or number of the port to access 4202 on the container. Number must be in the range 4203 1 to 65535. Name must be an IANA_SVC_NAME. 4204 x-kubernetes-int-or-string: true 4205 scheme: 4206 description: Scheme to use for connecting to the 4207 host. Defaults to HTTP. 4208 type: string 4209 required: 4210 - port 4211 type: object 4212 initialDelaySeconds: 4213 description: 'Number of seconds after the container 4214 has started before liveness probes are initiated. 4215 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4216 format: int32 4217 type: integer 4218 periodSeconds: 4219 description: How often (in seconds) to perform the probe. 4220 Default to 10 seconds. Minimum value is 1. 4221 format: int32 4222 type: integer 4223 successThreshold: 4224 description: Minimum consecutive successes for the probe 4225 to be considered successful after having failed. Defaults 4226 to 1. Must be 1 for liveness and startup. Minimum 4227 value is 1. 4228 format: int32 4229 type: integer 4230 tcpSocket: 4231 description: TCPSocket specifies an action involving 4232 a TCP port. 4233 properties: 4234 host: 4235 description: 'Optional: Host name to connect to, 4236 defaults to the pod IP.' 4237 type: string 4238 port: 4239 anyOf: 4240 - type: integer 4241 - type: string 4242 description: Number or name of the port to access 4243 on the container. Number must be in the range 4244 1 to 65535. Name must be an IANA_SVC_NAME. 4245 x-kubernetes-int-or-string: true 4246 required: 4247 - port 4248 type: object 4249 terminationGracePeriodSeconds: 4250 description: Optional duration in seconds the pod needs 4251 to terminate gracefully upon probe failure. The grace 4252 period is the duration in seconds after the processes 4253 running in the pod are sent a termination signal and 4254 the time when the processes are forcibly halted with 4255 a kill signal. Set this value longer than the expected 4256 cleanup time for your process. If this value is nil, 4257 the pod's terminationGracePeriodSeconds will be used. 4258 Otherwise, this value overrides the value provided 4259 by the pod spec. Value must be non-negative integer. 4260 The value zero indicates stop immediately via the 4261 kill signal (no opportunity to shut down). This is 4262 a beta field and requires enabling ProbeTerminationGracePeriod 4263 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 4264 is used if unset. 4265 format: int64 4266 type: integer 4267 timeoutSeconds: 4268 description: 'Number of seconds after which the probe 4269 times out. Defaults to 1 second. Minimum value is 4270 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4271 format: int32 4272 type: integer 4273 type: object 4274 stdin: 4275 description: Whether this container should allocate a buffer 4276 for stdin in the container runtime. If this is not set, 4277 reads from stdin in the container will always result in 4278 EOF. Default is false. 4279 type: boolean 4280 stdinOnce: 4281 description: Whether the container runtime should close 4282 the stdin channel after it has been opened by a single 4283 attach. When stdin is true the stdin stream will remain 4284 open across multiple attach sessions. If stdinOnce is 4285 set to true, stdin is opened on container start, is empty 4286 until the first client attaches to stdin, and then remains 4287 open and accepts data until the client disconnects, at 4288 which time stdin is closed and remains closed until the 4289 container is restarted. If this flag is false, a container 4290 processes that reads from stdin will never receive an 4291 EOF. Default is false 4292 type: boolean 4293 terminationMessagePath: 4294 description: 'Optional: Path at which the file to which 4295 the container''s termination message will be written is 4296 mounted into the container''s filesystem. Message written 4297 is intended to be brief final status, such as an assertion 4298 failure message. Will be truncated by the node if greater 4299 than 4096 bytes. The total message length across all containers 4300 will be limited to 12kb. Defaults to /dev/termination-log. 4301 Cannot be updated.' 4302 type: string 4303 terminationMessagePolicy: 4304 description: Indicate how the termination message should 4305 be populated. File will use the contents of terminationMessagePath 4306 to populate the container status message on both success 4307 and failure. FallbackToLogsOnError will use the last chunk 4308 of container log output if the termination message file 4309 is empty and the container exited with an error. The log 4310 output is limited to 2048 bytes or 80 lines, whichever 4311 is smaller. Defaults to File. Cannot be updated. 4312 type: string 4313 tty: 4314 description: Whether this container should allocate a TTY 4315 for itself, also requires 'stdin' to be true. Default 4316 is false. 4317 type: boolean 4318 volumeDevices: 4319 description: volumeDevices is the list of block devices 4320 to be used by the container. 4321 items: 4322 description: volumeDevice describes a mapping of a raw 4323 block device within a container. 4324 properties: 4325 devicePath: 4326 description: devicePath is the path inside of the 4327 container that the device will be mapped to. 4328 type: string 4329 name: 4330 description: name must match the name of a persistentVolumeClaim 4331 in the pod 4332 type: string 4333 required: 4334 - devicePath 4335 - name 4336 type: object 4337 type: array 4338 volumeMounts: 4339 description: Pod volumes to mount into the container's filesystem. 4340 Cannot be updated. 4341 items: 4342 description: VolumeMount describes a mounting of a Volume 4343 within a container. 4344 properties: 4345 mountPath: 4346 description: Path within the container at which the 4347 volume should be mounted. Must not contain ':'. 4348 type: string 4349 mountPropagation: 4350 description: mountPropagation determines how mounts 4351 are propagated from the host to container and the 4352 other way around. When not set, MountPropagationNone 4353 is used. This field is beta in 1.10. 4354 type: string 4355 name: 4356 description: This must match the Name of a Volume. 4357 type: string 4358 readOnly: 4359 description: Mounted read-only if true, read-write 4360 otherwise (false or unspecified). Defaults to false. 4361 type: boolean 4362 subPath: 4363 description: Path within the volume from which the 4364 container's volume should be mounted. Defaults to 4365 "" (volume's root). 4366 type: string 4367 subPathExpr: 4368 description: Expanded path within the volume from 4369 which the container's volume should be mounted. 4370 Behaves similarly to SubPath but environment variable 4371 references $(VAR_NAME) are expanded using the container's 4372 environment. Defaults to "" (volume's root). SubPathExpr 4373 and SubPath are mutually exclusive. 4374 type: string 4375 required: 4376 - mountPath 4377 - name 4378 type: object 4379 type: array 4380 workingDir: 4381 description: Container's working directory. If not specified, 4382 the container runtime's default will be used, which might 4383 be configured in the container image. Cannot be updated. 4384 type: string 4385 required: 4386 - name 4387 type: object 4388 type: array 4389 verifytls: 4390 description: VerifyTLS defines whether repo server API should 4391 be accessed using strict TLS validation 4392 type: boolean 4393 version: 4394 description: Version is the ArgoCD Repo Server container image 4395 tag. 4396 type: string 4397 volumeMounts: 4398 description: VolumeMounts adds volumeMounts to the repo server 4399 container 4400 items: 4401 description: VolumeMount describes a mounting of a Volume within 4402 a container. 4403 properties: 4404 mountPath: 4405 description: Path within the container at which the volume 4406 should be mounted. Must not contain ':'. 4407 type: string 4408 mountPropagation: 4409 description: mountPropagation determines how mounts are 4410 propagated from the host to container and the other way 4411 around. When not set, MountPropagationNone is used. This 4412 field is beta in 1.10. 4413 type: string 4414 name: 4415 description: This must match the Name of a Volume. 4416 type: string 4417 readOnly: 4418 description: Mounted read-only if true, read-write otherwise 4419 (false or unspecified). Defaults to false. 4420 type: boolean 4421 subPath: 4422 description: Path within the volume from which the container's 4423 volume should be mounted. Defaults to "" (volume's root). 4424 type: string 4425 subPathExpr: 4426 description: Expanded path within the volume from which 4427 the container's volume should be mounted. Behaves similarly 4428 to SubPath but environment variable references $(VAR_NAME) 4429 are expanded using the container's environment. Defaults 4430 to "" (volume's root). SubPathExpr and SubPath are mutually 4431 exclusive. 4432 type: string 4433 required: 4434 - mountPath 4435 - name 4436 type: object 4437 type: array 4438 volumes: 4439 description: Volumes adds volumes to the repo server deployment 4440 items: 4441 description: Volume represents a named volume in a pod that 4442 may be accessed by any container in the pod. 4443 properties: 4444 awsElasticBlockStore: 4445 description: 'awsElasticBlockStore represents an AWS Disk 4446 resource that is attached to a kubelet''s host machine 4447 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 4448 properties: 4449 fsType: 4450 description: 'fsType is the filesystem type of the volume 4451 that you want to mount. Tip: Ensure that the filesystem 4452 type is supported by the host operating system. Examples: 4453 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 4454 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 4455 TODO: how do we prevent errors in the filesystem from 4456 compromising the machine' 4457 type: string 4458 partition: 4459 description: 'partition is the partition in the volume 4460 that you want to mount. If omitted, the default is 4461 to mount by volume name. Examples: For volume /dev/sda1, 4462 you specify the partition as "1". Similarly, the volume 4463 partition for /dev/sda is "0" (or you can leave the 4464 property empty).' 4465 format: int32 4466 type: integer 4467 readOnly: 4468 description: 'readOnly value true will force the readOnly 4469 setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 4470 type: boolean 4471 volumeID: 4472 description: 'volumeID is unique ID of the persistent 4473 disk resource in AWS (Amazon EBS volume). More info: 4474 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 4475 type: string 4476 required: 4477 - volumeID 4478 type: object 4479 azureDisk: 4480 description: azureDisk represents an Azure Data Disk mount 4481 on the host and bind mount to the pod. 4482 properties: 4483 cachingMode: 4484 description: 'cachingMode is the Host Caching mode: 4485 None, Read Only, Read Write.' 4486 type: string 4487 diskName: 4488 description: diskName is the Name of the data disk in 4489 the blob storage 4490 type: string 4491 diskURI: 4492 description: diskURI is the URI of data disk in the 4493 blob storage 4494 type: string 4495 fsType: 4496 description: fsType is Filesystem type to mount. Must 4497 be a filesystem type supported by the host operating 4498 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 4499 to be "ext4" if unspecified. 4500 type: string 4501 kind: 4502 description: 'kind expected values are Shared: multiple 4503 blob disks per storage account Dedicated: single 4504 blob disk per storage account Managed: azure managed 4505 data disk (only in managed availability set). defaults 4506 to shared' 4507 type: string 4508 readOnly: 4509 description: readOnly Defaults to false (read/write). 4510 ReadOnly here will force the ReadOnly setting in VolumeMounts. 4511 type: boolean 4512 required: 4513 - diskName 4514 - diskURI 4515 type: object 4516 azureFile: 4517 description: azureFile represents an Azure File Service 4518 mount on the host and bind mount to the pod. 4519 properties: 4520 readOnly: 4521 description: readOnly defaults to false (read/write). 4522 ReadOnly here will force the ReadOnly setting in VolumeMounts. 4523 type: boolean 4524 secretName: 4525 description: secretName is the name of secret that 4526 contains Azure Storage Account Name and Key 4527 type: string 4528 shareName: 4529 description: shareName is the azure share Name 4530 type: string 4531 required: 4532 - secretName 4533 - shareName 4534 type: object 4535 cephfs: 4536 description: cephFS represents a Ceph FS mount on the host 4537 that shares a pod's lifetime 4538 properties: 4539 monitors: 4540 description: 'monitors is Required: Monitors is a collection 4541 of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 4542 items: 4543 type: string 4544 type: array 4545 path: 4546 description: 'path is Optional: Used as the mounted 4547 root, rather than the full Ceph tree, default is /' 4548 type: string 4549 readOnly: 4550 description: 'readOnly is Optional: Defaults to false 4551 (read/write). ReadOnly here will force the ReadOnly 4552 setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 4553 type: boolean 4554 secretFile: 4555 description: 'secretFile is Optional: SecretFile is 4556 the path to key ring for User, default is /etc/ceph/user.secret 4557 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 4558 type: string 4559 secretRef: 4560 description: 'secretRef is Optional: SecretRef is reference 4561 to the authentication secret for User, default is 4562 empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 4563 properties: 4564 name: 4565 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4566 TODO: Add other useful fields. apiVersion, kind, 4567 uid?' 4568 type: string 4569 type: object 4570 user: 4571 description: 'user is optional: User is the rados user 4572 name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 4573 type: string 4574 required: 4575 - monitors 4576 type: object 4577 cinder: 4578 description: 'cinder represents a cinder volume attached 4579 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 4580 properties: 4581 fsType: 4582 description: 'fsType is the filesystem type to mount. 4583 Must be a filesystem type supported by the host operating 4584 system. Examples: "ext4", "xfs", "ntfs". Implicitly 4585 inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 4586 type: string 4587 readOnly: 4588 description: 'readOnly defaults to false (read/write). 4589 ReadOnly here will force the ReadOnly setting in VolumeMounts. 4590 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 4591 type: boolean 4592 secretRef: 4593 description: 'secretRef is optional: points to a secret 4594 object containing parameters used to connect to OpenStack.' 4595 properties: 4596 name: 4597 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4598 TODO: Add other useful fields. apiVersion, kind, 4599 uid?' 4600 type: string 4601 type: object 4602 volumeID: 4603 description: 'volumeID used to identify the volume in 4604 cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 4605 type: string 4606 required: 4607 - volumeID 4608 type: object 4609 configMap: 4610 description: configMap represents a configMap that should 4611 populate this volume 4612 properties: 4613 defaultMode: 4614 description: 'defaultMode is optional: mode bits used 4615 to set permissions on created files by default. Must 4616 be an octal value between 0000 and 0777 or a decimal 4617 value between 0 and 511. YAML accepts both octal and 4618 decimal values, JSON requires decimal values for mode 4619 bits. Defaults to 0644. Directories within the path 4620 are not affected by this setting. This might be in 4621 conflict with other options that affect the file mode, 4622 like fsGroup, and the result can be other mode bits 4623 set.' 4624 format: int32 4625 type: integer 4626 items: 4627 description: items if unspecified, each key-value pair 4628 in the Data field of the referenced ConfigMap will 4629 be projected into the volume as a file whose name 4630 is the key and content is the value. If specified, 4631 the listed keys will be projected into the specified 4632 paths, and unlisted keys will not be present. If a 4633 key is specified which is not present in the ConfigMap, 4634 the volume setup will error unless it is marked optional. 4635 Paths must be relative and may not contain the '..' 4636 path or start with '..'. 4637 items: 4638 description: Maps a string key to a path within a 4639 volume. 4640 properties: 4641 key: 4642 description: key is the key to project. 4643 type: string 4644 mode: 4645 description: 'mode is Optional: mode bits used 4646 to set permissions on this file. Must be an 4647 octal value between 0000 and 0777 or a decimal 4648 value between 0 and 511. YAML accepts both octal 4649 and decimal values, JSON requires decimal values 4650 for mode bits. If not specified, the volume 4651 defaultMode will be used. This might be in conflict 4652 with other options that affect the file mode, 4653 like fsGroup, and the result can be other mode 4654 bits set.' 4655 format: int32 4656 type: integer 4657 path: 4658 description: path is the relative path of the 4659 file to map the key to. May not be an absolute 4660 path. May not contain the path element '..'. 4661 May not start with the string '..'. 4662 type: string 4663 required: 4664 - key 4665 - path 4666 type: object 4667 type: array 4668 name: 4669 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4670 TODO: Add other useful fields. apiVersion, kind, uid?' 4671 type: string 4672 optional: 4673 description: optional specify whether the ConfigMap 4674 or its keys must be defined 4675 type: boolean 4676 type: object 4677 csi: 4678 description: csi (Container Storage Interface) represents 4679 ephemeral storage that is handled by certain external 4680 CSI drivers (Beta feature). 4681 properties: 4682 driver: 4683 description: driver is the name of the CSI driver that 4684 handles this volume. Consult with your admin for the 4685 correct name as registered in the cluster. 4686 type: string 4687 fsType: 4688 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". 4689 If not provided, the empty value is passed to the 4690 associated CSI driver which will determine the default 4691 filesystem to apply. 4692 type: string 4693 nodePublishSecretRef: 4694 description: nodePublishSecretRef is a reference to 4695 the secret object containing sensitive information 4696 to pass to the CSI driver to complete the CSI NodePublishVolume 4697 and NodeUnpublishVolume calls. This field is optional, 4698 and may be empty if no secret is required. If the 4699 secret object contains more than one secret, all secret 4700 references are passed. 4701 properties: 4702 name: 4703 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4704 TODO: Add other useful fields. apiVersion, kind, 4705 uid?' 4706 type: string 4707 type: object 4708 readOnly: 4709 description: readOnly specifies a read-only configuration 4710 for the volume. Defaults to false (read/write). 4711 type: boolean 4712 volumeAttributes: 4713 additionalProperties: 4714 type: string 4715 description: volumeAttributes stores driver-specific 4716 properties that are passed to the CSI driver. Consult 4717 your driver's documentation for supported values. 4718 type: object 4719 required: 4720 - driver 4721 type: object 4722 downwardAPI: 4723 description: downwardAPI represents downward API about the 4724 pod that should populate this volume 4725 properties: 4726 defaultMode: 4727 description: 'Optional: mode bits to use on created 4728 files by default. Must be a Optional: mode bits used 4729 to set permissions on created files by default. Must 4730 be an octal value between 0000 and 0777 or a decimal 4731 value between 0 and 511. YAML accepts both octal and 4732 decimal values, JSON requires decimal values for mode 4733 bits. Defaults to 0644. Directories within the path 4734 are not affected by this setting. This might be in 4735 conflict with other options that affect the file mode, 4736 like fsGroup, and the result can be other mode bits 4737 set.' 4738 format: int32 4739 type: integer 4740 items: 4741 description: Items is a list of downward API volume 4742 file 4743 items: 4744 description: DownwardAPIVolumeFile represents information 4745 to create the file containing the pod field 4746 properties: 4747 fieldRef: 4748 description: 'Required: Selects a field of the 4749 pod: only annotations, labels, name and namespace 4750 are supported.' 4751 properties: 4752 apiVersion: 4753 description: Version of the schema the FieldPath 4754 is written in terms of, defaults to "v1". 4755 type: string 4756 fieldPath: 4757 description: Path of the field to select in 4758 the specified API version. 4759 type: string 4760 required: 4761 - fieldPath 4762 type: object 4763 mode: 4764 description: 'Optional: mode bits used to set 4765 permissions on this file, must be an octal value 4766 between 0000 and 0777 or a decimal value between 4767 0 and 511. YAML accepts both octal and decimal 4768 values, JSON requires decimal values for mode 4769 bits. If not specified, the volume defaultMode 4770 will be used. This might be in conflict with 4771 other options that affect the file mode, like 4772 fsGroup, and the result can be other mode bits 4773 set.' 4774 format: int32 4775 type: integer 4776 path: 4777 description: 'Required: Path is the relative 4778 path name of the file to be created. Must not 4779 be absolute or contain the ''..'' path. Must 4780 be utf-8 encoded. The first item of the relative 4781 path must not start with ''..''' 4782 type: string 4783 resourceFieldRef: 4784 description: 'Selects a resource of the container: 4785 only resources limits and requests (limits.cpu, 4786 limits.memory, requests.cpu and requests.memory) 4787 are currently supported.' 4788 properties: 4789 containerName: 4790 description: 'Container name: required for 4791 volumes, optional for env vars' 4792 type: string 4793 divisor: 4794 anyOf: 4795 - type: integer 4796 - type: string 4797 description: Specifies the output format of 4798 the exposed resources, defaults to "1" 4799 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4800 x-kubernetes-int-or-string: true 4801 resource: 4802 description: 'Required: resource to select' 4803 type: string 4804 required: 4805 - resource 4806 type: object 4807 required: 4808 - path 4809 type: object 4810 type: array 4811 type: object 4812 emptyDir: 4813 description: 'emptyDir represents a temporary directory 4814 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 4815 properties: 4816 medium: 4817 description: 'medium represents what type of storage 4818 medium should back this directory. The default is 4819 "" which means to use the node''s default medium. 4820 Must be an empty string (default) or Memory. More 4821 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 4822 type: string 4823 sizeLimit: 4824 anyOf: 4825 - type: integer 4826 - type: string 4827 description: 'sizeLimit is the total amount of local 4828 storage required for this EmptyDir volume. The size 4829 limit is also applicable for memory medium. The maximum 4830 usage on memory medium EmptyDir would be the minimum 4831 value between the SizeLimit specified here and the 4832 sum of memory limits of all containers in a pod. The 4833 default is nil which means that the limit is undefined. 4834 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 4835 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4836 x-kubernetes-int-or-string: true 4837 type: object 4838 ephemeral: 4839 description: "ephemeral represents a volume that is handled 4840 by a cluster storage driver. The volume's lifecycle is 4841 tied to the pod that defines it - it will be created before 4842 the pod starts, and deleted when the pod is removed. \n 4843 Use this if: a) the volume is only needed while the pod 4844 runs, b) features of normal volumes like restoring from 4845 snapshot or capacity tracking are needed, c) the storage 4846 driver is specified through a storage class, and d) the 4847 storage driver supports dynamic volume provisioning through 4848 \ a PersistentVolumeClaim (see EphemeralVolumeSource 4849 for more information on the connection between this 4850 volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 4851 or one of the vendor-specific APIs for volumes that persist 4852 for longer than the lifecycle of an individual pod. \n 4853 Use CSI for light-weight local ephemeral volumes if the 4854 CSI driver is meant to be used that way - see the documentation 4855 of the driver for more information. \n A pod can use both 4856 types of ephemeral volumes and persistent volumes at the 4857 same time." 4858 properties: 4859 volumeClaimTemplate: 4860 description: "Will be used to create a stand-alone PVC 4861 to provision the volume. The pod in which this EphemeralVolumeSource 4862 is embedded will be the owner of the PVC, i.e. the 4863 PVC will be deleted together with the pod. The name 4864 of the PVC will be `<pod name>-<volume name>` where 4865 `<volume name>` is the name from the `PodSpec.Volumes` 4866 array entry. Pod validation will reject the pod if 4867 the concatenated name is not valid for a PVC (for 4868 example, too long). \n An existing PVC with that name 4869 that is not owned by the pod will *not* be used for 4870 the pod to avoid using an unrelated volume by mistake. 4871 Starting the pod is then blocked until the unrelated 4872 PVC is removed. If such a pre-created PVC is meant 4873 to be used by the pod, the PVC has to updated with 4874 an owner reference to the pod once the pod exists. 4875 Normally this should not be necessary, but it may 4876 be useful when manually reconstructing a broken cluster. 4877 \n This field is read-only and no changes will be 4878 made by Kubernetes to the PVC after it has been created. 4879 \n Required, must not be nil." 4880 properties: 4881 metadata: 4882 description: May contain labels and annotations 4883 that will be copied into the PVC when creating 4884 it. No other fields are allowed and will be rejected 4885 during validation. 4886 type: object 4887 spec: 4888 description: The specification for the PersistentVolumeClaim. 4889 The entire content is copied unchanged into the 4890 PVC that gets created from this template. The 4891 same fields as in a PersistentVolumeClaim are 4892 also valid here. 4893 properties: 4894 accessModes: 4895 description: 'accessModes contains the desired 4896 access modes the volume should have. More 4897 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 4898 items: 4899 type: string 4900 type: array 4901 dataSource: 4902 description: 'dataSource field can be used to 4903 specify either: * An existing VolumeSnapshot 4904 object (snapshot.storage.k8s.io/VolumeSnapshot) 4905 * An existing PVC (PersistentVolumeClaim) 4906 If the provisioner or an external controller 4907 can support the specified data source, it 4908 will create a new volume based on the contents 4909 of the specified data source. When the AnyVolumeDataSource 4910 feature gate is enabled, dataSource contents 4911 will be copied to dataSourceRef, and dataSourceRef 4912 contents will be copied to dataSource when 4913 dataSourceRef.namespace is not specified. 4914 If the namespace is specified, then dataSourceRef 4915 will not be copied to dataSource.' 4916 properties: 4917 apiGroup: 4918 description: APIGroup is the group for the 4919 resource being referenced. If APIGroup 4920 is not specified, the specified Kind must 4921 be in the core API group. For any other 4922 third-party types, APIGroup is required. 4923 type: string 4924 kind: 4925 description: Kind is the type of resource 4926 being referenced 4927 type: string 4928 name: 4929 description: Name is the name of resource 4930 being referenced 4931 type: string 4932 required: 4933 - kind 4934 - name 4935 type: object 4936 dataSourceRef: 4937 description: 'dataSourceRef specifies the object 4938 from which to populate the volume with data, 4939 if a non-empty volume is desired. This may 4940 be any object from a non-empty API group (non 4941 core object) or a PersistentVolumeClaim object. 4942 When this field is specified, volume binding 4943 will only succeed if the type of the specified 4944 object matches some installed volume populator 4945 or dynamic provisioner. This field will replace 4946 the functionality of the dataSource field 4947 and as such if both fields are non-empty, 4948 they must have the same value. For backwards 4949 compatibility, when namespace isn''t specified 4950 in dataSourceRef, both fields (dataSource 4951 and dataSourceRef) will be set to the same 4952 value automatically if one of them is empty 4953 and the other is non-empty. When namespace 4954 is specified in dataSourceRef, dataSource 4955 isn''t set to the same value and must be empty. 4956 There are three important differences between 4957 dataSource and dataSourceRef: * While dataSource 4958 only allows two specific types of objects, 4959 dataSourceRef allows any non-core object, 4960 as well as PersistentVolumeClaim objects. 4961 * While dataSource ignores disallowed values 4962 (dropping them), dataSourceRef preserves 4963 all values, and generates an error if a disallowed 4964 value is specified. * While dataSource only 4965 allows local objects, dataSourceRef allows 4966 objects in any namespaces. (Beta) Using 4967 this field requires the AnyVolumeDataSource 4968 feature gate to be enabled. (Alpha) Using 4969 the namespace field of dataSourceRef requires 4970 the CrossNamespaceVolumeDataSource feature 4971 gate to be enabled.' 4972 properties: 4973 apiGroup: 4974 description: APIGroup is the group for the 4975 resource being referenced. If APIGroup 4976 is not specified, the specified Kind must 4977 be in the core API group. For any other 4978 third-party types, APIGroup is required. 4979 type: string 4980 kind: 4981 description: Kind is the type of resource 4982 being referenced 4983 type: string 4984 name: 4985 description: Name is the name of resource 4986 being referenced 4987 type: string 4988 namespace: 4989 description: Namespace is the namespace 4990 of resource being referenced Note that 4991 when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant 4992 object is required in the referent namespace 4993 to allow that namespace's owner to accept 4994 the reference. See the ReferenceGrant 4995 documentation for details. (Alpha) This 4996 field requires the CrossNamespaceVolumeDataSource 4997 feature gate to be enabled. 4998 type: string 4999 required: 5000 - kind 5001 - name 5002 type: object 5003 resources: 5004 description: 'resources represents the minimum 5005 resources the volume should have. If RecoverVolumeExpansionFailure 5006 feature is enabled users are allowed to specify 5007 resource requirements that are lower than 5008 previous value but must still be higher than 5009 capacity recorded in the status field of the 5010 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 5011 properties: 5012 claims: 5013 description: "Claims lists the names of 5014 resources, defined in spec.resourceClaims, 5015 that are used by this container. \n This 5016 is an alpha field and requires enabling 5017 the DynamicResourceAllocation feature 5018 gate. \n This field is immutable. It can 5019 only be set for containers." 5020 items: 5021 description: ResourceClaim references 5022 one entry in PodSpec.ResourceClaims. 5023 properties: 5024 name: 5025 description: Name must match the name 5026 of one entry in pod.spec.resourceClaims 5027 of the Pod where this field is used. 5028 It makes that resource available 5029 inside a container. 5030 type: string 5031 required: 5032 - name 5033 type: object 5034 type: array 5035 x-kubernetes-list-map-keys: 5036 - name 5037 x-kubernetes-list-type: map 5038 limits: 5039 additionalProperties: 5040 anyOf: 5041 - type: integer 5042 - type: string 5043 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5044 x-kubernetes-int-or-string: true 5045 description: 'Limits describes the maximum 5046 amount of compute resources allowed. More 5047 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5048 type: object 5049 requests: 5050 additionalProperties: 5051 anyOf: 5052 - type: integer 5053 - type: string 5054 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5055 x-kubernetes-int-or-string: true 5056 description: 'Requests describes the minimum 5057 amount of compute resources required. 5058 If Requests is omitted for a container, 5059 it defaults to Limits if that is explicitly 5060 specified, otherwise to an implementation-defined 5061 value. Requests cannot exceed Limits. 5062 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5063 type: object 5064 type: object 5065 selector: 5066 description: selector is a label query over 5067 volumes to consider for binding. 5068 properties: 5069 matchExpressions: 5070 description: matchExpressions is a list 5071 of label selector requirements. The requirements 5072 are ANDed. 5073 items: 5074 description: A label selector requirement 5075 is a selector that contains values, 5076 a key, and an operator that relates 5077 the key and values. 5078 properties: 5079 key: 5080 description: key is the label key 5081 that the selector applies to. 5082 type: string 5083 operator: 5084 description: operator represents a 5085 key's relationship to a set of values. 5086 Valid operators are In, NotIn, Exists 5087 and DoesNotExist. 5088 type: string 5089 values: 5090 description: values is an array of 5091 string values. If the operator is 5092 In or NotIn, the values array must 5093 be non-empty. If the operator is 5094 Exists or DoesNotExist, the values 5095 array must be empty. This array 5096 is replaced during a strategic merge 5097 patch. 5098 items: 5099 type: string 5100 type: array 5101 required: 5102 - key 5103 - operator 5104 type: object 5105 type: array 5106 matchLabels: 5107 additionalProperties: 5108 type: string 5109 description: matchLabels is a map of {key,value} 5110 pairs. A single {key,value} in the matchLabels 5111 map is equivalent to an element of matchExpressions, 5112 whose key field is "key", the operator 5113 is "In", and the values array contains 5114 only "value". The requirements are ANDed. 5115 type: object 5116 type: object 5117 storageClassName: 5118 description: 'storageClassName is the name of 5119 the StorageClass required by the claim. More 5120 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 5121 type: string 5122 volumeMode: 5123 description: volumeMode defines what type of 5124 volume is required by the claim. Value of 5125 Filesystem is implied when not included in 5126 claim spec. 5127 type: string 5128 volumeName: 5129 description: volumeName is the binding reference 5130 to the PersistentVolume backing this claim. 5131 type: string 5132 type: object 5133 required: 5134 - spec 5135 type: object 5136 type: object 5137 fc: 5138 description: fc represents a Fibre Channel resource that 5139 is attached to a kubelet's host machine and then exposed 5140 to the pod. 5141 properties: 5142 fsType: 5143 description: 'fsType is the filesystem type to mount. 5144 Must be a filesystem type supported by the host operating 5145 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 5146 to be "ext4" if unspecified. TODO: how do we prevent 5147 errors in the filesystem from compromising the machine' 5148 type: string 5149 lun: 5150 description: 'lun is Optional: FC target lun number' 5151 format: int32 5152 type: integer 5153 readOnly: 5154 description: 'readOnly is Optional: Defaults to false 5155 (read/write). ReadOnly here will force the ReadOnly 5156 setting in VolumeMounts.' 5157 type: boolean 5158 targetWWNs: 5159 description: 'targetWWNs is Optional: FC target worldwide 5160 names (WWNs)' 5161 items: 5162 type: string 5163 type: array 5164 wwids: 5165 description: 'wwids Optional: FC volume world wide identifiers 5166 (wwids) Either wwids or combination of targetWWNs 5167 and lun must be set, but not both simultaneously.' 5168 items: 5169 type: string 5170 type: array 5171 type: object 5172 flexVolume: 5173 description: flexVolume represents a generic volume resource 5174 that is provisioned/attached using an exec based plugin. 5175 properties: 5176 driver: 5177 description: driver is the name of the driver to use 5178 for this volume. 5179 type: string 5180 fsType: 5181 description: fsType is the filesystem type to mount. 5182 Must be a filesystem type supported by the host operating 5183 system. Ex. "ext4", "xfs", "ntfs". The default filesystem 5184 depends on FlexVolume script. 5185 type: string 5186 options: 5187 additionalProperties: 5188 type: string 5189 description: 'options is Optional: this field holds 5190 extra command options if any.' 5191 type: object 5192 readOnly: 5193 description: 'readOnly is Optional: defaults to false 5194 (read/write). ReadOnly here will force the ReadOnly 5195 setting in VolumeMounts.' 5196 type: boolean 5197 secretRef: 5198 description: 'secretRef is Optional: secretRef is reference 5199 to the secret object containing sensitive information 5200 to pass to the plugin scripts. This may be empty if 5201 no secret object is specified. If the secret object 5202 contains more than one secret, all secrets are passed 5203 to the plugin scripts.' 5204 properties: 5205 name: 5206 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5207 TODO: Add other useful fields. apiVersion, kind, 5208 uid?' 5209 type: string 5210 type: object 5211 required: 5212 - driver 5213 type: object 5214 flocker: 5215 description: flocker represents a Flocker volume attached 5216 to a kubelet's host machine. This depends on the Flocker 5217 control service being running 5218 properties: 5219 datasetName: 5220 description: datasetName is Name of the dataset stored 5221 as metadata -> name on the dataset for Flocker should 5222 be considered as deprecated 5223 type: string 5224 datasetUUID: 5225 description: datasetUUID is the UUID of the dataset. 5226 This is unique identifier of a Flocker dataset 5227 type: string 5228 type: object 5229 gcePersistentDisk: 5230 description: 'gcePersistentDisk represents a GCE Disk resource 5231 that is attached to a kubelet''s host machine and then 5232 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 5233 properties: 5234 fsType: 5235 description: 'fsType is filesystem type of the volume 5236 that you want to mount. Tip: Ensure that the filesystem 5237 type is supported by the host operating system. Examples: 5238 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 5239 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 5240 TODO: how do we prevent errors in the filesystem from 5241 compromising the machine' 5242 type: string 5243 partition: 5244 description: 'partition is the partition in the volume 5245 that you want to mount. If omitted, the default is 5246 to mount by volume name. Examples: For volume /dev/sda1, 5247 you specify the partition as "1". Similarly, the volume 5248 partition for /dev/sda is "0" (or you can leave the 5249 property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 5250 format: int32 5251 type: integer 5252 pdName: 5253 description: 'pdName is unique name of the PD resource 5254 in GCE. Used to identify the disk in GCE. More info: 5255 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 5256 type: string 5257 readOnly: 5258 description: 'readOnly here will force the ReadOnly 5259 setting in VolumeMounts. Defaults to false. More info: 5260 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 5261 type: boolean 5262 required: 5263 - pdName 5264 type: object 5265 gitRepo: 5266 description: 'gitRepo represents a git repository at a particular 5267 revision. DEPRECATED: GitRepo is deprecated. To provision 5268 a container with a git repo, mount an EmptyDir into an 5269 InitContainer that clones the repo using git, then mount 5270 the EmptyDir into the Pod''s container.' 5271 properties: 5272 directory: 5273 description: directory is the target directory name. 5274 Must not contain or start with '..'. If '.' is supplied, 5275 the volume directory will be the git repository. Otherwise, 5276 if specified, the volume will contain the git repository 5277 in the subdirectory with the given name. 5278 type: string 5279 repository: 5280 description: repository is the URL 5281 type: string 5282 revision: 5283 description: revision is the commit hash for the specified 5284 revision. 5285 type: string 5286 required: 5287 - repository 5288 type: object 5289 glusterfs: 5290 description: 'glusterfs represents a Glusterfs mount on 5291 the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 5292 properties: 5293 endpoints: 5294 description: 'endpoints is the endpoint name that details 5295 Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 5296 type: string 5297 path: 5298 description: 'path is the Glusterfs volume path. More 5299 info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 5300 type: string 5301 readOnly: 5302 description: 'readOnly here will force the Glusterfs 5303 volume to be mounted with read-only permissions. Defaults 5304 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 5305 type: boolean 5306 required: 5307 - endpoints 5308 - path 5309 type: object 5310 hostPath: 5311 description: 'hostPath represents a pre-existing file or 5312 directory on the host machine that is directly exposed 5313 to the container. This is generally used for system agents 5314 or other privileged things that are allowed to see the 5315 host machine. Most containers will NOT need this. More 5316 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 5317 --- TODO(jonesdl) We need to restrict who can use host 5318 directory mounts and who can/can not mount host directories 5319 as read/write.' 5320 properties: 5321 path: 5322 description: 'path of the directory on the host. If 5323 the path is a symlink, it will follow the link to 5324 the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 5325 type: string 5326 type: 5327 description: 'type for HostPath Volume Defaults to "" 5328 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 5329 type: string 5330 required: 5331 - path 5332 type: object 5333 iscsi: 5334 description: 'iscsi represents an ISCSI Disk resource that 5335 is attached to a kubelet''s host machine and then exposed 5336 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 5337 properties: 5338 chapAuthDiscovery: 5339 description: chapAuthDiscovery defines whether support 5340 iSCSI Discovery CHAP authentication 5341 type: boolean 5342 chapAuthSession: 5343 description: chapAuthSession defines whether support 5344 iSCSI Session CHAP authentication 5345 type: boolean 5346 fsType: 5347 description: 'fsType is the filesystem type of the volume 5348 that you want to mount. Tip: Ensure that the filesystem 5349 type is supported by the host operating system. Examples: 5350 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 5351 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 5352 TODO: how do we prevent errors in the filesystem from 5353 compromising the machine' 5354 type: string 5355 initiatorName: 5356 description: initiatorName is the custom iSCSI Initiator 5357 Name. If initiatorName is specified with iscsiInterface 5358 simultaneously, new iSCSI interface <target portal>:<volume 5359 name> will be created for the connection. 5360 type: string 5361 iqn: 5362 description: iqn is the target iSCSI Qualified Name. 5363 type: string 5364 iscsiInterface: 5365 description: iscsiInterface is the interface Name that 5366 uses an iSCSI transport. Defaults to 'default' (tcp). 5367 type: string 5368 lun: 5369 description: lun represents iSCSI Target Lun number. 5370 format: int32 5371 type: integer 5372 portals: 5373 description: portals is the iSCSI Target Portal List. 5374 The portal is either an IP or ip_addr:port if the 5375 port is other than default (typically TCP ports 860 5376 and 3260). 5377 items: 5378 type: string 5379 type: array 5380 readOnly: 5381 description: readOnly here will force the ReadOnly setting 5382 in VolumeMounts. Defaults to false. 5383 type: boolean 5384 secretRef: 5385 description: secretRef is the CHAP Secret for iSCSI 5386 target and initiator authentication 5387 properties: 5388 name: 5389 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5390 TODO: Add other useful fields. apiVersion, kind, 5391 uid?' 5392 type: string 5393 type: object 5394 targetPortal: 5395 description: targetPortal is iSCSI Target Portal. The 5396 Portal is either an IP or ip_addr:port if the port 5397 is other than default (typically TCP ports 860 and 5398 3260). 5399 type: string 5400 required: 5401 - iqn 5402 - lun 5403 - targetPortal 5404 type: object 5405 name: 5406 description: 'name of the volume. Must be a DNS_LABEL and 5407 unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 5408 type: string 5409 nfs: 5410 description: 'nfs represents an NFS mount on the host that 5411 shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 5412 properties: 5413 path: 5414 description: 'path that is exported by the NFS server. 5415 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 5416 type: string 5417 readOnly: 5418 description: 'readOnly here will force the NFS export 5419 to be mounted with read-only permissions. Defaults 5420 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 5421 type: boolean 5422 server: 5423 description: 'server is the hostname or IP address of 5424 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 5425 type: string 5426 required: 5427 - path 5428 - server 5429 type: object 5430 persistentVolumeClaim: 5431 description: 'persistentVolumeClaimVolumeSource represents 5432 a reference to a PersistentVolumeClaim in the same namespace. 5433 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 5434 properties: 5435 claimName: 5436 description: 'claimName is the name of a PersistentVolumeClaim 5437 in the same namespace as the pod using this volume. 5438 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 5439 type: string 5440 readOnly: 5441 description: readOnly Will force the ReadOnly setting 5442 in VolumeMounts. Default false. 5443 type: boolean 5444 required: 5445 - claimName 5446 type: object 5447 photonPersistentDisk: 5448 description: photonPersistentDisk represents a PhotonController 5449 persistent disk attached and mounted on kubelets host 5450 machine 5451 properties: 5452 fsType: 5453 description: fsType is the filesystem type to mount. 5454 Must be a filesystem type supported by the host operating 5455 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 5456 to be "ext4" if unspecified. 5457 type: string 5458 pdID: 5459 description: pdID is the ID that identifies Photon Controller 5460 persistent disk 5461 type: string 5462 required: 5463 - pdID 5464 type: object 5465 portworxVolume: 5466 description: portworxVolume represents a portworx volume 5467 attached and mounted on kubelets host machine 5468 properties: 5469 fsType: 5470 description: fSType represents the filesystem type to 5471 mount Must be a filesystem type supported by the host 5472 operating system. Ex. "ext4", "xfs". Implicitly inferred 5473 to be "ext4" if unspecified. 5474 type: string 5475 readOnly: 5476 description: readOnly defaults to false (read/write). 5477 ReadOnly here will force the ReadOnly setting in VolumeMounts. 5478 type: boolean 5479 volumeID: 5480 description: volumeID uniquely identifies a Portworx 5481 volume 5482 type: string 5483 required: 5484 - volumeID 5485 type: object 5486 projected: 5487 description: projected items for all in one resources secrets, 5488 configmaps, and downward API 5489 properties: 5490 defaultMode: 5491 description: defaultMode are the mode bits used to set 5492 permissions on created files by default. Must be an 5493 octal value between 0000 and 0777 or a decimal value 5494 between 0 and 511. YAML accepts both octal and decimal 5495 values, JSON requires decimal values for mode bits. 5496 Directories within the path are not affected by this 5497 setting. This might be in conflict with other options 5498 that affect the file mode, like fsGroup, and the result 5499 can be other mode bits set. 5500 format: int32 5501 type: integer 5502 sources: 5503 description: sources is the list of volume projections 5504 items: 5505 description: Projection that may be projected along 5506 with other supported volume types 5507 properties: 5508 configMap: 5509 description: configMap information about the configMap 5510 data to project 5511 properties: 5512 items: 5513 description: items if unspecified, each key-value 5514 pair in the Data field of the referenced 5515 ConfigMap will be projected into the volume 5516 as a file whose name is the key and content 5517 is the value. If specified, the listed keys 5518 will be projected into the specified paths, 5519 and unlisted keys will not be present. If 5520 a key is specified which is not present 5521 in the ConfigMap, the volume setup will 5522 error unless it is marked optional. Paths 5523 must be relative and may not contain the 5524 '..' path or start with '..'. 5525 items: 5526 description: Maps a string key to a path 5527 within a volume. 5528 properties: 5529 key: 5530 description: key is the key to project. 5531 type: string 5532 mode: 5533 description: 'mode is Optional: mode 5534 bits used to set permissions on this 5535 file. Must be an octal value between 5536 0000 and 0777 or a decimal value between 5537 0 and 511. YAML accepts both octal 5538 and decimal values, JSON requires 5539 decimal values for mode bits. If not 5540 specified, the volume defaultMode 5541 will be used. This might be in conflict 5542 with other options that affect the 5543 file mode, like fsGroup, and the result 5544 can be other mode bits set.' 5545 format: int32 5546 type: integer 5547 path: 5548 description: path is the relative path 5549 of the file to map the key to. May 5550 not be an absolute path. May not contain 5551 the path element '..'. May not start 5552 with the string '..'. 5553 type: string 5554 required: 5555 - key 5556 - path 5557 type: object 5558 type: array 5559 name: 5560 description: 'Name of the referent. More info: 5561 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5562 TODO: Add other useful fields. apiVersion, 5563 kind, uid?' 5564 type: string 5565 optional: 5566 description: optional specify whether the 5567 ConfigMap or its keys must be defined 5568 type: boolean 5569 type: object 5570 downwardAPI: 5571 description: downwardAPI information about the 5572 downwardAPI data to project 5573 properties: 5574 items: 5575 description: Items is a list of DownwardAPIVolume 5576 file 5577 items: 5578 description: DownwardAPIVolumeFile represents 5579 information to create the file containing 5580 the pod field 5581 properties: 5582 fieldRef: 5583 description: 'Required: Selects a field 5584 of the pod: only annotations, labels, 5585 name and namespace are supported.' 5586 properties: 5587 apiVersion: 5588 description: Version of the schema 5589 the FieldPath is written in terms 5590 of, defaults to "v1". 5591 type: string 5592 fieldPath: 5593 description: Path of the field to 5594 select in the specified API version. 5595 type: string 5596 required: 5597 - fieldPath 5598 type: object 5599 mode: 5600 description: 'Optional: mode bits used 5601 to set permissions on this file, must 5602 be an octal value between 0000 and 5603 0777 or a decimal value between 0 5604 and 511. YAML accepts both octal and 5605 decimal values, JSON requires decimal 5606 values for mode bits. If not specified, 5607 the volume defaultMode will be used. 5608 This might be in conflict with other 5609 options that affect the file mode, 5610 like fsGroup, and the result can be 5611 other mode bits set.' 5612 format: int32 5613 type: integer 5614 path: 5615 description: 'Required: Path is the 5616 relative path name of the file to 5617 be created. Must not be absolute or 5618 contain the ''..'' path. Must be utf-8 5619 encoded. The first item of the relative 5620 path must not start with ''..''' 5621 type: string 5622 resourceFieldRef: 5623 description: 'Selects a resource of 5624 the container: only resources limits 5625 and requests (limits.cpu, limits.memory, 5626 requests.cpu and requests.memory) 5627 are currently supported.' 5628 properties: 5629 containerName: 5630 description: 'Container name: required 5631 for volumes, optional for env 5632 vars' 5633 type: string 5634 divisor: 5635 anyOf: 5636 - type: integer 5637 - type: string 5638 description: Specifies the output 5639 format of the exposed resources, 5640 defaults to "1" 5641 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5642 x-kubernetes-int-or-string: true 5643 resource: 5644 description: 'Required: resource 5645 to select' 5646 type: string 5647 required: 5648 - resource 5649 type: object 5650 required: 5651 - path 5652 type: object 5653 type: array 5654 type: object 5655 secret: 5656 description: secret information about the secret 5657 data to project 5658 properties: 5659 items: 5660 description: items if unspecified, each key-value 5661 pair in the Data field of the referenced 5662 Secret will be projected into the volume 5663 as a file whose name is the key and content 5664 is the value. If specified, the listed keys 5665 will be projected into the specified paths, 5666 and unlisted keys will not be present. If 5667 a key is specified which is not present 5668 in the Secret, the volume setup will error 5669 unless it is marked optional. Paths must 5670 be relative and may not contain the '..' 5671 path or start with '..'. 5672 items: 5673 description: Maps a string key to a path 5674 within a volume. 5675 properties: 5676 key: 5677 description: key is the key to project. 5678 type: string 5679 mode: 5680 description: 'mode is Optional: mode 5681 bits used to set permissions on this 5682 file. Must be an octal value between 5683 0000 and 0777 or a decimal value between 5684 0 and 511. YAML accepts both octal 5685 and decimal values, JSON requires 5686 decimal values for mode bits. If not 5687 specified, the volume defaultMode 5688 will be used. This might be in conflict 5689 with other options that affect the 5690 file mode, like fsGroup, and the result 5691 can be other mode bits set.' 5692 format: int32 5693 type: integer 5694 path: 5695 description: path is the relative path 5696 of the file to map the key to. May 5697 not be an absolute path. May not contain 5698 the path element '..'. May not start 5699 with the string '..'. 5700 type: string 5701 required: 5702 - key 5703 - path 5704 type: object 5705 type: array 5706 name: 5707 description: 'Name of the referent. More info: 5708 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5709 TODO: Add other useful fields. apiVersion, 5710 kind, uid?' 5711 type: string 5712 optional: 5713 description: optional field specify whether 5714 the Secret or its key must be defined 5715 type: boolean 5716 type: object 5717 serviceAccountToken: 5718 description: serviceAccountToken is information 5719 about the serviceAccountToken data to project 5720 properties: 5721 audience: 5722 description: audience is the intended audience 5723 of the token. A recipient of a token must 5724 identify itself with an identifier specified 5725 in the audience of the token, and otherwise 5726 should reject the token. The audience defaults 5727 to the identifier of the apiserver. 5728 type: string 5729 expirationSeconds: 5730 description: expirationSeconds is the requested 5731 duration of validity of the service account 5732 token. As the token approaches expiration, 5733 the kubelet volume plugin will proactively 5734 rotate the service account token. The kubelet 5735 will start trying to rotate the token if 5736 the token is older than 80 percent of its 5737 time to live or if the token is older than 5738 24 hours.Defaults to 1 hour and must be 5739 at least 10 minutes. 5740 format: int64 5741 type: integer 5742 path: 5743 description: path is the path relative to 5744 the mount point of the file to project the 5745 token into. 5746 type: string 5747 required: 5748 - path 5749 type: object 5750 type: object 5751 type: array 5752 type: object 5753 quobyte: 5754 description: quobyte represents a Quobyte mount on the host 5755 that shares a pod's lifetime 5756 properties: 5757 group: 5758 description: group to map volume access to Default is 5759 no group 5760 type: string 5761 readOnly: 5762 description: readOnly here will force the Quobyte volume 5763 to be mounted with read-only permissions. Defaults 5764 to false. 5765 type: boolean 5766 registry: 5767 description: registry represents a single or multiple 5768 Quobyte Registry services specified as a string as 5769 host:port pair (multiple entries are separated with 5770 commas) which acts as the central registry for volumes 5771 type: string 5772 tenant: 5773 description: tenant owning the given Quobyte volume 5774 in the Backend Used with dynamically provisioned Quobyte 5775 volumes, value is set by the plugin 5776 type: string 5777 user: 5778 description: user to map volume access to Defaults to 5779 serivceaccount user 5780 type: string 5781 volume: 5782 description: volume is a string that references an already 5783 created Quobyte volume by name. 5784 type: string 5785 required: 5786 - registry 5787 - volume 5788 type: object 5789 rbd: 5790 description: 'rbd represents a Rados Block Device mount 5791 on the host that shares a pod''s lifetime. More info: 5792 https://examples.k8s.io/volumes/rbd/README.md' 5793 properties: 5794 fsType: 5795 description: 'fsType is the filesystem type of the volume 5796 that you want to mount. Tip: Ensure that the filesystem 5797 type is supported by the host operating system. Examples: 5798 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 5799 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 5800 TODO: how do we prevent errors in the filesystem from 5801 compromising the machine' 5802 type: string 5803 image: 5804 description: 'image is the rados image name. More info: 5805 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5806 type: string 5807 keyring: 5808 description: 'keyring is the path to key ring for RBDUser. 5809 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5810 type: string 5811 monitors: 5812 description: 'monitors is a collection of Ceph monitors. 5813 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5814 items: 5815 type: string 5816 type: array 5817 pool: 5818 description: 'pool is the rados pool name. Default is 5819 rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5820 type: string 5821 readOnly: 5822 description: 'readOnly here will force the ReadOnly 5823 setting in VolumeMounts. Defaults to false. More info: 5824 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5825 type: boolean 5826 secretRef: 5827 description: 'secretRef is name of the authentication 5828 secret for RBDUser. If provided overrides keyring. 5829 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5830 properties: 5831 name: 5832 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5833 TODO: Add other useful fields. apiVersion, kind, 5834 uid?' 5835 type: string 5836 type: object 5837 user: 5838 description: 'user is the rados user name. Default is 5839 admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5840 type: string 5841 required: 5842 - image 5843 - monitors 5844 type: object 5845 scaleIO: 5846 description: scaleIO represents a ScaleIO persistent volume 5847 attached and mounted on Kubernetes nodes. 5848 properties: 5849 fsType: 5850 description: fsType is the filesystem type to mount. 5851 Must be a filesystem type supported by the host operating 5852 system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 5853 type: string 5854 gateway: 5855 description: gateway is the host address of the ScaleIO 5856 API Gateway. 5857 type: string 5858 protectionDomain: 5859 description: protectionDomain is the name of the ScaleIO 5860 Protection Domain for the configured storage. 5861 type: string 5862 readOnly: 5863 description: readOnly Defaults to false (read/write). 5864 ReadOnly here will force the ReadOnly setting in VolumeMounts. 5865 type: boolean 5866 secretRef: 5867 description: secretRef references to the secret for 5868 ScaleIO user and other sensitive information. If this 5869 is not provided, Login operation will fail. 5870 properties: 5871 name: 5872 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5873 TODO: Add other useful fields. apiVersion, kind, 5874 uid?' 5875 type: string 5876 type: object 5877 sslEnabled: 5878 description: sslEnabled Flag enable/disable SSL communication 5879 with Gateway, default false 5880 type: boolean 5881 storageMode: 5882 description: storageMode indicates whether the storage 5883 for a volume should be ThickProvisioned or ThinProvisioned. 5884 Default is ThinProvisioned. 5885 type: string 5886 storagePool: 5887 description: storagePool is the ScaleIO Storage Pool 5888 associated with the protection domain. 5889 type: string 5890 system: 5891 description: system is the name of the storage system 5892 as configured in ScaleIO. 5893 type: string 5894 volumeName: 5895 description: volumeName is the name of a volume already 5896 created in the ScaleIO system that is associated with 5897 this volume source. 5898 type: string 5899 required: 5900 - gateway 5901 - secretRef 5902 - system 5903 type: object 5904 secret: 5905 description: 'secret represents a secret that should populate 5906 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 5907 properties: 5908 defaultMode: 5909 description: 'defaultMode is Optional: mode bits used 5910 to set permissions on created files by default. Must 5911 be an octal value between 0000 and 0777 or a decimal 5912 value between 0 and 511. YAML accepts both octal and 5913 decimal values, JSON requires decimal values for mode 5914 bits. Defaults to 0644. Directories within the path 5915 are not affected by this setting. This might be in 5916 conflict with other options that affect the file mode, 5917 like fsGroup, and the result can be other mode bits 5918 set.' 5919 format: int32 5920 type: integer 5921 items: 5922 description: items If unspecified, each key-value pair 5923 in the Data field of the referenced Secret will be 5924 projected into the volume as a file whose name is 5925 the key and content is the value. If specified, the 5926 listed keys will be projected into the specified paths, 5927 and unlisted keys will not be present. If a key is 5928 specified which is not present in the Secret, the 5929 volume setup will error unless it is marked optional. 5930 Paths must be relative and may not contain the '..' 5931 path or start with '..'. 5932 items: 5933 description: Maps a string key to a path within a 5934 volume. 5935 properties: 5936 key: 5937 description: key is the key to project. 5938 type: string 5939 mode: 5940 description: 'mode is Optional: mode bits used 5941 to set permissions on this file. Must be an 5942 octal value between 0000 and 0777 or a decimal 5943 value between 0 and 511. YAML accepts both octal 5944 and decimal values, JSON requires decimal values 5945 for mode bits. If not specified, the volume 5946 defaultMode will be used. This might be in conflict 5947 with other options that affect the file mode, 5948 like fsGroup, and the result can be other mode 5949 bits set.' 5950 format: int32 5951 type: integer 5952 path: 5953 description: path is the relative path of the 5954 file to map the key to. May not be an absolute 5955 path. May not contain the path element '..'. 5956 May not start with the string '..'. 5957 type: string 5958 required: 5959 - key 5960 - path 5961 type: object 5962 type: array 5963 optional: 5964 description: optional field specify whether the Secret 5965 or its keys must be defined 5966 type: boolean 5967 secretName: 5968 description: 'secretName is the name of the secret in 5969 the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 5970 type: string 5971 type: object 5972 storageos: 5973 description: storageOS represents a StorageOS volume attached 5974 and mounted on Kubernetes nodes. 5975 properties: 5976 fsType: 5977 description: fsType is the filesystem type to mount. 5978 Must be a filesystem type supported by the host operating 5979 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 5980 to be "ext4" if unspecified. 5981 type: string 5982 readOnly: 5983 description: readOnly defaults to false (read/write). 5984 ReadOnly here will force the ReadOnly setting in VolumeMounts. 5985 type: boolean 5986 secretRef: 5987 description: secretRef specifies the secret to use for 5988 obtaining the StorageOS API credentials. If not specified, 5989 default values will be attempted. 5990 properties: 5991 name: 5992 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5993 TODO: Add other useful fields. apiVersion, kind, 5994 uid?' 5995 type: string 5996 type: object 5997 volumeName: 5998 description: volumeName is the human-readable name of 5999 the StorageOS volume. Volume names are only unique 6000 within a namespace. 6001 type: string 6002 volumeNamespace: 6003 description: volumeNamespace specifies the scope of 6004 the volume within StorageOS. If no namespace is specified 6005 then the Pod's namespace will be used. This allows 6006 the Kubernetes name scoping to be mirrored within 6007 StorageOS for tighter integration. Set VolumeName 6008 to any name to override the default behaviour. Set 6009 to "default" if you are not using namespaces within 6010 StorageOS. Namespaces that do not pre-exist within 6011 StorageOS will be created. 6012 type: string 6013 type: object 6014 vsphereVolume: 6015 description: vsphereVolume represents a vSphere volume attached 6016 and mounted on kubelets host machine 6017 properties: 6018 fsType: 6019 description: fsType is filesystem type to mount. Must 6020 be a filesystem type supported by the host operating 6021 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 6022 to be "ext4" if unspecified. 6023 type: string 6024 storagePolicyID: 6025 description: storagePolicyID is the storage Policy Based 6026 Management (SPBM) profile ID associated with the StoragePolicyName. 6027 type: string 6028 storagePolicyName: 6029 description: storagePolicyName is the storage Policy 6030 Based Management (SPBM) profile name. 6031 type: string 6032 volumePath: 6033 description: volumePath is the path that identifies 6034 vSphere volume vmdk 6035 type: string 6036 required: 6037 - volumePath 6038 type: object 6039 required: 6040 - name 6041 type: object 6042 type: array 6043 type: object 6044 repositoryCredentials: 6045 description: RepositoryCredentials are the Git pull credentials to 6046 configure Argo CD with upon creation of the cluster. 6047 type: string 6048 resourceActions: 6049 description: ResourceActions customizes resource action behavior. 6050 items: 6051 description: Resource Customization for custom action 6052 properties: 6053 action: 6054 type: string 6055 group: 6056 type: string 6057 kind: 6058 type: string 6059 type: object 6060 type: array 6061 resourceCustomizations: 6062 description: 'Deprecated field. Support dropped in v1beta1 version. 6063 ResourceCustomizations customizes resource behavior. Keys are in 6064 the form: group/Kind. Please note that this is being deprecated 6065 in favor of ResourceHealthChecks, ResourceIgnoreDifferences, and 6066 ResourceActions.' 6067 type: string 6068 resourceExclusions: 6069 description: ResourceExclusions is used to completely ignore entire 6070 classes of resource group/kinds. 6071 type: string 6072 resourceHealthChecks: 6073 description: ResourceHealthChecks customizes resource health check 6074 behavior. 6075 items: 6076 description: Resource Customization for custom health check 6077 properties: 6078 check: 6079 type: string 6080 group: 6081 type: string 6082 kind: 6083 type: string 6084 type: object 6085 type: array 6086 resourceIgnoreDifferences: 6087 description: ResourceIgnoreDifferences customizes resource ignore 6088 difference behavior. 6089 properties: 6090 all: 6091 properties: 6092 jqPathExpressions: 6093 items: 6094 type: string 6095 type: array 6096 jsonPointers: 6097 items: 6098 type: string 6099 type: array 6100 managedFieldsManagers: 6101 items: 6102 type: string 6103 type: array 6104 type: object 6105 resourceIdentifiers: 6106 items: 6107 description: Resource Customization fields for ignore difference 6108 properties: 6109 customization: 6110 properties: 6111 jqPathExpressions: 6112 items: 6113 type: string 6114 type: array 6115 jsonPointers: 6116 items: 6117 type: string 6118 type: array 6119 managedFieldsManagers: 6120 items: 6121 type: string 6122 type: array 6123 type: object 6124 group: 6125 type: string 6126 kind: 6127 type: string 6128 type: object 6129 type: array 6130 type: object 6131 resourceInclusions: 6132 description: ResourceInclusions is used to only include specific group/kinds 6133 in the reconciliation process. 6134 type: string 6135 resourceTrackingMethod: 6136 description: ResourceTrackingMethod defines how Argo CD should track 6137 resources that it manages 6138 type: string 6139 server: 6140 description: Server defines the options for the ArgoCD Server component. 6141 properties: 6142 autoscale: 6143 description: Autoscale defines the autoscale options for the Argo 6144 CD Server component. 6145 properties: 6146 enabled: 6147 description: Enabled will toggle autoscaling support for the 6148 Argo CD Server component. 6149 type: boolean 6150 hpa: 6151 description: HPA defines the HorizontalPodAutoscaler options 6152 for the Argo CD Server component. 6153 properties: 6154 maxReplicas: 6155 description: maxReplicas is the upper limit for the number 6156 of pods that can be set by the autoscaler; cannot be 6157 smaller than MinReplicas. 6158 format: int32 6159 type: integer 6160 minReplicas: 6161 description: minReplicas is the lower limit for the number 6162 of replicas to which the autoscaler can scale down. It 6163 defaults to 1 pod. minReplicas is allowed to be 0 if 6164 the alpha feature gate HPAScaleToZero is enabled and 6165 at least one Object or External metric is configured. Scaling 6166 is active as long as at least one metric value is available. 6167 format: int32 6168 type: integer 6169 scaleTargetRef: 6170 description: reference to scaled resource; horizontal 6171 pod autoscaler will learn the current resource consumption 6172 and will set the desired number of pods by using its 6173 Scale subresource. 6174 properties: 6175 apiVersion: 6176 description: apiVersion is the API version of the 6177 referent 6178 type: string 6179 kind: 6180 description: 'kind is the kind of the referent; More 6181 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 6182 type: string 6183 name: 6184 description: 'name is the name of the referent; More 6185 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 6186 type: string 6187 required: 6188 - kind 6189 - name 6190 type: object 6191 targetCPUUtilizationPercentage: 6192 description: targetCPUUtilizationPercentage is the target 6193 average CPU utilization (represented as a percentage 6194 of requested CPU) over all the pods; if not specified 6195 the default autoscaling policy will be used. 6196 format: int32 6197 type: integer 6198 required: 6199 - maxReplicas 6200 - scaleTargetRef 6201 type: object 6202 required: 6203 - enabled 6204 type: object 6205 env: 6206 description: Env lets you specify environment for API server pods 6207 items: 6208 description: EnvVar represents an environment variable present 6209 in a Container. 6210 properties: 6211 name: 6212 description: Name of the environment variable. Must be a 6213 C_IDENTIFIER. 6214 type: string 6215 value: 6216 description: 'Variable references $(VAR_NAME) are expanded 6217 using the previously defined environment variables in 6218 the container and any service environment variables. If 6219 a variable cannot be resolved, the reference in the input 6220 string will be unchanged. Double $$ are reduced to a single 6221 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 6222 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 6223 Escaped references will never be expanded, regardless 6224 of whether the variable exists or not. Defaults to "".' 6225 type: string 6226 valueFrom: 6227 description: Source for the environment variable's value. 6228 Cannot be used if value is not empty. 6229 properties: 6230 configMapKeyRef: 6231 description: Selects a key of a ConfigMap. 6232 properties: 6233 key: 6234 description: The key to select. 6235 type: string 6236 name: 6237 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6238 TODO: Add other useful fields. apiVersion, kind, 6239 uid?' 6240 type: string 6241 optional: 6242 description: Specify whether the ConfigMap or its 6243 key must be defined 6244 type: boolean 6245 required: 6246 - key 6247 type: object 6248 fieldRef: 6249 description: 'Selects a field of the pod: supports metadata.name, 6250 metadata.namespace, `metadata.labels[''<KEY>'']`, 6251 `metadata.annotations[''<KEY>'']`, spec.nodeName, 6252 spec.serviceAccountName, status.hostIP, status.podIP, 6253 status.podIPs.' 6254 properties: 6255 apiVersion: 6256 description: Version of the schema the FieldPath 6257 is written in terms of, defaults to "v1". 6258 type: string 6259 fieldPath: 6260 description: Path of the field to select in the 6261 specified API version. 6262 type: string 6263 required: 6264 - fieldPath 6265 type: object 6266 resourceFieldRef: 6267 description: 'Selects a resource of the container: only 6268 resources limits and requests (limits.cpu, limits.memory, 6269 limits.ephemeral-storage, requests.cpu, requests.memory 6270 and requests.ephemeral-storage) are currently supported.' 6271 properties: 6272 containerName: 6273 description: 'Container name: required for volumes, 6274 optional for env vars' 6275 type: string 6276 divisor: 6277 anyOf: 6278 - type: integer 6279 - type: string 6280 description: Specifies the output format of the 6281 exposed resources, defaults to "1" 6282 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6283 x-kubernetes-int-or-string: true 6284 resource: 6285 description: 'Required: resource to select' 6286 type: string 6287 required: 6288 - resource 6289 type: object 6290 secretKeyRef: 6291 description: Selects a key of a secret in the pod's 6292 namespace 6293 properties: 6294 key: 6295 description: The key of the secret to select from. Must 6296 be a valid secret key. 6297 type: string 6298 name: 6299 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6300 TODO: Add other useful fields. apiVersion, kind, 6301 uid?' 6302 type: string 6303 optional: 6304 description: Specify whether the Secret or its key 6305 must be defined 6306 type: boolean 6307 required: 6308 - key 6309 type: object 6310 type: object 6311 required: 6312 - name 6313 type: object 6314 type: array 6315 extraCommandArgs: 6316 description: Extra Command arguments that would append to the 6317 Argo CD server command. ExtraCommandArgs will not be added, 6318 if one of these commands is already part of the server command 6319 with same or different value. 6320 items: 6321 type: string 6322 type: array 6323 grpc: 6324 description: GRPC defines the state for the Argo CD Server GRPC 6325 options. 6326 properties: 6327 host: 6328 description: Host is the hostname to use for Ingress/Route 6329 resources. 6330 type: string 6331 ingress: 6332 description: Ingress defines the desired state for the Argo 6333 CD Server GRPC Ingress. 6334 properties: 6335 annotations: 6336 additionalProperties: 6337 type: string 6338 description: Annotations is the map of annotations to 6339 apply to the Ingress. 6340 type: object 6341 enabled: 6342 description: Enabled will toggle the creation of the Ingress. 6343 type: boolean 6344 ingressClassName: 6345 description: IngressClassName for the Ingress resource. 6346 type: string 6347 path: 6348 description: Path used for the Ingress resource. 6349 type: string 6350 tls: 6351 description: TLS configuration. Currently the Ingress 6352 only supports a single TLS port, 443. If multiple members 6353 of this list specify different hosts, they will be multiplexed 6354 on the same port according to the hostname specified 6355 through the SNI TLS extension, if the ingress controller 6356 fulfilling the ingress supports SNI. 6357 items: 6358 description: IngressTLS describes the transport layer 6359 security associated with an ingress. 6360 properties: 6361 hosts: 6362 description: hosts is a list of hosts included in 6363 the TLS certificate. The values in this list must 6364 match the name/s used in the tlsSecret. Defaults 6365 to the wildcard host setting for the loadbalancer 6366 controller fulfilling this Ingress, if left unspecified. 6367 items: 6368 type: string 6369 type: array 6370 x-kubernetes-list-type: atomic 6371 secretName: 6372 description: secretName is the name of the secret 6373 used to terminate TLS traffic on port 443. Field 6374 is left optional to allow TLS routing based on 6375 SNI hostname alone. If the SNI host in a listener 6376 conflicts with the "Host" header field used by 6377 an IngressRule, the SNI host is used for termination 6378 and value of the "Host" header is used for routing. 6379 type: string 6380 type: object 6381 type: array 6382 required: 6383 - enabled 6384 type: object 6385 type: object 6386 host: 6387 description: Host is the hostname to use for Ingress/Route resources. 6388 type: string 6389 ingress: 6390 description: Ingress defines the desired state for an Ingress 6391 for the Argo CD Server component. 6392 properties: 6393 annotations: 6394 additionalProperties: 6395 type: string 6396 description: Annotations is the map of annotations to apply 6397 to the Ingress. 6398 type: object 6399 enabled: 6400 description: Enabled will toggle the creation of the Ingress. 6401 type: boolean 6402 ingressClassName: 6403 description: IngressClassName for the Ingress resource. 6404 type: string 6405 path: 6406 description: Path used for the Ingress resource. 6407 type: string 6408 tls: 6409 description: TLS configuration. Currently the Ingress only 6410 supports a single TLS port, 443. If multiple members of 6411 this list specify different hosts, they will be multiplexed 6412 on the same port according to the hostname specified through 6413 the SNI TLS extension, if the ingress controller fulfilling 6414 the ingress supports SNI. 6415 items: 6416 description: IngressTLS describes the transport layer security 6417 associated with an ingress. 6418 properties: 6419 hosts: 6420 description: hosts is a list of hosts included in the 6421 TLS certificate. The values in this list must match 6422 the name/s used in the tlsSecret. Defaults to the 6423 wildcard host setting for the loadbalancer controller 6424 fulfilling this Ingress, if left unspecified. 6425 items: 6426 type: string 6427 type: array 6428 x-kubernetes-list-type: atomic 6429 secretName: 6430 description: secretName is the name of the secret used 6431 to terminate TLS traffic on port 443. Field is left 6432 optional to allow TLS routing based on SNI hostname 6433 alone. If the SNI host in a listener conflicts with 6434 the "Host" header field used by an IngressRule, the 6435 SNI host is used for termination and value of the 6436 "Host" header is used for routing. 6437 type: string 6438 type: object 6439 type: array 6440 required: 6441 - enabled 6442 type: object 6443 insecure: 6444 description: Insecure toggles the insecure flag. 6445 type: boolean 6446 logFormat: 6447 description: LogFormat refers to the log level to be used by the 6448 ArgoCD Server component. Defaults to ArgoCDDefaultLogFormat 6449 if not configured. Valid options are text or json. 6450 type: string 6451 logLevel: 6452 description: LogLevel refers to the log level to be used by the 6453 ArgoCD Server component. Defaults to ArgoCDDefaultLogLevel if 6454 not set. Valid options are debug, info, error, and warn. 6455 type: string 6456 replicas: 6457 description: Replicas defines the number of replicas for argocd-server. 6458 Default is nil. Value should be greater than or equal to 0. 6459 Value will be ignored if Autoscaler is enabled. 6460 format: int32 6461 type: integer 6462 resources: 6463 description: Resources defines the Compute Resources required 6464 by the container for the Argo CD server component. 6465 properties: 6466 claims: 6467 description: "Claims lists the names of resources, defined 6468 in spec.resourceClaims, that are used by this container. 6469 \n This is an alpha field and requires enabling the DynamicResourceAllocation 6470 feature gate. \n This field is immutable. It can only be 6471 set for containers." 6472 items: 6473 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 6474 properties: 6475 name: 6476 description: Name must match the name of one entry in 6477 pod.spec.resourceClaims of the Pod where this field 6478 is used. It makes that resource available inside a 6479 container. 6480 type: string 6481 required: 6482 - name 6483 type: object 6484 type: array 6485 x-kubernetes-list-map-keys: 6486 - name 6487 x-kubernetes-list-type: map 6488 limits: 6489 additionalProperties: 6490 anyOf: 6491 - type: integer 6492 - type: string 6493 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6494 x-kubernetes-int-or-string: true 6495 description: 'Limits describes the maximum amount of compute 6496 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6497 type: object 6498 requests: 6499 additionalProperties: 6500 anyOf: 6501 - type: integer 6502 - type: string 6503 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6504 x-kubernetes-int-or-string: true 6505 description: 'Requests describes the minimum amount of compute 6506 resources required. If Requests is omitted for a container, 6507 it defaults to Limits if that is explicitly specified, otherwise 6508 to an implementation-defined value. Requests cannot exceed 6509 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6510 type: object 6511 type: object 6512 route: 6513 description: Route defines the desired state for an OpenShift 6514 Route for the Argo CD Server component. 6515 properties: 6516 annotations: 6517 additionalProperties: 6518 type: string 6519 description: Annotations is the map of annotations to use 6520 for the Route resource. 6521 type: object 6522 enabled: 6523 description: Enabled will toggle the creation of the OpenShift 6524 Route. 6525 type: boolean 6526 labels: 6527 additionalProperties: 6528 type: string 6529 description: Labels is the map of labels to use for the Route 6530 resource 6531 type: object 6532 path: 6533 description: Path the router watches for, to route traffic 6534 for to the service. 6535 type: string 6536 tls: 6537 description: TLS provides the ability to configure certificates 6538 and termination for the Route. 6539 properties: 6540 caCertificate: 6541 description: caCertificate provides the cert authority 6542 certificate contents 6543 type: string 6544 certificate: 6545 description: certificate provides certificate contents 6546 type: string 6547 destinationCACertificate: 6548 description: destinationCACertificate provides the contents 6549 of the ca certificate of the final destination. When 6550 using reencrypt termination this file should be provided 6551 in order to have routers use it for health checks on 6552 the secure connection. If this field is not specified, 6553 the router may provide its own destination CA and perform 6554 hostname validation using the short service name (service.namespace.svc), 6555 which allows infrastructure generated certificates to 6556 automatically verify. 6557 type: string 6558 insecureEdgeTerminationPolicy: 6559 description: "insecureEdgeTerminationPolicy indicates 6560 the desired behavior for insecure connections to a route. 6561 While each router may make its own decisions on which 6562 ports to expose, this is normally port 80. \n * Allow 6563 - traffic is sent to the server on the insecure port 6564 (default) * Disable - no traffic is allowed on the insecure 6565 port. * Redirect - clients are redirected to the secure 6566 port." 6567 type: string 6568 key: 6569 description: key provides key file contents 6570 type: string 6571 termination: 6572 description: termination indicates termination type. 6573 type: string 6574 required: 6575 - termination 6576 type: object 6577 wildcardPolicy: 6578 description: WildcardPolicy if any for the route. Currently 6579 only 'Subdomain' or 'None' is allowed. 6580 type: string 6581 required: 6582 - enabled 6583 type: object 6584 service: 6585 description: Service defines the options for the Service backing 6586 the ArgoCD Server component. 6587 properties: 6588 type: 6589 description: Type is the ServiceType to use for the Service 6590 resource. 6591 type: string 6592 required: 6593 - type 6594 type: object 6595 type: object 6596 sourceNamespaces: 6597 description: SourceNamespaces defines the namespaces application resources 6598 are allowed to be created in 6599 items: 6600 type: string 6601 type: array 6602 sso: 6603 description: SSO defines the Single Sign-on configuration for Argo 6604 CD 6605 properties: 6606 dex: 6607 description: Dex contains the configuration for Argo CD dex authentication 6608 properties: 6609 config: 6610 description: Config is the dex connector configuration. 6611 type: string 6612 groups: 6613 description: Optional list of required groups a user must 6614 be a member of 6615 items: 6616 type: string 6617 type: array 6618 image: 6619 description: Image is the Dex container image. 6620 type: string 6621 openShiftOAuth: 6622 description: OpenShiftOAuth enables OpenShift OAuth authentication 6623 for the Dex server. 6624 type: boolean 6625 resources: 6626 description: Resources defines the Compute Resources required 6627 by the container for Dex. 6628 properties: 6629 claims: 6630 description: "Claims lists the names of resources, defined 6631 in spec.resourceClaims, that are used by this container. 6632 \n This is an alpha field and requires enabling the 6633 DynamicResourceAllocation feature gate. \n This field 6634 is immutable. It can only be set for containers." 6635 items: 6636 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 6637 properties: 6638 name: 6639 description: Name must match the name of one entry 6640 in pod.spec.resourceClaims of the Pod where this 6641 field is used. It makes that resource available 6642 inside a container. 6643 type: string 6644 required: 6645 - name 6646 type: object 6647 type: array 6648 x-kubernetes-list-map-keys: 6649 - name 6650 x-kubernetes-list-type: map 6651 limits: 6652 additionalProperties: 6653 anyOf: 6654 - type: integer 6655 - type: string 6656 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6657 x-kubernetes-int-or-string: true 6658 description: 'Limits describes the maximum amount of compute 6659 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6660 type: object 6661 requests: 6662 additionalProperties: 6663 anyOf: 6664 - type: integer 6665 - type: string 6666 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6667 x-kubernetes-int-or-string: true 6668 description: 'Requests describes the minimum amount of 6669 compute resources required. If Requests is omitted for 6670 a container, it defaults to Limits if that is explicitly 6671 specified, otherwise to an implementation-defined value. 6672 Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6673 type: object 6674 type: object 6675 version: 6676 description: Version is the Dex container image tag. 6677 type: string 6678 type: object 6679 image: 6680 description: Deprecated field. Support dropped in v1beta1 version. 6681 Image is the SSO container image. 6682 type: string 6683 keycloak: 6684 description: Keycloak contains the configuration for Argo CD keycloak 6685 authentication 6686 properties: 6687 image: 6688 description: Image is the Keycloak container image. 6689 type: string 6690 resources: 6691 description: Resources defines the Compute Resources required 6692 by the container for Keycloak. 6693 properties: 6694 claims: 6695 description: "Claims lists the names of resources, defined 6696 in spec.resourceClaims, that are used by this container. 6697 \n This is an alpha field and requires enabling the 6698 DynamicResourceAllocation feature gate. \n This field 6699 is immutable. It can only be set for containers." 6700 items: 6701 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 6702 properties: 6703 name: 6704 description: Name must match the name of one entry 6705 in pod.spec.resourceClaims of the Pod where this 6706 field is used. It makes that resource available 6707 inside a container. 6708 type: string 6709 required: 6710 - name 6711 type: object 6712 type: array 6713 x-kubernetes-list-map-keys: 6714 - name 6715 x-kubernetes-list-type: map 6716 limits: 6717 additionalProperties: 6718 anyOf: 6719 - type: integer 6720 - type: string 6721 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6722 x-kubernetes-int-or-string: true 6723 description: 'Limits describes the maximum amount of compute 6724 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6725 type: object 6726 requests: 6727 additionalProperties: 6728 anyOf: 6729 - type: integer 6730 - type: string 6731 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6732 x-kubernetes-int-or-string: true 6733 description: 'Requests describes the minimum amount of 6734 compute resources required. If Requests is omitted for 6735 a container, it defaults to Limits if that is explicitly 6736 specified, otherwise to an implementation-defined value. 6737 Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6738 type: object 6739 type: object 6740 rootCA: 6741 description: Custom root CA certificate for communicating 6742 with the Keycloak OIDC provider 6743 type: string 6744 verifyTLS: 6745 description: VerifyTLS set to false disables strict TLS validation. 6746 type: boolean 6747 version: 6748 description: Version is the Keycloak container image tag. 6749 type: string 6750 type: object 6751 provider: 6752 description: Provider installs and configures the given SSO Provider 6753 with Argo CD. 6754 type: string 6755 resources: 6756 description: Deprecated field. Support dropped in v1beta1 version. 6757 Resources defines the Compute Resources required by the container 6758 for SSO. 6759 properties: 6760 claims: 6761 description: "Claims lists the names of resources, defined 6762 in spec.resourceClaims, that are used by this container. 6763 \n This is an alpha field and requires enabling the DynamicResourceAllocation 6764 feature gate. \n This field is immutable. It can only be 6765 set for containers." 6766 items: 6767 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 6768 properties: 6769 name: 6770 description: Name must match the name of one entry in 6771 pod.spec.resourceClaims of the Pod where this field 6772 is used. It makes that resource available inside a 6773 container. 6774 type: string 6775 required: 6776 - name 6777 type: object 6778 type: array 6779 x-kubernetes-list-map-keys: 6780 - name 6781 x-kubernetes-list-type: map 6782 limits: 6783 additionalProperties: 6784 anyOf: 6785 - type: integer 6786 - type: string 6787 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6788 x-kubernetes-int-or-string: true 6789 description: 'Limits describes the maximum amount of compute 6790 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6791 type: object 6792 requests: 6793 additionalProperties: 6794 anyOf: 6795 - type: integer 6796 - type: string 6797 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6798 x-kubernetes-int-or-string: true 6799 description: 'Requests describes the minimum amount of compute 6800 resources required. If Requests is omitted for a container, 6801 it defaults to Limits if that is explicitly specified, otherwise 6802 to an implementation-defined value. Requests cannot exceed 6803 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6804 type: object 6805 type: object 6806 verifyTLS: 6807 description: Deprecated field. Support dropped in v1beta1 version. 6808 VerifyTLS set to false disables strict TLS validation. 6809 type: boolean 6810 version: 6811 description: Deprecated field. Support dropped in v1beta1 version. 6812 Version is the SSO container image tag. 6813 type: string 6814 type: object 6815 statusBadgeEnabled: 6816 description: StatusBadgeEnabled toggles application status badge feature. 6817 type: boolean 6818 tls: 6819 description: TLS defines the TLS options for ArgoCD. 6820 properties: 6821 ca: 6822 description: CA defines the CA options. 6823 properties: 6824 configMapName: 6825 description: ConfigMapName is the name of the ConfigMap containing 6826 the CA Certificate. 6827 type: string 6828 secretName: 6829 description: SecretName is the name of the Secret containing 6830 the CA Certificate and Key. 6831 type: string 6832 type: object 6833 initialCerts: 6834 additionalProperties: 6835 type: string 6836 description: InitialCerts defines custom TLS certificates upon 6837 creation of the cluster for connecting Git repositories via 6838 HTTPS. 6839 type: object 6840 type: object 6841 usersAnonymousEnabled: 6842 description: UsersAnonymousEnabled toggles anonymous user access. 6843 The anonymous users get default role permissions specified argocd-rbac-cm. 6844 type: boolean 6845 version: 6846 description: Version is the tag to use with the ArgoCD container image 6847 for all ArgoCD components. 6848 type: string 6849 type: object 6850 status: 6851 description: ArgoCDStatus defines the observed state of ArgoCD 6852 properties: 6853 applicationController: 6854 description: 'ApplicationController is a simple, high-level summary 6855 of where the Argo CD application controller component is in its 6856 lifecycle. There are four possible ApplicationController values: 6857 Pending: The Argo CD application controller component has been accepted 6858 by the Kubernetes system, but one or more of the required resources 6859 have not been created. Running: All of the required Pods for the 6860 Argo CD application controller component are in a Ready state. Failed: 6861 At least one of the Argo CD application controller component Pods 6862 had a failure. Unknown: The state of the Argo CD application controller 6863 component could not be obtained.' 6864 type: string 6865 applicationSetController: 6866 description: 'ApplicationSetController is a simple, high-level summary 6867 of where the Argo CD applicationSet controller component is in its 6868 lifecycle. There are four possible ApplicationSetController values: 6869 Pending: The Argo CD applicationSet controller component has been 6870 accepted by the Kubernetes system, but one or more of the required 6871 resources have not been created. Running: All of the required Pods 6872 for the Argo CD applicationSet controller component are in a Ready 6873 state. Failed: At least one of the Argo CD applicationSet controller 6874 component Pods had a failure. Unknown: The state of the Argo CD 6875 applicationSet controller component could not be obtained.' 6876 type: string 6877 host: 6878 description: Host is the hostname of the Ingress. 6879 type: string 6880 notificationsController: 6881 description: 'NotificationsController is a simple, high-level summary 6882 of where the Argo CD notifications controller component is in its 6883 lifecycle. There are four possible NotificationsController values: 6884 Pending: The Argo CD notifications controller component has been 6885 accepted by the Kubernetes system, but one or more of the required 6886 resources have not been created. Running: All of the required Pods 6887 for the Argo CD notifications controller component are in a Ready 6888 state. Failed: At least one of the Argo CD notifications controller 6889 component Pods had a failure. Unknown: The state of the Argo CD 6890 notifications controller component could not be obtained.' 6891 type: string 6892 phase: 6893 description: 'Phase is a simple, high-level summary of where the ArgoCD 6894 is in its lifecycle. There are four possible phase values: Pending: 6895 The ArgoCD has been accepted by the Kubernetes system, but one or 6896 more of the required resources have not been created. Available: 6897 All of the resources for the ArgoCD are ready. Failed: At least 6898 one resource has experienced a failure. Unknown: The state of the 6899 ArgoCD phase could not be obtained.' 6900 type: string 6901 redis: 6902 description: 'Redis is a simple, high-level summary of where the Argo 6903 CD Redis component is in its lifecycle. There are four possible 6904 redis values: Pending: The Argo CD Redis component has been accepted 6905 by the Kubernetes system, but one or more of the required resources 6906 have not been created. Running: All of the required Pods for the 6907 Argo CD Redis component are in a Ready state. Failed: At least one 6908 of the Argo CD Redis component Pods had a failure. Unknown: The 6909 state of the Argo CD Redis component could not be obtained.' 6910 type: string 6911 redisTLSChecksum: 6912 description: RedisTLSChecksum contains the SHA256 checksum of the 6913 latest known state of tls.crt and tls.key in the argocd-operator-redis-tls 6914 secret. 6915 type: string 6916 repo: 6917 description: 'Repo is a simple, high-level summary of where the Argo 6918 CD Repo component is in its lifecycle. There are four possible repo 6919 values: Pending: The Argo CD Repo component has been accepted by 6920 the Kubernetes system, but one or more of the required resources 6921 have not been created. Running: All of the required Pods for the 6922 Argo CD Repo component are in a Ready state. Failed: At least one 6923 of the Argo CD Repo component Pods had a failure. Unknown: The 6924 state of the Argo CD Repo component could not be obtained.' 6925 type: string 6926 repoTLSChecksum: 6927 description: RepoTLSChecksum contains the SHA256 checksum of the latest 6928 known state of tls.crt and tls.key in the argocd-repo-server-tls 6929 secret. 6930 type: string 6931 server: 6932 description: 'Server is a simple, high-level summary of where the 6933 Argo CD server component is in its lifecycle. There are four possible 6934 server values: Pending: The Argo CD server component has been accepted 6935 by the Kubernetes system, but one or more of the required resources 6936 have not been created. Running: All of the required Pods for the 6937 Argo CD server component are in a Ready state. Failed: At least 6938 one of the Argo CD server component Pods had a failure. Unknown: 6939 The state of the Argo CD server component could not be obtained.' 6940 type: string 6941 sso: 6942 description: 'SSO is a simple, high-level summary of where the Argo 6943 CD SSO(Dex/Keycloak) component is in its lifecycle. There are four 6944 possible sso values: Pending: The Argo CD SSO component has been 6945 accepted by the Kubernetes system, but one or more of the required 6946 resources have not been created. Running: All of the required Pods 6947 for the Argo CD SSO component are in a Ready state. Failed: At least 6948 one of the Argo CD SSO component Pods had a failure. Unknown: The 6949 state of the Argo CD SSO component could not be obtained.' 6950 type: string 6951 type: object 6952 type: object 6953 served: true 6954 storage: false 6955 subresources: 6956 status: {} 6957 - name: v1beta1 6958 schema: 6959 openAPIV3Schema: 6960 description: ArgoCD is the Schema for the argocds API 6961 properties: 6962 apiVersion: 6963 description: 'APIVersion defines the versioned schema of this representation 6964 of an object. Servers should convert recognized schemas to the latest 6965 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 6966 type: string 6967 kind: 6968 description: 'Kind is a string value representing the REST resource this 6969 object represents. Servers may infer this from the endpoint the client 6970 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 6971 type: string 6972 metadata: 6973 type: object 6974 spec: 6975 description: ArgoCDSpec defines the desired state of ArgoCD 6976 properties: 6977 applicationInstanceLabelKey: 6978 description: ApplicationInstanceLabelKey is the key name where Argo 6979 CD injects the app name as a tracking label. 6980 type: string 6981 applicationSet: 6982 description: ArgoCDApplicationSet defines whether the Argo CD ApplicationSet 6983 controller should be installed. 6984 properties: 6985 enabled: 6986 description: Enabled is the flag to enable the Application Set 6987 Controller during ArgoCD installation. (optional, default `true`) 6988 type: boolean 6989 env: 6990 description: Env lets you specify environment for applicationSet 6991 controller pods 6992 items: 6993 description: EnvVar represents an environment variable present 6994 in a Container. 6995 properties: 6996 name: 6997 description: Name of the environment variable. Must be a 6998 C_IDENTIFIER. 6999 type: string 7000 value: 7001 description: 'Variable references $(VAR_NAME) are expanded 7002 using the previously defined environment variables in 7003 the container and any service environment variables. If 7004 a variable cannot be resolved, the reference in the input 7005 string will be unchanged. Double $$ are reduced to a single 7006 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 7007 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 7008 Escaped references will never be expanded, regardless 7009 of whether the variable exists or not. Defaults to "".' 7010 type: string 7011 valueFrom: 7012 description: Source for the environment variable's value. 7013 Cannot be used if value is not empty. 7014 properties: 7015 configMapKeyRef: 7016 description: Selects a key of a ConfigMap. 7017 properties: 7018 key: 7019 description: The key to select. 7020 type: string 7021 name: 7022 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7023 TODO: Add other useful fields. apiVersion, kind, 7024 uid?' 7025 type: string 7026 optional: 7027 description: Specify whether the ConfigMap or its 7028 key must be defined 7029 type: boolean 7030 required: 7031 - key 7032 type: object 7033 fieldRef: 7034 description: 'Selects a field of the pod: supports metadata.name, 7035 metadata.namespace, `metadata.labels[''<KEY>'']`, 7036 `metadata.annotations[''<KEY>'']`, spec.nodeName, 7037 spec.serviceAccountName, status.hostIP, status.podIP, 7038 status.podIPs.' 7039 properties: 7040 apiVersion: 7041 description: Version of the schema the FieldPath 7042 is written in terms of, defaults to "v1". 7043 type: string 7044 fieldPath: 7045 description: Path of the field to select in the 7046 specified API version. 7047 type: string 7048 required: 7049 - fieldPath 7050 type: object 7051 resourceFieldRef: 7052 description: 'Selects a resource of the container: only 7053 resources limits and requests (limits.cpu, limits.memory, 7054 limits.ephemeral-storage, requests.cpu, requests.memory 7055 and requests.ephemeral-storage) are currently supported.' 7056 properties: 7057 containerName: 7058 description: 'Container name: required for volumes, 7059 optional for env vars' 7060 type: string 7061 divisor: 7062 anyOf: 7063 - type: integer 7064 - type: string 7065 description: Specifies the output format of the 7066 exposed resources, defaults to "1" 7067 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7068 x-kubernetes-int-or-string: true 7069 resource: 7070 description: 'Required: resource to select' 7071 type: string 7072 required: 7073 - resource 7074 type: object 7075 secretKeyRef: 7076 description: Selects a key of a secret in the pod's 7077 namespace 7078 properties: 7079 key: 7080 description: The key of the secret to select from. Must 7081 be a valid secret key. 7082 type: string 7083 name: 7084 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7085 TODO: Add other useful fields. apiVersion, kind, 7086 uid?' 7087 type: string 7088 optional: 7089 description: Specify whether the Secret or its key 7090 must be defined 7091 type: boolean 7092 required: 7093 - key 7094 type: object 7095 type: object 7096 required: 7097 - name 7098 type: object 7099 type: array 7100 extraCommandArgs: 7101 description: ExtraCommandArgs allows users to pass command line 7102 arguments to ApplicationSet controller. They get added to default 7103 command line arguments provided by the operator. Please note 7104 that the command line arguments provided as part of ExtraCommandArgs 7105 will not overwrite the default command line arguments. 7106 items: 7107 type: string 7108 type: array 7109 image: 7110 description: Image is the Argo CD ApplicationSet image (optional) 7111 type: string 7112 logLevel: 7113 description: LogLevel describes the log level that should be used 7114 by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel 7115 if not set. Valid options are debug,info, error, and warn. 7116 type: string 7117 resources: 7118 description: Resources defines the Compute Resources required 7119 by the container for ApplicationSet. 7120 properties: 7121 claims: 7122 description: "Claims lists the names of resources, defined 7123 in spec.resourceClaims, that are used by this container. 7124 \n This is an alpha field and requires enabling the DynamicResourceAllocation 7125 feature gate. \n This field is immutable. It can only be 7126 set for containers." 7127 items: 7128 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 7129 properties: 7130 name: 7131 description: Name must match the name of one entry in 7132 pod.spec.resourceClaims of the Pod where this field 7133 is used. It makes that resource available inside a 7134 container. 7135 type: string 7136 required: 7137 - name 7138 type: object 7139 type: array 7140 x-kubernetes-list-map-keys: 7141 - name 7142 x-kubernetes-list-type: map 7143 limits: 7144 additionalProperties: 7145 anyOf: 7146 - type: integer 7147 - type: string 7148 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7149 x-kubernetes-int-or-string: true 7150 description: 'Limits describes the maximum amount of compute 7151 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7152 type: object 7153 requests: 7154 additionalProperties: 7155 anyOf: 7156 - type: integer 7157 - type: string 7158 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7159 x-kubernetes-int-or-string: true 7160 description: 'Requests describes the minimum amount of compute 7161 resources required. If Requests is omitted for a container, 7162 it defaults to Limits if that is explicitly specified, otherwise 7163 to an implementation-defined value. Requests cannot exceed 7164 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7165 type: object 7166 type: object 7167 scmProviders: 7168 description: SCMProviders defines the list of allowed custom SCM 7169 provider API URLs 7170 items: 7171 type: string 7172 type: array 7173 scmRootCAConfigMap: 7174 description: SCMRootCAConfigMap is the name of the config map 7175 that stores the Gitlab SCM Provider's TLS certificate which 7176 will be mounted on the ApplicationSet Controller (optional). 7177 type: string 7178 sourceNamespaces: 7179 description: SourceNamespaces defines the namespaces applicationset 7180 resources are allowed to be created in 7181 items: 7182 type: string 7183 type: array 7184 version: 7185 description: Version is the Argo CD ApplicationSet image tag. 7186 (optional) 7187 type: string 7188 webhookServer: 7189 description: WebhookServerSpec defines the options for the ApplicationSet 7190 Webhook Server component. 7191 properties: 7192 host: 7193 description: Host is the hostname to use for Ingress/Route 7194 resources. 7195 type: string 7196 ingress: 7197 description: Ingress defines the desired state for an Ingress 7198 for the Application set webhook component. 7199 properties: 7200 annotations: 7201 additionalProperties: 7202 type: string 7203 description: Annotations is the map of annotations to 7204 apply to the Ingress. 7205 type: object 7206 enabled: 7207 description: Enabled will toggle the creation of the Ingress. 7208 type: boolean 7209 ingressClassName: 7210 description: IngressClassName for the Ingress resource. 7211 type: string 7212 path: 7213 description: Path used for the Ingress resource. 7214 type: string 7215 tls: 7216 description: TLS configuration. Currently the Ingress 7217 only supports a single TLS port, 443. If multiple members 7218 of this list specify different hosts, they will be multiplexed 7219 on the same port according to the hostname specified 7220 through the SNI TLS extension, if the ingress controller 7221 fulfilling the ingress supports SNI. 7222 items: 7223 description: IngressTLS describes the transport layer 7224 security associated with an ingress. 7225 properties: 7226 hosts: 7227 description: hosts is a list of hosts included in 7228 the TLS certificate. The values in this list must 7229 match the name/s used in the tlsSecret. Defaults 7230 to the wildcard host setting for the loadbalancer 7231 controller fulfilling this Ingress, if left unspecified. 7232 items: 7233 type: string 7234 type: array 7235 x-kubernetes-list-type: atomic 7236 secretName: 7237 description: secretName is the name of the secret 7238 used to terminate TLS traffic on port 443. Field 7239 is left optional to allow TLS routing based on 7240 SNI hostname alone. If the SNI host in a listener 7241 conflicts with the "Host" header field used by 7242 an IngressRule, the SNI host is used for termination 7243 and value of the "Host" header is used for routing. 7244 type: string 7245 type: object 7246 type: array 7247 required: 7248 - enabled 7249 type: object 7250 route: 7251 description: Route defines the desired state for an OpenShift 7252 Route for the Application set webhook component. 7253 properties: 7254 annotations: 7255 additionalProperties: 7256 type: string 7257 description: Annotations is the map of annotations to 7258 use for the Route resource. 7259 type: object 7260 enabled: 7261 description: Enabled will toggle the creation of the OpenShift 7262 Route. 7263 type: boolean 7264 labels: 7265 additionalProperties: 7266 type: string 7267 description: Labels is the map of labels to use for the 7268 Route resource 7269 type: object 7270 path: 7271 description: Path the router watches for, to route traffic 7272 for to the service. 7273 type: string 7274 tls: 7275 description: TLS provides the ability to configure certificates 7276 and termination for the Route. 7277 properties: 7278 caCertificate: 7279 description: caCertificate provides the cert authority 7280 certificate contents 7281 type: string 7282 certificate: 7283 description: certificate provides certificate contents 7284 type: string 7285 destinationCACertificate: 7286 description: destinationCACertificate provides the 7287 contents of the ca certificate of the final destination. When 7288 using reencrypt termination this file should be 7289 provided in order to have routers use it for health 7290 checks on the secure connection. If this field is 7291 not specified, the router may provide its own destination 7292 CA and perform hostname validation using the short 7293 service name (service.namespace.svc), which allows 7294 infrastructure generated certificates to automatically 7295 verify. 7296 type: string 7297 insecureEdgeTerminationPolicy: 7298 description: "insecureEdgeTerminationPolicy indicates 7299 the desired behavior for insecure connections to 7300 a route. While each router may make its own decisions 7301 on which ports to expose, this is normally port 7302 80. \n * Allow - traffic is sent to the server on 7303 the insecure port (default) * Disable - no traffic 7304 is allowed on the insecure port. * Redirect - clients 7305 are redirected to the secure port." 7306 type: string 7307 key: 7308 description: key provides key file contents 7309 type: string 7310 termination: 7311 description: termination indicates termination type. 7312 type: string 7313 required: 7314 - termination 7315 type: object 7316 wildcardPolicy: 7317 description: WildcardPolicy if any for the route. Currently 7318 only 'Subdomain' or 'None' is allowed. 7319 type: string 7320 required: 7321 - enabled 7322 type: object 7323 type: object 7324 type: object 7325 banner: 7326 description: Banner defines an additional banner to be displayed in 7327 Argo CD UI 7328 properties: 7329 content: 7330 description: Content defines the banner message content to display 7331 type: string 7332 url: 7333 description: URL defines an optional URL to be used as banner 7334 message link 7335 type: string 7336 required: 7337 - content 7338 type: object 7339 configManagementPlugins: 7340 description: ConfigManagementPlugins is used to specify additional 7341 config management plugins. 7342 type: string 7343 controller: 7344 description: Controller defines the Application Controller options 7345 for ArgoCD. 7346 properties: 7347 appSync: 7348 description: "AppSync is used to control the sync frequency, by 7349 default the ArgoCD controller polls Git every 3m. \n Set this 7350 to a duration, e.g. 10m or 600s to control the synchronisation 7351 frequency." 7352 type: string 7353 enabled: 7354 description: Enabled is the flag to enable the Application Controller 7355 during ArgoCD installation. (optional, default `true`) 7356 type: boolean 7357 env: 7358 description: Env lets you specify environment for application 7359 controller pods 7360 items: 7361 description: EnvVar represents an environment variable present 7362 in a Container. 7363 properties: 7364 name: 7365 description: Name of the environment variable. Must be a 7366 C_IDENTIFIER. 7367 type: string 7368 value: 7369 description: 'Variable references $(VAR_NAME) are expanded 7370 using the previously defined environment variables in 7371 the container and any service environment variables. If 7372 a variable cannot be resolved, the reference in the input 7373 string will be unchanged. Double $$ are reduced to a single 7374 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 7375 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 7376 Escaped references will never be expanded, regardless 7377 of whether the variable exists or not. Defaults to "".' 7378 type: string 7379 valueFrom: 7380 description: Source for the environment variable's value. 7381 Cannot be used if value is not empty. 7382 properties: 7383 configMapKeyRef: 7384 description: Selects a key of a ConfigMap. 7385 properties: 7386 key: 7387 description: The key to select. 7388 type: string 7389 name: 7390 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7391 TODO: Add other useful fields. apiVersion, kind, 7392 uid?' 7393 type: string 7394 optional: 7395 description: Specify whether the ConfigMap or its 7396 key must be defined 7397 type: boolean 7398 required: 7399 - key 7400 type: object 7401 fieldRef: 7402 description: 'Selects a field of the pod: supports metadata.name, 7403 metadata.namespace, `metadata.labels[''<KEY>'']`, 7404 `metadata.annotations[''<KEY>'']`, spec.nodeName, 7405 spec.serviceAccountName, status.hostIP, status.podIP, 7406 status.podIPs.' 7407 properties: 7408 apiVersion: 7409 description: Version of the schema the FieldPath 7410 is written in terms of, defaults to "v1". 7411 type: string 7412 fieldPath: 7413 description: Path of the field to select in the 7414 specified API version. 7415 type: string 7416 required: 7417 - fieldPath 7418 type: object 7419 resourceFieldRef: 7420 description: 'Selects a resource of the container: only 7421 resources limits and requests (limits.cpu, limits.memory, 7422 limits.ephemeral-storage, requests.cpu, requests.memory 7423 and requests.ephemeral-storage) are currently supported.' 7424 properties: 7425 containerName: 7426 description: 'Container name: required for volumes, 7427 optional for env vars' 7428 type: string 7429 divisor: 7430 anyOf: 7431 - type: integer 7432 - type: string 7433 description: Specifies the output format of the 7434 exposed resources, defaults to "1" 7435 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7436 x-kubernetes-int-or-string: true 7437 resource: 7438 description: 'Required: resource to select' 7439 type: string 7440 required: 7441 - resource 7442 type: object 7443 secretKeyRef: 7444 description: Selects a key of a secret in the pod's 7445 namespace 7446 properties: 7447 key: 7448 description: The key of the secret to select from. Must 7449 be a valid secret key. 7450 type: string 7451 name: 7452 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7453 TODO: Add other useful fields. apiVersion, kind, 7454 uid?' 7455 type: string 7456 optional: 7457 description: Specify whether the Secret or its key 7458 must be defined 7459 type: boolean 7460 required: 7461 - key 7462 type: object 7463 type: object 7464 required: 7465 - name 7466 type: object 7467 type: array 7468 logFormat: 7469 description: LogFormat refers to the log format used by the Application 7470 Controller component. Defaults to ArgoCDDefaultLogFormat if 7471 not configured. Valid options are text or json. 7472 type: string 7473 logLevel: 7474 description: LogLevel refers to the log level used by the Application 7475 Controller component. Defaults to ArgoCDDefaultLogLevel if not 7476 configured. Valid options are debug, info, error, and warn. 7477 type: string 7478 parallelismLimit: 7479 description: ParallelismLimit defines the limit for parallel kubectl 7480 operations 7481 format: int32 7482 type: integer 7483 processors: 7484 description: Processors contains the options for the Application 7485 Controller processors. 7486 properties: 7487 operation: 7488 description: Operation is the number of application operation 7489 processors. 7490 format: int32 7491 type: integer 7492 status: 7493 description: Status is the number of application status processors. 7494 format: int32 7495 type: integer 7496 type: object 7497 resources: 7498 description: Resources defines the Compute Resources required 7499 by the container for the Application Controller. 7500 properties: 7501 claims: 7502 description: "Claims lists the names of resources, defined 7503 in spec.resourceClaims, that are used by this container. 7504 \n This is an alpha field and requires enabling the DynamicResourceAllocation 7505 feature gate. \n This field is immutable. It can only be 7506 set for containers." 7507 items: 7508 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 7509 properties: 7510 name: 7511 description: Name must match the name of one entry in 7512 pod.spec.resourceClaims of the Pod where this field 7513 is used. It makes that resource available inside a 7514 container. 7515 type: string 7516 required: 7517 - name 7518 type: object 7519 type: array 7520 x-kubernetes-list-map-keys: 7521 - name 7522 x-kubernetes-list-type: map 7523 limits: 7524 additionalProperties: 7525 anyOf: 7526 - type: integer 7527 - type: string 7528 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7529 x-kubernetes-int-or-string: true 7530 description: 'Limits describes the maximum amount of compute 7531 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7532 type: object 7533 requests: 7534 additionalProperties: 7535 anyOf: 7536 - type: integer 7537 - type: string 7538 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7539 x-kubernetes-int-or-string: true 7540 description: 'Requests describes the minimum amount of compute 7541 resources required. If Requests is omitted for a container, 7542 it defaults to Limits if that is explicitly specified, otherwise 7543 to an implementation-defined value. Requests cannot exceed 7544 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7545 type: object 7546 type: object 7547 sharding: 7548 description: Sharding contains the options for the Application 7549 Controller sharding configuration. 7550 properties: 7551 clustersPerShard: 7552 description: ClustersPerShard defines the maximum number of 7553 clusters managed by each argocd shard 7554 format: int32 7555 minimum: 1 7556 type: integer 7557 dynamicScalingEnabled: 7558 description: DynamicScalingEnabled defines whether dynamic 7559 scaling should be enabled for Application Controller component 7560 type: boolean 7561 enabled: 7562 description: Enabled defines whether sharding should be enabled 7563 on the Application Controller component. 7564 type: boolean 7565 maxShards: 7566 description: MaxShards defines the maximum number of shards 7567 at any given point 7568 format: int32 7569 type: integer 7570 minShards: 7571 description: MinShards defines the minimum number of shards 7572 at any given point 7573 format: int32 7574 minimum: 1 7575 type: integer 7576 replicas: 7577 description: Replicas defines the number of replicas to run 7578 in the Application controller shard. 7579 format: int32 7580 type: integer 7581 type: object 7582 type: object 7583 disableAdmin: 7584 description: DisableAdmin will disable the admin user. 7585 type: boolean 7586 extraConfig: 7587 additionalProperties: 7588 type: string 7589 description: "ExtraConfig can be used to add fields to Argo CD configmap 7590 that are not supported by Argo CD CRD. \n Note: ExtraConfig takes 7591 precedence over Argo CD CRD. For example, A user sets `argocd.Spec.DisableAdmin` 7592 = true and also `a.Spec.ExtraConfig[\"admin.enabled\"]` = true. 7593 In this case, operator updates Argo CD Configmap as follows -> argocd-cm.Data[\"admin.enabled\"] 7594 = true." 7595 type: object 7596 gaAnonymizeUsers: 7597 description: GAAnonymizeUsers toggles user IDs being hashed before 7598 sending to google analytics. 7599 type: boolean 7600 gaTrackingID: 7601 description: GATrackingID is the google analytics tracking ID to use. 7602 type: string 7603 grafana: 7604 description: 'Deprecated: Grafana defines the Grafana server options 7605 for ArgoCD.' 7606 properties: 7607 enabled: 7608 description: Enabled will toggle Grafana support globally for 7609 ArgoCD. 7610 type: boolean 7611 host: 7612 description: Host is the hostname to use for Ingress/Route resources. 7613 type: string 7614 image: 7615 description: Image is the Grafana container image. 7616 type: string 7617 ingress: 7618 description: Ingress defines the desired state for an Ingress 7619 for the Grafana component. 7620 properties: 7621 annotations: 7622 additionalProperties: 7623 type: string 7624 description: Annotations is the map of annotations to apply 7625 to the Ingress. 7626 type: object 7627 enabled: 7628 description: Enabled will toggle the creation of the Ingress. 7629 type: boolean 7630 ingressClassName: 7631 description: IngressClassName for the Ingress resource. 7632 type: string 7633 path: 7634 description: Path used for the Ingress resource. 7635 type: string 7636 tls: 7637 description: TLS configuration. Currently the Ingress only 7638 supports a single TLS port, 443. If multiple members of 7639 this list specify different hosts, they will be multiplexed 7640 on the same port according to the hostname specified through 7641 the SNI TLS extension, if the ingress controller fulfilling 7642 the ingress supports SNI. 7643 items: 7644 description: IngressTLS describes the transport layer security 7645 associated with an ingress. 7646 properties: 7647 hosts: 7648 description: hosts is a list of hosts included in the 7649 TLS certificate. The values in this list must match 7650 the name/s used in the tlsSecret. Defaults to the 7651 wildcard host setting for the loadbalancer controller 7652 fulfilling this Ingress, if left unspecified. 7653 items: 7654 type: string 7655 type: array 7656 x-kubernetes-list-type: atomic 7657 secretName: 7658 description: secretName is the name of the secret used 7659 to terminate TLS traffic on port 443. Field is left 7660 optional to allow TLS routing based on SNI hostname 7661 alone. If the SNI host in a listener conflicts with 7662 the "Host" header field used by an IngressRule, the 7663 SNI host is used for termination and value of the 7664 "Host" header is used for routing. 7665 type: string 7666 type: object 7667 type: array 7668 required: 7669 - enabled 7670 type: object 7671 resources: 7672 description: Resources defines the Compute Resources required 7673 by the container for Grafana. 7674 properties: 7675 claims: 7676 description: "Claims lists the names of resources, defined 7677 in spec.resourceClaims, that are used by this container. 7678 \n This is an alpha field and requires enabling the DynamicResourceAllocation 7679 feature gate. \n This field is immutable. It can only be 7680 set for containers." 7681 items: 7682 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 7683 properties: 7684 name: 7685 description: Name must match the name of one entry in 7686 pod.spec.resourceClaims of the Pod where this field 7687 is used. It makes that resource available inside a 7688 container. 7689 type: string 7690 required: 7691 - name 7692 type: object 7693 type: array 7694 x-kubernetes-list-map-keys: 7695 - name 7696 x-kubernetes-list-type: map 7697 limits: 7698 additionalProperties: 7699 anyOf: 7700 - type: integer 7701 - type: string 7702 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7703 x-kubernetes-int-or-string: true 7704 description: 'Limits describes the maximum amount of compute 7705 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7706 type: object 7707 requests: 7708 additionalProperties: 7709 anyOf: 7710 - type: integer 7711 - type: string 7712 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7713 x-kubernetes-int-or-string: true 7714 description: 'Requests describes the minimum amount of compute 7715 resources required. If Requests is omitted for a container, 7716 it defaults to Limits if that is explicitly specified, otherwise 7717 to an implementation-defined value. Requests cannot exceed 7718 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7719 type: object 7720 type: object 7721 route: 7722 description: Route defines the desired state for an OpenShift 7723 Route for the Grafana component. 7724 properties: 7725 annotations: 7726 additionalProperties: 7727 type: string 7728 description: Annotations is the map of annotations to use 7729 for the Route resource. 7730 type: object 7731 enabled: 7732 description: Enabled will toggle the creation of the OpenShift 7733 Route. 7734 type: boolean 7735 labels: 7736 additionalProperties: 7737 type: string 7738 description: Labels is the map of labels to use for the Route 7739 resource 7740 type: object 7741 path: 7742 description: Path the router watches for, to route traffic 7743 for to the service. 7744 type: string 7745 tls: 7746 description: TLS provides the ability to configure certificates 7747 and termination for the Route. 7748 properties: 7749 caCertificate: 7750 description: caCertificate provides the cert authority 7751 certificate contents 7752 type: string 7753 certificate: 7754 description: certificate provides certificate contents 7755 type: string 7756 destinationCACertificate: 7757 description: destinationCACertificate provides the contents 7758 of the ca certificate of the final destination. When 7759 using reencrypt termination this file should be provided 7760 in order to have routers use it for health checks on 7761 the secure connection. If this field is not specified, 7762 the router may provide its own destination CA and perform 7763 hostname validation using the short service name (service.namespace.svc), 7764 which allows infrastructure generated certificates to 7765 automatically verify. 7766 type: string 7767 insecureEdgeTerminationPolicy: 7768 description: "insecureEdgeTerminationPolicy indicates 7769 the desired behavior for insecure connections to a route. 7770 While each router may make its own decisions on which 7771 ports to expose, this is normally port 80. \n * Allow 7772 - traffic is sent to the server on the insecure port 7773 (default) * Disable - no traffic is allowed on the insecure 7774 port. * Redirect - clients are redirected to the secure 7775 port." 7776 type: string 7777 key: 7778 description: key provides key file contents 7779 type: string 7780 termination: 7781 description: termination indicates termination type. 7782 type: string 7783 required: 7784 - termination 7785 type: object 7786 wildcardPolicy: 7787 description: WildcardPolicy if any for the route. Currently 7788 only 'Subdomain' or 'None' is allowed. 7789 type: string 7790 required: 7791 - enabled 7792 type: object 7793 size: 7794 description: Size is the replica count for the Grafana Deployment. 7795 format: int32 7796 type: integer 7797 version: 7798 description: Version is the Grafana container image tag. 7799 type: string 7800 required: 7801 - enabled 7802 type: object 7803 ha: 7804 description: HA options for High Availability support for the Redis 7805 component. 7806 properties: 7807 enabled: 7808 description: Enabled will toggle HA support globally for Argo 7809 CD. 7810 type: boolean 7811 redisProxyImage: 7812 description: RedisProxyImage is the Redis HAProxy container image. 7813 type: string 7814 redisProxyVersion: 7815 description: RedisProxyVersion is the Redis HAProxy container 7816 image tag. 7817 type: string 7818 resources: 7819 description: Resources defines the Compute Resources required 7820 by the container for HA. 7821 properties: 7822 claims: 7823 description: "Claims lists the names of resources, defined 7824 in spec.resourceClaims, that are used by this container. 7825 \n This is an alpha field and requires enabling the DynamicResourceAllocation 7826 feature gate. \n This field is immutable. It can only be 7827 set for containers." 7828 items: 7829 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 7830 properties: 7831 name: 7832 description: Name must match the name of one entry in 7833 pod.spec.resourceClaims of the Pod where this field 7834 is used. It makes that resource available inside a 7835 container. 7836 type: string 7837 required: 7838 - name 7839 type: object 7840 type: array 7841 x-kubernetes-list-map-keys: 7842 - name 7843 x-kubernetes-list-type: map 7844 limits: 7845 additionalProperties: 7846 anyOf: 7847 - type: integer 7848 - type: string 7849 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7850 x-kubernetes-int-or-string: true 7851 description: 'Limits describes the maximum amount of compute 7852 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7853 type: object 7854 requests: 7855 additionalProperties: 7856 anyOf: 7857 - type: integer 7858 - type: string 7859 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7860 x-kubernetes-int-or-string: true 7861 description: 'Requests describes the minimum amount of compute 7862 resources required. If Requests is omitted for a container, 7863 it defaults to Limits if that is explicitly specified, otherwise 7864 to an implementation-defined value. Requests cannot exceed 7865 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7866 type: object 7867 type: object 7868 required: 7869 - enabled 7870 type: object 7871 helpChatText: 7872 description: HelpChatText is the text for getting chat help, defaults 7873 to "Chat now!" 7874 type: string 7875 helpChatURL: 7876 description: HelpChatURL is the URL for getting chat help, this will 7877 typically be your Slack channel for support. 7878 type: string 7879 image: 7880 description: Image is the ArgoCD container image for all ArgoCD components. 7881 type: string 7882 import: 7883 description: Import is the import/restore options for ArgoCD. 7884 properties: 7885 name: 7886 description: Name of an ArgoCDExport from which to import data. 7887 type: string 7888 namespace: 7889 description: Namespace for the ArgoCDExport, defaults to the same 7890 namespace as the ArgoCD. 7891 type: string 7892 required: 7893 - name 7894 type: object 7895 initialRepositories: 7896 description: InitialRepositories to configure Argo CD with upon creation 7897 of the cluster. 7898 type: string 7899 initialSSHKnownHosts: 7900 description: InitialSSHKnownHosts defines the SSH known hosts data 7901 upon creation of the cluster for connecting Git repositories via 7902 SSH. 7903 properties: 7904 excludedefaulthosts: 7905 description: ExcludeDefaultHosts describes whether you would like 7906 to include the default list of SSH Known Hosts provided by ArgoCD. 7907 type: boolean 7908 keys: 7909 description: Keys describes a custom set of SSH Known Hosts that 7910 you would like to have included in your ArgoCD server. 7911 type: string 7912 type: object 7913 kustomizeBuildOptions: 7914 description: KustomizeBuildOptions is used to specify build options/parameters 7915 to use with `kustomize build`. 7916 type: string 7917 kustomizeVersions: 7918 description: KustomizeVersions is a listing of configured versions 7919 of Kustomize to be made available within ArgoCD. 7920 items: 7921 description: KustomizeVersionSpec is used to specify information 7922 about a kustomize version to be used within ArgoCD. 7923 properties: 7924 path: 7925 description: Path is the path to a configured kustomize version 7926 on the filesystem of your repo server. 7927 type: string 7928 version: 7929 description: Version is a configured kustomize version in the 7930 format of vX.Y.Z 7931 type: string 7932 type: object 7933 type: array 7934 monitoring: 7935 description: Monitoring defines whether workload status monitoring 7936 configuration for this instance. 7937 properties: 7938 enabled: 7939 description: Enabled defines whether workload status monitoring 7940 is enabled for this instance or not 7941 type: boolean 7942 required: 7943 - enabled 7944 type: object 7945 nodePlacement: 7946 description: NodePlacement defines NodeSelectors and Taints for Argo 7947 CD workloads 7948 properties: 7949 nodeSelector: 7950 additionalProperties: 7951 type: string 7952 description: NodeSelector is a field of PodSpec, it is a map of 7953 key value pairs used for node selection 7954 type: object 7955 tolerations: 7956 description: Tolerations allow the pods to schedule onto nodes 7957 with matching taints 7958 items: 7959 description: The pod this Toleration is attached to tolerates 7960 any taint that matches the triple <key,value,effect> using 7961 the matching operator <operator>. 7962 properties: 7963 effect: 7964 description: Effect indicates the taint effect to match. 7965 Empty means match all taint effects. When specified, allowed 7966 values are NoSchedule, PreferNoSchedule and NoExecute. 7967 type: string 7968 key: 7969 description: Key is the taint key that the toleration applies 7970 to. Empty means match all taint keys. If the key is empty, 7971 operator must be Exists; this combination means to match 7972 all values and all keys. 7973 type: string 7974 operator: 7975 description: Operator represents a key's relationship to 7976 the value. Valid operators are Exists and Equal. Defaults 7977 to Equal. Exists is equivalent to wildcard for value, 7978 so that a pod can tolerate all taints of a particular 7979 category. 7980 type: string 7981 tolerationSeconds: 7982 description: TolerationSeconds represents the period of 7983 time the toleration (which must be of effect NoExecute, 7984 otherwise this field is ignored) tolerates the taint. 7985 By default, it is not set, which means tolerate the taint 7986 forever (do not evict). Zero and negative values will 7987 be treated as 0 (evict immediately) by the system. 7988 format: int64 7989 type: integer 7990 value: 7991 description: Value is the taint value the toleration matches 7992 to. If the operator is Exists, the value should be empty, 7993 otherwise just a regular string. 7994 type: string 7995 type: object 7996 type: array 7997 type: object 7998 notifications: 7999 description: Notifications defines whether the Argo CD Notifications 8000 controller should be installed. 8001 properties: 8002 enabled: 8003 description: Enabled defines whether argocd-notifications controller 8004 should be deployed or not 8005 type: boolean 8006 env: 8007 description: Env let you specify environment variables for Notifications 8008 pods 8009 items: 8010 description: EnvVar represents an environment variable present 8011 in a Container. 8012 properties: 8013 name: 8014 description: Name of the environment variable. Must be a 8015 C_IDENTIFIER. 8016 type: string 8017 value: 8018 description: 'Variable references $(VAR_NAME) are expanded 8019 using the previously defined environment variables in 8020 the container and any service environment variables. If 8021 a variable cannot be resolved, the reference in the input 8022 string will be unchanged. Double $$ are reduced to a single 8023 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 8024 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 8025 Escaped references will never be expanded, regardless 8026 of whether the variable exists or not. Defaults to "".' 8027 type: string 8028 valueFrom: 8029 description: Source for the environment variable's value. 8030 Cannot be used if value is not empty. 8031 properties: 8032 configMapKeyRef: 8033 description: Selects a key of a ConfigMap. 8034 properties: 8035 key: 8036 description: The key to select. 8037 type: string 8038 name: 8039 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8040 TODO: Add other useful fields. apiVersion, kind, 8041 uid?' 8042 type: string 8043 optional: 8044 description: Specify whether the ConfigMap or its 8045 key must be defined 8046 type: boolean 8047 required: 8048 - key 8049 type: object 8050 fieldRef: 8051 description: 'Selects a field of the pod: supports metadata.name, 8052 metadata.namespace, `metadata.labels[''<KEY>'']`, 8053 `metadata.annotations[''<KEY>'']`, spec.nodeName, 8054 spec.serviceAccountName, status.hostIP, status.podIP, 8055 status.podIPs.' 8056 properties: 8057 apiVersion: 8058 description: Version of the schema the FieldPath 8059 is written in terms of, defaults to "v1". 8060 type: string 8061 fieldPath: 8062 description: Path of the field to select in the 8063 specified API version. 8064 type: string 8065 required: 8066 - fieldPath 8067 type: object 8068 resourceFieldRef: 8069 description: 'Selects a resource of the container: only 8070 resources limits and requests (limits.cpu, limits.memory, 8071 limits.ephemeral-storage, requests.cpu, requests.memory 8072 and requests.ephemeral-storage) are currently supported.' 8073 properties: 8074 containerName: 8075 description: 'Container name: required for volumes, 8076 optional for env vars' 8077 type: string 8078 divisor: 8079 anyOf: 8080 - type: integer 8081 - type: string 8082 description: Specifies the output format of the 8083 exposed resources, defaults to "1" 8084 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8085 x-kubernetes-int-or-string: true 8086 resource: 8087 description: 'Required: resource to select' 8088 type: string 8089 required: 8090 - resource 8091 type: object 8092 secretKeyRef: 8093 description: Selects a key of a secret in the pod's 8094 namespace 8095 properties: 8096 key: 8097 description: The key of the secret to select from. Must 8098 be a valid secret key. 8099 type: string 8100 name: 8101 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8102 TODO: Add other useful fields. apiVersion, kind, 8103 uid?' 8104 type: string 8105 optional: 8106 description: Specify whether the Secret or its key 8107 must be defined 8108 type: boolean 8109 required: 8110 - key 8111 type: object 8112 type: object 8113 required: 8114 - name 8115 type: object 8116 type: array 8117 image: 8118 description: Image is the Argo CD Notifications image (optional) 8119 type: string 8120 logLevel: 8121 description: LogLevel describes the log level that should be used 8122 by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel 8123 if not set. Valid options are debug,info, error, and warn. 8124 type: string 8125 replicas: 8126 description: Replicas defines the number of replicas to run for 8127 notifications-controller 8128 format: int32 8129 type: integer 8130 resources: 8131 description: Resources defines the Compute Resources required 8132 by the container for Argo CD Notifications. 8133 properties: 8134 claims: 8135 description: "Claims lists the names of resources, defined 8136 in spec.resourceClaims, that are used by this container. 8137 \n This is an alpha field and requires enabling the DynamicResourceAllocation 8138 feature gate. \n This field is immutable. It can only be 8139 set for containers." 8140 items: 8141 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 8142 properties: 8143 name: 8144 description: Name must match the name of one entry in 8145 pod.spec.resourceClaims of the Pod where this field 8146 is used. It makes that resource available inside a 8147 container. 8148 type: string 8149 required: 8150 - name 8151 type: object 8152 type: array 8153 x-kubernetes-list-map-keys: 8154 - name 8155 x-kubernetes-list-type: map 8156 limits: 8157 additionalProperties: 8158 anyOf: 8159 - type: integer 8160 - type: string 8161 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8162 x-kubernetes-int-or-string: true 8163 description: 'Limits describes the maximum amount of compute 8164 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8165 type: object 8166 requests: 8167 additionalProperties: 8168 anyOf: 8169 - type: integer 8170 - type: string 8171 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8172 x-kubernetes-int-or-string: true 8173 description: 'Requests describes the minimum amount of compute 8174 resources required. If Requests is omitted for a container, 8175 it defaults to Limits if that is explicitly specified, otherwise 8176 to an implementation-defined value. Requests cannot exceed 8177 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8178 type: object 8179 type: object 8180 version: 8181 description: Version is the Argo CD Notifications image tag. (optional) 8182 type: string 8183 required: 8184 - enabled 8185 type: object 8186 oidcConfig: 8187 description: OIDCConfig is the OIDC configuration as an alternative 8188 to dex. 8189 type: string 8190 prometheus: 8191 description: Prometheus defines the Prometheus server options for 8192 ArgoCD. 8193 properties: 8194 enabled: 8195 description: Enabled will toggle Prometheus support globally for 8196 ArgoCD. 8197 type: boolean 8198 host: 8199 description: Host is the hostname to use for Ingress/Route resources. 8200 type: string 8201 ingress: 8202 description: Ingress defines the desired state for an Ingress 8203 for the Prometheus component. 8204 properties: 8205 annotations: 8206 additionalProperties: 8207 type: string 8208 description: Annotations is the map of annotations to apply 8209 to the Ingress. 8210 type: object 8211 enabled: 8212 description: Enabled will toggle the creation of the Ingress. 8213 type: boolean 8214 ingressClassName: 8215 description: IngressClassName for the Ingress resource. 8216 type: string 8217 path: 8218 description: Path used for the Ingress resource. 8219 type: string 8220 tls: 8221 description: TLS configuration. Currently the Ingress only 8222 supports a single TLS port, 443. If multiple members of 8223 this list specify different hosts, they will be multiplexed 8224 on the same port according to the hostname specified through 8225 the SNI TLS extension, if the ingress controller fulfilling 8226 the ingress supports SNI. 8227 items: 8228 description: IngressTLS describes the transport layer security 8229 associated with an ingress. 8230 properties: 8231 hosts: 8232 description: hosts is a list of hosts included in the 8233 TLS certificate. The values in this list must match 8234 the name/s used in the tlsSecret. Defaults to the 8235 wildcard host setting for the loadbalancer controller 8236 fulfilling this Ingress, if left unspecified. 8237 items: 8238 type: string 8239 type: array 8240 x-kubernetes-list-type: atomic 8241 secretName: 8242 description: secretName is the name of the secret used 8243 to terminate TLS traffic on port 443. Field is left 8244 optional to allow TLS routing based on SNI hostname 8245 alone. If the SNI host in a listener conflicts with 8246 the "Host" header field used by an IngressRule, the 8247 SNI host is used for termination and value of the 8248 "Host" header is used for routing. 8249 type: string 8250 type: object 8251 type: array 8252 required: 8253 - enabled 8254 type: object 8255 route: 8256 description: Route defines the desired state for an OpenShift 8257 Route for the Prometheus component. 8258 properties: 8259 annotations: 8260 additionalProperties: 8261 type: string 8262 description: Annotations is the map of annotations to use 8263 for the Route resource. 8264 type: object 8265 enabled: 8266 description: Enabled will toggle the creation of the OpenShift 8267 Route. 8268 type: boolean 8269 labels: 8270 additionalProperties: 8271 type: string 8272 description: Labels is the map of labels to use for the Route 8273 resource 8274 type: object 8275 path: 8276 description: Path the router watches for, to route traffic 8277 for to the service. 8278 type: string 8279 tls: 8280 description: TLS provides the ability to configure certificates 8281 and termination for the Route. 8282 properties: 8283 caCertificate: 8284 description: caCertificate provides the cert authority 8285 certificate contents 8286 type: string 8287 certificate: 8288 description: certificate provides certificate contents 8289 type: string 8290 destinationCACertificate: 8291 description: destinationCACertificate provides the contents 8292 of the ca certificate of the final destination. When 8293 using reencrypt termination this file should be provided 8294 in order to have routers use it for health checks on 8295 the secure connection. If this field is not specified, 8296 the router may provide its own destination CA and perform 8297 hostname validation using the short service name (service.namespace.svc), 8298 which allows infrastructure generated certificates to 8299 automatically verify. 8300 type: string 8301 insecureEdgeTerminationPolicy: 8302 description: "insecureEdgeTerminationPolicy indicates 8303 the desired behavior for insecure connections to a route. 8304 While each router may make its own decisions on which 8305 ports to expose, this is normally port 80. \n * Allow 8306 - traffic is sent to the server on the insecure port 8307 (default) * Disable - no traffic is allowed on the insecure 8308 port. * Redirect - clients are redirected to the secure 8309 port." 8310 type: string 8311 key: 8312 description: key provides key file contents 8313 type: string 8314 termination: 8315 description: termination indicates termination type. 8316 type: string 8317 required: 8318 - termination 8319 type: object 8320 wildcardPolicy: 8321 description: WildcardPolicy if any for the route. Currently 8322 only 'Subdomain' or 'None' is allowed. 8323 type: string 8324 required: 8325 - enabled 8326 type: object 8327 size: 8328 description: Size is the replica count for the Prometheus StatefulSet. 8329 format: int32 8330 type: integer 8331 required: 8332 - enabled 8333 type: object 8334 rbac: 8335 description: RBAC defines the RBAC configuration for Argo CD. 8336 properties: 8337 defaultPolicy: 8338 description: DefaultPolicy is the name of the default role which 8339 Argo CD will falls back to, when authorizing API requests (optional). 8340 If omitted or empty, users may be still be able to login, but 8341 will see no apps, projects, etc... 8342 type: string 8343 policy: 8344 description: 'Policy is CSV containing user-defined RBAC policies 8345 and role definitions. Policy rules are in the form: p, subject, 8346 resource, action, object, effect Role definitions and bindings 8347 are in the form: g, subject, inherited-subject See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md 8348 for additional information.' 8349 type: string 8350 policyMatcherMode: 8351 description: PolicyMatcherMode configures the matchers function 8352 mode for casbin. There are two options for this, 'glob' for 8353 glob matcher or 'regex' for regex matcher. 8354 type: string 8355 scopes: 8356 description: 'Scopes controls which OIDC scopes to examine during 8357 rbac enforcement (in addition to `sub` scope). If omitted, defaults 8358 to: ''[groups]''.' 8359 type: string 8360 type: object 8361 redis: 8362 description: Redis defines the Redis server options for ArgoCD. 8363 properties: 8364 autotls: 8365 description: 'AutoTLS specifies the method to use for automatic 8366 TLS configuration for the redis server The value specified here 8367 can currently be: - openshift - Use the OpenShift service CA 8368 to request TLS config' 8369 type: string 8370 disableTLSVerification: 8371 description: DisableTLSVerification defines whether redis server 8372 API should be accessed using strict TLS validation 8373 type: boolean 8374 enabled: 8375 description: Enabled is the flag to enable Redis during ArgoCD 8376 installation. (optional, default `true`) 8377 type: boolean 8378 image: 8379 description: Image is the Redis container image. 8380 type: string 8381 remote: 8382 description: Remote specifies the remote URL of the Redis container. 8383 (optional, by default, a local instance managed by the operator 8384 is used.) 8385 type: string 8386 resources: 8387 description: Resources defines the Compute Resources required 8388 by the container for Redis. 8389 properties: 8390 claims: 8391 description: "Claims lists the names of resources, defined 8392 in spec.resourceClaims, that are used by this container. 8393 \n This is an alpha field and requires enabling the DynamicResourceAllocation 8394 feature gate. \n This field is immutable. It can only be 8395 set for containers." 8396 items: 8397 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 8398 properties: 8399 name: 8400 description: Name must match the name of one entry in 8401 pod.spec.resourceClaims of the Pod where this field 8402 is used. It makes that resource available inside a 8403 container. 8404 type: string 8405 required: 8406 - name 8407 type: object 8408 type: array 8409 x-kubernetes-list-map-keys: 8410 - name 8411 x-kubernetes-list-type: map 8412 limits: 8413 additionalProperties: 8414 anyOf: 8415 - type: integer 8416 - type: string 8417 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8418 x-kubernetes-int-or-string: true 8419 description: 'Limits describes the maximum amount of compute 8420 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8421 type: object 8422 requests: 8423 additionalProperties: 8424 anyOf: 8425 - type: integer 8426 - type: string 8427 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8428 x-kubernetes-int-or-string: true 8429 description: 'Requests describes the minimum amount of compute 8430 resources required. If Requests is omitted for a container, 8431 it defaults to Limits if that is explicitly specified, otherwise 8432 to an implementation-defined value. Requests cannot exceed 8433 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8434 type: object 8435 type: object 8436 version: 8437 description: Version is the Redis container image tag. 8438 type: string 8439 type: object 8440 repo: 8441 description: Repo defines the repo server options for Argo CD. 8442 properties: 8443 autotls: 8444 description: 'AutoTLS specifies the method to use for automatic 8445 TLS configuration for the repo server The value specified here 8446 can currently be: - openshift - Use the OpenShift service CA 8447 to request TLS config' 8448 type: string 8449 enabled: 8450 description: Enabled is the flag to enable Repo Server during 8451 ArgoCD installation. (optional, default `true`) 8452 type: boolean 8453 env: 8454 description: Env lets you specify environment for repo server 8455 pods 8456 items: 8457 description: EnvVar represents an environment variable present 8458 in a Container. 8459 properties: 8460 name: 8461 description: Name of the environment variable. Must be a 8462 C_IDENTIFIER. 8463 type: string 8464 value: 8465 description: 'Variable references $(VAR_NAME) are expanded 8466 using the previously defined environment variables in 8467 the container and any service environment variables. If 8468 a variable cannot be resolved, the reference in the input 8469 string will be unchanged. Double $$ are reduced to a single 8470 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 8471 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 8472 Escaped references will never be expanded, regardless 8473 of whether the variable exists or not. Defaults to "".' 8474 type: string 8475 valueFrom: 8476 description: Source for the environment variable's value. 8477 Cannot be used if value is not empty. 8478 properties: 8479 configMapKeyRef: 8480 description: Selects a key of a ConfigMap. 8481 properties: 8482 key: 8483 description: The key to select. 8484 type: string 8485 name: 8486 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8487 TODO: Add other useful fields. apiVersion, kind, 8488 uid?' 8489 type: string 8490 optional: 8491 description: Specify whether the ConfigMap or its 8492 key must be defined 8493 type: boolean 8494 required: 8495 - key 8496 type: object 8497 fieldRef: 8498 description: 'Selects a field of the pod: supports metadata.name, 8499 metadata.namespace, `metadata.labels[''<KEY>'']`, 8500 `metadata.annotations[''<KEY>'']`, spec.nodeName, 8501 spec.serviceAccountName, status.hostIP, status.podIP, 8502 status.podIPs.' 8503 properties: 8504 apiVersion: 8505 description: Version of the schema the FieldPath 8506 is written in terms of, defaults to "v1". 8507 type: string 8508 fieldPath: 8509 description: Path of the field to select in the 8510 specified API version. 8511 type: string 8512 required: 8513 - fieldPath 8514 type: object 8515 resourceFieldRef: 8516 description: 'Selects a resource of the container: only 8517 resources limits and requests (limits.cpu, limits.memory, 8518 limits.ephemeral-storage, requests.cpu, requests.memory 8519 and requests.ephemeral-storage) are currently supported.' 8520 properties: 8521 containerName: 8522 description: 'Container name: required for volumes, 8523 optional for env vars' 8524 type: string 8525 divisor: 8526 anyOf: 8527 - type: integer 8528 - type: string 8529 description: Specifies the output format of the 8530 exposed resources, defaults to "1" 8531 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8532 x-kubernetes-int-or-string: true 8533 resource: 8534 description: 'Required: resource to select' 8535 type: string 8536 required: 8537 - resource 8538 type: object 8539 secretKeyRef: 8540 description: Selects a key of a secret in the pod's 8541 namespace 8542 properties: 8543 key: 8544 description: The key of the secret to select from. Must 8545 be a valid secret key. 8546 type: string 8547 name: 8548 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8549 TODO: Add other useful fields. apiVersion, kind, 8550 uid?' 8551 type: string 8552 optional: 8553 description: Specify whether the Secret or its key 8554 must be defined 8555 type: boolean 8556 required: 8557 - key 8558 type: object 8559 type: object 8560 required: 8561 - name 8562 type: object 8563 type: array 8564 execTimeout: 8565 description: ExecTimeout specifies the timeout in seconds for 8566 tool execution 8567 type: integer 8568 extraRepoCommandArgs: 8569 description: Extra Command arguments allows users to pass command 8570 line arguments to repo server workload. They get added to default 8571 command line arguments provided by the operator. Please note 8572 that the command line arguments provided as part of ExtraRepoCommandArgs 8573 will not overwrite the default command line arguments. 8574 items: 8575 type: string 8576 type: array 8577 image: 8578 description: Image is the ArgoCD Repo Server container image. 8579 type: string 8580 initContainers: 8581 description: InitContainers defines the list of initialization 8582 containers for the repo server deployment 8583 items: 8584 description: A single application container that you want to 8585 run within a pod. 8586 properties: 8587 args: 8588 description: 'Arguments to the entrypoint. The container 8589 image''s CMD is used if this is not provided. Variable 8590 references $(VAR_NAME) are expanded using the container''s 8591 environment. If a variable cannot be resolved, the reference 8592 in the input string will be unchanged. Double $$ are reduced 8593 to a single $, which allows for escaping the $(VAR_NAME) 8594 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 8595 "$(VAR_NAME)". Escaped references will never be expanded, 8596 regardless of whether the variable exists or not. Cannot 8597 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 8598 items: 8599 type: string 8600 type: array 8601 command: 8602 description: 'Entrypoint array. Not executed within a shell. 8603 The container image''s ENTRYPOINT is used if this is not 8604 provided. Variable references $(VAR_NAME) are expanded 8605 using the container''s environment. If a variable cannot 8606 be resolved, the reference in the input string will be 8607 unchanged. Double $$ are reduced to a single $, which 8608 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 8609 will produce the string literal "$(VAR_NAME)". Escaped 8610 references will never be expanded, regardless of whether 8611 the variable exists or not. Cannot be updated. More info: 8612 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 8613 items: 8614 type: string 8615 type: array 8616 env: 8617 description: List of environment variables to set in the 8618 container. Cannot be updated. 8619 items: 8620 description: EnvVar represents an environment variable 8621 present in a Container. 8622 properties: 8623 name: 8624 description: Name of the environment variable. Must 8625 be a C_IDENTIFIER. 8626 type: string 8627 value: 8628 description: 'Variable references $(VAR_NAME) are 8629 expanded using the previously defined environment 8630 variables in the container and any service environment 8631 variables. If a variable cannot be resolved, the 8632 reference in the input string will be unchanged. 8633 Double $$ are reduced to a single $, which allows 8634 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 8635 will produce the string literal "$(VAR_NAME)". Escaped 8636 references will never be expanded, regardless of 8637 whether the variable exists or not. Defaults to 8638 "".' 8639 type: string 8640 valueFrom: 8641 description: Source for the environment variable's 8642 value. Cannot be used if value is not empty. 8643 properties: 8644 configMapKeyRef: 8645 description: Selects a key of a ConfigMap. 8646 properties: 8647 key: 8648 description: The key to select. 8649 type: string 8650 name: 8651 description: 'Name of the referent. More info: 8652 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8653 TODO: Add other useful fields. apiVersion, 8654 kind, uid?' 8655 type: string 8656 optional: 8657 description: Specify whether the ConfigMap 8658 or its key must be defined 8659 type: boolean 8660 required: 8661 - key 8662 type: object 8663 fieldRef: 8664 description: 'Selects a field of the pod: supports 8665 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 8666 `metadata.annotations[''<KEY>'']`, spec.nodeName, 8667 spec.serviceAccountName, status.hostIP, status.podIP, 8668 status.podIPs.' 8669 properties: 8670 apiVersion: 8671 description: Version of the schema the FieldPath 8672 is written in terms of, defaults to "v1". 8673 type: string 8674 fieldPath: 8675 description: Path of the field to select in 8676 the specified API version. 8677 type: string 8678 required: 8679 - fieldPath 8680 type: object 8681 resourceFieldRef: 8682 description: 'Selects a resource of the container: 8683 only resources limits and requests (limits.cpu, 8684 limits.memory, limits.ephemeral-storage, requests.cpu, 8685 requests.memory and requests.ephemeral-storage) 8686 are currently supported.' 8687 properties: 8688 containerName: 8689 description: 'Container name: required for 8690 volumes, optional for env vars' 8691 type: string 8692 divisor: 8693 anyOf: 8694 - type: integer 8695 - type: string 8696 description: Specifies the output format of 8697 the exposed resources, defaults to "1" 8698 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8699 x-kubernetes-int-or-string: true 8700 resource: 8701 description: 'Required: resource to select' 8702 type: string 8703 required: 8704 - resource 8705 type: object 8706 secretKeyRef: 8707 description: Selects a key of a secret in the 8708 pod's namespace 8709 properties: 8710 key: 8711 description: The key of the secret to select 8712 from. Must be a valid secret key. 8713 type: string 8714 name: 8715 description: 'Name of the referent. More info: 8716 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8717 TODO: Add other useful fields. apiVersion, 8718 kind, uid?' 8719 type: string 8720 optional: 8721 description: Specify whether the Secret or 8722 its key must be defined 8723 type: boolean 8724 required: 8725 - key 8726 type: object 8727 type: object 8728 required: 8729 - name 8730 type: object 8731 type: array 8732 envFrom: 8733 description: List of sources to populate environment variables 8734 in the container. The keys defined within a source must 8735 be a C_IDENTIFIER. All invalid keys will be reported as 8736 an event when the container is starting. When a key exists 8737 in multiple sources, the value associated with the last 8738 source will take precedence. Values defined by an Env 8739 with a duplicate key will take precedence. Cannot be updated. 8740 items: 8741 description: EnvFromSource represents the source of a 8742 set of ConfigMaps 8743 properties: 8744 configMapRef: 8745 description: The ConfigMap to select from 8746 properties: 8747 name: 8748 description: 'Name of the referent. More info: 8749 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8750 TODO: Add other useful fields. apiVersion, kind, 8751 uid?' 8752 type: string 8753 optional: 8754 description: Specify whether the ConfigMap must 8755 be defined 8756 type: boolean 8757 type: object 8758 prefix: 8759 description: An optional identifier to prepend to 8760 each key in the ConfigMap. Must be a C_IDENTIFIER. 8761 type: string 8762 secretRef: 8763 description: The Secret to select from 8764 properties: 8765 name: 8766 description: 'Name of the referent. More info: 8767 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8768 TODO: Add other useful fields. apiVersion, kind, 8769 uid?' 8770 type: string 8771 optional: 8772 description: Specify whether the Secret must be 8773 defined 8774 type: boolean 8775 type: object 8776 type: object 8777 type: array 8778 image: 8779 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 8780 This field is optional to allow higher level config management 8781 to default or override container images in workload controllers 8782 like Deployments and StatefulSets.' 8783 type: string 8784 imagePullPolicy: 8785 description: 'Image pull policy. One of Always, Never, IfNotPresent. 8786 Defaults to Always if :latest tag is specified, or IfNotPresent 8787 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 8788 type: string 8789 lifecycle: 8790 description: Actions that the management system should take 8791 in response to container lifecycle events. Cannot be updated. 8792 properties: 8793 postStart: 8794 description: 'PostStart is called immediately after 8795 a container is created. If the handler fails, the 8796 container is terminated and restarted according to 8797 its restart policy. Other management of the container 8798 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 8799 properties: 8800 exec: 8801 description: Exec specifies the action to take. 8802 properties: 8803 command: 8804 description: Command is the command line to 8805 execute inside the container, the working 8806 directory for the command is root ('/') in 8807 the container's filesystem. The command is 8808 simply exec'd, it is not run inside a shell, 8809 so traditional shell instructions ('|', etc) 8810 won't work. To use a shell, you need to explicitly 8811 call out to that shell. Exit status of 0 is 8812 treated as live/healthy and non-zero is unhealthy. 8813 items: 8814 type: string 8815 type: array 8816 type: object 8817 httpGet: 8818 description: HTTPGet specifies the http request 8819 to perform. 8820 properties: 8821 host: 8822 description: Host name to connect to, defaults 8823 to the pod IP. You probably want to set "Host" 8824 in httpHeaders instead. 8825 type: string 8826 httpHeaders: 8827 description: Custom headers to set in the request. 8828 HTTP allows repeated headers. 8829 items: 8830 description: HTTPHeader describes a custom 8831 header to be used in HTTP probes 8832 properties: 8833 name: 8834 description: The header field name. This 8835 will be canonicalized upon output, so 8836 case-variant names will be understood 8837 as the same header. 8838 type: string 8839 value: 8840 description: The header field value 8841 type: string 8842 required: 8843 - name 8844 - value 8845 type: object 8846 type: array 8847 path: 8848 description: Path to access on the HTTP server. 8849 type: string 8850 port: 8851 anyOf: 8852 - type: integer 8853 - type: string 8854 description: Name or number of the port to access 8855 on the container. Number must be in the range 8856 1 to 65535. Name must be an IANA_SVC_NAME. 8857 x-kubernetes-int-or-string: true 8858 scheme: 8859 description: Scheme to use for connecting to 8860 the host. Defaults to HTTP. 8861 type: string 8862 required: 8863 - port 8864 type: object 8865 tcpSocket: 8866 description: Deprecated. TCPSocket is NOT supported 8867 as a LifecycleHandler and kept for the backward 8868 compatibility. There are no validation of this 8869 field and lifecycle hooks will fail in runtime 8870 when tcp handler is specified. 8871 properties: 8872 host: 8873 description: 'Optional: Host name to connect 8874 to, defaults to the pod IP.' 8875 type: string 8876 port: 8877 anyOf: 8878 - type: integer 8879 - type: string 8880 description: Number or name of the port to access 8881 on the container. Number must be in the range 8882 1 to 65535. Name must be an IANA_SVC_NAME. 8883 x-kubernetes-int-or-string: true 8884 required: 8885 - port 8886 type: object 8887 type: object 8888 preStop: 8889 description: 'PreStop is called immediately before a 8890 container is terminated due to an API request or management 8891 event such as liveness/startup probe failure, preemption, 8892 resource contention, etc. The handler is not called 8893 if the container crashes or exits. The Pod''s termination 8894 grace period countdown begins before the PreStop hook 8895 is executed. Regardless of the outcome of the handler, 8896 the container will eventually terminate within the 8897 Pod''s termination grace period (unless delayed by 8898 finalizers). Other management of the container blocks 8899 until the hook completes or until the termination 8900 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 8901 properties: 8902 exec: 8903 description: Exec specifies the action to take. 8904 properties: 8905 command: 8906 description: Command is the command line to 8907 execute inside the container, the working 8908 directory for the command is root ('/') in 8909 the container's filesystem. The command is 8910 simply exec'd, it is not run inside a shell, 8911 so traditional shell instructions ('|', etc) 8912 won't work. To use a shell, you need to explicitly 8913 call out to that shell. Exit status of 0 is 8914 treated as live/healthy and non-zero is unhealthy. 8915 items: 8916 type: string 8917 type: array 8918 type: object 8919 httpGet: 8920 description: HTTPGet specifies the http request 8921 to perform. 8922 properties: 8923 host: 8924 description: Host name to connect to, defaults 8925 to the pod IP. You probably want to set "Host" 8926 in httpHeaders instead. 8927 type: string 8928 httpHeaders: 8929 description: Custom headers to set in the request. 8930 HTTP allows repeated headers. 8931 items: 8932 description: HTTPHeader describes a custom 8933 header to be used in HTTP probes 8934 properties: 8935 name: 8936 description: The header field name. This 8937 will be canonicalized upon output, so 8938 case-variant names will be understood 8939 as the same header. 8940 type: string 8941 value: 8942 description: The header field value 8943 type: string 8944 required: 8945 - name 8946 - value 8947 type: object 8948 type: array 8949 path: 8950 description: Path to access on the HTTP server. 8951 type: string 8952 port: 8953 anyOf: 8954 - type: integer 8955 - type: string 8956 description: Name or number of the port to access 8957 on the container. Number must be in the range 8958 1 to 65535. Name must be an IANA_SVC_NAME. 8959 x-kubernetes-int-or-string: true 8960 scheme: 8961 description: Scheme to use for connecting to 8962 the host. Defaults to HTTP. 8963 type: string 8964 required: 8965 - port 8966 type: object 8967 tcpSocket: 8968 description: Deprecated. TCPSocket is NOT supported 8969 as a LifecycleHandler and kept for the backward 8970 compatibility. There are no validation of this 8971 field and lifecycle hooks will fail in runtime 8972 when tcp handler is specified. 8973 properties: 8974 host: 8975 description: 'Optional: Host name to connect 8976 to, defaults to the pod IP.' 8977 type: string 8978 port: 8979 anyOf: 8980 - type: integer 8981 - type: string 8982 description: Number or name of the port to access 8983 on the container. Number must be in the range 8984 1 to 65535. Name must be an IANA_SVC_NAME. 8985 x-kubernetes-int-or-string: true 8986 required: 8987 - port 8988 type: object 8989 type: object 8990 type: object 8991 livenessProbe: 8992 description: 'Periodic probe of container liveness. Container 8993 will be restarted if the probe fails. Cannot be updated. 8994 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8995 properties: 8996 exec: 8997 description: Exec specifies the action to take. 8998 properties: 8999 command: 9000 description: Command is the command line to execute 9001 inside the container, the working directory for 9002 the command is root ('/') in the container's 9003 filesystem. The command is simply exec'd, it is 9004 not run inside a shell, so traditional shell instructions 9005 ('|', etc) won't work. To use a shell, you need 9006 to explicitly call out to that shell. Exit status 9007 of 0 is treated as live/healthy and non-zero is 9008 unhealthy. 9009 items: 9010 type: string 9011 type: array 9012 type: object 9013 failureThreshold: 9014 description: Minimum consecutive failures for the probe 9015 to be considered failed after having succeeded. Defaults 9016 to 3. Minimum value is 1. 9017 format: int32 9018 type: integer 9019 grpc: 9020 description: GRPC specifies an action involving a GRPC 9021 port. 9022 properties: 9023 port: 9024 description: Port number of the gRPC service. Number 9025 must be in the range 1 to 65535. 9026 format: int32 9027 type: integer 9028 service: 9029 description: "Service is the name of the service 9030 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9031 \n If this is not specified, the default behavior 9032 is defined by gRPC." 9033 type: string 9034 required: 9035 - port 9036 type: object 9037 httpGet: 9038 description: HTTPGet specifies the http request to perform. 9039 properties: 9040 host: 9041 description: Host name to connect to, defaults to 9042 the pod IP. You probably want to set "Host" in 9043 httpHeaders instead. 9044 type: string 9045 httpHeaders: 9046 description: Custom headers to set in the request. 9047 HTTP allows repeated headers. 9048 items: 9049 description: HTTPHeader describes a custom header 9050 to be used in HTTP probes 9051 properties: 9052 name: 9053 description: The header field name. This will 9054 be canonicalized upon output, so case-variant 9055 names will be understood as the same header. 9056 type: string 9057 value: 9058 description: The header field value 9059 type: string 9060 required: 9061 - name 9062 - value 9063 type: object 9064 type: array 9065 path: 9066 description: Path to access on the HTTP server. 9067 type: string 9068 port: 9069 anyOf: 9070 - type: integer 9071 - type: string 9072 description: Name or number of the port to access 9073 on the container. Number must be in the range 9074 1 to 65535. Name must be an IANA_SVC_NAME. 9075 x-kubernetes-int-or-string: true 9076 scheme: 9077 description: Scheme to use for connecting to the 9078 host. Defaults to HTTP. 9079 type: string 9080 required: 9081 - port 9082 type: object 9083 initialDelaySeconds: 9084 description: 'Number of seconds after the container 9085 has started before liveness probes are initiated. 9086 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9087 format: int32 9088 type: integer 9089 periodSeconds: 9090 description: How often (in seconds) to perform the probe. 9091 Default to 10 seconds. Minimum value is 1. 9092 format: int32 9093 type: integer 9094 successThreshold: 9095 description: Minimum consecutive successes for the probe 9096 to be considered successful after having failed. Defaults 9097 to 1. Must be 1 for liveness and startup. Minimum 9098 value is 1. 9099 format: int32 9100 type: integer 9101 tcpSocket: 9102 description: TCPSocket specifies an action involving 9103 a TCP port. 9104 properties: 9105 host: 9106 description: 'Optional: Host name to connect to, 9107 defaults to the pod IP.' 9108 type: string 9109 port: 9110 anyOf: 9111 - type: integer 9112 - type: string 9113 description: Number or name of the port to access 9114 on the container. Number must be in the range 9115 1 to 65535. Name must be an IANA_SVC_NAME. 9116 x-kubernetes-int-or-string: true 9117 required: 9118 - port 9119 type: object 9120 terminationGracePeriodSeconds: 9121 description: Optional duration in seconds the pod needs 9122 to terminate gracefully upon probe failure. The grace 9123 period is the duration in seconds after the processes 9124 running in the pod are sent a termination signal and 9125 the time when the processes are forcibly halted with 9126 a kill signal. Set this value longer than the expected 9127 cleanup time for your process. If this value is nil, 9128 the pod's terminationGracePeriodSeconds will be used. 9129 Otherwise, this value overrides the value provided 9130 by the pod spec. Value must be non-negative integer. 9131 The value zero indicates stop immediately via the 9132 kill signal (no opportunity to shut down). This is 9133 a beta field and requires enabling ProbeTerminationGracePeriod 9134 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 9135 is used if unset. 9136 format: int64 9137 type: integer 9138 timeoutSeconds: 9139 description: 'Number of seconds after which the probe 9140 times out. Defaults to 1 second. Minimum value is 9141 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9142 format: int32 9143 type: integer 9144 type: object 9145 name: 9146 description: Name of the container specified as a DNS_LABEL. 9147 Each container in a pod must have a unique name (DNS_LABEL). 9148 Cannot be updated. 9149 type: string 9150 ports: 9151 description: List of ports to expose from the container. 9152 Not specifying a port here DOES NOT prevent that port 9153 from being exposed. Any port which is listening on the 9154 default "0.0.0.0" address inside a container will be accessible 9155 from the network. Modifying this array with strategic 9156 merge patch may corrupt the data. For more information 9157 See https://github.com/kubernetes/kubernetes/issues/108255. 9158 Cannot be updated. 9159 items: 9160 description: ContainerPort represents a network port in 9161 a single container. 9162 properties: 9163 containerPort: 9164 description: Number of port to expose on the pod's 9165 IP address. This must be a valid port number, 0 9166 < x < 65536. 9167 format: int32 9168 type: integer 9169 hostIP: 9170 description: What host IP to bind the external port 9171 to. 9172 type: string 9173 hostPort: 9174 description: Number of port to expose on the host. 9175 If specified, this must be a valid port number, 9176 0 < x < 65536. If HostNetwork is specified, this 9177 must match ContainerPort. Most containers do not 9178 need this. 9179 format: int32 9180 type: integer 9181 name: 9182 description: If specified, this must be an IANA_SVC_NAME 9183 and unique within the pod. Each named port in a 9184 pod must have a unique name. Name for the port that 9185 can be referred to by services. 9186 type: string 9187 protocol: 9188 default: TCP 9189 description: Protocol for port. Must be UDP, TCP, 9190 or SCTP. Defaults to "TCP". 9191 type: string 9192 required: 9193 - containerPort 9194 type: object 9195 type: array 9196 x-kubernetes-list-map-keys: 9197 - containerPort 9198 - protocol 9199 x-kubernetes-list-type: map 9200 readinessProbe: 9201 description: 'Periodic probe of container service readiness. 9202 Container will be removed from service endpoints if the 9203 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9204 properties: 9205 exec: 9206 description: Exec specifies the action to take. 9207 properties: 9208 command: 9209 description: Command is the command line to execute 9210 inside the container, the working directory for 9211 the command is root ('/') in the container's 9212 filesystem. The command is simply exec'd, it is 9213 not run inside a shell, so traditional shell instructions 9214 ('|', etc) won't work. To use a shell, you need 9215 to explicitly call out to that shell. Exit status 9216 of 0 is treated as live/healthy and non-zero is 9217 unhealthy. 9218 items: 9219 type: string 9220 type: array 9221 type: object 9222 failureThreshold: 9223 description: Minimum consecutive failures for the probe 9224 to be considered failed after having succeeded. Defaults 9225 to 3. Minimum value is 1. 9226 format: int32 9227 type: integer 9228 grpc: 9229 description: GRPC specifies an action involving a GRPC 9230 port. 9231 properties: 9232 port: 9233 description: Port number of the gRPC service. Number 9234 must be in the range 1 to 65535. 9235 format: int32 9236 type: integer 9237 service: 9238 description: "Service is the name of the service 9239 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9240 \n If this is not specified, the default behavior 9241 is defined by gRPC." 9242 type: string 9243 required: 9244 - port 9245 type: object 9246 httpGet: 9247 description: HTTPGet specifies the http request to perform. 9248 properties: 9249 host: 9250 description: Host name to connect to, defaults to 9251 the pod IP. You probably want to set "Host" in 9252 httpHeaders instead. 9253 type: string 9254 httpHeaders: 9255 description: Custom headers to set in the request. 9256 HTTP allows repeated headers. 9257 items: 9258 description: HTTPHeader describes a custom header 9259 to be used in HTTP probes 9260 properties: 9261 name: 9262 description: The header field name. This will 9263 be canonicalized upon output, so case-variant 9264 names will be understood as the same header. 9265 type: string 9266 value: 9267 description: The header field value 9268 type: string 9269 required: 9270 - name 9271 - value 9272 type: object 9273 type: array 9274 path: 9275 description: Path to access on the HTTP server. 9276 type: string 9277 port: 9278 anyOf: 9279 - type: integer 9280 - type: string 9281 description: Name or number of the port to access 9282 on the container. Number must be in the range 9283 1 to 65535. Name must be an IANA_SVC_NAME. 9284 x-kubernetes-int-or-string: true 9285 scheme: 9286 description: Scheme to use for connecting to the 9287 host. Defaults to HTTP. 9288 type: string 9289 required: 9290 - port 9291 type: object 9292 initialDelaySeconds: 9293 description: 'Number of seconds after the container 9294 has started before liveness probes are initiated. 9295 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9296 format: int32 9297 type: integer 9298 periodSeconds: 9299 description: How often (in seconds) to perform the probe. 9300 Default to 10 seconds. Minimum value is 1. 9301 format: int32 9302 type: integer 9303 successThreshold: 9304 description: Minimum consecutive successes for the probe 9305 to be considered successful after having failed. Defaults 9306 to 1. Must be 1 for liveness and startup. Minimum 9307 value is 1. 9308 format: int32 9309 type: integer 9310 tcpSocket: 9311 description: TCPSocket specifies an action involving 9312 a TCP port. 9313 properties: 9314 host: 9315 description: 'Optional: Host name to connect to, 9316 defaults to the pod IP.' 9317 type: string 9318 port: 9319 anyOf: 9320 - type: integer 9321 - type: string 9322 description: Number or name of the port to access 9323 on the container. Number must be in the range 9324 1 to 65535. Name must be an IANA_SVC_NAME. 9325 x-kubernetes-int-or-string: true 9326 required: 9327 - port 9328 type: object 9329 terminationGracePeriodSeconds: 9330 description: Optional duration in seconds the pod needs 9331 to terminate gracefully upon probe failure. The grace 9332 period is the duration in seconds after the processes 9333 running in the pod are sent a termination signal and 9334 the time when the processes are forcibly halted with 9335 a kill signal. Set this value longer than the expected 9336 cleanup time for your process. If this value is nil, 9337 the pod's terminationGracePeriodSeconds will be used. 9338 Otherwise, this value overrides the value provided 9339 by the pod spec. Value must be non-negative integer. 9340 The value zero indicates stop immediately via the 9341 kill signal (no opportunity to shut down). This is 9342 a beta field and requires enabling ProbeTerminationGracePeriod 9343 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 9344 is used if unset. 9345 format: int64 9346 type: integer 9347 timeoutSeconds: 9348 description: 'Number of seconds after which the probe 9349 times out. Defaults to 1 second. Minimum value is 9350 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9351 format: int32 9352 type: integer 9353 type: object 9354 resizePolicy: 9355 description: Resources resize policy for the container. 9356 items: 9357 description: ContainerResizePolicy represents resource 9358 resize policy for the container. 9359 properties: 9360 resourceName: 9361 description: 'Name of the resource to which this resource 9362 resize policy applies. Supported values: cpu, memory.' 9363 type: string 9364 restartPolicy: 9365 description: Restart policy to apply when specified 9366 resource is resized. If not specified, it defaults 9367 to NotRequired. 9368 type: string 9369 required: 9370 - resourceName 9371 - restartPolicy 9372 type: object 9373 type: array 9374 x-kubernetes-list-type: atomic 9375 resources: 9376 description: 'Compute Resources required by this container. 9377 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9378 properties: 9379 claims: 9380 description: "Claims lists the names of resources, defined 9381 in spec.resourceClaims, that are used by this container. 9382 \n This is an alpha field and requires enabling the 9383 DynamicResourceAllocation feature gate. \n This field 9384 is immutable. It can only be set for containers." 9385 items: 9386 description: ResourceClaim references one entry in 9387 PodSpec.ResourceClaims. 9388 properties: 9389 name: 9390 description: Name must match the name of one entry 9391 in pod.spec.resourceClaims of the Pod where 9392 this field is used. It makes that resource available 9393 inside a container. 9394 type: string 9395 required: 9396 - name 9397 type: object 9398 type: array 9399 x-kubernetes-list-map-keys: 9400 - name 9401 x-kubernetes-list-type: map 9402 limits: 9403 additionalProperties: 9404 anyOf: 9405 - type: integer 9406 - type: string 9407 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9408 x-kubernetes-int-or-string: true 9409 description: 'Limits describes the maximum amount of 9410 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9411 type: object 9412 requests: 9413 additionalProperties: 9414 anyOf: 9415 - type: integer 9416 - type: string 9417 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9418 x-kubernetes-int-or-string: true 9419 description: 'Requests describes the minimum amount 9420 of compute resources required. If Requests is omitted 9421 for a container, it defaults to Limits if that is 9422 explicitly specified, otherwise to an implementation-defined 9423 value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9424 type: object 9425 type: object 9426 restartPolicy: 9427 description: 'RestartPolicy defines the restart behavior 9428 of individual containers in a pod. This field may only 9429 be set for init containers, and the only allowed value 9430 is "Always". For non-init containers or when this field 9431 is not specified, the restart behavior is defined by the 9432 Pod''s restart policy and the container type. Setting 9433 the RestartPolicy as "Always" for the init container will 9434 have the following effect: this init container will be 9435 continually restarted on exit until all regular containers 9436 have terminated. Once all regular containers have completed, 9437 all init containers with restartPolicy "Always" will be 9438 shut down. This lifecycle differs from normal init containers 9439 and is often referred to as a "sidecar" container. Although 9440 this init container still starts in the init container 9441 sequence, it does not wait for the container to complete 9442 before proceeding to the next init container. Instead, 9443 the next init container starts immediately after this 9444 init container is started, or after any startupProbe has 9445 successfully completed.' 9446 type: string 9447 securityContext: 9448 description: 'SecurityContext defines the security options 9449 the container should be run with. If set, the fields of 9450 SecurityContext override the equivalent fields of PodSecurityContext. 9451 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 9452 properties: 9453 allowPrivilegeEscalation: 9454 description: 'AllowPrivilegeEscalation controls whether 9455 a process can gain more privileges than its parent 9456 process. This bool directly controls if the no_new_privs 9457 flag will be set on the container process. AllowPrivilegeEscalation 9458 is true always when the container is: 1) run as Privileged 9459 2) has CAP_SYS_ADMIN Note that this field cannot be 9460 set when spec.os.name is windows.' 9461 type: boolean 9462 capabilities: 9463 description: The capabilities to add/drop when running 9464 containers. Defaults to the default set of capabilities 9465 granted by the container runtime. Note that this field 9466 cannot be set when spec.os.name is windows. 9467 properties: 9468 add: 9469 description: Added capabilities 9470 items: 9471 description: Capability represent POSIX capabilities 9472 type 9473 type: string 9474 type: array 9475 drop: 9476 description: Removed capabilities 9477 items: 9478 description: Capability represent POSIX capabilities 9479 type 9480 type: string 9481 type: array 9482 type: object 9483 privileged: 9484 description: Run container in privileged mode. Processes 9485 in privileged containers are essentially equivalent 9486 to root on the host. Defaults to false. Note that 9487 this field cannot be set when spec.os.name is windows. 9488 type: boolean 9489 procMount: 9490 description: procMount denotes the type of proc mount 9491 to use for the containers. The default is DefaultProcMount 9492 which uses the container runtime defaults for readonly 9493 paths and masked paths. This requires the ProcMountType 9494 feature flag to be enabled. Note that this field cannot 9495 be set when spec.os.name is windows. 9496 type: string 9497 readOnlyRootFilesystem: 9498 description: Whether this container has a read-only 9499 root filesystem. Default is false. Note that this 9500 field cannot be set when spec.os.name is windows. 9501 type: boolean 9502 runAsGroup: 9503 description: The GID to run the entrypoint of the container 9504 process. Uses runtime default if unset. May also be 9505 set in PodSecurityContext. If set in both SecurityContext 9506 and PodSecurityContext, the value specified in SecurityContext 9507 takes precedence. Note that this field cannot be set 9508 when spec.os.name is windows. 9509 format: int64 9510 type: integer 9511 runAsNonRoot: 9512 description: Indicates that the container must run as 9513 a non-root user. If true, the Kubelet will validate 9514 the image at runtime to ensure that it does not run 9515 as UID 0 (root) and fail to start the container if 9516 it does. If unset or false, no such validation will 9517 be performed. May also be set in PodSecurityContext. If 9518 set in both SecurityContext and PodSecurityContext, 9519 the value specified in SecurityContext takes precedence. 9520 type: boolean 9521 runAsUser: 9522 description: The UID to run the entrypoint of the container 9523 process. Defaults to user specified in image metadata 9524 if unspecified. May also be set in PodSecurityContext. If 9525 set in both SecurityContext and PodSecurityContext, 9526 the value specified in SecurityContext takes precedence. 9527 Note that this field cannot be set when spec.os.name 9528 is windows. 9529 format: int64 9530 type: integer 9531 seLinuxOptions: 9532 description: The SELinux context to be applied to the 9533 container. If unspecified, the container runtime will 9534 allocate a random SELinux context for each container. May 9535 also be set in PodSecurityContext. If set in both 9536 SecurityContext and PodSecurityContext, the value 9537 specified in SecurityContext takes precedence. Note 9538 that this field cannot be set when spec.os.name is 9539 windows. 9540 properties: 9541 level: 9542 description: Level is SELinux level label that applies 9543 to the container. 9544 type: string 9545 role: 9546 description: Role is a SELinux role label that applies 9547 to the container. 9548 type: string 9549 type: 9550 description: Type is a SELinux type label that applies 9551 to the container. 9552 type: string 9553 user: 9554 description: User is a SELinux user label that applies 9555 to the container. 9556 type: string 9557 type: object 9558 seccompProfile: 9559 description: The seccomp options to use by this container. 9560 If seccomp options are provided at both the pod & 9561 container level, the container options override the 9562 pod options. Note that this field cannot be set when 9563 spec.os.name is windows. 9564 properties: 9565 localhostProfile: 9566 description: localhostProfile indicates a profile 9567 defined in a file on the node should be used. 9568 The profile must be preconfigured on the node 9569 to work. Must be a descending path, relative to 9570 the kubelet's configured seccomp profile location. 9571 Must be set if type is "Localhost". Must NOT be 9572 set for any other type. 9573 type: string 9574 type: 9575 description: "type indicates which kind of seccomp 9576 profile will be applied. Valid options are: \n 9577 Localhost - a profile defined in a file on the 9578 node should be used. RuntimeDefault - the container 9579 runtime default profile should be used. Unconfined 9580 - no profile should be applied." 9581 type: string 9582 required: 9583 - type 9584 type: object 9585 windowsOptions: 9586 description: The Windows specific settings applied to 9587 all containers. If unspecified, the options from the 9588 PodSecurityContext will be used. If set in both SecurityContext 9589 and PodSecurityContext, the value specified in SecurityContext 9590 takes precedence. Note that this field cannot be set 9591 when spec.os.name is linux. 9592 properties: 9593 gmsaCredentialSpec: 9594 description: GMSACredentialSpec is where the GMSA 9595 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 9596 inlines the contents of the GMSA credential spec 9597 named by the GMSACredentialSpecName field. 9598 type: string 9599 gmsaCredentialSpecName: 9600 description: GMSACredentialSpecName is the name 9601 of the GMSA credential spec to use. 9602 type: string 9603 hostProcess: 9604 description: HostProcess determines if a container 9605 should be run as a 'Host Process' container. All 9606 of a Pod's containers must have the same effective 9607 HostProcess value (it is not allowed to have a 9608 mix of HostProcess containers and non-HostProcess 9609 containers). In addition, if HostProcess is true 9610 then HostNetwork must also be set to true. 9611 type: boolean 9612 runAsUserName: 9613 description: The UserName in Windows to run the 9614 entrypoint of the container process. Defaults 9615 to the user specified in image metadata if unspecified. 9616 May also be set in PodSecurityContext. If set 9617 in both SecurityContext and PodSecurityContext, 9618 the value specified in SecurityContext takes precedence. 9619 type: string 9620 type: object 9621 type: object 9622 startupProbe: 9623 description: 'StartupProbe indicates that the Pod has successfully 9624 initialized. If specified, no other probes are executed 9625 until this completes successfully. If this probe fails, 9626 the Pod will be restarted, just as if the livenessProbe 9627 failed. This can be used to provide different probe parameters 9628 at the beginning of a Pod''s lifecycle, when it might 9629 take a long time to load data or warm a cache, than during 9630 steady-state operation. This cannot be updated. More info: 9631 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9632 properties: 9633 exec: 9634 description: Exec specifies the action to take. 9635 properties: 9636 command: 9637 description: Command is the command line to execute 9638 inside the container, the working directory for 9639 the command is root ('/') in the container's 9640 filesystem. The command is simply exec'd, it is 9641 not run inside a shell, so traditional shell instructions 9642 ('|', etc) won't work. To use a shell, you need 9643 to explicitly call out to that shell. Exit status 9644 of 0 is treated as live/healthy and non-zero is 9645 unhealthy. 9646 items: 9647 type: string 9648 type: array 9649 type: object 9650 failureThreshold: 9651 description: Minimum consecutive failures for the probe 9652 to be considered failed after having succeeded. Defaults 9653 to 3. Minimum value is 1. 9654 format: int32 9655 type: integer 9656 grpc: 9657 description: GRPC specifies an action involving a GRPC 9658 port. 9659 properties: 9660 port: 9661 description: Port number of the gRPC service. Number 9662 must be in the range 1 to 65535. 9663 format: int32 9664 type: integer 9665 service: 9666 description: "Service is the name of the service 9667 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9668 \n If this is not specified, the default behavior 9669 is defined by gRPC." 9670 type: string 9671 required: 9672 - port 9673 type: object 9674 httpGet: 9675 description: HTTPGet specifies the http request to perform. 9676 properties: 9677 host: 9678 description: Host name to connect to, defaults to 9679 the pod IP. You probably want to set "Host" in 9680 httpHeaders instead. 9681 type: string 9682 httpHeaders: 9683 description: Custom headers to set in the request. 9684 HTTP allows repeated headers. 9685 items: 9686 description: HTTPHeader describes a custom header 9687 to be used in HTTP probes 9688 properties: 9689 name: 9690 description: The header field name. This will 9691 be canonicalized upon output, so case-variant 9692 names will be understood as the same header. 9693 type: string 9694 value: 9695 description: The header field value 9696 type: string 9697 required: 9698 - name 9699 - value 9700 type: object 9701 type: array 9702 path: 9703 description: Path to access on the HTTP server. 9704 type: string 9705 port: 9706 anyOf: 9707 - type: integer 9708 - type: string 9709 description: Name or number of the port to access 9710 on the container. Number must be in the range 9711 1 to 65535. Name must be an IANA_SVC_NAME. 9712 x-kubernetes-int-or-string: true 9713 scheme: 9714 description: Scheme to use for connecting to the 9715 host. Defaults to HTTP. 9716 type: string 9717 required: 9718 - port 9719 type: object 9720 initialDelaySeconds: 9721 description: 'Number of seconds after the container 9722 has started before liveness probes are initiated. 9723 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9724 format: int32 9725 type: integer 9726 periodSeconds: 9727 description: How often (in seconds) to perform the probe. 9728 Default to 10 seconds. Minimum value is 1. 9729 format: int32 9730 type: integer 9731 successThreshold: 9732 description: Minimum consecutive successes for the probe 9733 to be considered successful after having failed. Defaults 9734 to 1. Must be 1 for liveness and startup. Minimum 9735 value is 1. 9736 format: int32 9737 type: integer 9738 tcpSocket: 9739 description: TCPSocket specifies an action involving 9740 a TCP port. 9741 properties: 9742 host: 9743 description: 'Optional: Host name to connect to, 9744 defaults to the pod IP.' 9745 type: string 9746 port: 9747 anyOf: 9748 - type: integer 9749 - type: string 9750 description: Number or name of the port to access 9751 on the container. Number must be in the range 9752 1 to 65535. Name must be an IANA_SVC_NAME. 9753 x-kubernetes-int-or-string: true 9754 required: 9755 - port 9756 type: object 9757 terminationGracePeriodSeconds: 9758 description: Optional duration in seconds the pod needs 9759 to terminate gracefully upon probe failure. The grace 9760 period is the duration in seconds after the processes 9761 running in the pod are sent a termination signal and 9762 the time when the processes are forcibly halted with 9763 a kill signal. Set this value longer than the expected 9764 cleanup time for your process. If this value is nil, 9765 the pod's terminationGracePeriodSeconds will be used. 9766 Otherwise, this value overrides the value provided 9767 by the pod spec. Value must be non-negative integer. 9768 The value zero indicates stop immediately via the 9769 kill signal (no opportunity to shut down). This is 9770 a beta field and requires enabling ProbeTerminationGracePeriod 9771 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 9772 is used if unset. 9773 format: int64 9774 type: integer 9775 timeoutSeconds: 9776 description: 'Number of seconds after which the probe 9777 times out. Defaults to 1 second. Minimum value is 9778 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9779 format: int32 9780 type: integer 9781 type: object 9782 stdin: 9783 description: Whether this container should allocate a buffer 9784 for stdin in the container runtime. If this is not set, 9785 reads from stdin in the container will always result in 9786 EOF. Default is false. 9787 type: boolean 9788 stdinOnce: 9789 description: Whether the container runtime should close 9790 the stdin channel after it has been opened by a single 9791 attach. When stdin is true the stdin stream will remain 9792 open across multiple attach sessions. If stdinOnce is 9793 set to true, stdin is opened on container start, is empty 9794 until the first client attaches to stdin, and then remains 9795 open and accepts data until the client disconnects, at 9796 which time stdin is closed and remains closed until the 9797 container is restarted. If this flag is false, a container 9798 processes that reads from stdin will never receive an 9799 EOF. Default is false 9800 type: boolean 9801 terminationMessagePath: 9802 description: 'Optional: Path at which the file to which 9803 the container''s termination message will be written is 9804 mounted into the container''s filesystem. Message written 9805 is intended to be brief final status, such as an assertion 9806 failure message. Will be truncated by the node if greater 9807 than 4096 bytes. The total message length across all containers 9808 will be limited to 12kb. Defaults to /dev/termination-log. 9809 Cannot be updated.' 9810 type: string 9811 terminationMessagePolicy: 9812 description: Indicate how the termination message should 9813 be populated. File will use the contents of terminationMessagePath 9814 to populate the container status message on both success 9815 and failure. FallbackToLogsOnError will use the last chunk 9816 of container log output if the termination message file 9817 is empty and the container exited with an error. The log 9818 output is limited to 2048 bytes or 80 lines, whichever 9819 is smaller. Defaults to File. Cannot be updated. 9820 type: string 9821 tty: 9822 description: Whether this container should allocate a TTY 9823 for itself, also requires 'stdin' to be true. Default 9824 is false. 9825 type: boolean 9826 volumeDevices: 9827 description: volumeDevices is the list of block devices 9828 to be used by the container. 9829 items: 9830 description: volumeDevice describes a mapping of a raw 9831 block device within a container. 9832 properties: 9833 devicePath: 9834 description: devicePath is the path inside of the 9835 container that the device will be mapped to. 9836 type: string 9837 name: 9838 description: name must match the name of a persistentVolumeClaim 9839 in the pod 9840 type: string 9841 required: 9842 - devicePath 9843 - name 9844 type: object 9845 type: array 9846 volumeMounts: 9847 description: Pod volumes to mount into the container's filesystem. 9848 Cannot be updated. 9849 items: 9850 description: VolumeMount describes a mounting of a Volume 9851 within a container. 9852 properties: 9853 mountPath: 9854 description: Path within the container at which the 9855 volume should be mounted. Must not contain ':'. 9856 type: string 9857 mountPropagation: 9858 description: mountPropagation determines how mounts 9859 are propagated from the host to container and the 9860 other way around. When not set, MountPropagationNone 9861 is used. This field is beta in 1.10. 9862 type: string 9863 name: 9864 description: This must match the Name of a Volume. 9865 type: string 9866 readOnly: 9867 description: Mounted read-only if true, read-write 9868 otherwise (false or unspecified). Defaults to false. 9869 type: boolean 9870 subPath: 9871 description: Path within the volume from which the 9872 container's volume should be mounted. Defaults to 9873 "" (volume's root). 9874 type: string 9875 subPathExpr: 9876 description: Expanded path within the volume from 9877 which the container's volume should be mounted. 9878 Behaves similarly to SubPath but environment variable 9879 references $(VAR_NAME) are expanded using the container's 9880 environment. Defaults to "" (volume's root). SubPathExpr 9881 and SubPath are mutually exclusive. 9882 type: string 9883 required: 9884 - mountPath 9885 - name 9886 type: object 9887 type: array 9888 workingDir: 9889 description: Container's working directory. If not specified, 9890 the container runtime's default will be used, which might 9891 be configured in the container image. Cannot be updated. 9892 type: string 9893 required: 9894 - name 9895 type: object 9896 type: array 9897 logFormat: 9898 description: LogFormat describes the log format that should be 9899 used by the Repo Server. Defaults to ArgoCDDefaultLogFormat 9900 if not configured. Valid options are text or json. 9901 type: string 9902 logLevel: 9903 description: LogLevel describes the log level that should be used 9904 by the Repo Server. Defaults to ArgoCDDefaultLogLevel if not 9905 set. Valid options are debug, info, error, and warn. 9906 type: string 9907 mountsatoken: 9908 description: MountSAToken describes whether you would like to 9909 have the Repo server mount the service account token 9910 type: boolean 9911 remote: 9912 description: Remote specifies the remote URL of the Repo Server 9913 container. (optional, by default, a local instance managed by 9914 the operator is used.) 9915 type: string 9916 replicas: 9917 description: Replicas defines the number of replicas for argocd-repo-server. 9918 Value should be greater than or equal to 0. Default is nil. 9919 format: int32 9920 type: integer 9921 resources: 9922 description: Resources defines the Compute Resources required 9923 by the container for Redis. 9924 properties: 9925 claims: 9926 description: "Claims lists the names of resources, defined 9927 in spec.resourceClaims, that are used by this container. 9928 \n This is an alpha field and requires enabling the DynamicResourceAllocation 9929 feature gate. \n This field is immutable. It can only be 9930 set for containers." 9931 items: 9932 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 9933 properties: 9934 name: 9935 description: Name must match the name of one entry in 9936 pod.spec.resourceClaims of the Pod where this field 9937 is used. It makes that resource available inside a 9938 container. 9939 type: string 9940 required: 9941 - name 9942 type: object 9943 type: array 9944 x-kubernetes-list-map-keys: 9945 - name 9946 x-kubernetes-list-type: map 9947 limits: 9948 additionalProperties: 9949 anyOf: 9950 - type: integer 9951 - type: string 9952 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9953 x-kubernetes-int-or-string: true 9954 description: 'Limits describes the maximum amount of compute 9955 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9956 type: object 9957 requests: 9958 additionalProperties: 9959 anyOf: 9960 - type: integer 9961 - type: string 9962 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9963 x-kubernetes-int-or-string: true 9964 description: 'Requests describes the minimum amount of compute 9965 resources required. If Requests is omitted for a container, 9966 it defaults to Limits if that is explicitly specified, otherwise 9967 to an implementation-defined value. Requests cannot exceed 9968 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9969 type: object 9970 type: object 9971 serviceaccount: 9972 description: ServiceAccount defines the ServiceAccount user that 9973 you would like the Repo server to use 9974 type: string 9975 sidecarContainers: 9976 description: SidecarContainers defines the list of sidecar containers 9977 for the repo server deployment 9978 items: 9979 description: A single application container that you want to 9980 run within a pod. 9981 properties: 9982 args: 9983 description: 'Arguments to the entrypoint. The container 9984 image''s CMD is used if this is not provided. Variable 9985 references $(VAR_NAME) are expanded using the container''s 9986 environment. If a variable cannot be resolved, the reference 9987 in the input string will be unchanged. Double $$ are reduced 9988 to a single $, which allows for escaping the $(VAR_NAME) 9989 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 9990 "$(VAR_NAME)". Escaped references will never be expanded, 9991 regardless of whether the variable exists or not. Cannot 9992 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 9993 items: 9994 type: string 9995 type: array 9996 command: 9997 description: 'Entrypoint array. Not executed within a shell. 9998 The container image''s ENTRYPOINT is used if this is not 9999 provided. Variable references $(VAR_NAME) are expanded 10000 using the container''s environment. If a variable cannot 10001 be resolved, the reference in the input string will be 10002 unchanged. Double $$ are reduced to a single $, which 10003 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 10004 will produce the string literal "$(VAR_NAME)". Escaped 10005 references will never be expanded, regardless of whether 10006 the variable exists or not. Cannot be updated. More info: 10007 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 10008 items: 10009 type: string 10010 type: array 10011 env: 10012 description: List of environment variables to set in the 10013 container. Cannot be updated. 10014 items: 10015 description: EnvVar represents an environment variable 10016 present in a Container. 10017 properties: 10018 name: 10019 description: Name of the environment variable. Must 10020 be a C_IDENTIFIER. 10021 type: string 10022 value: 10023 description: 'Variable references $(VAR_NAME) are 10024 expanded using the previously defined environment 10025 variables in the container and any service environment 10026 variables. If a variable cannot be resolved, the 10027 reference in the input string will be unchanged. 10028 Double $$ are reduced to a single $, which allows 10029 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 10030 will produce the string literal "$(VAR_NAME)". Escaped 10031 references will never be expanded, regardless of 10032 whether the variable exists or not. Defaults to 10033 "".' 10034 type: string 10035 valueFrom: 10036 description: Source for the environment variable's 10037 value. Cannot be used if value is not empty. 10038 properties: 10039 configMapKeyRef: 10040 description: Selects a key of a ConfigMap. 10041 properties: 10042 key: 10043 description: The key to select. 10044 type: string 10045 name: 10046 description: 'Name of the referent. More info: 10047 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10048 TODO: Add other useful fields. apiVersion, 10049 kind, uid?' 10050 type: string 10051 optional: 10052 description: Specify whether the ConfigMap 10053 or its key must be defined 10054 type: boolean 10055 required: 10056 - key 10057 type: object 10058 fieldRef: 10059 description: 'Selects a field of the pod: supports 10060 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 10061 `metadata.annotations[''<KEY>'']`, spec.nodeName, 10062 spec.serviceAccountName, status.hostIP, status.podIP, 10063 status.podIPs.' 10064 properties: 10065 apiVersion: 10066 description: Version of the schema the FieldPath 10067 is written in terms of, defaults to "v1". 10068 type: string 10069 fieldPath: 10070 description: Path of the field to select in 10071 the specified API version. 10072 type: string 10073 required: 10074 - fieldPath 10075 type: object 10076 resourceFieldRef: 10077 description: 'Selects a resource of the container: 10078 only resources limits and requests (limits.cpu, 10079 limits.memory, limits.ephemeral-storage, requests.cpu, 10080 requests.memory and requests.ephemeral-storage) 10081 are currently supported.' 10082 properties: 10083 containerName: 10084 description: 'Container name: required for 10085 volumes, optional for env vars' 10086 type: string 10087 divisor: 10088 anyOf: 10089 - type: integer 10090 - type: string 10091 description: Specifies the output format of 10092 the exposed resources, defaults to "1" 10093 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 10094 x-kubernetes-int-or-string: true 10095 resource: 10096 description: 'Required: resource to select' 10097 type: string 10098 required: 10099 - resource 10100 type: object 10101 secretKeyRef: 10102 description: Selects a key of a secret in the 10103 pod's namespace 10104 properties: 10105 key: 10106 description: The key of the secret to select 10107 from. Must be a valid secret key. 10108 type: string 10109 name: 10110 description: 'Name of the referent. More info: 10111 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10112 TODO: Add other useful fields. apiVersion, 10113 kind, uid?' 10114 type: string 10115 optional: 10116 description: Specify whether the Secret or 10117 its key must be defined 10118 type: boolean 10119 required: 10120 - key 10121 type: object 10122 type: object 10123 required: 10124 - name 10125 type: object 10126 type: array 10127 envFrom: 10128 description: List of sources to populate environment variables 10129 in the container. The keys defined within a source must 10130 be a C_IDENTIFIER. All invalid keys will be reported as 10131 an event when the container is starting. When a key exists 10132 in multiple sources, the value associated with the last 10133 source will take precedence. Values defined by an Env 10134 with a duplicate key will take precedence. Cannot be updated. 10135 items: 10136 description: EnvFromSource represents the source of a 10137 set of ConfigMaps 10138 properties: 10139 configMapRef: 10140 description: The ConfigMap to select from 10141 properties: 10142 name: 10143 description: 'Name of the referent. More info: 10144 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10145 TODO: Add other useful fields. apiVersion, kind, 10146 uid?' 10147 type: string 10148 optional: 10149 description: Specify whether the ConfigMap must 10150 be defined 10151 type: boolean 10152 type: object 10153 prefix: 10154 description: An optional identifier to prepend to 10155 each key in the ConfigMap. Must be a C_IDENTIFIER. 10156 type: string 10157 secretRef: 10158 description: The Secret to select from 10159 properties: 10160 name: 10161 description: 'Name of the referent. More info: 10162 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10163 TODO: Add other useful fields. apiVersion, kind, 10164 uid?' 10165 type: string 10166 optional: 10167 description: Specify whether the Secret must be 10168 defined 10169 type: boolean 10170 type: object 10171 type: object 10172 type: array 10173 image: 10174 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 10175 This field is optional to allow higher level config management 10176 to default or override container images in workload controllers 10177 like Deployments and StatefulSets.' 10178 type: string 10179 imagePullPolicy: 10180 description: 'Image pull policy. One of Always, Never, IfNotPresent. 10181 Defaults to Always if :latest tag is specified, or IfNotPresent 10182 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 10183 type: string 10184 lifecycle: 10185 description: Actions that the management system should take 10186 in response to container lifecycle events. Cannot be updated. 10187 properties: 10188 postStart: 10189 description: 'PostStart is called immediately after 10190 a container is created. If the handler fails, the 10191 container is terminated and restarted according to 10192 its restart policy. Other management of the container 10193 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 10194 properties: 10195 exec: 10196 description: Exec specifies the action to take. 10197 properties: 10198 command: 10199 description: Command is the command line to 10200 execute inside the container, the working 10201 directory for the command is root ('/') in 10202 the container's filesystem. The command is 10203 simply exec'd, it is not run inside a shell, 10204 so traditional shell instructions ('|', etc) 10205 won't work. To use a shell, you need to explicitly 10206 call out to that shell. Exit status of 0 is 10207 treated as live/healthy and non-zero is unhealthy. 10208 items: 10209 type: string 10210 type: array 10211 type: object 10212 httpGet: 10213 description: HTTPGet specifies the http request 10214 to perform. 10215 properties: 10216 host: 10217 description: Host name to connect to, defaults 10218 to the pod IP. You probably want to set "Host" 10219 in httpHeaders instead. 10220 type: string 10221 httpHeaders: 10222 description: Custom headers to set in the request. 10223 HTTP allows repeated headers. 10224 items: 10225 description: HTTPHeader describes a custom 10226 header to be used in HTTP probes 10227 properties: 10228 name: 10229 description: The header field name. This 10230 will be canonicalized upon output, so 10231 case-variant names will be understood 10232 as the same header. 10233 type: string 10234 value: 10235 description: The header field value 10236 type: string 10237 required: 10238 - name 10239 - value 10240 type: object 10241 type: array 10242 path: 10243 description: Path to access on the HTTP server. 10244 type: string 10245 port: 10246 anyOf: 10247 - type: integer 10248 - type: string 10249 description: Name or number of the port to access 10250 on the container. Number must be in the range 10251 1 to 65535. Name must be an IANA_SVC_NAME. 10252 x-kubernetes-int-or-string: true 10253 scheme: 10254 description: Scheme to use for connecting to 10255 the host. Defaults to HTTP. 10256 type: string 10257 required: 10258 - port 10259 type: object 10260 tcpSocket: 10261 description: Deprecated. TCPSocket is NOT supported 10262 as a LifecycleHandler and kept for the backward 10263 compatibility. There are no validation of this 10264 field and lifecycle hooks will fail in runtime 10265 when tcp handler is specified. 10266 properties: 10267 host: 10268 description: 'Optional: Host name to connect 10269 to, defaults to the pod IP.' 10270 type: string 10271 port: 10272 anyOf: 10273 - type: integer 10274 - type: string 10275 description: Number or name of the port to access 10276 on the container. Number must be in the range 10277 1 to 65535. Name must be an IANA_SVC_NAME. 10278 x-kubernetes-int-or-string: true 10279 required: 10280 - port 10281 type: object 10282 type: object 10283 preStop: 10284 description: 'PreStop is called immediately before a 10285 container is terminated due to an API request or management 10286 event such as liveness/startup probe failure, preemption, 10287 resource contention, etc. The handler is not called 10288 if the container crashes or exits. The Pod''s termination 10289 grace period countdown begins before the PreStop hook 10290 is executed. Regardless of the outcome of the handler, 10291 the container will eventually terminate within the 10292 Pod''s termination grace period (unless delayed by 10293 finalizers). Other management of the container blocks 10294 until the hook completes or until the termination 10295 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 10296 properties: 10297 exec: 10298 description: Exec specifies the action to take. 10299 properties: 10300 command: 10301 description: Command is the command line to 10302 execute inside the container, the working 10303 directory for the command is root ('/') in 10304 the container's filesystem. The command is 10305 simply exec'd, it is not run inside a shell, 10306 so traditional shell instructions ('|', etc) 10307 won't work. To use a shell, you need to explicitly 10308 call out to that shell. Exit status of 0 is 10309 treated as live/healthy and non-zero is unhealthy. 10310 items: 10311 type: string 10312 type: array 10313 type: object 10314 httpGet: 10315 description: HTTPGet specifies the http request 10316 to perform. 10317 properties: 10318 host: 10319 description: Host name to connect to, defaults 10320 to the pod IP. You probably want to set "Host" 10321 in httpHeaders instead. 10322 type: string 10323 httpHeaders: 10324 description: Custom headers to set in the request. 10325 HTTP allows repeated headers. 10326 items: 10327 description: HTTPHeader describes a custom 10328 header to be used in HTTP probes 10329 properties: 10330 name: 10331 description: The header field name. This 10332 will be canonicalized upon output, so 10333 case-variant names will be understood 10334 as the same header. 10335 type: string 10336 value: 10337 description: The header field value 10338 type: string 10339 required: 10340 - name 10341 - value 10342 type: object 10343 type: array 10344 path: 10345 description: Path to access on the HTTP server. 10346 type: string 10347 port: 10348 anyOf: 10349 - type: integer 10350 - type: string 10351 description: Name or number of the port to access 10352 on the container. Number must be in the range 10353 1 to 65535. Name must be an IANA_SVC_NAME. 10354 x-kubernetes-int-or-string: true 10355 scheme: 10356 description: Scheme to use for connecting to 10357 the host. Defaults to HTTP. 10358 type: string 10359 required: 10360 - port 10361 type: object 10362 tcpSocket: 10363 description: Deprecated. TCPSocket is NOT supported 10364 as a LifecycleHandler and kept for the backward 10365 compatibility. There are no validation of this 10366 field and lifecycle hooks will fail in runtime 10367 when tcp handler is specified. 10368 properties: 10369 host: 10370 description: 'Optional: Host name to connect 10371 to, defaults to the pod IP.' 10372 type: string 10373 port: 10374 anyOf: 10375 - type: integer 10376 - type: string 10377 description: Number or name of the port to access 10378 on the container. Number must be in the range 10379 1 to 65535. Name must be an IANA_SVC_NAME. 10380 x-kubernetes-int-or-string: true 10381 required: 10382 - port 10383 type: object 10384 type: object 10385 type: object 10386 livenessProbe: 10387 description: 'Periodic probe of container liveness. Container 10388 will be restarted if the probe fails. Cannot be updated. 10389 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10390 properties: 10391 exec: 10392 description: Exec specifies the action to take. 10393 properties: 10394 command: 10395 description: Command is the command line to execute 10396 inside the container, the working directory for 10397 the command is root ('/') in the container's 10398 filesystem. The command is simply exec'd, it is 10399 not run inside a shell, so traditional shell instructions 10400 ('|', etc) won't work. To use a shell, you need 10401 to explicitly call out to that shell. Exit status 10402 of 0 is treated as live/healthy and non-zero is 10403 unhealthy. 10404 items: 10405 type: string 10406 type: array 10407 type: object 10408 failureThreshold: 10409 description: Minimum consecutive failures for the probe 10410 to be considered failed after having succeeded. Defaults 10411 to 3. Minimum value is 1. 10412 format: int32 10413 type: integer 10414 grpc: 10415 description: GRPC specifies an action involving a GRPC 10416 port. 10417 properties: 10418 port: 10419 description: Port number of the gRPC service. Number 10420 must be in the range 1 to 65535. 10421 format: int32 10422 type: integer 10423 service: 10424 description: "Service is the name of the service 10425 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 10426 \n If this is not specified, the default behavior 10427 is defined by gRPC." 10428 type: string 10429 required: 10430 - port 10431 type: object 10432 httpGet: 10433 description: HTTPGet specifies the http request to perform. 10434 properties: 10435 host: 10436 description: Host name to connect to, defaults to 10437 the pod IP. You probably want to set "Host" in 10438 httpHeaders instead. 10439 type: string 10440 httpHeaders: 10441 description: Custom headers to set in the request. 10442 HTTP allows repeated headers. 10443 items: 10444 description: HTTPHeader describes a custom header 10445 to be used in HTTP probes 10446 properties: 10447 name: 10448 description: The header field name. This will 10449 be canonicalized upon output, so case-variant 10450 names will be understood as the same header. 10451 type: string 10452 value: 10453 description: The header field value 10454 type: string 10455 required: 10456 - name 10457 - value 10458 type: object 10459 type: array 10460 path: 10461 description: Path to access on the HTTP server. 10462 type: string 10463 port: 10464 anyOf: 10465 - type: integer 10466 - type: string 10467 description: Name or number of the port to access 10468 on the container. Number must be in the range 10469 1 to 65535. Name must be an IANA_SVC_NAME. 10470 x-kubernetes-int-or-string: true 10471 scheme: 10472 description: Scheme to use for connecting to the 10473 host. Defaults to HTTP. 10474 type: string 10475 required: 10476 - port 10477 type: object 10478 initialDelaySeconds: 10479 description: 'Number of seconds after the container 10480 has started before liveness probes are initiated. 10481 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10482 format: int32 10483 type: integer 10484 periodSeconds: 10485 description: How often (in seconds) to perform the probe. 10486 Default to 10 seconds. Minimum value is 1. 10487 format: int32 10488 type: integer 10489 successThreshold: 10490 description: Minimum consecutive successes for the probe 10491 to be considered successful after having failed. Defaults 10492 to 1. Must be 1 for liveness and startup. Minimum 10493 value is 1. 10494 format: int32 10495 type: integer 10496 tcpSocket: 10497 description: TCPSocket specifies an action involving 10498 a TCP port. 10499 properties: 10500 host: 10501 description: 'Optional: Host name to connect to, 10502 defaults to the pod IP.' 10503 type: string 10504 port: 10505 anyOf: 10506 - type: integer 10507 - type: string 10508 description: Number or name of the port to access 10509 on the container. Number must be in the range 10510 1 to 65535. Name must be an IANA_SVC_NAME. 10511 x-kubernetes-int-or-string: true 10512 required: 10513 - port 10514 type: object 10515 terminationGracePeriodSeconds: 10516 description: Optional duration in seconds the pod needs 10517 to terminate gracefully upon probe failure. The grace 10518 period is the duration in seconds after the processes 10519 running in the pod are sent a termination signal and 10520 the time when the processes are forcibly halted with 10521 a kill signal. Set this value longer than the expected 10522 cleanup time for your process. If this value is nil, 10523 the pod's terminationGracePeriodSeconds will be used. 10524 Otherwise, this value overrides the value provided 10525 by the pod spec. Value must be non-negative integer. 10526 The value zero indicates stop immediately via the 10527 kill signal (no opportunity to shut down). This is 10528 a beta field and requires enabling ProbeTerminationGracePeriod 10529 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 10530 is used if unset. 10531 format: int64 10532 type: integer 10533 timeoutSeconds: 10534 description: 'Number of seconds after which the probe 10535 times out. Defaults to 1 second. Minimum value is 10536 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10537 format: int32 10538 type: integer 10539 type: object 10540 name: 10541 description: Name of the container specified as a DNS_LABEL. 10542 Each container in a pod must have a unique name (DNS_LABEL). 10543 Cannot be updated. 10544 type: string 10545 ports: 10546 description: List of ports to expose from the container. 10547 Not specifying a port here DOES NOT prevent that port 10548 from being exposed. Any port which is listening on the 10549 default "0.0.0.0" address inside a container will be accessible 10550 from the network. Modifying this array with strategic 10551 merge patch may corrupt the data. For more information 10552 See https://github.com/kubernetes/kubernetes/issues/108255. 10553 Cannot be updated. 10554 items: 10555 description: ContainerPort represents a network port in 10556 a single container. 10557 properties: 10558 containerPort: 10559 description: Number of port to expose on the pod's 10560 IP address. This must be a valid port number, 0 10561 < x < 65536. 10562 format: int32 10563 type: integer 10564 hostIP: 10565 description: What host IP to bind the external port 10566 to. 10567 type: string 10568 hostPort: 10569 description: Number of port to expose on the host. 10570 If specified, this must be a valid port number, 10571 0 < x < 65536. If HostNetwork is specified, this 10572 must match ContainerPort. Most containers do not 10573 need this. 10574 format: int32 10575 type: integer 10576 name: 10577 description: If specified, this must be an IANA_SVC_NAME 10578 and unique within the pod. Each named port in a 10579 pod must have a unique name. Name for the port that 10580 can be referred to by services. 10581 type: string 10582 protocol: 10583 default: TCP 10584 description: Protocol for port. Must be UDP, TCP, 10585 or SCTP. Defaults to "TCP". 10586 type: string 10587 required: 10588 - containerPort 10589 type: object 10590 type: array 10591 x-kubernetes-list-map-keys: 10592 - containerPort 10593 - protocol 10594 x-kubernetes-list-type: map 10595 readinessProbe: 10596 description: 'Periodic probe of container service readiness. 10597 Container will be removed from service endpoints if the 10598 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10599 properties: 10600 exec: 10601 description: Exec specifies the action to take. 10602 properties: 10603 command: 10604 description: Command is the command line to execute 10605 inside the container, the working directory for 10606 the command is root ('/') in the container's 10607 filesystem. The command is simply exec'd, it is 10608 not run inside a shell, so traditional shell instructions 10609 ('|', etc) won't work. To use a shell, you need 10610 to explicitly call out to that shell. Exit status 10611 of 0 is treated as live/healthy and non-zero is 10612 unhealthy. 10613 items: 10614 type: string 10615 type: array 10616 type: object 10617 failureThreshold: 10618 description: Minimum consecutive failures for the probe 10619 to be considered failed after having succeeded. Defaults 10620 to 3. Minimum value is 1. 10621 format: int32 10622 type: integer 10623 grpc: 10624 description: GRPC specifies an action involving a GRPC 10625 port. 10626 properties: 10627 port: 10628 description: Port number of the gRPC service. Number 10629 must be in the range 1 to 65535. 10630 format: int32 10631 type: integer 10632 service: 10633 description: "Service is the name of the service 10634 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 10635 \n If this is not specified, the default behavior 10636 is defined by gRPC." 10637 type: string 10638 required: 10639 - port 10640 type: object 10641 httpGet: 10642 description: HTTPGet specifies the http request to perform. 10643 properties: 10644 host: 10645 description: Host name to connect to, defaults to 10646 the pod IP. You probably want to set "Host" in 10647 httpHeaders instead. 10648 type: string 10649 httpHeaders: 10650 description: Custom headers to set in the request. 10651 HTTP allows repeated headers. 10652 items: 10653 description: HTTPHeader describes a custom header 10654 to be used in HTTP probes 10655 properties: 10656 name: 10657 description: The header field name. This will 10658 be canonicalized upon output, so case-variant 10659 names will be understood as the same header. 10660 type: string 10661 value: 10662 description: The header field value 10663 type: string 10664 required: 10665 - name 10666 - value 10667 type: object 10668 type: array 10669 path: 10670 description: Path to access on the HTTP server. 10671 type: string 10672 port: 10673 anyOf: 10674 - type: integer 10675 - type: string 10676 description: Name or number of the port to access 10677 on the container. Number must be in the range 10678 1 to 65535. Name must be an IANA_SVC_NAME. 10679 x-kubernetes-int-or-string: true 10680 scheme: 10681 description: Scheme to use for connecting to the 10682 host. Defaults to HTTP. 10683 type: string 10684 required: 10685 - port 10686 type: object 10687 initialDelaySeconds: 10688 description: 'Number of seconds after the container 10689 has started before liveness probes are initiated. 10690 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10691 format: int32 10692 type: integer 10693 periodSeconds: 10694 description: How often (in seconds) to perform the probe. 10695 Default to 10 seconds. Minimum value is 1. 10696 format: int32 10697 type: integer 10698 successThreshold: 10699 description: Minimum consecutive successes for the probe 10700 to be considered successful after having failed. Defaults 10701 to 1. Must be 1 for liveness and startup. Minimum 10702 value is 1. 10703 format: int32 10704 type: integer 10705 tcpSocket: 10706 description: TCPSocket specifies an action involving 10707 a TCP port. 10708 properties: 10709 host: 10710 description: 'Optional: Host name to connect to, 10711 defaults to the pod IP.' 10712 type: string 10713 port: 10714 anyOf: 10715 - type: integer 10716 - type: string 10717 description: Number or name of the port to access 10718 on the container. Number must be in the range 10719 1 to 65535. Name must be an IANA_SVC_NAME. 10720 x-kubernetes-int-or-string: true 10721 required: 10722 - port 10723 type: object 10724 terminationGracePeriodSeconds: 10725 description: Optional duration in seconds the pod needs 10726 to terminate gracefully upon probe failure. The grace 10727 period is the duration in seconds after the processes 10728 running in the pod are sent a termination signal and 10729 the time when the processes are forcibly halted with 10730 a kill signal. Set this value longer than the expected 10731 cleanup time for your process. If this value is nil, 10732 the pod's terminationGracePeriodSeconds will be used. 10733 Otherwise, this value overrides the value provided 10734 by the pod spec. Value must be non-negative integer. 10735 The value zero indicates stop immediately via the 10736 kill signal (no opportunity to shut down). This is 10737 a beta field and requires enabling ProbeTerminationGracePeriod 10738 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 10739 is used if unset. 10740 format: int64 10741 type: integer 10742 timeoutSeconds: 10743 description: 'Number of seconds after which the probe 10744 times out. Defaults to 1 second. Minimum value is 10745 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10746 format: int32 10747 type: integer 10748 type: object 10749 resizePolicy: 10750 description: Resources resize policy for the container. 10751 items: 10752 description: ContainerResizePolicy represents resource 10753 resize policy for the container. 10754 properties: 10755 resourceName: 10756 description: 'Name of the resource to which this resource 10757 resize policy applies. Supported values: cpu, memory.' 10758 type: string 10759 restartPolicy: 10760 description: Restart policy to apply when specified 10761 resource is resized. If not specified, it defaults 10762 to NotRequired. 10763 type: string 10764 required: 10765 - resourceName 10766 - restartPolicy 10767 type: object 10768 type: array 10769 x-kubernetes-list-type: atomic 10770 resources: 10771 description: 'Compute Resources required by this container. 10772 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 10773 properties: 10774 claims: 10775 description: "Claims lists the names of resources, defined 10776 in spec.resourceClaims, that are used by this container. 10777 \n This is an alpha field and requires enabling the 10778 DynamicResourceAllocation feature gate. \n This field 10779 is immutable. It can only be set for containers." 10780 items: 10781 description: ResourceClaim references one entry in 10782 PodSpec.ResourceClaims. 10783 properties: 10784 name: 10785 description: Name must match the name of one entry 10786 in pod.spec.resourceClaims of the Pod where 10787 this field is used. It makes that resource available 10788 inside a container. 10789 type: string 10790 required: 10791 - name 10792 type: object 10793 type: array 10794 x-kubernetes-list-map-keys: 10795 - name 10796 x-kubernetes-list-type: map 10797 limits: 10798 additionalProperties: 10799 anyOf: 10800 - type: integer 10801 - type: string 10802 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 10803 x-kubernetes-int-or-string: true 10804 description: 'Limits describes the maximum amount of 10805 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 10806 type: object 10807 requests: 10808 additionalProperties: 10809 anyOf: 10810 - type: integer 10811 - type: string 10812 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 10813 x-kubernetes-int-or-string: true 10814 description: 'Requests describes the minimum amount 10815 of compute resources required. If Requests is omitted 10816 for a container, it defaults to Limits if that is 10817 explicitly specified, otherwise to an implementation-defined 10818 value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 10819 type: object 10820 type: object 10821 restartPolicy: 10822 description: 'RestartPolicy defines the restart behavior 10823 of individual containers in a pod. This field may only 10824 be set for init containers, and the only allowed value 10825 is "Always". For non-init containers or when this field 10826 is not specified, the restart behavior is defined by the 10827 Pod''s restart policy and the container type. Setting 10828 the RestartPolicy as "Always" for the init container will 10829 have the following effect: this init container will be 10830 continually restarted on exit until all regular containers 10831 have terminated. Once all regular containers have completed, 10832 all init containers with restartPolicy "Always" will be 10833 shut down. This lifecycle differs from normal init containers 10834 and is often referred to as a "sidecar" container. Although 10835 this init container still starts in the init container 10836 sequence, it does not wait for the container to complete 10837 before proceeding to the next init container. Instead, 10838 the next init container starts immediately after this 10839 init container is started, or after any startupProbe has 10840 successfully completed.' 10841 type: string 10842 securityContext: 10843 description: 'SecurityContext defines the security options 10844 the container should be run with. If set, the fields of 10845 SecurityContext override the equivalent fields of PodSecurityContext. 10846 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 10847 properties: 10848 allowPrivilegeEscalation: 10849 description: 'AllowPrivilegeEscalation controls whether 10850 a process can gain more privileges than its parent 10851 process. This bool directly controls if the no_new_privs 10852 flag will be set on the container process. AllowPrivilegeEscalation 10853 is true always when the container is: 1) run as Privileged 10854 2) has CAP_SYS_ADMIN Note that this field cannot be 10855 set when spec.os.name is windows.' 10856 type: boolean 10857 capabilities: 10858 description: The capabilities to add/drop when running 10859 containers. Defaults to the default set of capabilities 10860 granted by the container runtime. Note that this field 10861 cannot be set when spec.os.name is windows. 10862 properties: 10863 add: 10864 description: Added capabilities 10865 items: 10866 description: Capability represent POSIX capabilities 10867 type 10868 type: string 10869 type: array 10870 drop: 10871 description: Removed capabilities 10872 items: 10873 description: Capability represent POSIX capabilities 10874 type 10875 type: string 10876 type: array 10877 type: object 10878 privileged: 10879 description: Run container in privileged mode. Processes 10880 in privileged containers are essentially equivalent 10881 to root on the host. Defaults to false. Note that 10882 this field cannot be set when spec.os.name is windows. 10883 type: boolean 10884 procMount: 10885 description: procMount denotes the type of proc mount 10886 to use for the containers. The default is DefaultProcMount 10887 which uses the container runtime defaults for readonly 10888 paths and masked paths. This requires the ProcMountType 10889 feature flag to be enabled. Note that this field cannot 10890 be set when spec.os.name is windows. 10891 type: string 10892 readOnlyRootFilesystem: 10893 description: Whether this container has a read-only 10894 root filesystem. Default is false. Note that this 10895 field cannot be set when spec.os.name is windows. 10896 type: boolean 10897 runAsGroup: 10898 description: The GID to run the entrypoint of the container 10899 process. Uses runtime default if unset. May also be 10900 set in PodSecurityContext. If set in both SecurityContext 10901 and PodSecurityContext, the value specified in SecurityContext 10902 takes precedence. Note that this field cannot be set 10903 when spec.os.name is windows. 10904 format: int64 10905 type: integer 10906 runAsNonRoot: 10907 description: Indicates that the container must run as 10908 a non-root user. If true, the Kubelet will validate 10909 the image at runtime to ensure that it does not run 10910 as UID 0 (root) and fail to start the container if 10911 it does. If unset or false, no such validation will 10912 be performed. May also be set in PodSecurityContext. If 10913 set in both SecurityContext and PodSecurityContext, 10914 the value specified in SecurityContext takes precedence. 10915 type: boolean 10916 runAsUser: 10917 description: The UID to run the entrypoint of the container 10918 process. Defaults to user specified in image metadata 10919 if unspecified. May also be set in PodSecurityContext. If 10920 set in both SecurityContext and PodSecurityContext, 10921 the value specified in SecurityContext takes precedence. 10922 Note that this field cannot be set when spec.os.name 10923 is windows. 10924 format: int64 10925 type: integer 10926 seLinuxOptions: 10927 description: The SELinux context to be applied to the 10928 container. If unspecified, the container runtime will 10929 allocate a random SELinux context for each container. May 10930 also be set in PodSecurityContext. If set in both 10931 SecurityContext and PodSecurityContext, the value 10932 specified in SecurityContext takes precedence. Note 10933 that this field cannot be set when spec.os.name is 10934 windows. 10935 properties: 10936 level: 10937 description: Level is SELinux level label that applies 10938 to the container. 10939 type: string 10940 role: 10941 description: Role is a SELinux role label that applies 10942 to the container. 10943 type: string 10944 type: 10945 description: Type is a SELinux type label that applies 10946 to the container. 10947 type: string 10948 user: 10949 description: User is a SELinux user label that applies 10950 to the container. 10951 type: string 10952 type: object 10953 seccompProfile: 10954 description: The seccomp options to use by this container. 10955 If seccomp options are provided at both the pod & 10956 container level, the container options override the 10957 pod options. Note that this field cannot be set when 10958 spec.os.name is windows. 10959 properties: 10960 localhostProfile: 10961 description: localhostProfile indicates a profile 10962 defined in a file on the node should be used. 10963 The profile must be preconfigured on the node 10964 to work. Must be a descending path, relative to 10965 the kubelet's configured seccomp profile location. 10966 Must be set if type is "Localhost". Must NOT be 10967 set for any other type. 10968 type: string 10969 type: 10970 description: "type indicates which kind of seccomp 10971 profile will be applied. Valid options are: \n 10972 Localhost - a profile defined in a file on the 10973 node should be used. RuntimeDefault - the container 10974 runtime default profile should be used. Unconfined 10975 - no profile should be applied." 10976 type: string 10977 required: 10978 - type 10979 type: object 10980 windowsOptions: 10981 description: The Windows specific settings applied to 10982 all containers. If unspecified, the options from the 10983 PodSecurityContext will be used. If set in both SecurityContext 10984 and PodSecurityContext, the value specified in SecurityContext 10985 takes precedence. Note that this field cannot be set 10986 when spec.os.name is linux. 10987 properties: 10988 gmsaCredentialSpec: 10989 description: GMSACredentialSpec is where the GMSA 10990 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 10991 inlines the contents of the GMSA credential spec 10992 named by the GMSACredentialSpecName field. 10993 type: string 10994 gmsaCredentialSpecName: 10995 description: GMSACredentialSpecName is the name 10996 of the GMSA credential spec to use. 10997 type: string 10998 hostProcess: 10999 description: HostProcess determines if a container 11000 should be run as a 'Host Process' container. All 11001 of a Pod's containers must have the same effective 11002 HostProcess value (it is not allowed to have a 11003 mix of HostProcess containers and non-HostProcess 11004 containers). In addition, if HostProcess is true 11005 then HostNetwork must also be set to true. 11006 type: boolean 11007 runAsUserName: 11008 description: The UserName in Windows to run the 11009 entrypoint of the container process. Defaults 11010 to the user specified in image metadata if unspecified. 11011 May also be set in PodSecurityContext. If set 11012 in both SecurityContext and PodSecurityContext, 11013 the value specified in SecurityContext takes precedence. 11014 type: string 11015 type: object 11016 type: object 11017 startupProbe: 11018 description: 'StartupProbe indicates that the Pod has successfully 11019 initialized. If specified, no other probes are executed 11020 until this completes successfully. If this probe fails, 11021 the Pod will be restarted, just as if the livenessProbe 11022 failed. This can be used to provide different probe parameters 11023 at the beginning of a Pod''s lifecycle, when it might 11024 take a long time to load data or warm a cache, than during 11025 steady-state operation. This cannot be updated. More info: 11026 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11027 properties: 11028 exec: 11029 description: Exec specifies the action to take. 11030 properties: 11031 command: 11032 description: Command is the command line to execute 11033 inside the container, the working directory for 11034 the command is root ('/') in the container's 11035 filesystem. The command is simply exec'd, it is 11036 not run inside a shell, so traditional shell instructions 11037 ('|', etc) won't work. To use a shell, you need 11038 to explicitly call out to that shell. Exit status 11039 of 0 is treated as live/healthy and non-zero is 11040 unhealthy. 11041 items: 11042 type: string 11043 type: array 11044 type: object 11045 failureThreshold: 11046 description: Minimum consecutive failures for the probe 11047 to be considered failed after having succeeded. Defaults 11048 to 3. Minimum value is 1. 11049 format: int32 11050 type: integer 11051 grpc: 11052 description: GRPC specifies an action involving a GRPC 11053 port. 11054 properties: 11055 port: 11056 description: Port number of the gRPC service. Number 11057 must be in the range 1 to 65535. 11058 format: int32 11059 type: integer 11060 service: 11061 description: "Service is the name of the service 11062 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 11063 \n If this is not specified, the default behavior 11064 is defined by gRPC." 11065 type: string 11066 required: 11067 - port 11068 type: object 11069 httpGet: 11070 description: HTTPGet specifies the http request to perform. 11071 properties: 11072 host: 11073 description: Host name to connect to, defaults to 11074 the pod IP. You probably want to set "Host" in 11075 httpHeaders instead. 11076 type: string 11077 httpHeaders: 11078 description: Custom headers to set in the request. 11079 HTTP allows repeated headers. 11080 items: 11081 description: HTTPHeader describes a custom header 11082 to be used in HTTP probes 11083 properties: 11084 name: 11085 description: The header field name. This will 11086 be canonicalized upon output, so case-variant 11087 names will be understood as the same header. 11088 type: string 11089 value: 11090 description: The header field value 11091 type: string 11092 required: 11093 - name 11094 - value 11095 type: object 11096 type: array 11097 path: 11098 description: Path to access on the HTTP server. 11099 type: string 11100 port: 11101 anyOf: 11102 - type: integer 11103 - type: string 11104 description: Name or number of the port to access 11105 on the container. Number must be in the range 11106 1 to 65535. Name must be an IANA_SVC_NAME. 11107 x-kubernetes-int-or-string: true 11108 scheme: 11109 description: Scheme to use for connecting to the 11110 host. Defaults to HTTP. 11111 type: string 11112 required: 11113 - port 11114 type: object 11115 initialDelaySeconds: 11116 description: 'Number of seconds after the container 11117 has started before liveness probes are initiated. 11118 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11119 format: int32 11120 type: integer 11121 periodSeconds: 11122 description: How often (in seconds) to perform the probe. 11123 Default to 10 seconds. Minimum value is 1. 11124 format: int32 11125 type: integer 11126 successThreshold: 11127 description: Minimum consecutive successes for the probe 11128 to be considered successful after having failed. Defaults 11129 to 1. Must be 1 for liveness and startup. Minimum 11130 value is 1. 11131 format: int32 11132 type: integer 11133 tcpSocket: 11134 description: TCPSocket specifies an action involving 11135 a TCP port. 11136 properties: 11137 host: 11138 description: 'Optional: Host name to connect to, 11139 defaults to the pod IP.' 11140 type: string 11141 port: 11142 anyOf: 11143 - type: integer 11144 - type: string 11145 description: Number or name of the port to access 11146 on the container. Number must be in the range 11147 1 to 65535. Name must be an IANA_SVC_NAME. 11148 x-kubernetes-int-or-string: true 11149 required: 11150 - port 11151 type: object 11152 terminationGracePeriodSeconds: 11153 description: Optional duration in seconds the pod needs 11154 to terminate gracefully upon probe failure. The grace 11155 period is the duration in seconds after the processes 11156 running in the pod are sent a termination signal and 11157 the time when the processes are forcibly halted with 11158 a kill signal. Set this value longer than the expected 11159 cleanup time for your process. If this value is nil, 11160 the pod's terminationGracePeriodSeconds will be used. 11161 Otherwise, this value overrides the value provided 11162 by the pod spec. Value must be non-negative integer. 11163 The value zero indicates stop immediately via the 11164 kill signal (no opportunity to shut down). This is 11165 a beta field and requires enabling ProbeTerminationGracePeriod 11166 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 11167 is used if unset. 11168 format: int64 11169 type: integer 11170 timeoutSeconds: 11171 description: 'Number of seconds after which the probe 11172 times out. Defaults to 1 second. Minimum value is 11173 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11174 format: int32 11175 type: integer 11176 type: object 11177 stdin: 11178 description: Whether this container should allocate a buffer 11179 for stdin in the container runtime. If this is not set, 11180 reads from stdin in the container will always result in 11181 EOF. Default is false. 11182 type: boolean 11183 stdinOnce: 11184 description: Whether the container runtime should close 11185 the stdin channel after it has been opened by a single 11186 attach. When stdin is true the stdin stream will remain 11187 open across multiple attach sessions. If stdinOnce is 11188 set to true, stdin is opened on container start, is empty 11189 until the first client attaches to stdin, and then remains 11190 open and accepts data until the client disconnects, at 11191 which time stdin is closed and remains closed until the 11192 container is restarted. If this flag is false, a container 11193 processes that reads from stdin will never receive an 11194 EOF. Default is false 11195 type: boolean 11196 terminationMessagePath: 11197 description: 'Optional: Path at which the file to which 11198 the container''s termination message will be written is 11199 mounted into the container''s filesystem. Message written 11200 is intended to be brief final status, such as an assertion 11201 failure message. Will be truncated by the node if greater 11202 than 4096 bytes. The total message length across all containers 11203 will be limited to 12kb. Defaults to /dev/termination-log. 11204 Cannot be updated.' 11205 type: string 11206 terminationMessagePolicy: 11207 description: Indicate how the termination message should 11208 be populated. File will use the contents of terminationMessagePath 11209 to populate the container status message on both success 11210 and failure. FallbackToLogsOnError will use the last chunk 11211 of container log output if the termination message file 11212 is empty and the container exited with an error. The log 11213 output is limited to 2048 bytes or 80 lines, whichever 11214 is smaller. Defaults to File. Cannot be updated. 11215 type: string 11216 tty: 11217 description: Whether this container should allocate a TTY 11218 for itself, also requires 'stdin' to be true. Default 11219 is false. 11220 type: boolean 11221 volumeDevices: 11222 description: volumeDevices is the list of block devices 11223 to be used by the container. 11224 items: 11225 description: volumeDevice describes a mapping of a raw 11226 block device within a container. 11227 properties: 11228 devicePath: 11229 description: devicePath is the path inside of the 11230 container that the device will be mapped to. 11231 type: string 11232 name: 11233 description: name must match the name of a persistentVolumeClaim 11234 in the pod 11235 type: string 11236 required: 11237 - devicePath 11238 - name 11239 type: object 11240 type: array 11241 volumeMounts: 11242 description: Pod volumes to mount into the container's filesystem. 11243 Cannot be updated. 11244 items: 11245 description: VolumeMount describes a mounting of a Volume 11246 within a container. 11247 properties: 11248 mountPath: 11249 description: Path within the container at which the 11250 volume should be mounted. Must not contain ':'. 11251 type: string 11252 mountPropagation: 11253 description: mountPropagation determines how mounts 11254 are propagated from the host to container and the 11255 other way around. When not set, MountPropagationNone 11256 is used. This field is beta in 1.10. 11257 type: string 11258 name: 11259 description: This must match the Name of a Volume. 11260 type: string 11261 readOnly: 11262 description: Mounted read-only if true, read-write 11263 otherwise (false or unspecified). Defaults to false. 11264 type: boolean 11265 subPath: 11266 description: Path within the volume from which the 11267 container's volume should be mounted. Defaults to 11268 "" (volume's root). 11269 type: string 11270 subPathExpr: 11271 description: Expanded path within the volume from 11272 which the container's volume should be mounted. 11273 Behaves similarly to SubPath but environment variable 11274 references $(VAR_NAME) are expanded using the container's 11275 environment. Defaults to "" (volume's root). SubPathExpr 11276 and SubPath are mutually exclusive. 11277 type: string 11278 required: 11279 - mountPath 11280 - name 11281 type: object 11282 type: array 11283 workingDir: 11284 description: Container's working directory. If not specified, 11285 the container runtime's default will be used, which might 11286 be configured in the container image. Cannot be updated. 11287 type: string 11288 required: 11289 - name 11290 type: object 11291 type: array 11292 verifytls: 11293 description: VerifyTLS defines whether repo server API should 11294 be accessed using strict TLS validation 11295 type: boolean 11296 version: 11297 description: Version is the ArgoCD Repo Server container image 11298 tag. 11299 type: string 11300 volumeMounts: 11301 description: VolumeMounts adds volumeMounts to the repo server 11302 container 11303 items: 11304 description: VolumeMount describes a mounting of a Volume within 11305 a container. 11306 properties: 11307 mountPath: 11308 description: Path within the container at which the volume 11309 should be mounted. Must not contain ':'. 11310 type: string 11311 mountPropagation: 11312 description: mountPropagation determines how mounts are 11313 propagated from the host to container and the other way 11314 around. When not set, MountPropagationNone is used. This 11315 field is beta in 1.10. 11316 type: string 11317 name: 11318 description: This must match the Name of a Volume. 11319 type: string 11320 readOnly: 11321 description: Mounted read-only if true, read-write otherwise 11322 (false or unspecified). Defaults to false. 11323 type: boolean 11324 subPath: 11325 description: Path within the volume from which the container's 11326 volume should be mounted. Defaults to "" (volume's root). 11327 type: string 11328 subPathExpr: 11329 description: Expanded path within the volume from which 11330 the container's volume should be mounted. Behaves similarly 11331 to SubPath but environment variable references $(VAR_NAME) 11332 are expanded using the container's environment. Defaults 11333 to "" (volume's root). SubPathExpr and SubPath are mutually 11334 exclusive. 11335 type: string 11336 required: 11337 - mountPath 11338 - name 11339 type: object 11340 type: array 11341 volumes: 11342 description: Volumes adds volumes to the repo server deployment 11343 items: 11344 description: Volume represents a named volume in a pod that 11345 may be accessed by any container in the pod. 11346 properties: 11347 awsElasticBlockStore: 11348 description: 'awsElasticBlockStore represents an AWS Disk 11349 resource that is attached to a kubelet''s host machine 11350 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 11351 properties: 11352 fsType: 11353 description: 'fsType is the filesystem type of the volume 11354 that you want to mount. Tip: Ensure that the filesystem 11355 type is supported by the host operating system. Examples: 11356 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 11357 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 11358 TODO: how do we prevent errors in the filesystem from 11359 compromising the machine' 11360 type: string 11361 partition: 11362 description: 'partition is the partition in the volume 11363 that you want to mount. If omitted, the default is 11364 to mount by volume name. Examples: For volume /dev/sda1, 11365 you specify the partition as "1". Similarly, the volume 11366 partition for /dev/sda is "0" (or you can leave the 11367 property empty).' 11368 format: int32 11369 type: integer 11370 readOnly: 11371 description: 'readOnly value true will force the readOnly 11372 setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 11373 type: boolean 11374 volumeID: 11375 description: 'volumeID is unique ID of the persistent 11376 disk resource in AWS (Amazon EBS volume). More info: 11377 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 11378 type: string 11379 required: 11380 - volumeID 11381 type: object 11382 azureDisk: 11383 description: azureDisk represents an Azure Data Disk mount 11384 on the host and bind mount to the pod. 11385 properties: 11386 cachingMode: 11387 description: 'cachingMode is the Host Caching mode: 11388 None, Read Only, Read Write.' 11389 type: string 11390 diskName: 11391 description: diskName is the Name of the data disk in 11392 the blob storage 11393 type: string 11394 diskURI: 11395 description: diskURI is the URI of data disk in the 11396 blob storage 11397 type: string 11398 fsType: 11399 description: fsType is Filesystem type to mount. Must 11400 be a filesystem type supported by the host operating 11401 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 11402 to be "ext4" if unspecified. 11403 type: string 11404 kind: 11405 description: 'kind expected values are Shared: multiple 11406 blob disks per storage account Dedicated: single 11407 blob disk per storage account Managed: azure managed 11408 data disk (only in managed availability set). defaults 11409 to shared' 11410 type: string 11411 readOnly: 11412 description: readOnly Defaults to false (read/write). 11413 ReadOnly here will force the ReadOnly setting in VolumeMounts. 11414 type: boolean 11415 required: 11416 - diskName 11417 - diskURI 11418 type: object 11419 azureFile: 11420 description: azureFile represents an Azure File Service 11421 mount on the host and bind mount to the pod. 11422 properties: 11423 readOnly: 11424 description: readOnly defaults to false (read/write). 11425 ReadOnly here will force the ReadOnly setting in VolumeMounts. 11426 type: boolean 11427 secretName: 11428 description: secretName is the name of secret that 11429 contains Azure Storage Account Name and Key 11430 type: string 11431 shareName: 11432 description: shareName is the azure share Name 11433 type: string 11434 required: 11435 - secretName 11436 - shareName 11437 type: object 11438 cephfs: 11439 description: cephFS represents a Ceph FS mount on the host 11440 that shares a pod's lifetime 11441 properties: 11442 monitors: 11443 description: 'monitors is Required: Monitors is a collection 11444 of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 11445 items: 11446 type: string 11447 type: array 11448 path: 11449 description: 'path is Optional: Used as the mounted 11450 root, rather than the full Ceph tree, default is /' 11451 type: string 11452 readOnly: 11453 description: 'readOnly is Optional: Defaults to false 11454 (read/write). ReadOnly here will force the ReadOnly 11455 setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 11456 type: boolean 11457 secretFile: 11458 description: 'secretFile is Optional: SecretFile is 11459 the path to key ring for User, default is /etc/ceph/user.secret 11460 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 11461 type: string 11462 secretRef: 11463 description: 'secretRef is Optional: SecretRef is reference 11464 to the authentication secret for User, default is 11465 empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 11466 properties: 11467 name: 11468 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 11469 TODO: Add other useful fields. apiVersion, kind, 11470 uid?' 11471 type: string 11472 type: object 11473 user: 11474 description: 'user is optional: User is the rados user 11475 name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 11476 type: string 11477 required: 11478 - monitors 11479 type: object 11480 cinder: 11481 description: 'cinder represents a cinder volume attached 11482 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 11483 properties: 11484 fsType: 11485 description: 'fsType is the filesystem type to mount. 11486 Must be a filesystem type supported by the host operating 11487 system. Examples: "ext4", "xfs", "ntfs". Implicitly 11488 inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 11489 type: string 11490 readOnly: 11491 description: 'readOnly defaults to false (read/write). 11492 ReadOnly here will force the ReadOnly setting in VolumeMounts. 11493 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 11494 type: boolean 11495 secretRef: 11496 description: 'secretRef is optional: points to a secret 11497 object containing parameters used to connect to OpenStack.' 11498 properties: 11499 name: 11500 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 11501 TODO: Add other useful fields. apiVersion, kind, 11502 uid?' 11503 type: string 11504 type: object 11505 volumeID: 11506 description: 'volumeID used to identify the volume in 11507 cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 11508 type: string 11509 required: 11510 - volumeID 11511 type: object 11512 configMap: 11513 description: configMap represents a configMap that should 11514 populate this volume 11515 properties: 11516 defaultMode: 11517 description: 'defaultMode is optional: mode bits used 11518 to set permissions on created files by default. Must 11519 be an octal value between 0000 and 0777 or a decimal 11520 value between 0 and 511. YAML accepts both octal and 11521 decimal values, JSON requires decimal values for mode 11522 bits. Defaults to 0644. Directories within the path 11523 are not affected by this setting. This might be in 11524 conflict with other options that affect the file mode, 11525 like fsGroup, and the result can be other mode bits 11526 set.' 11527 format: int32 11528 type: integer 11529 items: 11530 description: items if unspecified, each key-value pair 11531 in the Data field of the referenced ConfigMap will 11532 be projected into the volume as a file whose name 11533 is the key and content is the value. If specified, 11534 the listed keys will be projected into the specified 11535 paths, and unlisted keys will not be present. If a 11536 key is specified which is not present in the ConfigMap, 11537 the volume setup will error unless it is marked optional. 11538 Paths must be relative and may not contain the '..' 11539 path or start with '..'. 11540 items: 11541 description: Maps a string key to a path within a 11542 volume. 11543 properties: 11544 key: 11545 description: key is the key to project. 11546 type: string 11547 mode: 11548 description: 'mode is Optional: mode bits used 11549 to set permissions on this file. Must be an 11550 octal value between 0000 and 0777 or a decimal 11551 value between 0 and 511. YAML accepts both octal 11552 and decimal values, JSON requires decimal values 11553 for mode bits. If not specified, the volume 11554 defaultMode will be used. This might be in conflict 11555 with other options that affect the file mode, 11556 like fsGroup, and the result can be other mode 11557 bits set.' 11558 format: int32 11559 type: integer 11560 path: 11561 description: path is the relative path of the 11562 file to map the key to. May not be an absolute 11563 path. May not contain the path element '..'. 11564 May not start with the string '..'. 11565 type: string 11566 required: 11567 - key 11568 - path 11569 type: object 11570 type: array 11571 name: 11572 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 11573 TODO: Add other useful fields. apiVersion, kind, uid?' 11574 type: string 11575 optional: 11576 description: optional specify whether the ConfigMap 11577 or its keys must be defined 11578 type: boolean 11579 type: object 11580 csi: 11581 description: csi (Container Storage Interface) represents 11582 ephemeral storage that is handled by certain external 11583 CSI drivers (Beta feature). 11584 properties: 11585 driver: 11586 description: driver is the name of the CSI driver that 11587 handles this volume. Consult with your admin for the 11588 correct name as registered in the cluster. 11589 type: string 11590 fsType: 11591 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". 11592 If not provided, the empty value is passed to the 11593 associated CSI driver which will determine the default 11594 filesystem to apply. 11595 type: string 11596 nodePublishSecretRef: 11597 description: nodePublishSecretRef is a reference to 11598 the secret object containing sensitive information 11599 to pass to the CSI driver to complete the CSI NodePublishVolume 11600 and NodeUnpublishVolume calls. This field is optional, 11601 and may be empty if no secret is required. If the 11602 secret object contains more than one secret, all secret 11603 references are passed. 11604 properties: 11605 name: 11606 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 11607 TODO: Add other useful fields. apiVersion, kind, 11608 uid?' 11609 type: string 11610 type: object 11611 readOnly: 11612 description: readOnly specifies a read-only configuration 11613 for the volume. Defaults to false (read/write). 11614 type: boolean 11615 volumeAttributes: 11616 additionalProperties: 11617 type: string 11618 description: volumeAttributes stores driver-specific 11619 properties that are passed to the CSI driver. Consult 11620 your driver's documentation for supported values. 11621 type: object 11622 required: 11623 - driver 11624 type: object 11625 downwardAPI: 11626 description: downwardAPI represents downward API about the 11627 pod that should populate this volume 11628 properties: 11629 defaultMode: 11630 description: 'Optional: mode bits to use on created 11631 files by default. Must be a Optional: mode bits used 11632 to set permissions on created files by default. Must 11633 be an octal value between 0000 and 0777 or a decimal 11634 value between 0 and 511. YAML accepts both octal and 11635 decimal values, JSON requires decimal values for mode 11636 bits. Defaults to 0644. Directories within the path 11637 are not affected by this setting. This might be in 11638 conflict with other options that affect the file mode, 11639 like fsGroup, and the result can be other mode bits 11640 set.' 11641 format: int32 11642 type: integer 11643 items: 11644 description: Items is a list of downward API volume 11645 file 11646 items: 11647 description: DownwardAPIVolumeFile represents information 11648 to create the file containing the pod field 11649 properties: 11650 fieldRef: 11651 description: 'Required: Selects a field of the 11652 pod: only annotations, labels, name and namespace 11653 are supported.' 11654 properties: 11655 apiVersion: 11656 description: Version of the schema the FieldPath 11657 is written in terms of, defaults to "v1". 11658 type: string 11659 fieldPath: 11660 description: Path of the field to select in 11661 the specified API version. 11662 type: string 11663 required: 11664 - fieldPath 11665 type: object 11666 mode: 11667 description: 'Optional: mode bits used to set 11668 permissions on this file, must be an octal value 11669 between 0000 and 0777 or a decimal value between 11670 0 and 511. YAML accepts both octal and decimal 11671 values, JSON requires decimal values for mode 11672 bits. If not specified, the volume defaultMode 11673 will be used. This might be in conflict with 11674 other options that affect the file mode, like 11675 fsGroup, and the result can be other mode bits 11676 set.' 11677 format: int32 11678 type: integer 11679 path: 11680 description: 'Required: Path is the relative 11681 path name of the file to be created. Must not 11682 be absolute or contain the ''..'' path. Must 11683 be utf-8 encoded. The first item of the relative 11684 path must not start with ''..''' 11685 type: string 11686 resourceFieldRef: 11687 description: 'Selects a resource of the container: 11688 only resources limits and requests (limits.cpu, 11689 limits.memory, requests.cpu and requests.memory) 11690 are currently supported.' 11691 properties: 11692 containerName: 11693 description: 'Container name: required for 11694 volumes, optional for env vars' 11695 type: string 11696 divisor: 11697 anyOf: 11698 - type: integer 11699 - type: string 11700 description: Specifies the output format of 11701 the exposed resources, defaults to "1" 11702 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11703 x-kubernetes-int-or-string: true 11704 resource: 11705 description: 'Required: resource to select' 11706 type: string 11707 required: 11708 - resource 11709 type: object 11710 required: 11711 - path 11712 type: object 11713 type: array 11714 type: object 11715 emptyDir: 11716 description: 'emptyDir represents a temporary directory 11717 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 11718 properties: 11719 medium: 11720 description: 'medium represents what type of storage 11721 medium should back this directory. The default is 11722 "" which means to use the node''s default medium. 11723 Must be an empty string (default) or Memory. More 11724 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 11725 type: string 11726 sizeLimit: 11727 anyOf: 11728 - type: integer 11729 - type: string 11730 description: 'sizeLimit is the total amount of local 11731 storage required for this EmptyDir volume. The size 11732 limit is also applicable for memory medium. The maximum 11733 usage on memory medium EmptyDir would be the minimum 11734 value between the SizeLimit specified here and the 11735 sum of memory limits of all containers in a pod. The 11736 default is nil which means that the limit is undefined. 11737 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 11738 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11739 x-kubernetes-int-or-string: true 11740 type: object 11741 ephemeral: 11742 description: "ephemeral represents a volume that is handled 11743 by a cluster storage driver. The volume's lifecycle is 11744 tied to the pod that defines it - it will be created before 11745 the pod starts, and deleted when the pod is removed. \n 11746 Use this if: a) the volume is only needed while the pod 11747 runs, b) features of normal volumes like restoring from 11748 snapshot or capacity tracking are needed, c) the storage 11749 driver is specified through a storage class, and d) the 11750 storage driver supports dynamic volume provisioning through 11751 \ a PersistentVolumeClaim (see EphemeralVolumeSource 11752 for more information on the connection between this 11753 volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 11754 or one of the vendor-specific APIs for volumes that persist 11755 for longer than the lifecycle of an individual pod. \n 11756 Use CSI for light-weight local ephemeral volumes if the 11757 CSI driver is meant to be used that way - see the documentation 11758 of the driver for more information. \n A pod can use both 11759 types of ephemeral volumes and persistent volumes at the 11760 same time." 11761 properties: 11762 volumeClaimTemplate: 11763 description: "Will be used to create a stand-alone PVC 11764 to provision the volume. The pod in which this EphemeralVolumeSource 11765 is embedded will be the owner of the PVC, i.e. the 11766 PVC will be deleted together with the pod. The name 11767 of the PVC will be `<pod name>-<volume name>` where 11768 `<volume name>` is the name from the `PodSpec.Volumes` 11769 array entry. Pod validation will reject the pod if 11770 the concatenated name is not valid for a PVC (for 11771 example, too long). \n An existing PVC with that name 11772 that is not owned by the pod will *not* be used for 11773 the pod to avoid using an unrelated volume by mistake. 11774 Starting the pod is then blocked until the unrelated 11775 PVC is removed. If such a pre-created PVC is meant 11776 to be used by the pod, the PVC has to updated with 11777 an owner reference to the pod once the pod exists. 11778 Normally this should not be necessary, but it may 11779 be useful when manually reconstructing a broken cluster. 11780 \n This field is read-only and no changes will be 11781 made by Kubernetes to the PVC after it has been created. 11782 \n Required, must not be nil." 11783 properties: 11784 metadata: 11785 description: May contain labels and annotations 11786 that will be copied into the PVC when creating 11787 it. No other fields are allowed and will be rejected 11788 during validation. 11789 type: object 11790 spec: 11791 description: The specification for the PersistentVolumeClaim. 11792 The entire content is copied unchanged into the 11793 PVC that gets created from this template. The 11794 same fields as in a PersistentVolumeClaim are 11795 also valid here. 11796 properties: 11797 accessModes: 11798 description: 'accessModes contains the desired 11799 access modes the volume should have. More 11800 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 11801 items: 11802 type: string 11803 type: array 11804 dataSource: 11805 description: 'dataSource field can be used to 11806 specify either: * An existing VolumeSnapshot 11807 object (snapshot.storage.k8s.io/VolumeSnapshot) 11808 * An existing PVC (PersistentVolumeClaim) 11809 If the provisioner or an external controller 11810 can support the specified data source, it 11811 will create a new volume based on the contents 11812 of the specified data source. When the AnyVolumeDataSource 11813 feature gate is enabled, dataSource contents 11814 will be copied to dataSourceRef, and dataSourceRef 11815 contents will be copied to dataSource when 11816 dataSourceRef.namespace is not specified. 11817 If the namespace is specified, then dataSourceRef 11818 will not be copied to dataSource.' 11819 properties: 11820 apiGroup: 11821 description: APIGroup is the group for the 11822 resource being referenced. If APIGroup 11823 is not specified, the specified Kind must 11824 be in the core API group. For any other 11825 third-party types, APIGroup is required. 11826 type: string 11827 kind: 11828 description: Kind is the type of resource 11829 being referenced 11830 type: string 11831 name: 11832 description: Name is the name of resource 11833 being referenced 11834 type: string 11835 required: 11836 - kind 11837 - name 11838 type: object 11839 dataSourceRef: 11840 description: 'dataSourceRef specifies the object 11841 from which to populate the volume with data, 11842 if a non-empty volume is desired. This may 11843 be any object from a non-empty API group (non 11844 core object) or a PersistentVolumeClaim object. 11845 When this field is specified, volume binding 11846 will only succeed if the type of the specified 11847 object matches some installed volume populator 11848 or dynamic provisioner. This field will replace 11849 the functionality of the dataSource field 11850 and as such if both fields are non-empty, 11851 they must have the same value. For backwards 11852 compatibility, when namespace isn''t specified 11853 in dataSourceRef, both fields (dataSource 11854 and dataSourceRef) will be set to the same 11855 value automatically if one of them is empty 11856 and the other is non-empty. When namespace 11857 is specified in dataSourceRef, dataSource 11858 isn''t set to the same value and must be empty. 11859 There are three important differences between 11860 dataSource and dataSourceRef: * While dataSource 11861 only allows two specific types of objects, 11862 dataSourceRef allows any non-core object, 11863 as well as PersistentVolumeClaim objects. 11864 * While dataSource ignores disallowed values 11865 (dropping them), dataSourceRef preserves 11866 all values, and generates an error if a disallowed 11867 value is specified. * While dataSource only 11868 allows local objects, dataSourceRef allows 11869 objects in any namespaces. (Beta) Using 11870 this field requires the AnyVolumeDataSource 11871 feature gate to be enabled. (Alpha) Using 11872 the namespace field of dataSourceRef requires 11873 the CrossNamespaceVolumeDataSource feature 11874 gate to be enabled.' 11875 properties: 11876 apiGroup: 11877 description: APIGroup is the group for the 11878 resource being referenced. If APIGroup 11879 is not specified, the specified Kind must 11880 be in the core API group. For any other 11881 third-party types, APIGroup is required. 11882 type: string 11883 kind: 11884 description: Kind is the type of resource 11885 being referenced 11886 type: string 11887 name: 11888 description: Name is the name of resource 11889 being referenced 11890 type: string 11891 namespace: 11892 description: Namespace is the namespace 11893 of resource being referenced Note that 11894 when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant 11895 object is required in the referent namespace 11896 to allow that namespace's owner to accept 11897 the reference. See the ReferenceGrant 11898 documentation for details. (Alpha) This 11899 field requires the CrossNamespaceVolumeDataSource 11900 feature gate to be enabled. 11901 type: string 11902 required: 11903 - kind 11904 - name 11905 type: object 11906 resources: 11907 description: 'resources represents the minimum 11908 resources the volume should have. If RecoverVolumeExpansionFailure 11909 feature is enabled users are allowed to specify 11910 resource requirements that are lower than 11911 previous value but must still be higher than 11912 capacity recorded in the status field of the 11913 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 11914 properties: 11915 claims: 11916 description: "Claims lists the names of 11917 resources, defined in spec.resourceClaims, 11918 that are used by this container. \n This 11919 is an alpha field and requires enabling 11920 the DynamicResourceAllocation feature 11921 gate. \n This field is immutable. It can 11922 only be set for containers." 11923 items: 11924 description: ResourceClaim references 11925 one entry in PodSpec.ResourceClaims. 11926 properties: 11927 name: 11928 description: Name must match the name 11929 of one entry in pod.spec.resourceClaims 11930 of the Pod where this field is used. 11931 It makes that resource available 11932 inside a container. 11933 type: string 11934 required: 11935 - name 11936 type: object 11937 type: array 11938 x-kubernetes-list-map-keys: 11939 - name 11940 x-kubernetes-list-type: map 11941 limits: 11942 additionalProperties: 11943 anyOf: 11944 - type: integer 11945 - type: string 11946 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11947 x-kubernetes-int-or-string: true 11948 description: 'Limits describes the maximum 11949 amount of compute resources allowed. More 11950 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11951 type: object 11952 requests: 11953 additionalProperties: 11954 anyOf: 11955 - type: integer 11956 - type: string 11957 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11958 x-kubernetes-int-or-string: true 11959 description: 'Requests describes the minimum 11960 amount of compute resources required. 11961 If Requests is omitted for a container, 11962 it defaults to Limits if that is explicitly 11963 specified, otherwise to an implementation-defined 11964 value. Requests cannot exceed Limits. 11965 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11966 type: object 11967 type: object 11968 selector: 11969 description: selector is a label query over 11970 volumes to consider for binding. 11971 properties: 11972 matchExpressions: 11973 description: matchExpressions is a list 11974 of label selector requirements. The requirements 11975 are ANDed. 11976 items: 11977 description: A label selector requirement 11978 is a selector that contains values, 11979 a key, and an operator that relates 11980 the key and values. 11981 properties: 11982 key: 11983 description: key is the label key 11984 that the selector applies to. 11985 type: string 11986 operator: 11987 description: operator represents a 11988 key's relationship to a set of values. 11989 Valid operators are In, NotIn, Exists 11990 and DoesNotExist. 11991 type: string 11992 values: 11993 description: values is an array of 11994 string values. If the operator is 11995 In or NotIn, the values array must 11996 be non-empty. If the operator is 11997 Exists or DoesNotExist, the values 11998 array must be empty. This array 11999 is replaced during a strategic merge 12000 patch. 12001 items: 12002 type: string 12003 type: array 12004 required: 12005 - key 12006 - operator 12007 type: object 12008 type: array 12009 matchLabels: 12010 additionalProperties: 12011 type: string 12012 description: matchLabels is a map of {key,value} 12013 pairs. A single {key,value} in the matchLabels 12014 map is equivalent to an element of matchExpressions, 12015 whose key field is "key", the operator 12016 is "In", and the values array contains 12017 only "value". The requirements are ANDed. 12018 type: object 12019 type: object 12020 storageClassName: 12021 description: 'storageClassName is the name of 12022 the StorageClass required by the claim. More 12023 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 12024 type: string 12025 volumeMode: 12026 description: volumeMode defines what type of 12027 volume is required by the claim. Value of 12028 Filesystem is implied when not included in 12029 claim spec. 12030 type: string 12031 volumeName: 12032 description: volumeName is the binding reference 12033 to the PersistentVolume backing this claim. 12034 type: string 12035 type: object 12036 required: 12037 - spec 12038 type: object 12039 type: object 12040 fc: 12041 description: fc represents a Fibre Channel resource that 12042 is attached to a kubelet's host machine and then exposed 12043 to the pod. 12044 properties: 12045 fsType: 12046 description: 'fsType is the filesystem type to mount. 12047 Must be a filesystem type supported by the host operating 12048 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 12049 to be "ext4" if unspecified. TODO: how do we prevent 12050 errors in the filesystem from compromising the machine' 12051 type: string 12052 lun: 12053 description: 'lun is Optional: FC target lun number' 12054 format: int32 12055 type: integer 12056 readOnly: 12057 description: 'readOnly is Optional: Defaults to false 12058 (read/write). ReadOnly here will force the ReadOnly 12059 setting in VolumeMounts.' 12060 type: boolean 12061 targetWWNs: 12062 description: 'targetWWNs is Optional: FC target worldwide 12063 names (WWNs)' 12064 items: 12065 type: string 12066 type: array 12067 wwids: 12068 description: 'wwids Optional: FC volume world wide identifiers 12069 (wwids) Either wwids or combination of targetWWNs 12070 and lun must be set, but not both simultaneously.' 12071 items: 12072 type: string 12073 type: array 12074 type: object 12075 flexVolume: 12076 description: flexVolume represents a generic volume resource 12077 that is provisioned/attached using an exec based plugin. 12078 properties: 12079 driver: 12080 description: driver is the name of the driver to use 12081 for this volume. 12082 type: string 12083 fsType: 12084 description: fsType is the filesystem type to mount. 12085 Must be a filesystem type supported by the host operating 12086 system. Ex. "ext4", "xfs", "ntfs". The default filesystem 12087 depends on FlexVolume script. 12088 type: string 12089 options: 12090 additionalProperties: 12091 type: string 12092 description: 'options is Optional: this field holds 12093 extra command options if any.' 12094 type: object 12095 readOnly: 12096 description: 'readOnly is Optional: defaults to false 12097 (read/write). ReadOnly here will force the ReadOnly 12098 setting in VolumeMounts.' 12099 type: boolean 12100 secretRef: 12101 description: 'secretRef is Optional: secretRef is reference 12102 to the secret object containing sensitive information 12103 to pass to the plugin scripts. This may be empty if 12104 no secret object is specified. If the secret object 12105 contains more than one secret, all secrets are passed 12106 to the plugin scripts.' 12107 properties: 12108 name: 12109 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 12110 TODO: Add other useful fields. apiVersion, kind, 12111 uid?' 12112 type: string 12113 type: object 12114 required: 12115 - driver 12116 type: object 12117 flocker: 12118 description: flocker represents a Flocker volume attached 12119 to a kubelet's host machine. This depends on the Flocker 12120 control service being running 12121 properties: 12122 datasetName: 12123 description: datasetName is Name of the dataset stored 12124 as metadata -> name on the dataset for Flocker should 12125 be considered as deprecated 12126 type: string 12127 datasetUUID: 12128 description: datasetUUID is the UUID of the dataset. 12129 This is unique identifier of a Flocker dataset 12130 type: string 12131 type: object 12132 gcePersistentDisk: 12133 description: 'gcePersistentDisk represents a GCE Disk resource 12134 that is attached to a kubelet''s host machine and then 12135 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 12136 properties: 12137 fsType: 12138 description: 'fsType is filesystem type of the volume 12139 that you want to mount. Tip: Ensure that the filesystem 12140 type is supported by the host operating system. Examples: 12141 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 12142 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 12143 TODO: how do we prevent errors in the filesystem from 12144 compromising the machine' 12145 type: string 12146 partition: 12147 description: 'partition is the partition in the volume 12148 that you want to mount. If omitted, the default is 12149 to mount by volume name. Examples: For volume /dev/sda1, 12150 you specify the partition as "1". Similarly, the volume 12151 partition for /dev/sda is "0" (or you can leave the 12152 property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 12153 format: int32 12154 type: integer 12155 pdName: 12156 description: 'pdName is unique name of the PD resource 12157 in GCE. Used to identify the disk in GCE. More info: 12158 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 12159 type: string 12160 readOnly: 12161 description: 'readOnly here will force the ReadOnly 12162 setting in VolumeMounts. Defaults to false. More info: 12163 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 12164 type: boolean 12165 required: 12166 - pdName 12167 type: object 12168 gitRepo: 12169 description: 'gitRepo represents a git repository at a particular 12170 revision. DEPRECATED: GitRepo is deprecated. To provision 12171 a container with a git repo, mount an EmptyDir into an 12172 InitContainer that clones the repo using git, then mount 12173 the EmptyDir into the Pod''s container.' 12174 properties: 12175 directory: 12176 description: directory is the target directory name. 12177 Must not contain or start with '..'. If '.' is supplied, 12178 the volume directory will be the git repository. Otherwise, 12179 if specified, the volume will contain the git repository 12180 in the subdirectory with the given name. 12181 type: string 12182 repository: 12183 description: repository is the URL 12184 type: string 12185 revision: 12186 description: revision is the commit hash for the specified 12187 revision. 12188 type: string 12189 required: 12190 - repository 12191 type: object 12192 glusterfs: 12193 description: 'glusterfs represents a Glusterfs mount on 12194 the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 12195 properties: 12196 endpoints: 12197 description: 'endpoints is the endpoint name that details 12198 Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 12199 type: string 12200 path: 12201 description: 'path is the Glusterfs volume path. More 12202 info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 12203 type: string 12204 readOnly: 12205 description: 'readOnly here will force the Glusterfs 12206 volume to be mounted with read-only permissions. Defaults 12207 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 12208 type: boolean 12209 required: 12210 - endpoints 12211 - path 12212 type: object 12213 hostPath: 12214 description: 'hostPath represents a pre-existing file or 12215 directory on the host machine that is directly exposed 12216 to the container. This is generally used for system agents 12217 or other privileged things that are allowed to see the 12218 host machine. Most containers will NOT need this. More 12219 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 12220 --- TODO(jonesdl) We need to restrict who can use host 12221 directory mounts and who can/can not mount host directories 12222 as read/write.' 12223 properties: 12224 path: 12225 description: 'path of the directory on the host. If 12226 the path is a symlink, it will follow the link to 12227 the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 12228 type: string 12229 type: 12230 description: 'type for HostPath Volume Defaults to "" 12231 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 12232 type: string 12233 required: 12234 - path 12235 type: object 12236 iscsi: 12237 description: 'iscsi represents an ISCSI Disk resource that 12238 is attached to a kubelet''s host machine and then exposed 12239 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 12240 properties: 12241 chapAuthDiscovery: 12242 description: chapAuthDiscovery defines whether support 12243 iSCSI Discovery CHAP authentication 12244 type: boolean 12245 chapAuthSession: 12246 description: chapAuthSession defines whether support 12247 iSCSI Session CHAP authentication 12248 type: boolean 12249 fsType: 12250 description: 'fsType is the filesystem type of the volume 12251 that you want to mount. Tip: Ensure that the filesystem 12252 type is supported by the host operating system. Examples: 12253 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 12254 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 12255 TODO: how do we prevent errors in the filesystem from 12256 compromising the machine' 12257 type: string 12258 initiatorName: 12259 description: initiatorName is the custom iSCSI Initiator 12260 Name. If initiatorName is specified with iscsiInterface 12261 simultaneously, new iSCSI interface <target portal>:<volume 12262 name> will be created for the connection. 12263 type: string 12264 iqn: 12265 description: iqn is the target iSCSI Qualified Name. 12266 type: string 12267 iscsiInterface: 12268 description: iscsiInterface is the interface Name that 12269 uses an iSCSI transport. Defaults to 'default' (tcp). 12270 type: string 12271 lun: 12272 description: lun represents iSCSI Target Lun number. 12273 format: int32 12274 type: integer 12275 portals: 12276 description: portals is the iSCSI Target Portal List. 12277 The portal is either an IP or ip_addr:port if the 12278 port is other than default (typically TCP ports 860 12279 and 3260). 12280 items: 12281 type: string 12282 type: array 12283 readOnly: 12284 description: readOnly here will force the ReadOnly setting 12285 in VolumeMounts. Defaults to false. 12286 type: boolean 12287 secretRef: 12288 description: secretRef is the CHAP Secret for iSCSI 12289 target and initiator authentication 12290 properties: 12291 name: 12292 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 12293 TODO: Add other useful fields. apiVersion, kind, 12294 uid?' 12295 type: string 12296 type: object 12297 targetPortal: 12298 description: targetPortal is iSCSI Target Portal. The 12299 Portal is either an IP or ip_addr:port if the port 12300 is other than default (typically TCP ports 860 and 12301 3260). 12302 type: string 12303 required: 12304 - iqn 12305 - lun 12306 - targetPortal 12307 type: object 12308 name: 12309 description: 'name of the volume. Must be a DNS_LABEL and 12310 unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 12311 type: string 12312 nfs: 12313 description: 'nfs represents an NFS mount on the host that 12314 shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 12315 properties: 12316 path: 12317 description: 'path that is exported by the NFS server. 12318 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 12319 type: string 12320 readOnly: 12321 description: 'readOnly here will force the NFS export 12322 to be mounted with read-only permissions. Defaults 12323 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 12324 type: boolean 12325 server: 12326 description: 'server is the hostname or IP address of 12327 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 12328 type: string 12329 required: 12330 - path 12331 - server 12332 type: object 12333 persistentVolumeClaim: 12334 description: 'persistentVolumeClaimVolumeSource represents 12335 a reference to a PersistentVolumeClaim in the same namespace. 12336 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 12337 properties: 12338 claimName: 12339 description: 'claimName is the name of a PersistentVolumeClaim 12340 in the same namespace as the pod using this volume. 12341 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 12342 type: string 12343 readOnly: 12344 description: readOnly Will force the ReadOnly setting 12345 in VolumeMounts. Default false. 12346 type: boolean 12347 required: 12348 - claimName 12349 type: object 12350 photonPersistentDisk: 12351 description: photonPersistentDisk represents a PhotonController 12352 persistent disk attached and mounted on kubelets host 12353 machine 12354 properties: 12355 fsType: 12356 description: fsType is the filesystem type to mount. 12357 Must be a filesystem type supported by the host operating 12358 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 12359 to be "ext4" if unspecified. 12360 type: string 12361 pdID: 12362 description: pdID is the ID that identifies Photon Controller 12363 persistent disk 12364 type: string 12365 required: 12366 - pdID 12367 type: object 12368 portworxVolume: 12369 description: portworxVolume represents a portworx volume 12370 attached and mounted on kubelets host machine 12371 properties: 12372 fsType: 12373 description: fSType represents the filesystem type to 12374 mount Must be a filesystem type supported by the host 12375 operating system. Ex. "ext4", "xfs". Implicitly inferred 12376 to be "ext4" if unspecified. 12377 type: string 12378 readOnly: 12379 description: readOnly defaults to false (read/write). 12380 ReadOnly here will force the ReadOnly setting in VolumeMounts. 12381 type: boolean 12382 volumeID: 12383 description: volumeID uniquely identifies a Portworx 12384 volume 12385 type: string 12386 required: 12387 - volumeID 12388 type: object 12389 projected: 12390 description: projected items for all in one resources secrets, 12391 configmaps, and downward API 12392 properties: 12393 defaultMode: 12394 description: defaultMode are the mode bits used to set 12395 permissions on created files by default. Must be an 12396 octal value between 0000 and 0777 or a decimal value 12397 between 0 and 511. YAML accepts both octal and decimal 12398 values, JSON requires decimal values for mode bits. 12399 Directories within the path are not affected by this 12400 setting. This might be in conflict with other options 12401 that affect the file mode, like fsGroup, and the result 12402 can be other mode bits set. 12403 format: int32 12404 type: integer 12405 sources: 12406 description: sources is the list of volume projections 12407 items: 12408 description: Projection that may be projected along 12409 with other supported volume types 12410 properties: 12411 configMap: 12412 description: configMap information about the configMap 12413 data to project 12414 properties: 12415 items: 12416 description: items if unspecified, each key-value 12417 pair in the Data field of the referenced 12418 ConfigMap will be projected into the volume 12419 as a file whose name is the key and content 12420 is the value. If specified, the listed keys 12421 will be projected into the specified paths, 12422 and unlisted keys will not be present. If 12423 a key is specified which is not present 12424 in the ConfigMap, the volume setup will 12425 error unless it is marked optional. Paths 12426 must be relative and may not contain the 12427 '..' path or start with '..'. 12428 items: 12429 description: Maps a string key to a path 12430 within a volume. 12431 properties: 12432 key: 12433 description: key is the key to project. 12434 type: string 12435 mode: 12436 description: 'mode is Optional: mode 12437 bits used to set permissions on this 12438 file. Must be an octal value between 12439 0000 and 0777 or a decimal value between 12440 0 and 511. YAML accepts both octal 12441 and decimal values, JSON requires 12442 decimal values for mode bits. If not 12443 specified, the volume defaultMode 12444 will be used. This might be in conflict 12445 with other options that affect the 12446 file mode, like fsGroup, and the result 12447 can be other mode bits set.' 12448 format: int32 12449 type: integer 12450 path: 12451 description: path is the relative path 12452 of the file to map the key to. May 12453 not be an absolute path. May not contain 12454 the path element '..'. May not start 12455 with the string '..'. 12456 type: string 12457 required: 12458 - key 12459 - path 12460 type: object 12461 type: array 12462 name: 12463 description: 'Name of the referent. More info: 12464 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 12465 TODO: Add other useful fields. apiVersion, 12466 kind, uid?' 12467 type: string 12468 optional: 12469 description: optional specify whether the 12470 ConfigMap or its keys must be defined 12471 type: boolean 12472 type: object 12473 downwardAPI: 12474 description: downwardAPI information about the 12475 downwardAPI data to project 12476 properties: 12477 items: 12478 description: Items is a list of DownwardAPIVolume 12479 file 12480 items: 12481 description: DownwardAPIVolumeFile represents 12482 information to create the file containing 12483 the pod field 12484 properties: 12485 fieldRef: 12486 description: 'Required: Selects a field 12487 of the pod: only annotations, labels, 12488 name and namespace are supported.' 12489 properties: 12490 apiVersion: 12491 description: Version of the schema 12492 the FieldPath is written in terms 12493 of, defaults to "v1". 12494 type: string 12495 fieldPath: 12496 description: Path of the field to 12497 select in the specified API version. 12498 type: string 12499 required: 12500 - fieldPath 12501 type: object 12502 mode: 12503 description: 'Optional: mode bits used 12504 to set permissions on this file, must 12505 be an octal value between 0000 and 12506 0777 or a decimal value between 0 12507 and 511. YAML accepts both octal and 12508 decimal values, JSON requires decimal 12509 values for mode bits. If not specified, 12510 the volume defaultMode will be used. 12511 This might be in conflict with other 12512 options that affect the file mode, 12513 like fsGroup, and the result can be 12514 other mode bits set.' 12515 format: int32 12516 type: integer 12517 path: 12518 description: 'Required: Path is the 12519 relative path name of the file to 12520 be created. Must not be absolute or 12521 contain the ''..'' path. Must be utf-8 12522 encoded. The first item of the relative 12523 path must not start with ''..''' 12524 type: string 12525 resourceFieldRef: 12526 description: 'Selects a resource of 12527 the container: only resources limits 12528 and requests (limits.cpu, limits.memory, 12529 requests.cpu and requests.memory) 12530 are currently supported.' 12531 properties: 12532 containerName: 12533 description: 'Container name: required 12534 for volumes, optional for env 12535 vars' 12536 type: string 12537 divisor: 12538 anyOf: 12539 - type: integer 12540 - type: string 12541 description: Specifies the output 12542 format of the exposed resources, 12543 defaults to "1" 12544 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 12545 x-kubernetes-int-or-string: true 12546 resource: 12547 description: 'Required: resource 12548 to select' 12549 type: string 12550 required: 12551 - resource 12552 type: object 12553 required: 12554 - path 12555 type: object 12556 type: array 12557 type: object 12558 secret: 12559 description: secret information about the secret 12560 data to project 12561 properties: 12562 items: 12563 description: items if unspecified, each key-value 12564 pair in the Data field of the referenced 12565 Secret will be projected into the volume 12566 as a file whose name is the key and content 12567 is the value. If specified, the listed keys 12568 will be projected into the specified paths, 12569 and unlisted keys will not be present. If 12570 a key is specified which is not present 12571 in the Secret, the volume setup will error 12572 unless it is marked optional. Paths must 12573 be relative and may not contain the '..' 12574 path or start with '..'. 12575 items: 12576 description: Maps a string key to a path 12577 within a volume. 12578 properties: 12579 key: 12580 description: key is the key to project. 12581 type: string 12582 mode: 12583 description: 'mode is Optional: mode 12584 bits used to set permissions on this 12585 file. Must be an octal value between 12586 0000 and 0777 or a decimal value between 12587 0 and 511. YAML accepts both octal 12588 and decimal values, JSON requires 12589 decimal values for mode bits. If not 12590 specified, the volume defaultMode 12591 will be used. This might be in conflict 12592 with other options that affect the 12593 file mode, like fsGroup, and the result 12594 can be other mode bits set.' 12595 format: int32 12596 type: integer 12597 path: 12598 description: path is the relative path 12599 of the file to map the key to. May 12600 not be an absolute path. May not contain 12601 the path element '..'. May not start 12602 with the string '..'. 12603 type: string 12604 required: 12605 - key 12606 - path 12607 type: object 12608 type: array 12609 name: 12610 description: 'Name of the referent. More info: 12611 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 12612 TODO: Add other useful fields. apiVersion, 12613 kind, uid?' 12614 type: string 12615 optional: 12616 description: optional field specify whether 12617 the Secret or its key must be defined 12618 type: boolean 12619 type: object 12620 serviceAccountToken: 12621 description: serviceAccountToken is information 12622 about the serviceAccountToken data to project 12623 properties: 12624 audience: 12625 description: audience is the intended audience 12626 of the token. A recipient of a token must 12627 identify itself with an identifier specified 12628 in the audience of the token, and otherwise 12629 should reject the token. The audience defaults 12630 to the identifier of the apiserver. 12631 type: string 12632 expirationSeconds: 12633 description: expirationSeconds is the requested 12634 duration of validity of the service account 12635 token. As the token approaches expiration, 12636 the kubelet volume plugin will proactively 12637 rotate the service account token. The kubelet 12638 will start trying to rotate the token if 12639 the token is older than 80 percent of its 12640 time to live or if the token is older than 12641 24 hours.Defaults to 1 hour and must be 12642 at least 10 minutes. 12643 format: int64 12644 type: integer 12645 path: 12646 description: path is the path relative to 12647 the mount point of the file to project the 12648 token into. 12649 type: string 12650 required: 12651 - path 12652 type: object 12653 type: object 12654 type: array 12655 type: object 12656 quobyte: 12657 description: quobyte represents a Quobyte mount on the host 12658 that shares a pod's lifetime 12659 properties: 12660 group: 12661 description: group to map volume access to Default is 12662 no group 12663 type: string 12664 readOnly: 12665 description: readOnly here will force the Quobyte volume 12666 to be mounted with read-only permissions. Defaults 12667 to false. 12668 type: boolean 12669 registry: 12670 description: registry represents a single or multiple 12671 Quobyte Registry services specified as a string as 12672 host:port pair (multiple entries are separated with 12673 commas) which acts as the central registry for volumes 12674 type: string 12675 tenant: 12676 description: tenant owning the given Quobyte volume 12677 in the Backend Used with dynamically provisioned Quobyte 12678 volumes, value is set by the plugin 12679 type: string 12680 user: 12681 description: user to map volume access to Defaults to 12682 serivceaccount user 12683 type: string 12684 volume: 12685 description: volume is a string that references an already 12686 created Quobyte volume by name. 12687 type: string 12688 required: 12689 - registry 12690 - volume 12691 type: object 12692 rbd: 12693 description: 'rbd represents a Rados Block Device mount 12694 on the host that shares a pod''s lifetime. More info: 12695 https://examples.k8s.io/volumes/rbd/README.md' 12696 properties: 12697 fsType: 12698 description: 'fsType is the filesystem type of the volume 12699 that you want to mount. Tip: Ensure that the filesystem 12700 type is supported by the host operating system. Examples: 12701 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 12702 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 12703 TODO: how do we prevent errors in the filesystem from 12704 compromising the machine' 12705 type: string 12706 image: 12707 description: 'image is the rados image name. More info: 12708 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 12709 type: string 12710 keyring: 12711 description: 'keyring is the path to key ring for RBDUser. 12712 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 12713 type: string 12714 monitors: 12715 description: 'monitors is a collection of Ceph monitors. 12716 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 12717 items: 12718 type: string 12719 type: array 12720 pool: 12721 description: 'pool is the rados pool name. Default is 12722 rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 12723 type: string 12724 readOnly: 12725 description: 'readOnly here will force the ReadOnly 12726 setting in VolumeMounts. Defaults to false. More info: 12727 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 12728 type: boolean 12729 secretRef: 12730 description: 'secretRef is name of the authentication 12731 secret for RBDUser. If provided overrides keyring. 12732 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 12733 properties: 12734 name: 12735 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 12736 TODO: Add other useful fields. apiVersion, kind, 12737 uid?' 12738 type: string 12739 type: object 12740 user: 12741 description: 'user is the rados user name. Default is 12742 admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 12743 type: string 12744 required: 12745 - image 12746 - monitors 12747 type: object 12748 scaleIO: 12749 description: scaleIO represents a ScaleIO persistent volume 12750 attached and mounted on Kubernetes nodes. 12751 properties: 12752 fsType: 12753 description: fsType is the filesystem type to mount. 12754 Must be a filesystem type supported by the host operating 12755 system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 12756 type: string 12757 gateway: 12758 description: gateway is the host address of the ScaleIO 12759 API Gateway. 12760 type: string 12761 protectionDomain: 12762 description: protectionDomain is the name of the ScaleIO 12763 Protection Domain for the configured storage. 12764 type: string 12765 readOnly: 12766 description: readOnly Defaults to false (read/write). 12767 ReadOnly here will force the ReadOnly setting in VolumeMounts. 12768 type: boolean 12769 secretRef: 12770 description: secretRef references to the secret for 12771 ScaleIO user and other sensitive information. If this 12772 is not provided, Login operation will fail. 12773 properties: 12774 name: 12775 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 12776 TODO: Add other useful fields. apiVersion, kind, 12777 uid?' 12778 type: string 12779 type: object 12780 sslEnabled: 12781 description: sslEnabled Flag enable/disable SSL communication 12782 with Gateway, default false 12783 type: boolean 12784 storageMode: 12785 description: storageMode indicates whether the storage 12786 for a volume should be ThickProvisioned or ThinProvisioned. 12787 Default is ThinProvisioned. 12788 type: string 12789 storagePool: 12790 description: storagePool is the ScaleIO Storage Pool 12791 associated with the protection domain. 12792 type: string 12793 system: 12794 description: system is the name of the storage system 12795 as configured in ScaleIO. 12796 type: string 12797 volumeName: 12798 description: volumeName is the name of a volume already 12799 created in the ScaleIO system that is associated with 12800 this volume source. 12801 type: string 12802 required: 12803 - gateway 12804 - secretRef 12805 - system 12806 type: object 12807 secret: 12808 description: 'secret represents a secret that should populate 12809 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 12810 properties: 12811 defaultMode: 12812 description: 'defaultMode is Optional: mode bits used 12813 to set permissions on created files by default. Must 12814 be an octal value between 0000 and 0777 or a decimal 12815 value between 0 and 511. YAML accepts both octal and 12816 decimal values, JSON requires decimal values for mode 12817 bits. Defaults to 0644. Directories within the path 12818 are not affected by this setting. This might be in 12819 conflict with other options that affect the file mode, 12820 like fsGroup, and the result can be other mode bits 12821 set.' 12822 format: int32 12823 type: integer 12824 items: 12825 description: items If unspecified, each key-value pair 12826 in the Data field of the referenced Secret will be 12827 projected into the volume as a file whose name is 12828 the key and content is the value. If specified, the 12829 listed keys will be projected into the specified paths, 12830 and unlisted keys will not be present. If a key is 12831 specified which is not present in the Secret, the 12832 volume setup will error unless it is marked optional. 12833 Paths must be relative and may not contain the '..' 12834 path or start with '..'. 12835 items: 12836 description: Maps a string key to a path within a 12837 volume. 12838 properties: 12839 key: 12840 description: key is the key to project. 12841 type: string 12842 mode: 12843 description: 'mode is Optional: mode bits used 12844 to set permissions on this file. Must be an 12845 octal value between 0000 and 0777 or a decimal 12846 value between 0 and 511. YAML accepts both octal 12847 and decimal values, JSON requires decimal values 12848 for mode bits. If not specified, the volume 12849 defaultMode will be used. This might be in conflict 12850 with other options that affect the file mode, 12851 like fsGroup, and the result can be other mode 12852 bits set.' 12853 format: int32 12854 type: integer 12855 path: 12856 description: path is the relative path of the 12857 file to map the key to. May not be an absolute 12858 path. May not contain the path element '..'. 12859 May not start with the string '..'. 12860 type: string 12861 required: 12862 - key 12863 - path 12864 type: object 12865 type: array 12866 optional: 12867 description: optional field specify whether the Secret 12868 or its keys must be defined 12869 type: boolean 12870 secretName: 12871 description: 'secretName is the name of the secret in 12872 the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 12873 type: string 12874 type: object 12875 storageos: 12876 description: storageOS represents a StorageOS volume attached 12877 and mounted on Kubernetes nodes. 12878 properties: 12879 fsType: 12880 description: fsType is the filesystem type to mount. 12881 Must be a filesystem type supported by the host operating 12882 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 12883 to be "ext4" if unspecified. 12884 type: string 12885 readOnly: 12886 description: readOnly defaults to false (read/write). 12887 ReadOnly here will force the ReadOnly setting in VolumeMounts. 12888 type: boolean 12889 secretRef: 12890 description: secretRef specifies the secret to use for 12891 obtaining the StorageOS API credentials. If not specified, 12892 default values will be attempted. 12893 properties: 12894 name: 12895 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 12896 TODO: Add other useful fields. apiVersion, kind, 12897 uid?' 12898 type: string 12899 type: object 12900 volumeName: 12901 description: volumeName is the human-readable name of 12902 the StorageOS volume. Volume names are only unique 12903 within a namespace. 12904 type: string 12905 volumeNamespace: 12906 description: volumeNamespace specifies the scope of 12907 the volume within StorageOS. If no namespace is specified 12908 then the Pod's namespace will be used. This allows 12909 the Kubernetes name scoping to be mirrored within 12910 StorageOS for tighter integration. Set VolumeName 12911 to any name to override the default behaviour. Set 12912 to "default" if you are not using namespaces within 12913 StorageOS. Namespaces that do not pre-exist within 12914 StorageOS will be created. 12915 type: string 12916 type: object 12917 vsphereVolume: 12918 description: vsphereVolume represents a vSphere volume attached 12919 and mounted on kubelets host machine 12920 properties: 12921 fsType: 12922 description: fsType is filesystem type to mount. Must 12923 be a filesystem type supported by the host operating 12924 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 12925 to be "ext4" if unspecified. 12926 type: string 12927 storagePolicyID: 12928 description: storagePolicyID is the storage Policy Based 12929 Management (SPBM) profile ID associated with the StoragePolicyName. 12930 type: string 12931 storagePolicyName: 12932 description: storagePolicyName is the storage Policy 12933 Based Management (SPBM) profile name. 12934 type: string 12935 volumePath: 12936 description: volumePath is the path that identifies 12937 vSphere volume vmdk 12938 type: string 12939 required: 12940 - volumePath 12941 type: object 12942 required: 12943 - name 12944 type: object 12945 type: array 12946 type: object 12947 repositoryCredentials: 12948 description: RepositoryCredentials are the Git pull credentials to 12949 configure Argo CD with upon creation of the cluster. 12950 type: string 12951 resourceActions: 12952 description: ResourceActions customizes resource action behavior. 12953 items: 12954 description: Resource Customization for custom action 12955 properties: 12956 action: 12957 type: string 12958 group: 12959 type: string 12960 kind: 12961 type: string 12962 type: object 12963 type: array 12964 resourceExclusions: 12965 description: ResourceExclusions is used to completely ignore entire 12966 classes of resource group/kinds. 12967 type: string 12968 resourceHealthChecks: 12969 description: ResourceHealthChecks customizes resource health check 12970 behavior. 12971 items: 12972 description: Resource Customization for custom health check 12973 properties: 12974 check: 12975 type: string 12976 group: 12977 type: string 12978 kind: 12979 type: string 12980 type: object 12981 type: array 12982 resourceIgnoreDifferences: 12983 description: ResourceIgnoreDifferences customizes resource ignore 12984 difference behavior. 12985 properties: 12986 all: 12987 properties: 12988 jqPathExpressions: 12989 items: 12990 type: string 12991 type: array 12992 jsonPointers: 12993 items: 12994 type: string 12995 type: array 12996 managedFieldsManagers: 12997 items: 12998 type: string 12999 type: array 13000 type: object 13001 resourceIdentifiers: 13002 items: 13003 description: Resource Customization fields for ignore difference 13004 properties: 13005 customization: 13006 properties: 13007 jqPathExpressions: 13008 items: 13009 type: string 13010 type: array 13011 jsonPointers: 13012 items: 13013 type: string 13014 type: array 13015 managedFieldsManagers: 13016 items: 13017 type: string 13018 type: array 13019 type: object 13020 group: 13021 type: string 13022 kind: 13023 type: string 13024 type: object 13025 type: array 13026 type: object 13027 resourceInclusions: 13028 description: ResourceInclusions is used to only include specific group/kinds 13029 in the reconciliation process. 13030 type: string 13031 resourceTrackingMethod: 13032 description: ResourceTrackingMethod defines how Argo CD should track 13033 resources that it manages 13034 type: string 13035 server: 13036 description: Server defines the options for the ArgoCD Server component. 13037 properties: 13038 autoscale: 13039 description: Autoscale defines the autoscale options for the Argo 13040 CD Server component. 13041 properties: 13042 enabled: 13043 description: Enabled will toggle autoscaling support for the 13044 Argo CD Server component. 13045 type: boolean 13046 hpa: 13047 description: HPA defines the HorizontalPodAutoscaler options 13048 for the Argo CD Server component. 13049 properties: 13050 maxReplicas: 13051 description: maxReplicas is the upper limit for the number 13052 of pods that can be set by the autoscaler; cannot be 13053 smaller than MinReplicas. 13054 format: int32 13055 type: integer 13056 minReplicas: 13057 description: minReplicas is the lower limit for the number 13058 of replicas to which the autoscaler can scale down. It 13059 defaults to 1 pod. minReplicas is allowed to be 0 if 13060 the alpha feature gate HPAScaleToZero is enabled and 13061 at least one Object or External metric is configured. Scaling 13062 is active as long as at least one metric value is available. 13063 format: int32 13064 type: integer 13065 scaleTargetRef: 13066 description: reference to scaled resource; horizontal 13067 pod autoscaler will learn the current resource consumption 13068 and will set the desired number of pods by using its 13069 Scale subresource. 13070 properties: 13071 apiVersion: 13072 description: apiVersion is the API version of the 13073 referent 13074 type: string 13075 kind: 13076 description: 'kind is the kind of the referent; More 13077 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 13078 type: string 13079 name: 13080 description: 'name is the name of the referent; More 13081 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 13082 type: string 13083 required: 13084 - kind 13085 - name 13086 type: object 13087 targetCPUUtilizationPercentage: 13088 description: targetCPUUtilizationPercentage is the target 13089 average CPU utilization (represented as a percentage 13090 of requested CPU) over all the pods; if not specified 13091 the default autoscaling policy will be used. 13092 format: int32 13093 type: integer 13094 required: 13095 - maxReplicas 13096 - scaleTargetRef 13097 type: object 13098 required: 13099 - enabled 13100 type: object 13101 enabled: 13102 description: Enabled is the flag to enable ArgoCD Server during 13103 ArgoCD installation. (optional, default `true`) 13104 type: boolean 13105 env: 13106 description: Env lets you specify environment for API server pods 13107 items: 13108 description: EnvVar represents an environment variable present 13109 in a Container. 13110 properties: 13111 name: 13112 description: Name of the environment variable. Must be a 13113 C_IDENTIFIER. 13114 type: string 13115 value: 13116 description: 'Variable references $(VAR_NAME) are expanded 13117 using the previously defined environment variables in 13118 the container and any service environment variables. If 13119 a variable cannot be resolved, the reference in the input 13120 string will be unchanged. Double $$ are reduced to a single 13121 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 13122 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 13123 Escaped references will never be expanded, regardless 13124 of whether the variable exists or not. Defaults to "".' 13125 type: string 13126 valueFrom: 13127 description: Source for the environment variable's value. 13128 Cannot be used if value is not empty. 13129 properties: 13130 configMapKeyRef: 13131 description: Selects a key of a ConfigMap. 13132 properties: 13133 key: 13134 description: The key to select. 13135 type: string 13136 name: 13137 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 13138 TODO: Add other useful fields. apiVersion, kind, 13139 uid?' 13140 type: string 13141 optional: 13142 description: Specify whether the ConfigMap or its 13143 key must be defined 13144 type: boolean 13145 required: 13146 - key 13147 type: object 13148 fieldRef: 13149 description: 'Selects a field of the pod: supports metadata.name, 13150 metadata.namespace, `metadata.labels[''<KEY>'']`, 13151 `metadata.annotations[''<KEY>'']`, spec.nodeName, 13152 spec.serviceAccountName, status.hostIP, status.podIP, 13153 status.podIPs.' 13154 properties: 13155 apiVersion: 13156 description: Version of the schema the FieldPath 13157 is written in terms of, defaults to "v1". 13158 type: string 13159 fieldPath: 13160 description: Path of the field to select in the 13161 specified API version. 13162 type: string 13163 required: 13164 - fieldPath 13165 type: object 13166 resourceFieldRef: 13167 description: 'Selects a resource of the container: only 13168 resources limits and requests (limits.cpu, limits.memory, 13169 limits.ephemeral-storage, requests.cpu, requests.memory 13170 and requests.ephemeral-storage) are currently supported.' 13171 properties: 13172 containerName: 13173 description: 'Container name: required for volumes, 13174 optional for env vars' 13175 type: string 13176 divisor: 13177 anyOf: 13178 - type: integer 13179 - type: string 13180 description: Specifies the output format of the 13181 exposed resources, defaults to "1" 13182 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13183 x-kubernetes-int-or-string: true 13184 resource: 13185 description: 'Required: resource to select' 13186 type: string 13187 required: 13188 - resource 13189 type: object 13190 secretKeyRef: 13191 description: Selects a key of a secret in the pod's 13192 namespace 13193 properties: 13194 key: 13195 description: The key of the secret to select from. Must 13196 be a valid secret key. 13197 type: string 13198 name: 13199 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 13200 TODO: Add other useful fields. apiVersion, kind, 13201 uid?' 13202 type: string 13203 optional: 13204 description: Specify whether the Secret or its key 13205 must be defined 13206 type: boolean 13207 required: 13208 - key 13209 type: object 13210 type: object 13211 required: 13212 - name 13213 type: object 13214 type: array 13215 extraCommandArgs: 13216 description: Extra Command arguments that would append to the 13217 Argo CD server command. ExtraCommandArgs will not be added, 13218 if one of these commands is already part of the server command 13219 with same or different value. 13220 items: 13221 type: string 13222 type: array 13223 grpc: 13224 description: GRPC defines the state for the Argo CD Server GRPC 13225 options. 13226 properties: 13227 host: 13228 description: Host is the hostname to use for Ingress/Route 13229 resources. 13230 type: string 13231 ingress: 13232 description: Ingress defines the desired state for the Argo 13233 CD Server GRPC Ingress. 13234 properties: 13235 annotations: 13236 additionalProperties: 13237 type: string 13238 description: Annotations is the map of annotations to 13239 apply to the Ingress. 13240 type: object 13241 enabled: 13242 description: Enabled will toggle the creation of the Ingress. 13243 type: boolean 13244 ingressClassName: 13245 description: IngressClassName for the Ingress resource. 13246 type: string 13247 path: 13248 description: Path used for the Ingress resource. 13249 type: string 13250 tls: 13251 description: TLS configuration. Currently the Ingress 13252 only supports a single TLS port, 443. If multiple members 13253 of this list specify different hosts, they will be multiplexed 13254 on the same port according to the hostname specified 13255 through the SNI TLS extension, if the ingress controller 13256 fulfilling the ingress supports SNI. 13257 items: 13258 description: IngressTLS describes the transport layer 13259 security associated with an ingress. 13260 properties: 13261 hosts: 13262 description: hosts is a list of hosts included in 13263 the TLS certificate. The values in this list must 13264 match the name/s used in the tlsSecret. Defaults 13265 to the wildcard host setting for the loadbalancer 13266 controller fulfilling this Ingress, if left unspecified. 13267 items: 13268 type: string 13269 type: array 13270 x-kubernetes-list-type: atomic 13271 secretName: 13272 description: secretName is the name of the secret 13273 used to terminate TLS traffic on port 443. Field 13274 is left optional to allow TLS routing based on 13275 SNI hostname alone. If the SNI host in a listener 13276 conflicts with the "Host" header field used by 13277 an IngressRule, the SNI host is used for termination 13278 and value of the "Host" header is used for routing. 13279 type: string 13280 type: object 13281 type: array 13282 required: 13283 - enabled 13284 type: object 13285 type: object 13286 host: 13287 description: Host is the hostname to use for Ingress/Route resources. 13288 type: string 13289 ingress: 13290 description: Ingress defines the desired state for an Ingress 13291 for the Argo CD Server component. 13292 properties: 13293 annotations: 13294 additionalProperties: 13295 type: string 13296 description: Annotations is the map of annotations to apply 13297 to the Ingress. 13298 type: object 13299 enabled: 13300 description: Enabled will toggle the creation of the Ingress. 13301 type: boolean 13302 ingressClassName: 13303 description: IngressClassName for the Ingress resource. 13304 type: string 13305 path: 13306 description: Path used for the Ingress resource. 13307 type: string 13308 tls: 13309 description: TLS configuration. Currently the Ingress only 13310 supports a single TLS port, 443. If multiple members of 13311 this list specify different hosts, they will be multiplexed 13312 on the same port according to the hostname specified through 13313 the SNI TLS extension, if the ingress controller fulfilling 13314 the ingress supports SNI. 13315 items: 13316 description: IngressTLS describes the transport layer security 13317 associated with an ingress. 13318 properties: 13319 hosts: 13320 description: hosts is a list of hosts included in the 13321 TLS certificate. The values in this list must match 13322 the name/s used in the tlsSecret. Defaults to the 13323 wildcard host setting for the loadbalancer controller 13324 fulfilling this Ingress, if left unspecified. 13325 items: 13326 type: string 13327 type: array 13328 x-kubernetes-list-type: atomic 13329 secretName: 13330 description: secretName is the name of the secret used 13331 to terminate TLS traffic on port 443. Field is left 13332 optional to allow TLS routing based on SNI hostname 13333 alone. If the SNI host in a listener conflicts with 13334 the "Host" header field used by an IngressRule, the 13335 SNI host is used for termination and value of the 13336 "Host" header is used for routing. 13337 type: string 13338 type: object 13339 type: array 13340 required: 13341 - enabled 13342 type: object 13343 insecure: 13344 description: Insecure toggles the insecure flag. 13345 type: boolean 13346 logFormat: 13347 description: LogFormat refers to the log level to be used by the 13348 ArgoCD Server component. Defaults to ArgoCDDefaultLogFormat 13349 if not configured. Valid options are text or json. 13350 type: string 13351 logLevel: 13352 description: LogLevel refers to the log level to be used by the 13353 ArgoCD Server component. Defaults to ArgoCDDefaultLogLevel if 13354 not set. Valid options are debug, info, error, and warn. 13355 type: string 13356 replicas: 13357 description: Replicas defines the number of replicas for argocd-server. 13358 Default is nil. Value should be greater than or equal to 0. 13359 Value will be ignored if Autoscaler is enabled. 13360 format: int32 13361 type: integer 13362 resources: 13363 description: Resources defines the Compute Resources required 13364 by the container for the Argo CD server component. 13365 properties: 13366 claims: 13367 description: "Claims lists the names of resources, defined 13368 in spec.resourceClaims, that are used by this container. 13369 \n This is an alpha field and requires enabling the DynamicResourceAllocation 13370 feature gate. \n This field is immutable. It can only be 13371 set for containers." 13372 items: 13373 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 13374 properties: 13375 name: 13376 description: Name must match the name of one entry in 13377 pod.spec.resourceClaims of the Pod where this field 13378 is used. It makes that resource available inside a 13379 container. 13380 type: string 13381 required: 13382 - name 13383 type: object 13384 type: array 13385 x-kubernetes-list-map-keys: 13386 - name 13387 x-kubernetes-list-type: map 13388 limits: 13389 additionalProperties: 13390 anyOf: 13391 - type: integer 13392 - type: string 13393 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13394 x-kubernetes-int-or-string: true 13395 description: 'Limits describes the maximum amount of compute 13396 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 13397 type: object 13398 requests: 13399 additionalProperties: 13400 anyOf: 13401 - type: integer 13402 - type: string 13403 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13404 x-kubernetes-int-or-string: true 13405 description: 'Requests describes the minimum amount of compute 13406 resources required. If Requests is omitted for a container, 13407 it defaults to Limits if that is explicitly specified, otherwise 13408 to an implementation-defined value. Requests cannot exceed 13409 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 13410 type: object 13411 type: object 13412 route: 13413 description: Route defines the desired state for an OpenShift 13414 Route for the Argo CD Server component. 13415 properties: 13416 annotations: 13417 additionalProperties: 13418 type: string 13419 description: Annotations is the map of annotations to use 13420 for the Route resource. 13421 type: object 13422 enabled: 13423 description: Enabled will toggle the creation of the OpenShift 13424 Route. 13425 type: boolean 13426 labels: 13427 additionalProperties: 13428 type: string 13429 description: Labels is the map of labels to use for the Route 13430 resource 13431 type: object 13432 path: 13433 description: Path the router watches for, to route traffic 13434 for to the service. 13435 type: string 13436 tls: 13437 description: TLS provides the ability to configure certificates 13438 and termination for the Route. 13439 properties: 13440 caCertificate: 13441 description: caCertificate provides the cert authority 13442 certificate contents 13443 type: string 13444 certificate: 13445 description: certificate provides certificate contents 13446 type: string 13447 destinationCACertificate: 13448 description: destinationCACertificate provides the contents 13449 of the ca certificate of the final destination. When 13450 using reencrypt termination this file should be provided 13451 in order to have routers use it for health checks on 13452 the secure connection. If this field is not specified, 13453 the router may provide its own destination CA and perform 13454 hostname validation using the short service name (service.namespace.svc), 13455 which allows infrastructure generated certificates to 13456 automatically verify. 13457 type: string 13458 insecureEdgeTerminationPolicy: 13459 description: "insecureEdgeTerminationPolicy indicates 13460 the desired behavior for insecure connections to a route. 13461 While each router may make its own decisions on which 13462 ports to expose, this is normally port 80. \n * Allow 13463 - traffic is sent to the server on the insecure port 13464 (default) * Disable - no traffic is allowed on the insecure 13465 port. * Redirect - clients are redirected to the secure 13466 port." 13467 type: string 13468 key: 13469 description: key provides key file contents 13470 type: string 13471 termination: 13472 description: termination indicates termination type. 13473 type: string 13474 required: 13475 - termination 13476 type: object 13477 wildcardPolicy: 13478 description: WildcardPolicy if any for the route. Currently 13479 only 'Subdomain' or 'None' is allowed. 13480 type: string 13481 required: 13482 - enabled 13483 type: object 13484 service: 13485 description: Service defines the options for the Service backing 13486 the ArgoCD Server component. 13487 properties: 13488 type: 13489 description: Type is the ServiceType to use for the Service 13490 resource. 13491 type: string 13492 required: 13493 - type 13494 type: object 13495 type: object 13496 sourceNamespaces: 13497 description: SourceNamespaces defines the namespaces application resources 13498 are allowed to be created in 13499 items: 13500 type: string 13501 type: array 13502 sso: 13503 description: SSO defines the Single Sign-on configuration for Argo 13504 CD 13505 properties: 13506 dex: 13507 description: Dex contains the configuration for Argo CD dex authentication 13508 properties: 13509 config: 13510 description: Config is the dex connector configuration. 13511 type: string 13512 env: 13513 description: Env lets you specify environment variables for 13514 Dex. 13515 items: 13516 description: EnvVar represents an environment variable present 13517 in a Container. 13518 properties: 13519 name: 13520 description: Name of the environment variable. Must 13521 be a C_IDENTIFIER. 13522 type: string 13523 value: 13524 description: 'Variable references $(VAR_NAME) are expanded 13525 using the previously defined environment variables 13526 in the container and any service environment variables. 13527 If a variable cannot be resolved, the reference in 13528 the input string will be unchanged. Double $$ are 13529 reduced to a single $, which allows for escaping the 13530 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce 13531 the string literal "$(VAR_NAME)". Escaped references 13532 will never be expanded, regardless of whether the 13533 variable exists or not. Defaults to "".' 13534 type: string 13535 valueFrom: 13536 description: Source for the environment variable's value. 13537 Cannot be used if value is not empty. 13538 properties: 13539 configMapKeyRef: 13540 description: Selects a key of a ConfigMap. 13541 properties: 13542 key: 13543 description: The key to select. 13544 type: string 13545 name: 13546 description: 'Name of the referent. More info: 13547 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 13548 TODO: Add other useful fields. apiVersion, 13549 kind, uid?' 13550 type: string 13551 optional: 13552 description: Specify whether the ConfigMap or 13553 its key must be defined 13554 type: boolean 13555 required: 13556 - key 13557 type: object 13558 fieldRef: 13559 description: 'Selects a field of the pod: supports 13560 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 13561 `metadata.annotations[''<KEY>'']`, spec.nodeName, 13562 spec.serviceAccountName, status.hostIP, status.podIP, 13563 status.podIPs.' 13564 properties: 13565 apiVersion: 13566 description: Version of the schema the FieldPath 13567 is written in terms of, defaults to "v1". 13568 type: string 13569 fieldPath: 13570 description: Path of the field to select in 13571 the specified API version. 13572 type: string 13573 required: 13574 - fieldPath 13575 type: object 13576 resourceFieldRef: 13577 description: 'Selects a resource of the container: 13578 only resources limits and requests (limits.cpu, 13579 limits.memory, limits.ephemeral-storage, requests.cpu, 13580 requests.memory and requests.ephemeral-storage) 13581 are currently supported.' 13582 properties: 13583 containerName: 13584 description: 'Container name: required for volumes, 13585 optional for env vars' 13586 type: string 13587 divisor: 13588 anyOf: 13589 - type: integer 13590 - type: string 13591 description: Specifies the output format of 13592 the exposed resources, defaults to "1" 13593 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13594 x-kubernetes-int-or-string: true 13595 resource: 13596 description: 'Required: resource to select' 13597 type: string 13598 required: 13599 - resource 13600 type: object 13601 secretKeyRef: 13602 description: Selects a key of a secret in the pod's 13603 namespace 13604 properties: 13605 key: 13606 description: The key of the secret to select 13607 from. Must be a valid secret key. 13608 type: string 13609 name: 13610 description: 'Name of the referent. More info: 13611 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 13612 TODO: Add other useful fields. apiVersion, 13613 kind, uid?' 13614 type: string 13615 optional: 13616 description: Specify whether the Secret or its 13617 key must be defined 13618 type: boolean 13619 required: 13620 - key 13621 type: object 13622 type: object 13623 required: 13624 - name 13625 type: object 13626 type: array 13627 groups: 13628 description: Optional list of required groups a user must 13629 be a member of 13630 items: 13631 type: string 13632 type: array 13633 image: 13634 description: Image is the Dex container image. 13635 type: string 13636 openShiftOAuth: 13637 description: OpenShiftOAuth enables OpenShift OAuth authentication 13638 for the Dex server. 13639 type: boolean 13640 resources: 13641 description: Resources defines the Compute Resources required 13642 by the container for Dex. 13643 properties: 13644 claims: 13645 description: "Claims lists the names of resources, defined 13646 in spec.resourceClaims, that are used by this container. 13647 \n This is an alpha field and requires enabling the 13648 DynamicResourceAllocation feature gate. \n This field 13649 is immutable. It can only be set for containers." 13650 items: 13651 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 13652 properties: 13653 name: 13654 description: Name must match the name of one entry 13655 in pod.spec.resourceClaims of the Pod where this 13656 field is used. It makes that resource available 13657 inside a container. 13658 type: string 13659 required: 13660 - name 13661 type: object 13662 type: array 13663 x-kubernetes-list-map-keys: 13664 - name 13665 x-kubernetes-list-type: map 13666 limits: 13667 additionalProperties: 13668 anyOf: 13669 - type: integer 13670 - type: string 13671 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13672 x-kubernetes-int-or-string: true 13673 description: 'Limits describes the maximum amount of compute 13674 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 13675 type: object 13676 requests: 13677 additionalProperties: 13678 anyOf: 13679 - type: integer 13680 - type: string 13681 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13682 x-kubernetes-int-or-string: true 13683 description: 'Requests describes the minimum amount of 13684 compute resources required. If Requests is omitted for 13685 a container, it defaults to Limits if that is explicitly 13686 specified, otherwise to an implementation-defined value. 13687 Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 13688 type: object 13689 type: object 13690 version: 13691 description: Version is the Dex container image tag. 13692 type: string 13693 type: object 13694 keycloak: 13695 description: Keycloak contains the configuration for Argo CD keycloak 13696 authentication 13697 properties: 13698 image: 13699 description: Image is the Keycloak container image. 13700 type: string 13701 resources: 13702 description: Resources defines the Compute Resources required 13703 by the container for Keycloak. 13704 properties: 13705 claims: 13706 description: "Claims lists the names of resources, defined 13707 in spec.resourceClaims, that are used by this container. 13708 \n This is an alpha field and requires enabling the 13709 DynamicResourceAllocation feature gate. \n This field 13710 is immutable. It can only be set for containers." 13711 items: 13712 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 13713 properties: 13714 name: 13715 description: Name must match the name of one entry 13716 in pod.spec.resourceClaims of the Pod where this 13717 field is used. It makes that resource available 13718 inside a container. 13719 type: string 13720 required: 13721 - name 13722 type: object 13723 type: array 13724 x-kubernetes-list-map-keys: 13725 - name 13726 x-kubernetes-list-type: map 13727 limits: 13728 additionalProperties: 13729 anyOf: 13730 - type: integer 13731 - type: string 13732 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13733 x-kubernetes-int-or-string: true 13734 description: 'Limits describes the maximum amount of compute 13735 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 13736 type: object 13737 requests: 13738 additionalProperties: 13739 anyOf: 13740 - type: integer 13741 - type: string 13742 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13743 x-kubernetes-int-or-string: true 13744 description: 'Requests describes the minimum amount of 13745 compute resources required. If Requests is omitted for 13746 a container, it defaults to Limits if that is explicitly 13747 specified, otherwise to an implementation-defined value. 13748 Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 13749 type: object 13750 type: object 13751 rootCA: 13752 description: Custom root CA certificate for communicating 13753 with the Keycloak OIDC provider 13754 type: string 13755 verifyTLS: 13756 description: VerifyTLS set to false disables strict TLS validation. 13757 type: boolean 13758 version: 13759 description: Version is the Keycloak container image tag. 13760 type: string 13761 type: object 13762 provider: 13763 description: Provider installs and configures the given SSO Provider 13764 with Argo CD. 13765 type: string 13766 type: object 13767 statusBadgeEnabled: 13768 description: StatusBadgeEnabled toggles application status badge feature. 13769 type: boolean 13770 tls: 13771 description: TLS defines the TLS options for ArgoCD. 13772 properties: 13773 ca: 13774 description: CA defines the CA options. 13775 properties: 13776 configMapName: 13777 description: ConfigMapName is the name of the ConfigMap containing 13778 the CA Certificate. 13779 type: string 13780 secretName: 13781 description: SecretName is the name of the Secret containing 13782 the CA Certificate and Key. 13783 type: string 13784 type: object 13785 initialCerts: 13786 additionalProperties: 13787 type: string 13788 description: InitialCerts defines custom TLS certificates upon 13789 creation of the cluster for connecting Git repositories via 13790 HTTPS. 13791 type: object 13792 type: object 13793 usersAnonymousEnabled: 13794 description: UsersAnonymousEnabled toggles anonymous user access. 13795 The anonymous users get default role permissions specified argocd-rbac-cm. 13796 type: boolean 13797 version: 13798 description: Version is the tag to use with the ArgoCD container image 13799 for all ArgoCD components. 13800 type: string 13801 type: object 13802 status: 13803 description: ArgoCDStatus defines the observed state of ArgoCD 13804 properties: 13805 applicationController: 13806 description: 'ApplicationController is a simple, high-level summary 13807 of where the Argo CD application controller component is in its 13808 lifecycle. There are four possible ApplicationController values: 13809 Pending: The Argo CD application controller component has been accepted 13810 by the Kubernetes system, but one or more of the required resources 13811 have not been created. Running: All of the required Pods for the 13812 Argo CD application controller component are in a Ready state. Failed: 13813 At least one of the Argo CD application controller component Pods 13814 had a failure. Unknown: The state of the Argo CD application controller 13815 component could not be obtained.' 13816 type: string 13817 applicationSetController: 13818 description: 'ApplicationSetController is a simple, high-level summary 13819 of where the Argo CD applicationSet controller component is in its 13820 lifecycle. There are four possible ApplicationSetController values: 13821 Pending: The Argo CD applicationSet controller component has been 13822 accepted by the Kubernetes system, but one or more of the required 13823 resources have not been created. Running: All of the required Pods 13824 for the Argo CD applicationSet controller component are in a Ready 13825 state. Failed: At least one of the Argo CD applicationSet controller 13826 component Pods had a failure. Unknown: The state of the Argo CD 13827 applicationSet controller component could not be obtained.' 13828 type: string 13829 host: 13830 description: Host is the hostname of the Ingress. 13831 type: string 13832 notificationsController: 13833 description: 'NotificationsController is a simple, high-level summary 13834 of where the Argo CD notifications controller component is in its 13835 lifecycle. There are four possible NotificationsController values: 13836 Pending: The Argo CD notifications controller component has been 13837 accepted by the Kubernetes system, but one or more of the required 13838 resources have not been created. Running: All of the required Pods 13839 for the Argo CD notifications controller component are in a Ready 13840 state. Failed: At least one of the Argo CD notifications controller 13841 component Pods had a failure. Unknown: The state of the Argo CD 13842 notifications controller component could not be obtained.' 13843 type: string 13844 phase: 13845 description: 'Phase is a simple, high-level summary of where the ArgoCD 13846 is in its lifecycle. There are four possible phase values: Pending: 13847 The ArgoCD has been accepted by the Kubernetes system, but one or 13848 more of the required resources have not been created. Available: 13849 All of the resources for the ArgoCD are ready. Failed: At least 13850 one resource has experienced a failure. Unknown: The state of the 13851 ArgoCD phase could not be obtained.' 13852 type: string 13853 redis: 13854 description: 'Redis is a simple, high-level summary of where the Argo 13855 CD Redis component is in its lifecycle. There are four possible 13856 redis values: Pending: The Argo CD Redis component has been accepted 13857 by the Kubernetes system, but one or more of the required resources 13858 have not been created. Running: All of the required Pods for the 13859 Argo CD Redis component are in a Ready state. Failed: At least one 13860 of the Argo CD Redis component Pods had a failure. Unknown: The 13861 state of the Argo CD Redis component could not be obtained.' 13862 type: string 13863 redisTLSChecksum: 13864 description: RedisTLSChecksum contains the SHA256 checksum of the 13865 latest known state of tls.crt and tls.key in the argocd-operator-redis-tls 13866 secret. 13867 type: string 13868 repo: 13869 description: 'Repo is a simple, high-level summary of where the Argo 13870 CD Repo component is in its lifecycle. There are four possible repo 13871 values: Pending: The Argo CD Repo component has been accepted by 13872 the Kubernetes system, but one or more of the required resources 13873 have not been created. Running: All of the required Pods for the 13874 Argo CD Repo component are in a Ready state. Failed: At least one 13875 of the Argo CD Repo component Pods had a failure. Unknown: The 13876 state of the Argo CD Repo component could not be obtained.' 13877 type: string 13878 repoTLSChecksum: 13879 description: RepoTLSChecksum contains the SHA256 checksum of the latest 13880 known state of tls.crt and tls.key in the argocd-repo-server-tls 13881 secret. 13882 type: string 13883 server: 13884 description: 'Server is a simple, high-level summary of where the 13885 Argo CD server component is in its lifecycle. There are four possible 13886 server values: Pending: The Argo CD server component has been accepted 13887 by the Kubernetes system, but one or more of the required resources 13888 have not been created. Running: All of the required Pods for the 13889 Argo CD server component are in a Ready state. Failed: At least 13890 one of the Argo CD server component Pods had a failure. Unknown: 13891 The state of the Argo CD server component could not be obtained.' 13892 type: string 13893 sso: 13894 description: 'SSO is a simple, high-level summary of where the Argo 13895 CD SSO(Dex/Keycloak) component is in its lifecycle. There are four 13896 possible sso values: Pending: The Argo CD SSO component has been 13897 accepted by the Kubernetes system, but one or more of the required 13898 resources have not been created. Running: All of the required Pods 13899 for the Argo CD SSO component are in a Ready state. Failed: At least 13900 one of the Argo CD SSO component Pods had a failure. Unknown: The 13901 state of the Argo CD SSO component could not be obtained.' 13902 type: string 13903 type: object 13904 type: object 13905 served: true 13906 storage: true 13907 subresources: 13908 status: {} 13909 status: 13910 acceptedNames: 13911 kind: "" 13912 plural: "" 13913 conditions: [] 13914 storedVersions: []