github.com/argoproj-labs/argocd-operator@v0.10.0/deploy/olm-catalog/argocd-operator/0.4.0/argoproj.io_argocds.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 controller-gen.kubebuilder.io/version: v0.6.1 6 creationTimestamp: null 7 name: argocds.argoproj.io 8 spec: 9 group: argoproj.io 10 names: 11 kind: ArgoCD 12 listKind: ArgoCDList 13 plural: argocds 14 singular: argocd 15 scope: Namespaced 16 versions: 17 - name: v1alpha1 18 schema: 19 openAPIV3Schema: 20 description: ArgoCD is the Schema for the argocds API 21 properties: 22 apiVersion: 23 description: 'APIVersion defines the versioned schema of this representation 24 of an object. Servers should convert recognized schemas to the latest 25 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 26 type: string 27 kind: 28 description: 'Kind is a string value representing the REST resource this 29 object represents. Servers may infer this from the endpoint the client 30 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 31 type: string 32 metadata: 33 type: object 34 spec: 35 description: ArgoCDSpec defines the desired state of ArgoCD 36 properties: 37 applicationInstanceLabelKey: 38 description: ApplicationInstanceLabelKey is the key name where Argo 39 CD injects the app name as a tracking label. 40 type: string 41 applicationSet: 42 description: ArgoCDApplicationSet defines whether the Argo CD ApplicationSet 43 controller should be installed. 44 properties: 45 image: 46 description: Image is the Argo CD ApplicationSet image (optional) 47 type: string 48 logLevel: 49 description: LogLevel describes the log level that should be used 50 by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel 51 if not set. Valid options are debug,info, error, and warn. 52 type: string 53 resources: 54 description: Resources defines the Compute Resources required 55 by the container for ApplicationSet. 56 properties: 57 limits: 58 additionalProperties: 59 anyOf: 60 - type: integer 61 - type: string 62 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 63 x-kubernetes-int-or-string: true 64 description: 'Limits describes the maximum amount of compute 65 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 66 type: object 67 requests: 68 additionalProperties: 69 anyOf: 70 - type: integer 71 - type: string 72 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 73 x-kubernetes-int-or-string: true 74 description: 'Requests describes the minimum amount of compute 75 resources required. If Requests is omitted for a container, 76 it defaults to Limits if that is explicitly specified, otherwise 77 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 78 type: object 79 type: object 80 version: 81 description: Version is the Argo CD ApplicationSet image tag. 82 (optional) 83 type: string 84 webhookServer: 85 description: WebhookServerSpec defines the options for the ApplicationSet 86 Webhook Server component. 87 properties: 88 host: 89 description: Host is the hostname to use for Ingress/Route 90 resources. 91 type: string 92 ingress: 93 description: Ingress defines the desired state for an Ingress 94 for the Application set webhook component. 95 properties: 96 annotations: 97 additionalProperties: 98 type: string 99 description: Annotations is the map of annotations to 100 apply to the Ingress. 101 type: object 102 enabled: 103 description: Enabled will toggle the creation of the Ingress. 104 type: boolean 105 path: 106 description: Path used for the Ingress resource. 107 type: string 108 tls: 109 description: TLS configuration. Currently the Ingress 110 only supports a single TLS port, 443. If multiple members 111 of this list specify different hosts, they will be multiplexed 112 on the same port according to the hostname specified 113 through the SNI TLS extension, if the ingress controller 114 fulfilling the ingress supports SNI. 115 items: 116 description: IngressTLS describes the transport layer 117 security associated with an Ingress. 118 properties: 119 hosts: 120 description: Hosts are a list of hosts included 121 in the TLS certificate. The values in this list 122 must match the name/s used in the tlsSecret. Defaults 123 to the wildcard host setting for the loadbalancer 124 controller fulfilling this Ingress, if left unspecified. 125 items: 126 type: string 127 type: array 128 x-kubernetes-list-type: atomic 129 secretName: 130 description: SecretName is the name of the secret 131 used to terminate TLS traffic on port 443. Field 132 is left optional to allow TLS routing based on 133 SNI hostname alone. If the SNI host in a listener 134 conflicts with the "Host" header field used by 135 an IngressRule, the SNI host is used for termination 136 and value of the Host header is used for routing. 137 type: string 138 type: object 139 type: array 140 required: 141 - enabled 142 type: object 143 route: 144 description: Route defines the desired state for an OpenShift 145 Route for the Application set webhook component. 146 properties: 147 annotations: 148 additionalProperties: 149 type: string 150 description: Annotations is the map of annotations to 151 use for the Route resource. 152 type: object 153 enabled: 154 description: Enabled will toggle the creation of the OpenShift 155 Route. 156 type: boolean 157 labels: 158 additionalProperties: 159 type: string 160 description: Labels is the map of labels to use for the 161 Route resource 162 type: object 163 path: 164 description: Path the router watches for, to route traffic 165 for to the service. 166 type: string 167 tls: 168 description: TLS provides the ability to configure certificates 169 and termination for the Route. 170 properties: 171 caCertificate: 172 description: caCertificate provides the cert authority 173 certificate contents 174 type: string 175 certificate: 176 description: certificate provides certificate contents 177 type: string 178 destinationCACertificate: 179 description: destinationCACertificate provides the 180 contents of the ca certificate of the final destination. When 181 using reencrypt termination this file should be 182 provided in order to have routers use it for health 183 checks on the secure connection. If this field is 184 not specified, the router may provide its own destination 185 CA and perform hostname validation using the short 186 service name (service.namespace.svc), which allows 187 infrastructure generated certificates to automatically 188 verify. 189 type: string 190 insecureEdgeTerminationPolicy: 191 description: "insecureEdgeTerminationPolicy indicates 192 the desired behavior for insecure connections to 193 a route. While each router may make its own decisions 194 on which ports to expose, this is normally port 195 80. \n * Allow - traffic is sent to the server on 196 the insecure port (default) * Disable - no traffic 197 is allowed on the insecure port. * Redirect - clients 198 are redirected to the secure port." 199 type: string 200 key: 201 description: key provides key file contents 202 type: string 203 termination: 204 description: termination indicates termination type. 205 type: string 206 required: 207 - termination 208 type: object 209 wildcardPolicy: 210 description: WildcardPolicy if any for the route. Currently 211 only 'Subdomain' or 'None' is allowed. 212 type: string 213 required: 214 - enabled 215 type: object 216 type: object 217 type: object 218 banner: 219 description: Banner defines an additional banner to be displayed in 220 Argo CD UI 221 properties: 222 content: 223 description: Content defines the banner message content to display 224 type: string 225 url: 226 description: URL defines an optional URL to be used as banner 227 message link 228 type: string 229 required: 230 - content 231 type: object 232 configManagementPlugins: 233 description: ConfigManagementPlugins is used to specify additional 234 config management plugins. 235 type: string 236 controller: 237 description: Controller defines the Application Controller options 238 for ArgoCD. 239 properties: 240 appSync: 241 description: "AppSync is used to control the sync frequency, by 242 default the ArgoCD controller polls Git every 3m. \n Set this 243 to a duration, e.g. 10m or 600s to control the synchronisation 244 frequency." 245 type: string 246 env: 247 description: Env lets you specify environment for application 248 controller pods 249 items: 250 description: EnvVar represents an environment variable present 251 in a Container. 252 properties: 253 name: 254 description: Name of the environment variable. Must be a 255 C_IDENTIFIER. 256 type: string 257 value: 258 description: 'Variable references $(VAR_NAME) are expanded 259 using the previously defined environment variables in 260 the container and any service environment variables. If 261 a variable cannot be resolved, the reference in the input 262 string will be unchanged. Double $$ are reduced to a single 263 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 264 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 265 Escaped references will never be expanded, regardless 266 of whether the variable exists or not. Defaults to "".' 267 type: string 268 valueFrom: 269 description: Source for the environment variable's value. 270 Cannot be used if value is not empty. 271 properties: 272 configMapKeyRef: 273 description: Selects a key of a ConfigMap. 274 properties: 275 key: 276 description: The key to select. 277 type: string 278 name: 279 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 280 TODO: Add other useful fields. apiVersion, kind, 281 uid?' 282 type: string 283 optional: 284 description: Specify whether the ConfigMap or its 285 key must be defined 286 type: boolean 287 required: 288 - key 289 type: object 290 fieldRef: 291 description: 'Selects a field of the pod: supports metadata.name, 292 metadata.namespace, `metadata.labels[''<KEY>'']`, 293 `metadata.annotations[''<KEY>'']`, spec.nodeName, 294 spec.serviceAccountName, status.hostIP, status.podIP, 295 status.podIPs.' 296 properties: 297 apiVersion: 298 description: Version of the schema the FieldPath 299 is written in terms of, defaults to "v1". 300 type: string 301 fieldPath: 302 description: Path of the field to select in the 303 specified API version. 304 type: string 305 required: 306 - fieldPath 307 type: object 308 resourceFieldRef: 309 description: 'Selects a resource of the container: only 310 resources limits and requests (limits.cpu, limits.memory, 311 limits.ephemeral-storage, requests.cpu, requests.memory 312 and requests.ephemeral-storage) are currently supported.' 313 properties: 314 containerName: 315 description: 'Container name: required for volumes, 316 optional for env vars' 317 type: string 318 divisor: 319 anyOf: 320 - type: integer 321 - type: string 322 description: Specifies the output format of the 323 exposed resources, defaults to "1" 324 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 325 x-kubernetes-int-or-string: true 326 resource: 327 description: 'Required: resource to select' 328 type: string 329 required: 330 - resource 331 type: object 332 secretKeyRef: 333 description: Selects a key of a secret in the pod's 334 namespace 335 properties: 336 key: 337 description: The key of the secret to select from. Must 338 be a valid secret key. 339 type: string 340 name: 341 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 342 TODO: Add other useful fields. apiVersion, kind, 343 uid?' 344 type: string 345 optional: 346 description: Specify whether the Secret or its key 347 must be defined 348 type: boolean 349 required: 350 - key 351 type: object 352 type: object 353 required: 354 - name 355 type: object 356 type: array 357 logFormat: 358 description: LogFormat refers to the log format used by the Application 359 Controller component. Defaults to ArgoCDDefaultLogFormat if 360 not configured. Valid options are text or json. 361 type: string 362 logLevel: 363 description: LogLevel refers to the log level used by the Application 364 Controller component. Defaults to ArgoCDDefaultLogLevel if not 365 configured. Valid options are debug, info, error, and warn. 366 type: string 367 parallelismLimit: 368 description: ParallelismLimit defines the limit for parallel kubectl 369 operations 370 format: int32 371 type: integer 372 processors: 373 description: Processors contains the options for the Application 374 Controller processors. 375 properties: 376 operation: 377 description: Operation is the number of application operation 378 processors. 379 format: int32 380 type: integer 381 status: 382 description: Status is the number of application status processors. 383 format: int32 384 type: integer 385 type: object 386 resources: 387 description: Resources defines the Compute Resources required 388 by the container for the Application Controller. 389 properties: 390 limits: 391 additionalProperties: 392 anyOf: 393 - type: integer 394 - type: string 395 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 396 x-kubernetes-int-or-string: true 397 description: 'Limits describes the maximum amount of compute 398 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 399 type: object 400 requests: 401 additionalProperties: 402 anyOf: 403 - type: integer 404 - type: string 405 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 406 x-kubernetes-int-or-string: true 407 description: 'Requests describes the minimum amount of compute 408 resources required. If Requests is omitted for a container, 409 it defaults to Limits if that is explicitly specified, otherwise 410 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 411 type: object 412 type: object 413 sharding: 414 description: Sharding contains the options for the Application 415 Controller sharding configuration. 416 properties: 417 enabled: 418 description: Enabled defines whether sharding should be enabled 419 on the Application Controller component. 420 type: boolean 421 replicas: 422 description: Replicas defines the number of replicas to run 423 in the Application controller shard. 424 format: int32 425 type: integer 426 type: object 427 type: object 428 dex: 429 description: Dex defines the Dex server options for ArgoCD. 430 properties: 431 config: 432 description: Config is the dex connector configuration. 433 type: string 434 groups: 435 description: Optional list of required groups a user must be a 436 member of 437 items: 438 type: string 439 type: array 440 image: 441 description: Image is the Dex container image. 442 type: string 443 openShiftOAuth: 444 description: OpenShiftOAuth enables OpenShift OAuth authentication 445 for the Dex server. 446 type: boolean 447 resources: 448 description: Resources defines the Compute Resources required 449 by the container for Dex. 450 properties: 451 limits: 452 additionalProperties: 453 anyOf: 454 - type: integer 455 - type: string 456 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 457 x-kubernetes-int-or-string: true 458 description: 'Limits describes the maximum amount of compute 459 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 460 type: object 461 requests: 462 additionalProperties: 463 anyOf: 464 - type: integer 465 - type: string 466 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 467 x-kubernetes-int-or-string: true 468 description: 'Requests describes the minimum amount of compute 469 resources required. If Requests is omitted for a container, 470 it defaults to Limits if that is explicitly specified, otherwise 471 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 472 type: object 473 type: object 474 version: 475 description: Version is the Dex container image tag. 476 type: string 477 type: object 478 disableAdmin: 479 description: DisableAdmin will disable the admin user. 480 type: boolean 481 extraConfig: 482 additionalProperties: 483 type: string 484 description: "ExtraConfig can be used to add fields to Argo CD configmap 485 that are not supported by Argo CD CRD. \n Note: ExtraConfig takes 486 precedence over Argo CD CRD. For example, A user sets `argocd.Spec.DisableAdmin` 487 = true and also `a.Spec.ExtraConfig[\"admin.enabled\"]` = true. 488 In this case, operator updates Argo CD Configmap as follows -> argocd-cm.Data[\"admin.enabled\"] 489 = true." 490 type: object 491 gaAnonymizeUsers: 492 description: GAAnonymizeUsers toggles user IDs being hashed before 493 sending to google analytics. 494 type: boolean 495 gaTrackingID: 496 description: GATrackingID is the google analytics tracking ID to use. 497 type: string 498 grafana: 499 description: Grafana defines the Grafana server options for ArgoCD. 500 properties: 501 enabled: 502 description: Enabled will toggle Grafana support globally for 503 ArgoCD. 504 type: boolean 505 host: 506 description: Host is the hostname to use for Ingress/Route resources. 507 type: string 508 image: 509 description: Image is the Grafana container image. 510 type: string 511 ingress: 512 description: Ingress defines the desired state for an Ingress 513 for the Grafana component. 514 properties: 515 annotations: 516 additionalProperties: 517 type: string 518 description: Annotations is the map of annotations to apply 519 to the Ingress. 520 type: object 521 enabled: 522 description: Enabled will toggle the creation of the Ingress. 523 type: boolean 524 ingressClassName: 525 description: IngressClassName for the Ingress resource. 526 type: string 527 path: 528 description: Path used for the Ingress resource. 529 type: string 530 tls: 531 description: TLS configuration. Currently the Ingress only 532 supports a single TLS port, 443. If multiple members of 533 this list specify different hosts, they will be multiplexed 534 on the same port according to the hostname specified through 535 the SNI TLS extension, if the ingress controller fulfilling 536 the ingress supports SNI. 537 items: 538 description: IngressTLS describes the transport layer security 539 associated with an Ingress. 540 properties: 541 hosts: 542 description: Hosts are a list of hosts included in the 543 TLS certificate. The values in this list must match 544 the name/s used in the tlsSecret. Defaults to the 545 wildcard host setting for the loadbalancer controller 546 fulfilling this Ingress, if left unspecified. 547 items: 548 type: string 549 type: array 550 x-kubernetes-list-type: atomic 551 secretName: 552 description: SecretName is the name of the secret used 553 to terminate TLS traffic on port 443. Field is left 554 optional to allow TLS routing based on SNI hostname 555 alone. If the SNI host in a listener conflicts with 556 the "Host" header field used by an IngressRule, the 557 SNI host is used for termination and value of the 558 Host header is used for routing. 559 type: string 560 type: object 561 type: array 562 required: 563 - enabled 564 type: object 565 resources: 566 description: Resources defines the Compute Resources required 567 by the container for Grafana. 568 properties: 569 limits: 570 additionalProperties: 571 anyOf: 572 - type: integer 573 - type: string 574 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 575 x-kubernetes-int-or-string: true 576 description: 'Limits describes the maximum amount of compute 577 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 578 type: object 579 requests: 580 additionalProperties: 581 anyOf: 582 - type: integer 583 - type: string 584 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 585 x-kubernetes-int-or-string: true 586 description: 'Requests describes the minimum amount of compute 587 resources required. If Requests is omitted for a container, 588 it defaults to Limits if that is explicitly specified, otherwise 589 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 590 type: object 591 type: object 592 route: 593 description: Route defines the desired state for an OpenShift 594 Route for the Grafana component. 595 properties: 596 annotations: 597 additionalProperties: 598 type: string 599 description: Annotations is the map of annotations to use 600 for the Route resource. 601 type: object 602 enabled: 603 description: Enabled will toggle the creation of the OpenShift 604 Route. 605 type: boolean 606 labels: 607 additionalProperties: 608 type: string 609 description: Labels is the map of labels to use for the Route 610 resource 611 type: object 612 path: 613 description: Path the router watches for, to route traffic 614 for to the service. 615 type: string 616 tls: 617 description: TLS provides the ability to configure certificates 618 and termination for the Route. 619 properties: 620 caCertificate: 621 description: caCertificate provides the cert authority 622 certificate contents 623 type: string 624 certificate: 625 description: certificate provides certificate contents 626 type: string 627 destinationCACertificate: 628 description: destinationCACertificate provides the contents 629 of the ca certificate of the final destination. When 630 using reencrypt termination this file should be provided 631 in order to have routers use it for health checks on 632 the secure connection. If this field is not specified, 633 the router may provide its own destination CA and perform 634 hostname validation using the short service name (service.namespace.svc), 635 which allows infrastructure generated certificates to 636 automatically verify. 637 type: string 638 insecureEdgeTerminationPolicy: 639 description: "insecureEdgeTerminationPolicy indicates 640 the desired behavior for insecure connections to a route. 641 While each router may make its own decisions on which 642 ports to expose, this is normally port 80. \n * Allow 643 - traffic is sent to the server on the insecure port 644 (default) * Disable - no traffic is allowed on the insecure 645 port. * Redirect - clients are redirected to the secure 646 port." 647 type: string 648 key: 649 description: key provides key file contents 650 type: string 651 termination: 652 description: termination indicates termination type. 653 type: string 654 required: 655 - termination 656 type: object 657 wildcardPolicy: 658 description: WildcardPolicy if any for the route. Currently 659 only 'Subdomain' or 'None' is allowed. 660 type: string 661 required: 662 - enabled 663 type: object 664 size: 665 description: Size is the replica count for the Grafana Deployment. 666 format: int32 667 type: integer 668 version: 669 description: Version is the Grafana container image tag. 670 type: string 671 required: 672 - enabled 673 type: object 674 ha: 675 description: HA options for High Availability support for the Redis 676 component. 677 properties: 678 enabled: 679 description: Enabled will toggle HA support globally for Argo 680 CD. 681 type: boolean 682 redisProxyImage: 683 description: RedisProxyImage is the Redis HAProxy container image. 684 type: string 685 redisProxyVersion: 686 description: RedisProxyVersion is the Redis HAProxy container 687 image tag. 688 type: string 689 resources: 690 description: Resources defines the Compute Resources required 691 by the container for HA. 692 properties: 693 limits: 694 additionalProperties: 695 anyOf: 696 - type: integer 697 - type: string 698 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 699 x-kubernetes-int-or-string: true 700 description: 'Limits describes the maximum amount of compute 701 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 702 type: object 703 requests: 704 additionalProperties: 705 anyOf: 706 - type: integer 707 - type: string 708 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 709 x-kubernetes-int-or-string: true 710 description: 'Requests describes the minimum amount of compute 711 resources required. If Requests is omitted for a container, 712 it defaults to Limits if that is explicitly specified, otherwise 713 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 714 type: object 715 type: object 716 required: 717 - enabled 718 type: object 719 helpChatText: 720 description: HelpChatText is the text for getting chat help, defaults 721 to "Chat now!" 722 type: string 723 helpChatURL: 724 description: HelpChatURL is the URL for getting chat help, this will 725 typically be your Slack channel for support. 726 type: string 727 image: 728 description: Image is the ArgoCD container image for all ArgoCD components. 729 type: string 730 import: 731 description: Import is the import/restore options for ArgoCD. 732 properties: 733 name: 734 description: Name of an ArgoCDExport from which to import data. 735 type: string 736 namespace: 737 description: Namespace for the ArgoCDExport, defaults to the same 738 namespace as the ArgoCD. 739 type: string 740 required: 741 - name 742 type: object 743 initialRepositories: 744 description: InitialRepositories to configure Argo CD with upon creation 745 of the cluster. 746 type: string 747 initialSSHKnownHosts: 748 description: InitialSSHKnownHosts defines the SSH known hosts data 749 upon creation of the cluster for connecting Git repositories via 750 SSH. 751 properties: 752 excludedefaulthosts: 753 description: ExcludeDefaultHosts describes whether you would like 754 to include the default list of SSH Known Hosts provided by ArgoCD. 755 type: boolean 756 keys: 757 description: Keys describes a custom set of SSH Known Hosts that 758 you would like to have included in your ArgoCD server. 759 type: string 760 type: object 761 kustomizeBuildOptions: 762 description: KustomizeBuildOptions is used to specify build options/parameters 763 to use with `kustomize build`. 764 type: string 765 kustomizeVersions: 766 description: KustomizeVersions is a listing of configured versions 767 of Kustomize to be made available within ArgoCD. 768 items: 769 description: KustomizeVersionSpec is used to specify information 770 about a kustomize version to be used within ArgoCD. 771 properties: 772 path: 773 description: Path is the path to a configured kustomize version 774 on the filesystem of your repo server. 775 type: string 776 version: 777 description: Version is a configured kustomize version in the 778 format of vX.Y.Z 779 type: string 780 type: object 781 type: array 782 nodePlacement: 783 description: NodePlacement defines NodeSelectors and Taints for Argo 784 CD workloads 785 properties: 786 nodeSelector: 787 additionalProperties: 788 type: string 789 description: NodeSelector is a field of PodSpec, it is a map of 790 key value pairs used for node selection 791 type: object 792 tolerations: 793 description: Tolerations allow the pods to schedule onto nodes 794 with matching taints 795 items: 796 description: The pod this Toleration is attached to tolerates 797 any taint that matches the triple <key,value,effect> using 798 the matching operator <operator>. 799 properties: 800 effect: 801 description: Effect indicates the taint effect to match. 802 Empty means match all taint effects. When specified, allowed 803 values are NoSchedule, PreferNoSchedule and NoExecute. 804 type: string 805 key: 806 description: Key is the taint key that the toleration applies 807 to. Empty means match all taint keys. If the key is empty, 808 operator must be Exists; this combination means to match 809 all values and all keys. 810 type: string 811 operator: 812 description: Operator represents a key's relationship to 813 the value. Valid operators are Exists and Equal. Defaults 814 to Equal. Exists is equivalent to wildcard for value, 815 so that a pod can tolerate all taints of a particular 816 category. 817 type: string 818 tolerationSeconds: 819 description: TolerationSeconds represents the period of 820 time the toleration (which must be of effect NoExecute, 821 otherwise this field is ignored) tolerates the taint. 822 By default, it is not set, which means tolerate the taint 823 forever (do not evict). Zero and negative values will 824 be treated as 0 (evict immediately) by the system. 825 format: int64 826 type: integer 827 value: 828 description: Value is the taint value the toleration matches 829 to. If the operator is Exists, the value should be empty, 830 otherwise just a regular string. 831 type: string 832 type: object 833 type: array 834 type: object 835 notifications: 836 description: Notifications defines whether the Argo CD Notifications 837 controller should be installed. 838 properties: 839 enabled: 840 description: Enabled defines whether argocd-notifications controller 841 should be deployed or not 842 type: boolean 843 image: 844 description: Image is the Argo CD Notifications image (optional) 845 type: string 846 logLevel: 847 description: LogLevel describes the log level that should be used 848 by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel 849 if not set. Valid options are debug,info, error, and warn. 850 type: string 851 replicas: 852 description: Replicas defines the number of replicas to run for 853 notifications-controller 854 format: int32 855 type: integer 856 resources: 857 description: Resources defines the Compute Resources required 858 by the container for Argo CD Notifications. 859 properties: 860 limits: 861 additionalProperties: 862 anyOf: 863 - type: integer 864 - type: string 865 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 866 x-kubernetes-int-or-string: true 867 description: 'Limits describes the maximum amount of compute 868 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 869 type: object 870 requests: 871 additionalProperties: 872 anyOf: 873 - type: integer 874 - type: string 875 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 876 x-kubernetes-int-or-string: true 877 description: 'Requests describes the minimum amount of compute 878 resources required. If Requests is omitted for a container, 879 it defaults to Limits if that is explicitly specified, otherwise 880 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 881 type: object 882 type: object 883 version: 884 description: Version is the Argo CD Notifications image tag. (optional) 885 type: string 886 required: 887 - enabled 888 type: object 889 oidcConfig: 890 description: OIDCConfig is the OIDC configuration as an alternative 891 to dex. 892 type: string 893 prometheus: 894 description: Prometheus defines the Prometheus server options for 895 ArgoCD. 896 properties: 897 enabled: 898 description: Enabled will toggle Prometheus support globally for 899 ArgoCD. 900 type: boolean 901 host: 902 description: Host is the hostname to use for Ingress/Route resources. 903 type: string 904 ingress: 905 description: Ingress defines the desired state for an Ingress 906 for the Prometheus component. 907 properties: 908 annotations: 909 additionalProperties: 910 type: string 911 description: Annotations is the map of annotations to apply 912 to the Ingress. 913 type: object 914 enabled: 915 description: Enabled will toggle the creation of the Ingress. 916 type: boolean 917 ingressClassName: 918 description: IngressClassName for the Ingress resource. 919 type: string 920 path: 921 description: Path used for the Ingress resource. 922 type: string 923 tls: 924 description: TLS configuration. Currently the Ingress only 925 supports a single TLS port, 443. If multiple members of 926 this list specify different hosts, they will be multiplexed 927 on the same port according to the hostname specified through 928 the SNI TLS extension, if the ingress controller fulfilling 929 the ingress supports SNI. 930 items: 931 description: IngressTLS describes the transport layer security 932 associated with an Ingress. 933 properties: 934 hosts: 935 description: Hosts are a list of hosts included in the 936 TLS certificate. The values in this list must match 937 the name/s used in the tlsSecret. Defaults to the 938 wildcard host setting for the loadbalancer controller 939 fulfilling this Ingress, if left unspecified. 940 items: 941 type: string 942 type: array 943 x-kubernetes-list-type: atomic 944 secretName: 945 description: SecretName is the name of the secret used 946 to terminate TLS traffic on port 443. Field is left 947 optional to allow TLS routing based on SNI hostname 948 alone. If the SNI host in a listener conflicts with 949 the "Host" header field used by an IngressRule, the 950 SNI host is used for termination and value of the 951 Host header is used for routing. 952 type: string 953 type: object 954 type: array 955 required: 956 - enabled 957 type: object 958 route: 959 description: Route defines the desired state for an OpenShift 960 Route for the Prometheus component. 961 properties: 962 annotations: 963 additionalProperties: 964 type: string 965 description: Annotations is the map of annotations to use 966 for the Route resource. 967 type: object 968 enabled: 969 description: Enabled will toggle the creation of the OpenShift 970 Route. 971 type: boolean 972 labels: 973 additionalProperties: 974 type: string 975 description: Labels is the map of labels to use for the Route 976 resource 977 type: object 978 path: 979 description: Path the router watches for, to route traffic 980 for to the service. 981 type: string 982 tls: 983 description: TLS provides the ability to configure certificates 984 and termination for the Route. 985 properties: 986 caCertificate: 987 description: caCertificate provides the cert authority 988 certificate contents 989 type: string 990 certificate: 991 description: certificate provides certificate contents 992 type: string 993 destinationCACertificate: 994 description: destinationCACertificate provides the contents 995 of the ca certificate of the final destination. When 996 using reencrypt termination this file should be provided 997 in order to have routers use it for health checks on 998 the secure connection. If this field is not specified, 999 the router may provide its own destination CA and perform 1000 hostname validation using the short service name (service.namespace.svc), 1001 which allows infrastructure generated certificates to 1002 automatically verify. 1003 type: string 1004 insecureEdgeTerminationPolicy: 1005 description: "insecureEdgeTerminationPolicy indicates 1006 the desired behavior for insecure connections to a route. 1007 While each router may make its own decisions on which 1008 ports to expose, this is normally port 80. \n * Allow 1009 - traffic is sent to the server on the insecure port 1010 (default) * Disable - no traffic is allowed on the insecure 1011 port. * Redirect - clients are redirected to the secure 1012 port." 1013 type: string 1014 key: 1015 description: key provides key file contents 1016 type: string 1017 termination: 1018 description: termination indicates termination type. 1019 type: string 1020 required: 1021 - termination 1022 type: object 1023 wildcardPolicy: 1024 description: WildcardPolicy if any for the route. Currently 1025 only 'Subdomain' or 'None' is allowed. 1026 type: string 1027 required: 1028 - enabled 1029 type: object 1030 size: 1031 description: Size is the replica count for the Prometheus StatefulSet. 1032 format: int32 1033 type: integer 1034 required: 1035 - enabled 1036 type: object 1037 rbac: 1038 description: RBAC defines the RBAC configuration for Argo CD. 1039 properties: 1040 defaultPolicy: 1041 description: DefaultPolicy is the name of the default role which 1042 Argo CD will falls back to, when authorizing API requests (optional). 1043 If omitted or empty, users may be still be able to login, but 1044 will see no apps, projects, etc... 1045 type: string 1046 policy: 1047 description: 'Policy is CSV containing user-defined RBAC policies 1048 and role definitions. Policy rules are in the form: p, subject, 1049 resource, action, object, effect Role definitions and bindings 1050 are in the form: g, subject, inherited-subject See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md 1051 for additional information.' 1052 type: string 1053 scopes: 1054 description: 'Scopes controls which OIDC scopes to examine during 1055 rbac enforcement (in addition to `sub` scope). If omitted, defaults 1056 to: ''[groups]''.' 1057 type: string 1058 type: object 1059 redis: 1060 description: Redis defines the Redis server options for ArgoCD. 1061 properties: 1062 autotls: 1063 description: 'AutoTLS specifies the method to use for automatic 1064 TLS configuration for the redis server The value specified here 1065 can currently be: - openshift - Use the OpenShift service CA 1066 to request TLS config' 1067 type: string 1068 disableTLSVerification: 1069 description: DisableTLSVerification defines whether redis server 1070 API should be accessed using strict TLS validation 1071 type: boolean 1072 image: 1073 description: Image is the Redis container image. 1074 type: string 1075 resources: 1076 description: Resources defines the Compute Resources required 1077 by the container for Redis. 1078 properties: 1079 limits: 1080 additionalProperties: 1081 anyOf: 1082 - type: integer 1083 - type: string 1084 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1085 x-kubernetes-int-or-string: true 1086 description: 'Limits describes the maximum amount of compute 1087 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1088 type: object 1089 requests: 1090 additionalProperties: 1091 anyOf: 1092 - type: integer 1093 - type: string 1094 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1095 x-kubernetes-int-or-string: true 1096 description: 'Requests describes the minimum amount of compute 1097 resources required. If Requests is omitted for a container, 1098 it defaults to Limits if that is explicitly specified, otherwise 1099 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1100 type: object 1101 type: object 1102 version: 1103 description: Version is the Redis container image tag. 1104 type: string 1105 type: object 1106 repo: 1107 description: Repo defines the repo server options for Argo CD. 1108 properties: 1109 autotls: 1110 description: 'AutoTLS specifies the method to use for automatic 1111 TLS configuration for the repo server The value specified here 1112 can currently be: - openshift - Use the OpenShift service CA 1113 to request TLS config' 1114 type: string 1115 env: 1116 description: Env lets you specify environment for repo server 1117 pods 1118 items: 1119 description: EnvVar represents an environment variable present 1120 in a Container. 1121 properties: 1122 name: 1123 description: Name of the environment variable. Must be a 1124 C_IDENTIFIER. 1125 type: string 1126 value: 1127 description: 'Variable references $(VAR_NAME) are expanded 1128 using the previously defined environment variables in 1129 the container and any service environment variables. If 1130 a variable cannot be resolved, the reference in the input 1131 string will be unchanged. Double $$ are reduced to a single 1132 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 1133 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 1134 Escaped references will never be expanded, regardless 1135 of whether the variable exists or not. Defaults to "".' 1136 type: string 1137 valueFrom: 1138 description: Source for the environment variable's value. 1139 Cannot be used if value is not empty. 1140 properties: 1141 configMapKeyRef: 1142 description: Selects a key of a ConfigMap. 1143 properties: 1144 key: 1145 description: The key to select. 1146 type: string 1147 name: 1148 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1149 TODO: Add other useful fields. apiVersion, kind, 1150 uid?' 1151 type: string 1152 optional: 1153 description: Specify whether the ConfigMap or its 1154 key must be defined 1155 type: boolean 1156 required: 1157 - key 1158 type: object 1159 fieldRef: 1160 description: 'Selects a field of the pod: supports metadata.name, 1161 metadata.namespace, `metadata.labels[''<KEY>'']`, 1162 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1163 spec.serviceAccountName, status.hostIP, status.podIP, 1164 status.podIPs.' 1165 properties: 1166 apiVersion: 1167 description: Version of the schema the FieldPath 1168 is written in terms of, defaults to "v1". 1169 type: string 1170 fieldPath: 1171 description: Path of the field to select in the 1172 specified API version. 1173 type: string 1174 required: 1175 - fieldPath 1176 type: object 1177 resourceFieldRef: 1178 description: 'Selects a resource of the container: only 1179 resources limits and requests (limits.cpu, limits.memory, 1180 limits.ephemeral-storage, requests.cpu, requests.memory 1181 and requests.ephemeral-storage) are currently supported.' 1182 properties: 1183 containerName: 1184 description: 'Container name: required for volumes, 1185 optional for env vars' 1186 type: string 1187 divisor: 1188 anyOf: 1189 - type: integer 1190 - type: string 1191 description: Specifies the output format of the 1192 exposed resources, defaults to "1" 1193 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1194 x-kubernetes-int-or-string: true 1195 resource: 1196 description: 'Required: resource to select' 1197 type: string 1198 required: 1199 - resource 1200 type: object 1201 secretKeyRef: 1202 description: Selects a key of a secret in the pod's 1203 namespace 1204 properties: 1205 key: 1206 description: The key of the secret to select from. Must 1207 be a valid secret key. 1208 type: string 1209 name: 1210 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1211 TODO: Add other useful fields. apiVersion, kind, 1212 uid?' 1213 type: string 1214 optional: 1215 description: Specify whether the Secret or its key 1216 must be defined 1217 type: boolean 1218 required: 1219 - key 1220 type: object 1221 type: object 1222 required: 1223 - name 1224 type: object 1225 type: array 1226 execTimeout: 1227 description: ExecTimeout specifies the timeout in seconds for 1228 tool execution 1229 type: integer 1230 image: 1231 description: Image is the ArgoCD Repo Server container image. 1232 type: string 1233 initContainers: 1234 description: InitContainers defines the list of initialization 1235 containers for the repo server deployment 1236 items: 1237 description: A single application container that you want to 1238 run within a pod. 1239 properties: 1240 args: 1241 description: 'Arguments to the entrypoint. The docker image''s 1242 CMD is used if this is not provided. Variable references 1243 $(VAR_NAME) are expanded using the container''s environment. 1244 If a variable cannot be resolved, the reference in the 1245 input string will be unchanged. Double $$ are reduced 1246 to a single $, which allows for escaping the $(VAR_NAME) 1247 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 1248 "$(VAR_NAME)". Escaped references will never be expanded, 1249 regardless of whether the variable exists or not. Cannot 1250 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1251 items: 1252 type: string 1253 type: array 1254 command: 1255 description: 'Entrypoint array. Not executed within a shell. 1256 The docker image''s ENTRYPOINT is used if this is not 1257 provided. Variable references $(VAR_NAME) are expanded 1258 using the container''s environment. If a variable cannot 1259 be resolved, the reference in the input string will be 1260 unchanged. Double $$ are reduced to a single $, which 1261 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1262 will produce the string literal "$(VAR_NAME)". Escaped 1263 references will never be expanded, regardless of whether 1264 the variable exists or not. Cannot be updated. More info: 1265 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1266 items: 1267 type: string 1268 type: array 1269 env: 1270 description: List of environment variables to set in the 1271 container. Cannot be updated. 1272 items: 1273 description: EnvVar represents an environment variable 1274 present in a Container. 1275 properties: 1276 name: 1277 description: Name of the environment variable. Must 1278 be a C_IDENTIFIER. 1279 type: string 1280 value: 1281 description: 'Variable references $(VAR_NAME) are 1282 expanded using the previously defined environment 1283 variables in the container and any service environment 1284 variables. If a variable cannot be resolved, the 1285 reference in the input string will be unchanged. 1286 Double $$ are reduced to a single $, which allows 1287 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1288 will produce the string literal "$(VAR_NAME)". Escaped 1289 references will never be expanded, regardless of 1290 whether the variable exists or not. Defaults to 1291 "".' 1292 type: string 1293 valueFrom: 1294 description: Source for the environment variable's 1295 value. Cannot be used if value is not empty. 1296 properties: 1297 configMapKeyRef: 1298 description: Selects a key of a ConfigMap. 1299 properties: 1300 key: 1301 description: The key to select. 1302 type: string 1303 name: 1304 description: 'Name of the referent. More info: 1305 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1306 TODO: Add other useful fields. apiVersion, 1307 kind, uid?' 1308 type: string 1309 optional: 1310 description: Specify whether the ConfigMap 1311 or its key must be defined 1312 type: boolean 1313 required: 1314 - key 1315 type: object 1316 fieldRef: 1317 description: 'Selects a field of the pod: supports 1318 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 1319 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1320 spec.serviceAccountName, status.hostIP, status.podIP, 1321 status.podIPs.' 1322 properties: 1323 apiVersion: 1324 description: Version of the schema the FieldPath 1325 is written in terms of, defaults to "v1". 1326 type: string 1327 fieldPath: 1328 description: Path of the field to select in 1329 the specified API version. 1330 type: string 1331 required: 1332 - fieldPath 1333 type: object 1334 resourceFieldRef: 1335 description: 'Selects a resource of the container: 1336 only resources limits and requests (limits.cpu, 1337 limits.memory, limits.ephemeral-storage, requests.cpu, 1338 requests.memory and requests.ephemeral-storage) 1339 are currently supported.' 1340 properties: 1341 containerName: 1342 description: 'Container name: required for 1343 volumes, optional for env vars' 1344 type: string 1345 divisor: 1346 anyOf: 1347 - type: integer 1348 - type: string 1349 description: Specifies the output format of 1350 the exposed resources, defaults to "1" 1351 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1352 x-kubernetes-int-or-string: true 1353 resource: 1354 description: 'Required: resource to select' 1355 type: string 1356 required: 1357 - resource 1358 type: object 1359 secretKeyRef: 1360 description: Selects a key of a secret in the 1361 pod's namespace 1362 properties: 1363 key: 1364 description: The key of the secret to select 1365 from. Must be a valid secret key. 1366 type: string 1367 name: 1368 description: 'Name of the referent. More info: 1369 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1370 TODO: Add other useful fields. apiVersion, 1371 kind, uid?' 1372 type: string 1373 optional: 1374 description: Specify whether the Secret or 1375 its key must be defined 1376 type: boolean 1377 required: 1378 - key 1379 type: object 1380 type: object 1381 required: 1382 - name 1383 type: object 1384 type: array 1385 envFrom: 1386 description: List of sources to populate environment variables 1387 in the container. The keys defined within a source must 1388 be a C_IDENTIFIER. All invalid keys will be reported as 1389 an event when the container is starting. When a key exists 1390 in multiple sources, the value associated with the last 1391 source will take precedence. Values defined by an Env 1392 with a duplicate key will take precedence. Cannot be updated. 1393 items: 1394 description: EnvFromSource represents the source of a 1395 set of ConfigMaps 1396 properties: 1397 configMapRef: 1398 description: The ConfigMap to select from 1399 properties: 1400 name: 1401 description: 'Name of the referent. More info: 1402 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1403 TODO: Add other useful fields. apiVersion, kind, 1404 uid?' 1405 type: string 1406 optional: 1407 description: Specify whether the ConfigMap must 1408 be defined 1409 type: boolean 1410 type: object 1411 prefix: 1412 description: An optional identifier to prepend to 1413 each key in the ConfigMap. Must be a C_IDENTIFIER. 1414 type: string 1415 secretRef: 1416 description: The Secret to select from 1417 properties: 1418 name: 1419 description: 'Name of the referent. More info: 1420 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1421 TODO: Add other useful fields. apiVersion, kind, 1422 uid?' 1423 type: string 1424 optional: 1425 description: Specify whether the Secret must be 1426 defined 1427 type: boolean 1428 type: object 1429 type: object 1430 type: array 1431 image: 1432 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images 1433 This field is optional to allow higher level config management 1434 to default or override container images in workload controllers 1435 like Deployments and StatefulSets.' 1436 type: string 1437 imagePullPolicy: 1438 description: 'Image pull policy. One of Always, Never, IfNotPresent. 1439 Defaults to Always if :latest tag is specified, or IfNotPresent 1440 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1441 type: string 1442 lifecycle: 1443 description: Actions that the management system should take 1444 in response to container lifecycle events. Cannot be updated. 1445 properties: 1446 postStart: 1447 description: 'PostStart is called immediately after 1448 a container is created. If the handler fails, the 1449 container is terminated and restarted according to 1450 its restart policy. Other management of the container 1451 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1452 properties: 1453 exec: 1454 description: Exec specifies the action to take. 1455 properties: 1456 command: 1457 description: Command is the command line to 1458 execute inside the container, the working 1459 directory for the command is root ('/') in 1460 the container's filesystem. The command is 1461 simply exec'd, it is not run inside a shell, 1462 so traditional shell instructions ('|', etc) 1463 won't work. To use a shell, you need to explicitly 1464 call out to that shell. Exit status of 0 is 1465 treated as live/healthy and non-zero is unhealthy. 1466 items: 1467 type: string 1468 type: array 1469 type: object 1470 httpGet: 1471 description: HTTPGet specifies the http request 1472 to perform. 1473 properties: 1474 host: 1475 description: Host name to connect to, defaults 1476 to the pod IP. You probably want to set "Host" 1477 in httpHeaders instead. 1478 type: string 1479 httpHeaders: 1480 description: Custom headers to set in the request. 1481 HTTP allows repeated headers. 1482 items: 1483 description: HTTPHeader describes a custom 1484 header to be used in HTTP probes 1485 properties: 1486 name: 1487 description: The header field name 1488 type: string 1489 value: 1490 description: The header field value 1491 type: string 1492 required: 1493 - name 1494 - value 1495 type: object 1496 type: array 1497 path: 1498 description: Path to access on the HTTP server. 1499 type: string 1500 port: 1501 anyOf: 1502 - type: integer 1503 - type: string 1504 description: Name or number of the port to access 1505 on the container. Number must be in the range 1506 1 to 65535. Name must be an IANA_SVC_NAME. 1507 x-kubernetes-int-or-string: true 1508 scheme: 1509 description: Scheme to use for connecting to 1510 the host. Defaults to HTTP. 1511 type: string 1512 required: 1513 - port 1514 type: object 1515 tcpSocket: 1516 description: Deprecated. TCPSocket is NOT supported 1517 as a LifecycleHandler and kept for the backward 1518 compatibility. There are no validation of this 1519 field and lifecycle hooks will fail in runtime 1520 when tcp handler is specified. 1521 properties: 1522 host: 1523 description: 'Optional: Host name to connect 1524 to, defaults to the pod IP.' 1525 type: string 1526 port: 1527 anyOf: 1528 - type: integer 1529 - type: string 1530 description: Number or name of the port to access 1531 on the container. Number must be in the range 1532 1 to 65535. Name must be an IANA_SVC_NAME. 1533 x-kubernetes-int-or-string: true 1534 required: 1535 - port 1536 type: object 1537 type: object 1538 preStop: 1539 description: 'PreStop is called immediately before a 1540 container is terminated due to an API request or management 1541 event such as liveness/startup probe failure, preemption, 1542 resource contention, etc. The handler is not called 1543 if the container crashes or exits. The Pod''s termination 1544 grace period countdown begins before the PreStop hook 1545 is executed. Regardless of the outcome of the handler, 1546 the container will eventually terminate within the 1547 Pod''s termination grace period (unless delayed by 1548 finalizers). Other management of the container blocks 1549 until the hook completes or until the termination 1550 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1551 properties: 1552 exec: 1553 description: Exec specifies the action to take. 1554 properties: 1555 command: 1556 description: Command is the command line to 1557 execute inside the container, the working 1558 directory for the command is root ('/') in 1559 the container's filesystem. The command is 1560 simply exec'd, it is not run inside a shell, 1561 so traditional shell instructions ('|', etc) 1562 won't work. To use a shell, you need to explicitly 1563 call out to that shell. Exit status of 0 is 1564 treated as live/healthy and non-zero is unhealthy. 1565 items: 1566 type: string 1567 type: array 1568 type: object 1569 httpGet: 1570 description: HTTPGet specifies the http request 1571 to perform. 1572 properties: 1573 host: 1574 description: Host name to connect to, defaults 1575 to the pod IP. You probably want to set "Host" 1576 in httpHeaders instead. 1577 type: string 1578 httpHeaders: 1579 description: Custom headers to set in the request. 1580 HTTP allows repeated headers. 1581 items: 1582 description: HTTPHeader describes a custom 1583 header to be used in HTTP probes 1584 properties: 1585 name: 1586 description: The header field name 1587 type: string 1588 value: 1589 description: The header field value 1590 type: string 1591 required: 1592 - name 1593 - value 1594 type: object 1595 type: array 1596 path: 1597 description: Path to access on the HTTP server. 1598 type: string 1599 port: 1600 anyOf: 1601 - type: integer 1602 - type: string 1603 description: Name or number of the port to access 1604 on the container. Number must be in the range 1605 1 to 65535. Name must be an IANA_SVC_NAME. 1606 x-kubernetes-int-or-string: true 1607 scheme: 1608 description: Scheme to use for connecting to 1609 the host. Defaults to HTTP. 1610 type: string 1611 required: 1612 - port 1613 type: object 1614 tcpSocket: 1615 description: Deprecated. TCPSocket is NOT supported 1616 as a LifecycleHandler and kept for the backward 1617 compatibility. There are no validation of this 1618 field and lifecycle hooks will fail in runtime 1619 when tcp handler is specified. 1620 properties: 1621 host: 1622 description: 'Optional: Host name to connect 1623 to, defaults to the pod IP.' 1624 type: string 1625 port: 1626 anyOf: 1627 - type: integer 1628 - type: string 1629 description: Number or name of the port to access 1630 on the container. Number must be in the range 1631 1 to 65535. Name must be an IANA_SVC_NAME. 1632 x-kubernetes-int-or-string: true 1633 required: 1634 - port 1635 type: object 1636 type: object 1637 type: object 1638 livenessProbe: 1639 description: 'Periodic probe of container liveness. Container 1640 will be restarted if the probe fails. Cannot be updated. 1641 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1642 properties: 1643 exec: 1644 description: Exec specifies the action to take. 1645 properties: 1646 command: 1647 description: Command is the command line to execute 1648 inside the container, the working directory for 1649 the command is root ('/') in the container's 1650 filesystem. The command is simply exec'd, it is 1651 not run inside a shell, so traditional shell instructions 1652 ('|', etc) won't work. To use a shell, you need 1653 to explicitly call out to that shell. Exit status 1654 of 0 is treated as live/healthy and non-zero is 1655 unhealthy. 1656 items: 1657 type: string 1658 type: array 1659 type: object 1660 failureThreshold: 1661 description: Minimum consecutive failures for the probe 1662 to be considered failed after having succeeded. Defaults 1663 to 3. Minimum value is 1. 1664 format: int32 1665 type: integer 1666 grpc: 1667 description: GRPC specifies an action involving a GRPC 1668 port. This is an alpha field and requires enabling 1669 GRPCContainerProbe feature gate. 1670 properties: 1671 port: 1672 description: Port number of the gRPC service. Number 1673 must be in the range 1 to 65535. 1674 format: int32 1675 type: integer 1676 service: 1677 description: "Service is the name of the service 1678 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1679 \n If this is not specified, the default behavior 1680 is defined by gRPC." 1681 type: string 1682 required: 1683 - port 1684 type: object 1685 httpGet: 1686 description: HTTPGet specifies the http request to perform. 1687 properties: 1688 host: 1689 description: Host name to connect to, defaults to 1690 the pod IP. You probably want to set "Host" in 1691 httpHeaders instead. 1692 type: string 1693 httpHeaders: 1694 description: Custom headers to set in the request. 1695 HTTP allows repeated headers. 1696 items: 1697 description: HTTPHeader describes a custom header 1698 to be used in HTTP probes 1699 properties: 1700 name: 1701 description: The header field name 1702 type: string 1703 value: 1704 description: The header field value 1705 type: string 1706 required: 1707 - name 1708 - value 1709 type: object 1710 type: array 1711 path: 1712 description: Path to access on the HTTP server. 1713 type: string 1714 port: 1715 anyOf: 1716 - type: integer 1717 - type: string 1718 description: Name or number of the port to access 1719 on the container. Number must be in the range 1720 1 to 65535. Name must be an IANA_SVC_NAME. 1721 x-kubernetes-int-or-string: true 1722 scheme: 1723 description: Scheme to use for connecting to the 1724 host. Defaults to HTTP. 1725 type: string 1726 required: 1727 - port 1728 type: object 1729 initialDelaySeconds: 1730 description: 'Number of seconds after the container 1731 has started before liveness probes are initiated. 1732 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1733 format: int32 1734 type: integer 1735 periodSeconds: 1736 description: How often (in seconds) to perform the probe. 1737 Default to 10 seconds. Minimum value is 1. 1738 format: int32 1739 type: integer 1740 successThreshold: 1741 description: Minimum consecutive successes for the probe 1742 to be considered successful after having failed. Defaults 1743 to 1. Must be 1 for liveness and startup. Minimum 1744 value is 1. 1745 format: int32 1746 type: integer 1747 tcpSocket: 1748 description: TCPSocket specifies an action involving 1749 a TCP port. 1750 properties: 1751 host: 1752 description: 'Optional: Host name to connect to, 1753 defaults to the pod IP.' 1754 type: string 1755 port: 1756 anyOf: 1757 - type: integer 1758 - type: string 1759 description: Number or name of the port to access 1760 on the container. Number must be in the range 1761 1 to 65535. Name must be an IANA_SVC_NAME. 1762 x-kubernetes-int-or-string: true 1763 required: 1764 - port 1765 type: object 1766 terminationGracePeriodSeconds: 1767 description: Optional duration in seconds the pod needs 1768 to terminate gracefully upon probe failure. The grace 1769 period is the duration in seconds after the processes 1770 running in the pod are sent a termination signal and 1771 the time when the processes are forcibly halted with 1772 a kill signal. Set this value longer than the expected 1773 cleanup time for your process. If this value is nil, 1774 the pod's terminationGracePeriodSeconds will be used. 1775 Otherwise, this value overrides the value provided 1776 by the pod spec. Value must be non-negative integer. 1777 The value zero indicates stop immediately via the 1778 kill signal (no opportunity to shut down). This is 1779 a beta field and requires enabling ProbeTerminationGracePeriod 1780 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 1781 is used if unset. 1782 format: int64 1783 type: integer 1784 timeoutSeconds: 1785 description: 'Number of seconds after which the probe 1786 times out. Defaults to 1 second. Minimum value is 1787 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1788 format: int32 1789 type: integer 1790 type: object 1791 name: 1792 description: Name of the container specified as a DNS_LABEL. 1793 Each container in a pod must have a unique name (DNS_LABEL). 1794 Cannot be updated. 1795 type: string 1796 ports: 1797 description: List of ports to expose from the container. 1798 Exposing a port here gives the system additional information 1799 about the network connections a container uses, but is 1800 primarily informational. Not specifying a port here DOES 1801 NOT prevent that port from being exposed. Any port which 1802 is listening on the default "0.0.0.0" address inside a 1803 container will be accessible from the network. Cannot 1804 be updated. 1805 items: 1806 description: ContainerPort represents a network port in 1807 a single container. 1808 properties: 1809 containerPort: 1810 description: Number of port to expose on the pod's 1811 IP address. This must be a valid port number, 0 1812 < x < 65536. 1813 format: int32 1814 type: integer 1815 hostIP: 1816 description: What host IP to bind the external port 1817 to. 1818 type: string 1819 hostPort: 1820 description: Number of port to expose on the host. 1821 If specified, this must be a valid port number, 1822 0 < x < 65536. If HostNetwork is specified, this 1823 must match ContainerPort. Most containers do not 1824 need this. 1825 format: int32 1826 type: integer 1827 name: 1828 description: If specified, this must be an IANA_SVC_NAME 1829 and unique within the pod. Each named port in a 1830 pod must have a unique name. Name for the port that 1831 can be referred to by services. 1832 type: string 1833 protocol: 1834 default: TCP 1835 description: Protocol for port. Must be UDP, TCP, 1836 or SCTP. Defaults to "TCP". 1837 type: string 1838 required: 1839 - containerPort 1840 type: object 1841 type: array 1842 x-kubernetes-list-map-keys: 1843 - containerPort 1844 - protocol 1845 x-kubernetes-list-type: map 1846 readinessProbe: 1847 description: 'Periodic probe of container service readiness. 1848 Container will be removed from service endpoints if the 1849 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1850 properties: 1851 exec: 1852 description: Exec specifies the action to take. 1853 properties: 1854 command: 1855 description: Command is the command line to execute 1856 inside the container, the working directory for 1857 the command is root ('/') in the container's 1858 filesystem. The command is simply exec'd, it is 1859 not run inside a shell, so traditional shell instructions 1860 ('|', etc) won't work. To use a shell, you need 1861 to explicitly call out to that shell. Exit status 1862 of 0 is treated as live/healthy and non-zero is 1863 unhealthy. 1864 items: 1865 type: string 1866 type: array 1867 type: object 1868 failureThreshold: 1869 description: Minimum consecutive failures for the probe 1870 to be considered failed after having succeeded. Defaults 1871 to 3. Minimum value is 1. 1872 format: int32 1873 type: integer 1874 grpc: 1875 description: GRPC specifies an action involving a GRPC 1876 port. This is an alpha field and requires enabling 1877 GRPCContainerProbe feature gate. 1878 properties: 1879 port: 1880 description: Port number of the gRPC service. Number 1881 must be in the range 1 to 65535. 1882 format: int32 1883 type: integer 1884 service: 1885 description: "Service is the name of the service 1886 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1887 \n If this is not specified, the default behavior 1888 is defined by gRPC." 1889 type: string 1890 required: 1891 - port 1892 type: object 1893 httpGet: 1894 description: HTTPGet specifies the http request to perform. 1895 properties: 1896 host: 1897 description: Host name to connect to, defaults to 1898 the pod IP. You probably want to set "Host" in 1899 httpHeaders instead. 1900 type: string 1901 httpHeaders: 1902 description: Custom headers to set in the request. 1903 HTTP allows repeated headers. 1904 items: 1905 description: HTTPHeader describes a custom header 1906 to be used in HTTP probes 1907 properties: 1908 name: 1909 description: The header field name 1910 type: string 1911 value: 1912 description: The header field value 1913 type: string 1914 required: 1915 - name 1916 - value 1917 type: object 1918 type: array 1919 path: 1920 description: Path to access on the HTTP server. 1921 type: string 1922 port: 1923 anyOf: 1924 - type: integer 1925 - type: string 1926 description: Name or number of the port to access 1927 on the container. Number must be in the range 1928 1 to 65535. Name must be an IANA_SVC_NAME. 1929 x-kubernetes-int-or-string: true 1930 scheme: 1931 description: Scheme to use for connecting to the 1932 host. Defaults to HTTP. 1933 type: string 1934 required: 1935 - port 1936 type: object 1937 initialDelaySeconds: 1938 description: 'Number of seconds after the container 1939 has started before liveness probes are initiated. 1940 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1941 format: int32 1942 type: integer 1943 periodSeconds: 1944 description: How often (in seconds) to perform the probe. 1945 Default to 10 seconds. Minimum value is 1. 1946 format: int32 1947 type: integer 1948 successThreshold: 1949 description: Minimum consecutive successes for the probe 1950 to be considered successful after having failed. Defaults 1951 to 1. Must be 1 for liveness and startup. Minimum 1952 value is 1. 1953 format: int32 1954 type: integer 1955 tcpSocket: 1956 description: TCPSocket specifies an action involving 1957 a TCP port. 1958 properties: 1959 host: 1960 description: 'Optional: Host name to connect to, 1961 defaults to the pod IP.' 1962 type: string 1963 port: 1964 anyOf: 1965 - type: integer 1966 - type: string 1967 description: Number or name of the port to access 1968 on the container. Number must be in the range 1969 1 to 65535. Name must be an IANA_SVC_NAME. 1970 x-kubernetes-int-or-string: true 1971 required: 1972 - port 1973 type: object 1974 terminationGracePeriodSeconds: 1975 description: Optional duration in seconds the pod needs 1976 to terminate gracefully upon probe failure. The grace 1977 period is the duration in seconds after the processes 1978 running in the pod are sent a termination signal and 1979 the time when the processes are forcibly halted with 1980 a kill signal. Set this value longer than the expected 1981 cleanup time for your process. If this value is nil, 1982 the pod's terminationGracePeriodSeconds will be used. 1983 Otherwise, this value overrides the value provided 1984 by the pod spec. Value must be non-negative integer. 1985 The value zero indicates stop immediately via the 1986 kill signal (no opportunity to shut down). This is 1987 a beta field and requires enabling ProbeTerminationGracePeriod 1988 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 1989 is used if unset. 1990 format: int64 1991 type: integer 1992 timeoutSeconds: 1993 description: 'Number of seconds after which the probe 1994 times out. Defaults to 1 second. Minimum value is 1995 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1996 format: int32 1997 type: integer 1998 type: object 1999 resources: 2000 description: 'Compute Resources required by this container. 2001 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2002 properties: 2003 limits: 2004 additionalProperties: 2005 anyOf: 2006 - type: integer 2007 - type: string 2008 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2009 x-kubernetes-int-or-string: true 2010 description: 'Limits describes the maximum amount of 2011 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2012 type: object 2013 requests: 2014 additionalProperties: 2015 anyOf: 2016 - type: integer 2017 - type: string 2018 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2019 x-kubernetes-int-or-string: true 2020 description: 'Requests describes the minimum amount 2021 of compute resources required. If Requests is omitted 2022 for a container, it defaults to Limits if that is 2023 explicitly specified, otherwise to an implementation-defined 2024 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2025 type: object 2026 type: object 2027 securityContext: 2028 description: 'SecurityContext defines the security options 2029 the container should be run with. If set, the fields of 2030 SecurityContext override the equivalent fields of PodSecurityContext. 2031 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2032 properties: 2033 allowPrivilegeEscalation: 2034 description: 'AllowPrivilegeEscalation controls whether 2035 a process can gain more privileges than its parent 2036 process. This bool directly controls if the no_new_privs 2037 flag will be set on the container process. AllowPrivilegeEscalation 2038 is true always when the container is: 1) run as Privileged 2039 2) has CAP_SYS_ADMIN Note that this field cannot be 2040 set when spec.os.name is windows.' 2041 type: boolean 2042 capabilities: 2043 description: The capabilities to add/drop when running 2044 containers. Defaults to the default set of capabilities 2045 granted by the container runtime. Note that this field 2046 cannot be set when spec.os.name is windows. 2047 properties: 2048 add: 2049 description: Added capabilities 2050 items: 2051 description: Capability represent POSIX capabilities 2052 type 2053 type: string 2054 type: array 2055 drop: 2056 description: Removed capabilities 2057 items: 2058 description: Capability represent POSIX capabilities 2059 type 2060 type: string 2061 type: array 2062 type: object 2063 privileged: 2064 description: Run container in privileged mode. Processes 2065 in privileged containers are essentially equivalent 2066 to root on the host. Defaults to false. Note that 2067 this field cannot be set when spec.os.name is windows. 2068 type: boolean 2069 procMount: 2070 description: procMount denotes the type of proc mount 2071 to use for the containers. The default is DefaultProcMount 2072 which uses the container runtime defaults for readonly 2073 paths and masked paths. This requires the ProcMountType 2074 feature flag to be enabled. Note that this field cannot 2075 be set when spec.os.name is windows. 2076 type: string 2077 readOnlyRootFilesystem: 2078 description: Whether this container has a read-only 2079 root filesystem. Default is false. Note that this 2080 field cannot be set when spec.os.name is windows. 2081 type: boolean 2082 runAsGroup: 2083 description: The GID to run the entrypoint of the container 2084 process. Uses runtime default if unset. May also be 2085 set in PodSecurityContext. If set in both SecurityContext 2086 and PodSecurityContext, the value specified in SecurityContext 2087 takes precedence. Note that this field cannot be set 2088 when spec.os.name is windows. 2089 format: int64 2090 type: integer 2091 runAsNonRoot: 2092 description: Indicates that the container must run as 2093 a non-root user. If true, the Kubelet will validate 2094 the image at runtime to ensure that it does not run 2095 as UID 0 (root) and fail to start the container if 2096 it does. If unset or false, no such validation will 2097 be performed. May also be set in PodSecurityContext. If 2098 set in both SecurityContext and PodSecurityContext, 2099 the value specified in SecurityContext takes precedence. 2100 type: boolean 2101 runAsUser: 2102 description: The UID to run the entrypoint of the container 2103 process. Defaults to user specified in image metadata 2104 if unspecified. May also be set in PodSecurityContext. If 2105 set in both SecurityContext and PodSecurityContext, 2106 the value specified in SecurityContext takes precedence. 2107 Note that this field cannot be set when spec.os.name 2108 is windows. 2109 format: int64 2110 type: integer 2111 seLinuxOptions: 2112 description: The SELinux context to be applied to the 2113 container. If unspecified, the container runtime will 2114 allocate a random SELinux context for each container. May 2115 also be set in PodSecurityContext. If set in both 2116 SecurityContext and PodSecurityContext, the value 2117 specified in SecurityContext takes precedence. Note 2118 that this field cannot be set when spec.os.name is 2119 windows. 2120 properties: 2121 level: 2122 description: Level is SELinux level label that applies 2123 to the container. 2124 type: string 2125 role: 2126 description: Role is a SELinux role label that applies 2127 to the container. 2128 type: string 2129 type: 2130 description: Type is a SELinux type label that applies 2131 to the container. 2132 type: string 2133 user: 2134 description: User is a SELinux user label that applies 2135 to the container. 2136 type: string 2137 type: object 2138 seccompProfile: 2139 description: The seccomp options to use by this container. 2140 If seccomp options are provided at both the pod & 2141 container level, the container options override the 2142 pod options. Note that this field cannot be set when 2143 spec.os.name is windows. 2144 properties: 2145 localhostProfile: 2146 description: localhostProfile indicates a profile 2147 defined in a file on the node should be used. 2148 The profile must be preconfigured on the node 2149 to work. Must be a descending path, relative to 2150 the kubelet's configured seccomp profile location. 2151 Must only be set if type is "Localhost". 2152 type: string 2153 type: 2154 description: "type indicates which kind of seccomp 2155 profile will be applied. Valid options are: \n 2156 Localhost - a profile defined in a file on the 2157 node should be used. RuntimeDefault - the container 2158 runtime default profile should be used. Unconfined 2159 - no profile should be applied." 2160 type: string 2161 required: 2162 - type 2163 type: object 2164 windowsOptions: 2165 description: The Windows specific settings applied to 2166 all containers. If unspecified, the options from the 2167 PodSecurityContext will be used. If set in both SecurityContext 2168 and PodSecurityContext, the value specified in SecurityContext 2169 takes precedence. Note that this field cannot be set 2170 when spec.os.name is linux. 2171 properties: 2172 gmsaCredentialSpec: 2173 description: GMSACredentialSpec is where the GMSA 2174 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2175 inlines the contents of the GMSA credential spec 2176 named by the GMSACredentialSpecName field. 2177 type: string 2178 gmsaCredentialSpecName: 2179 description: GMSACredentialSpecName is the name 2180 of the GMSA credential spec to use. 2181 type: string 2182 hostProcess: 2183 description: HostProcess determines if a container 2184 should be run as a 'Host Process' container. This 2185 field is alpha-level and will only be honored 2186 by components that enable the WindowsHostProcessContainers 2187 feature flag. Setting this field without the feature 2188 flag will result in errors when validating the 2189 Pod. All of a Pod's containers must have the same 2190 effective HostProcess value (it is not allowed 2191 to have a mix of HostProcess containers and non-HostProcess 2192 containers). In addition, if HostProcess is true 2193 then HostNetwork must also be set to true. 2194 type: boolean 2195 runAsUserName: 2196 description: The UserName in Windows to run the 2197 entrypoint of the container process. Defaults 2198 to the user specified in image metadata if unspecified. 2199 May also be set in PodSecurityContext. If set 2200 in both SecurityContext and PodSecurityContext, 2201 the value specified in SecurityContext takes precedence. 2202 type: string 2203 type: object 2204 type: object 2205 startupProbe: 2206 description: 'StartupProbe indicates that the Pod has successfully 2207 initialized. If specified, no other probes are executed 2208 until this completes successfully. If this probe fails, 2209 the Pod will be restarted, just as if the livenessProbe 2210 failed. This can be used to provide different probe parameters 2211 at the beginning of a Pod''s lifecycle, when it might 2212 take a long time to load data or warm a cache, than during 2213 steady-state operation. This cannot be updated. More info: 2214 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2215 properties: 2216 exec: 2217 description: Exec specifies the action to take. 2218 properties: 2219 command: 2220 description: Command is the command line to execute 2221 inside the container, the working directory for 2222 the command is root ('/') in the container's 2223 filesystem. The command is simply exec'd, it is 2224 not run inside a shell, so traditional shell instructions 2225 ('|', etc) won't work. To use a shell, you need 2226 to explicitly call out to that shell. Exit status 2227 of 0 is treated as live/healthy and non-zero is 2228 unhealthy. 2229 items: 2230 type: string 2231 type: array 2232 type: object 2233 failureThreshold: 2234 description: Minimum consecutive failures for the probe 2235 to be considered failed after having succeeded. Defaults 2236 to 3. Minimum value is 1. 2237 format: int32 2238 type: integer 2239 grpc: 2240 description: GRPC specifies an action involving a GRPC 2241 port. This is an alpha field and requires enabling 2242 GRPCContainerProbe feature gate. 2243 properties: 2244 port: 2245 description: Port number of the gRPC service. Number 2246 must be in the range 1 to 65535. 2247 format: int32 2248 type: integer 2249 service: 2250 description: "Service is the name of the service 2251 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2252 \n If this is not specified, the default behavior 2253 is defined by gRPC." 2254 type: string 2255 required: 2256 - port 2257 type: object 2258 httpGet: 2259 description: HTTPGet specifies the http request to perform. 2260 properties: 2261 host: 2262 description: Host name to connect to, defaults to 2263 the pod IP. You probably want to set "Host" in 2264 httpHeaders instead. 2265 type: string 2266 httpHeaders: 2267 description: Custom headers to set in the request. 2268 HTTP allows repeated headers. 2269 items: 2270 description: HTTPHeader describes a custom header 2271 to be used in HTTP probes 2272 properties: 2273 name: 2274 description: The header field name 2275 type: string 2276 value: 2277 description: The header field value 2278 type: string 2279 required: 2280 - name 2281 - value 2282 type: object 2283 type: array 2284 path: 2285 description: Path to access on the HTTP server. 2286 type: string 2287 port: 2288 anyOf: 2289 - type: integer 2290 - type: string 2291 description: Name or number of the port to access 2292 on the container. Number must be in the range 2293 1 to 65535. Name must be an IANA_SVC_NAME. 2294 x-kubernetes-int-or-string: true 2295 scheme: 2296 description: Scheme to use for connecting to the 2297 host. Defaults to HTTP. 2298 type: string 2299 required: 2300 - port 2301 type: object 2302 initialDelaySeconds: 2303 description: 'Number of seconds after the container 2304 has started before liveness probes are initiated. 2305 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2306 format: int32 2307 type: integer 2308 periodSeconds: 2309 description: How often (in seconds) to perform the probe. 2310 Default to 10 seconds. Minimum value is 1. 2311 format: int32 2312 type: integer 2313 successThreshold: 2314 description: Minimum consecutive successes for the probe 2315 to be considered successful after having failed. Defaults 2316 to 1. Must be 1 for liveness and startup. Minimum 2317 value is 1. 2318 format: int32 2319 type: integer 2320 tcpSocket: 2321 description: TCPSocket specifies an action involving 2322 a TCP port. 2323 properties: 2324 host: 2325 description: 'Optional: Host name to connect to, 2326 defaults to the pod IP.' 2327 type: string 2328 port: 2329 anyOf: 2330 - type: integer 2331 - type: string 2332 description: Number or name of the port to access 2333 on the container. Number must be in the range 2334 1 to 65535. Name must be an IANA_SVC_NAME. 2335 x-kubernetes-int-or-string: true 2336 required: 2337 - port 2338 type: object 2339 terminationGracePeriodSeconds: 2340 description: Optional duration in seconds the pod needs 2341 to terminate gracefully upon probe failure. The grace 2342 period is the duration in seconds after the processes 2343 running in the pod are sent a termination signal and 2344 the time when the processes are forcibly halted with 2345 a kill signal. Set this value longer than the expected 2346 cleanup time for your process. If this value is nil, 2347 the pod's terminationGracePeriodSeconds will be used. 2348 Otherwise, this value overrides the value provided 2349 by the pod spec. Value must be non-negative integer. 2350 The value zero indicates stop immediately via the 2351 kill signal (no opportunity to shut down). This is 2352 a beta field and requires enabling ProbeTerminationGracePeriod 2353 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2354 is used if unset. 2355 format: int64 2356 type: integer 2357 timeoutSeconds: 2358 description: 'Number of seconds after which the probe 2359 times out. Defaults to 1 second. Minimum value is 2360 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2361 format: int32 2362 type: integer 2363 type: object 2364 stdin: 2365 description: Whether this container should allocate a buffer 2366 for stdin in the container runtime. If this is not set, 2367 reads from stdin in the container will always result in 2368 EOF. Default is false. 2369 type: boolean 2370 stdinOnce: 2371 description: Whether the container runtime should close 2372 the stdin channel after it has been opened by a single 2373 attach. When stdin is true the stdin stream will remain 2374 open across multiple attach sessions. If stdinOnce is 2375 set to true, stdin is opened on container start, is empty 2376 until the first client attaches to stdin, and then remains 2377 open and accepts data until the client disconnects, at 2378 which time stdin is closed and remains closed until the 2379 container is restarted. If this flag is false, a container 2380 processes that reads from stdin will never receive an 2381 EOF. Default is false 2382 type: boolean 2383 terminationMessagePath: 2384 description: 'Optional: Path at which the file to which 2385 the container''s termination message will be written is 2386 mounted into the container''s filesystem. Message written 2387 is intended to be brief final status, such as an assertion 2388 failure message. Will be truncated by the node if greater 2389 than 4096 bytes. The total message length across all containers 2390 will be limited to 12kb. Defaults to /dev/termination-log. 2391 Cannot be updated.' 2392 type: string 2393 terminationMessagePolicy: 2394 description: Indicate how the termination message should 2395 be populated. File will use the contents of terminationMessagePath 2396 to populate the container status message on both success 2397 and failure. FallbackToLogsOnError will use the last chunk 2398 of container log output if the termination message file 2399 is empty and the container exited with an error. The log 2400 output is limited to 2048 bytes or 80 lines, whichever 2401 is smaller. Defaults to File. Cannot be updated. 2402 type: string 2403 tty: 2404 description: Whether this container should allocate a TTY 2405 for itself, also requires 'stdin' to be true. Default 2406 is false. 2407 type: boolean 2408 volumeDevices: 2409 description: volumeDevices is the list of block devices 2410 to be used by the container. 2411 items: 2412 description: volumeDevice describes a mapping of a raw 2413 block device within a container. 2414 properties: 2415 devicePath: 2416 description: devicePath is the path inside of the 2417 container that the device will be mapped to. 2418 type: string 2419 name: 2420 description: name must match the name of a persistentVolumeClaim 2421 in the pod 2422 type: string 2423 required: 2424 - devicePath 2425 - name 2426 type: object 2427 type: array 2428 volumeMounts: 2429 description: Pod volumes to mount into the container's filesystem. 2430 Cannot be updated. 2431 items: 2432 description: VolumeMount describes a mounting of a Volume 2433 within a container. 2434 properties: 2435 mountPath: 2436 description: Path within the container at which the 2437 volume should be mounted. Must not contain ':'. 2438 type: string 2439 mountPropagation: 2440 description: mountPropagation determines how mounts 2441 are propagated from the host to container and the 2442 other way around. When not set, MountPropagationNone 2443 is used. This field is beta in 1.10. 2444 type: string 2445 name: 2446 description: This must match the Name of a Volume. 2447 type: string 2448 readOnly: 2449 description: Mounted read-only if true, read-write 2450 otherwise (false or unspecified). Defaults to false. 2451 type: boolean 2452 subPath: 2453 description: Path within the volume from which the 2454 container's volume should be mounted. Defaults to 2455 "" (volume's root). 2456 type: string 2457 subPathExpr: 2458 description: Expanded path within the volume from 2459 which the container's volume should be mounted. 2460 Behaves similarly to SubPath but environment variable 2461 references $(VAR_NAME) are expanded using the container's 2462 environment. Defaults to "" (volume's root). SubPathExpr 2463 and SubPath are mutually exclusive. 2464 type: string 2465 required: 2466 - mountPath 2467 - name 2468 type: object 2469 type: array 2470 workingDir: 2471 description: Container's working directory. If not specified, 2472 the container runtime's default will be used, which might 2473 be configured in the container image. Cannot be updated. 2474 type: string 2475 required: 2476 - name 2477 type: object 2478 type: array 2479 logFormat: 2480 description: LogFormat describes the log format that should be 2481 used by the Repo Server. Defaults to ArgoCDDefaultLogFormat 2482 if not configured. Valid options are text or json. 2483 type: string 2484 logLevel: 2485 description: LogLevel describes the log level that should be used 2486 by the Repo Server. Defaults to ArgoCDDefaultLogLevel if not 2487 set. Valid options are debug, info, error, and warn. 2488 type: string 2489 mountsatoken: 2490 description: MountSAToken describes whether you would like to 2491 have the Repo server mount the service account token 2492 type: boolean 2493 replicas: 2494 description: Replicas defines the number of replicas for argocd-repo-server. 2495 Value should be greater than or equal to 0. Default is nil. 2496 format: int32 2497 type: integer 2498 resources: 2499 description: Resources defines the Compute Resources required 2500 by the container for Redis. 2501 properties: 2502 limits: 2503 additionalProperties: 2504 anyOf: 2505 - type: integer 2506 - type: string 2507 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2508 x-kubernetes-int-or-string: true 2509 description: 'Limits describes the maximum amount of compute 2510 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2511 type: object 2512 requests: 2513 additionalProperties: 2514 anyOf: 2515 - type: integer 2516 - type: string 2517 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2518 x-kubernetes-int-or-string: true 2519 description: 'Requests describes the minimum amount of compute 2520 resources required. If Requests is omitted for a container, 2521 it defaults to Limits if that is explicitly specified, otherwise 2522 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2523 type: object 2524 type: object 2525 serviceaccount: 2526 description: ServiceAccount defines the ServiceAccount user that 2527 you would like the Repo server to use 2528 type: string 2529 sidecarContainers: 2530 description: SidecarContainers defines the list of sidecar containers 2531 for the repo server deployment 2532 items: 2533 description: A single application container that you want to 2534 run within a pod. 2535 properties: 2536 args: 2537 description: 'Arguments to the entrypoint. The docker image''s 2538 CMD is used if this is not provided. Variable references 2539 $(VAR_NAME) are expanded using the container''s environment. 2540 If a variable cannot be resolved, the reference in the 2541 input string will be unchanged. Double $$ are reduced 2542 to a single $, which allows for escaping the $(VAR_NAME) 2543 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 2544 "$(VAR_NAME)". Escaped references will never be expanded, 2545 regardless of whether the variable exists or not. Cannot 2546 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2547 items: 2548 type: string 2549 type: array 2550 command: 2551 description: 'Entrypoint array. Not executed within a shell. 2552 The docker image''s ENTRYPOINT is used if this is not 2553 provided. Variable references $(VAR_NAME) are expanded 2554 using the container''s environment. If a variable cannot 2555 be resolved, the reference in the input string will be 2556 unchanged. Double $$ are reduced to a single $, which 2557 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 2558 will produce the string literal "$(VAR_NAME)". Escaped 2559 references will never be expanded, regardless of whether 2560 the variable exists or not. Cannot be updated. More info: 2561 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2562 items: 2563 type: string 2564 type: array 2565 env: 2566 description: List of environment variables to set in the 2567 container. Cannot be updated. 2568 items: 2569 description: EnvVar represents an environment variable 2570 present in a Container. 2571 properties: 2572 name: 2573 description: Name of the environment variable. Must 2574 be a C_IDENTIFIER. 2575 type: string 2576 value: 2577 description: 'Variable references $(VAR_NAME) are 2578 expanded using the previously defined environment 2579 variables in the container and any service environment 2580 variables. If a variable cannot be resolved, the 2581 reference in the input string will be unchanged. 2582 Double $$ are reduced to a single $, which allows 2583 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 2584 will produce the string literal "$(VAR_NAME)". Escaped 2585 references will never be expanded, regardless of 2586 whether the variable exists or not. Defaults to 2587 "".' 2588 type: string 2589 valueFrom: 2590 description: Source for the environment variable's 2591 value. Cannot be used if value is not empty. 2592 properties: 2593 configMapKeyRef: 2594 description: Selects a key of a ConfigMap. 2595 properties: 2596 key: 2597 description: The key to select. 2598 type: string 2599 name: 2600 description: 'Name of the referent. More info: 2601 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2602 TODO: Add other useful fields. apiVersion, 2603 kind, uid?' 2604 type: string 2605 optional: 2606 description: Specify whether the ConfigMap 2607 or its key must be defined 2608 type: boolean 2609 required: 2610 - key 2611 type: object 2612 fieldRef: 2613 description: 'Selects a field of the pod: supports 2614 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 2615 `metadata.annotations[''<KEY>'']`, spec.nodeName, 2616 spec.serviceAccountName, status.hostIP, status.podIP, 2617 status.podIPs.' 2618 properties: 2619 apiVersion: 2620 description: Version of the schema the FieldPath 2621 is written in terms of, defaults to "v1". 2622 type: string 2623 fieldPath: 2624 description: Path of the field to select in 2625 the specified API version. 2626 type: string 2627 required: 2628 - fieldPath 2629 type: object 2630 resourceFieldRef: 2631 description: 'Selects a resource of the container: 2632 only resources limits and requests (limits.cpu, 2633 limits.memory, limits.ephemeral-storage, requests.cpu, 2634 requests.memory and requests.ephemeral-storage) 2635 are currently supported.' 2636 properties: 2637 containerName: 2638 description: 'Container name: required for 2639 volumes, optional for env vars' 2640 type: string 2641 divisor: 2642 anyOf: 2643 - type: integer 2644 - type: string 2645 description: Specifies the output format of 2646 the exposed resources, defaults to "1" 2647 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2648 x-kubernetes-int-or-string: true 2649 resource: 2650 description: 'Required: resource to select' 2651 type: string 2652 required: 2653 - resource 2654 type: object 2655 secretKeyRef: 2656 description: Selects a key of a secret in the 2657 pod's namespace 2658 properties: 2659 key: 2660 description: The key of the secret to select 2661 from. Must be a valid secret key. 2662 type: string 2663 name: 2664 description: 'Name of the referent. More info: 2665 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2666 TODO: Add other useful fields. apiVersion, 2667 kind, uid?' 2668 type: string 2669 optional: 2670 description: Specify whether the Secret or 2671 its key must be defined 2672 type: boolean 2673 required: 2674 - key 2675 type: object 2676 type: object 2677 required: 2678 - name 2679 type: object 2680 type: array 2681 envFrom: 2682 description: List of sources to populate environment variables 2683 in the container. The keys defined within a source must 2684 be a C_IDENTIFIER. All invalid keys will be reported as 2685 an event when the container is starting. When a key exists 2686 in multiple sources, the value associated with the last 2687 source will take precedence. Values defined by an Env 2688 with a duplicate key will take precedence. Cannot be updated. 2689 items: 2690 description: EnvFromSource represents the source of a 2691 set of ConfigMaps 2692 properties: 2693 configMapRef: 2694 description: The ConfigMap to select from 2695 properties: 2696 name: 2697 description: 'Name of the referent. More info: 2698 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2699 TODO: Add other useful fields. apiVersion, kind, 2700 uid?' 2701 type: string 2702 optional: 2703 description: Specify whether the ConfigMap must 2704 be defined 2705 type: boolean 2706 type: object 2707 prefix: 2708 description: An optional identifier to prepend to 2709 each key in the ConfigMap. Must be a C_IDENTIFIER. 2710 type: string 2711 secretRef: 2712 description: The Secret to select from 2713 properties: 2714 name: 2715 description: 'Name of the referent. More info: 2716 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2717 TODO: Add other useful fields. apiVersion, kind, 2718 uid?' 2719 type: string 2720 optional: 2721 description: Specify whether the Secret must be 2722 defined 2723 type: boolean 2724 type: object 2725 type: object 2726 type: array 2727 image: 2728 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images 2729 This field is optional to allow higher level config management 2730 to default or override container images in workload controllers 2731 like Deployments and StatefulSets.' 2732 type: string 2733 imagePullPolicy: 2734 description: 'Image pull policy. One of Always, Never, IfNotPresent. 2735 Defaults to Always if :latest tag is specified, or IfNotPresent 2736 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2737 type: string 2738 lifecycle: 2739 description: Actions that the management system should take 2740 in response to container lifecycle events. Cannot be updated. 2741 properties: 2742 postStart: 2743 description: 'PostStart is called immediately after 2744 a container is created. If the handler fails, the 2745 container is terminated and restarted according to 2746 its restart policy. Other management of the container 2747 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2748 properties: 2749 exec: 2750 description: Exec specifies the action to take. 2751 properties: 2752 command: 2753 description: Command is the command line to 2754 execute inside the container, the working 2755 directory for the command is root ('/') in 2756 the container's filesystem. The command is 2757 simply exec'd, it is not run inside a shell, 2758 so traditional shell instructions ('|', etc) 2759 won't work. To use a shell, you need to explicitly 2760 call out to that shell. Exit status of 0 is 2761 treated as live/healthy and non-zero is unhealthy. 2762 items: 2763 type: string 2764 type: array 2765 type: object 2766 httpGet: 2767 description: HTTPGet specifies the http request 2768 to perform. 2769 properties: 2770 host: 2771 description: Host name to connect to, defaults 2772 to the pod IP. You probably want to set "Host" 2773 in httpHeaders instead. 2774 type: string 2775 httpHeaders: 2776 description: Custom headers to set in the request. 2777 HTTP allows repeated headers. 2778 items: 2779 description: HTTPHeader describes a custom 2780 header to be used in HTTP probes 2781 properties: 2782 name: 2783 description: The header field name 2784 type: string 2785 value: 2786 description: The header field value 2787 type: string 2788 required: 2789 - name 2790 - value 2791 type: object 2792 type: array 2793 path: 2794 description: Path to access on the HTTP server. 2795 type: string 2796 port: 2797 anyOf: 2798 - type: integer 2799 - type: string 2800 description: Name or number of the port to access 2801 on the container. Number must be in the range 2802 1 to 65535. Name must be an IANA_SVC_NAME. 2803 x-kubernetes-int-or-string: true 2804 scheme: 2805 description: Scheme to use for connecting to 2806 the host. Defaults to HTTP. 2807 type: string 2808 required: 2809 - port 2810 type: object 2811 tcpSocket: 2812 description: Deprecated. TCPSocket is NOT supported 2813 as a LifecycleHandler and kept for the backward 2814 compatibility. There are no validation of this 2815 field and lifecycle hooks will fail in runtime 2816 when tcp handler is specified. 2817 properties: 2818 host: 2819 description: 'Optional: Host name to connect 2820 to, defaults to the pod IP.' 2821 type: string 2822 port: 2823 anyOf: 2824 - type: integer 2825 - type: string 2826 description: Number or name of the port to access 2827 on the container. Number must be in the range 2828 1 to 65535. Name must be an IANA_SVC_NAME. 2829 x-kubernetes-int-or-string: true 2830 required: 2831 - port 2832 type: object 2833 type: object 2834 preStop: 2835 description: 'PreStop is called immediately before a 2836 container is terminated due to an API request or management 2837 event such as liveness/startup probe failure, preemption, 2838 resource contention, etc. The handler is not called 2839 if the container crashes or exits. The Pod''s termination 2840 grace period countdown begins before the PreStop hook 2841 is executed. Regardless of the outcome of the handler, 2842 the container will eventually terminate within the 2843 Pod''s termination grace period (unless delayed by 2844 finalizers). Other management of the container blocks 2845 until the hook completes or until the termination 2846 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2847 properties: 2848 exec: 2849 description: Exec specifies the action to take. 2850 properties: 2851 command: 2852 description: Command is the command line to 2853 execute inside the container, the working 2854 directory for the command is root ('/') in 2855 the container's filesystem. The command is 2856 simply exec'd, it is not run inside a shell, 2857 so traditional shell instructions ('|', etc) 2858 won't work. To use a shell, you need to explicitly 2859 call out to that shell. Exit status of 0 is 2860 treated as live/healthy and non-zero is unhealthy. 2861 items: 2862 type: string 2863 type: array 2864 type: object 2865 httpGet: 2866 description: HTTPGet specifies the http request 2867 to perform. 2868 properties: 2869 host: 2870 description: Host name to connect to, defaults 2871 to the pod IP. You probably want to set "Host" 2872 in httpHeaders instead. 2873 type: string 2874 httpHeaders: 2875 description: Custom headers to set in the request. 2876 HTTP allows repeated headers. 2877 items: 2878 description: HTTPHeader describes a custom 2879 header to be used in HTTP probes 2880 properties: 2881 name: 2882 description: The header field name 2883 type: string 2884 value: 2885 description: The header field value 2886 type: string 2887 required: 2888 - name 2889 - value 2890 type: object 2891 type: array 2892 path: 2893 description: Path to access on the HTTP server. 2894 type: string 2895 port: 2896 anyOf: 2897 - type: integer 2898 - type: string 2899 description: Name or number of the port to access 2900 on the container. Number must be in the range 2901 1 to 65535. Name must be an IANA_SVC_NAME. 2902 x-kubernetes-int-or-string: true 2903 scheme: 2904 description: Scheme to use for connecting to 2905 the host. Defaults to HTTP. 2906 type: string 2907 required: 2908 - port 2909 type: object 2910 tcpSocket: 2911 description: Deprecated. TCPSocket is NOT supported 2912 as a LifecycleHandler and kept for the backward 2913 compatibility. There are no validation of this 2914 field and lifecycle hooks will fail in runtime 2915 when tcp handler is specified. 2916 properties: 2917 host: 2918 description: 'Optional: Host name to connect 2919 to, defaults to the pod IP.' 2920 type: string 2921 port: 2922 anyOf: 2923 - type: integer 2924 - type: string 2925 description: Number or name of the port to access 2926 on the container. Number must be in the range 2927 1 to 65535. Name must be an IANA_SVC_NAME. 2928 x-kubernetes-int-or-string: true 2929 required: 2930 - port 2931 type: object 2932 type: object 2933 type: object 2934 livenessProbe: 2935 description: 'Periodic probe of container liveness. Container 2936 will be restarted if the probe fails. Cannot be updated. 2937 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2938 properties: 2939 exec: 2940 description: Exec specifies the action to take. 2941 properties: 2942 command: 2943 description: Command is the command line to execute 2944 inside the container, the working directory for 2945 the command is root ('/') in the container's 2946 filesystem. The command is simply exec'd, it is 2947 not run inside a shell, so traditional shell instructions 2948 ('|', etc) won't work. To use a shell, you need 2949 to explicitly call out to that shell. Exit status 2950 of 0 is treated as live/healthy and non-zero is 2951 unhealthy. 2952 items: 2953 type: string 2954 type: array 2955 type: object 2956 failureThreshold: 2957 description: Minimum consecutive failures for the probe 2958 to be considered failed after having succeeded. Defaults 2959 to 3. Minimum value is 1. 2960 format: int32 2961 type: integer 2962 grpc: 2963 description: GRPC specifies an action involving a GRPC 2964 port. This is an alpha field and requires enabling 2965 GRPCContainerProbe feature gate. 2966 properties: 2967 port: 2968 description: Port number of the gRPC service. Number 2969 must be in the range 1 to 65535. 2970 format: int32 2971 type: integer 2972 service: 2973 description: "Service is the name of the service 2974 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2975 \n If this is not specified, the default behavior 2976 is defined by gRPC." 2977 type: string 2978 required: 2979 - port 2980 type: object 2981 httpGet: 2982 description: HTTPGet specifies the http request to perform. 2983 properties: 2984 host: 2985 description: Host name to connect to, defaults to 2986 the pod IP. You probably want to set "Host" in 2987 httpHeaders instead. 2988 type: string 2989 httpHeaders: 2990 description: Custom headers to set in the request. 2991 HTTP allows repeated headers. 2992 items: 2993 description: HTTPHeader describes a custom header 2994 to be used in HTTP probes 2995 properties: 2996 name: 2997 description: The header field name 2998 type: string 2999 value: 3000 description: The header field value 3001 type: string 3002 required: 3003 - name 3004 - value 3005 type: object 3006 type: array 3007 path: 3008 description: Path to access on the HTTP server. 3009 type: string 3010 port: 3011 anyOf: 3012 - type: integer 3013 - type: string 3014 description: Name or number of the port to access 3015 on the container. Number must be in the range 3016 1 to 65535. Name must be an IANA_SVC_NAME. 3017 x-kubernetes-int-or-string: true 3018 scheme: 3019 description: Scheme to use for connecting to the 3020 host. Defaults to HTTP. 3021 type: string 3022 required: 3023 - port 3024 type: object 3025 initialDelaySeconds: 3026 description: 'Number of seconds after the container 3027 has started before liveness probes are initiated. 3028 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3029 format: int32 3030 type: integer 3031 periodSeconds: 3032 description: How often (in seconds) to perform the probe. 3033 Default to 10 seconds. Minimum value is 1. 3034 format: int32 3035 type: integer 3036 successThreshold: 3037 description: Minimum consecutive successes for the probe 3038 to be considered successful after having failed. Defaults 3039 to 1. Must be 1 for liveness and startup. Minimum 3040 value is 1. 3041 format: int32 3042 type: integer 3043 tcpSocket: 3044 description: TCPSocket specifies an action involving 3045 a TCP port. 3046 properties: 3047 host: 3048 description: 'Optional: Host name to connect to, 3049 defaults to the pod IP.' 3050 type: string 3051 port: 3052 anyOf: 3053 - type: integer 3054 - type: string 3055 description: Number or name of the port to access 3056 on the container. Number must be in the range 3057 1 to 65535. Name must be an IANA_SVC_NAME. 3058 x-kubernetes-int-or-string: true 3059 required: 3060 - port 3061 type: object 3062 terminationGracePeriodSeconds: 3063 description: Optional duration in seconds the pod needs 3064 to terminate gracefully upon probe failure. The grace 3065 period is the duration in seconds after the processes 3066 running in the pod are sent a termination signal and 3067 the time when the processes are forcibly halted with 3068 a kill signal. Set this value longer than the expected 3069 cleanup time for your process. If this value is nil, 3070 the pod's terminationGracePeriodSeconds will be used. 3071 Otherwise, this value overrides the value provided 3072 by the pod spec. Value must be non-negative integer. 3073 The value zero indicates stop immediately via the 3074 kill signal (no opportunity to shut down). This is 3075 a beta field and requires enabling ProbeTerminationGracePeriod 3076 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3077 is used if unset. 3078 format: int64 3079 type: integer 3080 timeoutSeconds: 3081 description: 'Number of seconds after which the probe 3082 times out. Defaults to 1 second. Minimum value is 3083 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3084 format: int32 3085 type: integer 3086 type: object 3087 name: 3088 description: Name of the container specified as a DNS_LABEL. 3089 Each container in a pod must have a unique name (DNS_LABEL). 3090 Cannot be updated. 3091 type: string 3092 ports: 3093 description: List of ports to expose from the container. 3094 Exposing a port here gives the system additional information 3095 about the network connections a container uses, but is 3096 primarily informational. Not specifying a port here DOES 3097 NOT prevent that port from being exposed. Any port which 3098 is listening on the default "0.0.0.0" address inside a 3099 container will be accessible from the network. Cannot 3100 be updated. 3101 items: 3102 description: ContainerPort represents a network port in 3103 a single container. 3104 properties: 3105 containerPort: 3106 description: Number of port to expose on the pod's 3107 IP address. This must be a valid port number, 0 3108 < x < 65536. 3109 format: int32 3110 type: integer 3111 hostIP: 3112 description: What host IP to bind the external port 3113 to. 3114 type: string 3115 hostPort: 3116 description: Number of port to expose on the host. 3117 If specified, this must be a valid port number, 3118 0 < x < 65536. If HostNetwork is specified, this 3119 must match ContainerPort. Most containers do not 3120 need this. 3121 format: int32 3122 type: integer 3123 name: 3124 description: If specified, this must be an IANA_SVC_NAME 3125 and unique within the pod. Each named port in a 3126 pod must have a unique name. Name for the port that 3127 can be referred to by services. 3128 type: string 3129 protocol: 3130 default: TCP 3131 description: Protocol for port. Must be UDP, TCP, 3132 or SCTP. Defaults to "TCP". 3133 type: string 3134 required: 3135 - containerPort 3136 type: object 3137 type: array 3138 x-kubernetes-list-map-keys: 3139 - containerPort 3140 - protocol 3141 x-kubernetes-list-type: map 3142 readinessProbe: 3143 description: 'Periodic probe of container service readiness. 3144 Container will be removed from service endpoints if the 3145 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3146 properties: 3147 exec: 3148 description: Exec specifies the action to take. 3149 properties: 3150 command: 3151 description: Command is the command line to execute 3152 inside the container, the working directory for 3153 the command is root ('/') in the container's 3154 filesystem. The command is simply exec'd, it is 3155 not run inside a shell, so traditional shell instructions 3156 ('|', etc) won't work. To use a shell, you need 3157 to explicitly call out to that shell. Exit status 3158 of 0 is treated as live/healthy and non-zero is 3159 unhealthy. 3160 items: 3161 type: string 3162 type: array 3163 type: object 3164 failureThreshold: 3165 description: Minimum consecutive failures for the probe 3166 to be considered failed after having succeeded. Defaults 3167 to 3. Minimum value is 1. 3168 format: int32 3169 type: integer 3170 grpc: 3171 description: GRPC specifies an action involving a GRPC 3172 port. This is an alpha field and requires enabling 3173 GRPCContainerProbe feature gate. 3174 properties: 3175 port: 3176 description: Port number of the gRPC service. Number 3177 must be in the range 1 to 65535. 3178 format: int32 3179 type: integer 3180 service: 3181 description: "Service is the name of the service 3182 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3183 \n If this is not specified, the default behavior 3184 is defined by gRPC." 3185 type: string 3186 required: 3187 - port 3188 type: object 3189 httpGet: 3190 description: HTTPGet specifies the http request to perform. 3191 properties: 3192 host: 3193 description: Host name to connect to, defaults to 3194 the pod IP. You probably want to set "Host" in 3195 httpHeaders instead. 3196 type: string 3197 httpHeaders: 3198 description: Custom headers to set in the request. 3199 HTTP allows repeated headers. 3200 items: 3201 description: HTTPHeader describes a custom header 3202 to be used in HTTP probes 3203 properties: 3204 name: 3205 description: The header field name 3206 type: string 3207 value: 3208 description: The header field value 3209 type: string 3210 required: 3211 - name 3212 - value 3213 type: object 3214 type: array 3215 path: 3216 description: Path to access on the HTTP server. 3217 type: string 3218 port: 3219 anyOf: 3220 - type: integer 3221 - type: string 3222 description: Name or number of the port to access 3223 on the container. Number must be in the range 3224 1 to 65535. Name must be an IANA_SVC_NAME. 3225 x-kubernetes-int-or-string: true 3226 scheme: 3227 description: Scheme to use for connecting to the 3228 host. Defaults to HTTP. 3229 type: string 3230 required: 3231 - port 3232 type: object 3233 initialDelaySeconds: 3234 description: 'Number of seconds after the container 3235 has started before liveness probes are initiated. 3236 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3237 format: int32 3238 type: integer 3239 periodSeconds: 3240 description: How often (in seconds) to perform the probe. 3241 Default to 10 seconds. Minimum value is 1. 3242 format: int32 3243 type: integer 3244 successThreshold: 3245 description: Minimum consecutive successes for the probe 3246 to be considered successful after having failed. Defaults 3247 to 1. Must be 1 for liveness and startup. Minimum 3248 value is 1. 3249 format: int32 3250 type: integer 3251 tcpSocket: 3252 description: TCPSocket specifies an action involving 3253 a TCP port. 3254 properties: 3255 host: 3256 description: 'Optional: Host name to connect to, 3257 defaults to the pod IP.' 3258 type: string 3259 port: 3260 anyOf: 3261 - type: integer 3262 - type: string 3263 description: Number or name of the port to access 3264 on the container. Number must be in the range 3265 1 to 65535. Name must be an IANA_SVC_NAME. 3266 x-kubernetes-int-or-string: true 3267 required: 3268 - port 3269 type: object 3270 terminationGracePeriodSeconds: 3271 description: Optional duration in seconds the pod needs 3272 to terminate gracefully upon probe failure. The grace 3273 period is the duration in seconds after the processes 3274 running in the pod are sent a termination signal and 3275 the time when the processes are forcibly halted with 3276 a kill signal. Set this value longer than the expected 3277 cleanup time for your process. If this value is nil, 3278 the pod's terminationGracePeriodSeconds will be used. 3279 Otherwise, this value overrides the value provided 3280 by the pod spec. Value must be non-negative integer. 3281 The value zero indicates stop immediately via the 3282 kill signal (no opportunity to shut down). This is 3283 a beta field and requires enabling ProbeTerminationGracePeriod 3284 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3285 is used if unset. 3286 format: int64 3287 type: integer 3288 timeoutSeconds: 3289 description: 'Number of seconds after which the probe 3290 times out. Defaults to 1 second. Minimum value is 3291 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3292 format: int32 3293 type: integer 3294 type: object 3295 resources: 3296 description: 'Compute Resources required by this container. 3297 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3298 properties: 3299 limits: 3300 additionalProperties: 3301 anyOf: 3302 - type: integer 3303 - type: string 3304 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3305 x-kubernetes-int-or-string: true 3306 description: 'Limits describes the maximum amount of 3307 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3308 type: object 3309 requests: 3310 additionalProperties: 3311 anyOf: 3312 - type: integer 3313 - type: string 3314 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3315 x-kubernetes-int-or-string: true 3316 description: 'Requests describes the minimum amount 3317 of compute resources required. If Requests is omitted 3318 for a container, it defaults to Limits if that is 3319 explicitly specified, otherwise to an implementation-defined 3320 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3321 type: object 3322 type: object 3323 securityContext: 3324 description: 'SecurityContext defines the security options 3325 the container should be run with. If set, the fields of 3326 SecurityContext override the equivalent fields of PodSecurityContext. 3327 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 3328 properties: 3329 allowPrivilegeEscalation: 3330 description: 'AllowPrivilegeEscalation controls whether 3331 a process can gain more privileges than its parent 3332 process. This bool directly controls if the no_new_privs 3333 flag will be set on the container process. AllowPrivilegeEscalation 3334 is true always when the container is: 1) run as Privileged 3335 2) has CAP_SYS_ADMIN Note that this field cannot be 3336 set when spec.os.name is windows.' 3337 type: boolean 3338 capabilities: 3339 description: The capabilities to add/drop when running 3340 containers. Defaults to the default set of capabilities 3341 granted by the container runtime. Note that this field 3342 cannot be set when spec.os.name is windows. 3343 properties: 3344 add: 3345 description: Added capabilities 3346 items: 3347 description: Capability represent POSIX capabilities 3348 type 3349 type: string 3350 type: array 3351 drop: 3352 description: Removed capabilities 3353 items: 3354 description: Capability represent POSIX capabilities 3355 type 3356 type: string 3357 type: array 3358 type: object 3359 privileged: 3360 description: Run container in privileged mode. Processes 3361 in privileged containers are essentially equivalent 3362 to root on the host. Defaults to false. Note that 3363 this field cannot be set when spec.os.name is windows. 3364 type: boolean 3365 procMount: 3366 description: procMount denotes the type of proc mount 3367 to use for the containers. The default is DefaultProcMount 3368 which uses the container runtime defaults for readonly 3369 paths and masked paths. This requires the ProcMountType 3370 feature flag to be enabled. Note that this field cannot 3371 be set when spec.os.name is windows. 3372 type: string 3373 readOnlyRootFilesystem: 3374 description: Whether this container has a read-only 3375 root filesystem. Default is false. Note that this 3376 field cannot be set when spec.os.name is windows. 3377 type: boolean 3378 runAsGroup: 3379 description: The GID to run the entrypoint of the container 3380 process. Uses runtime default if unset. May also be 3381 set in PodSecurityContext. If set in both SecurityContext 3382 and PodSecurityContext, the value specified in SecurityContext 3383 takes precedence. Note that this field cannot be set 3384 when spec.os.name is windows. 3385 format: int64 3386 type: integer 3387 runAsNonRoot: 3388 description: Indicates that the container must run as 3389 a non-root user. If true, the Kubelet will validate 3390 the image at runtime to ensure that it does not run 3391 as UID 0 (root) and fail to start the container if 3392 it does. If unset or false, no such validation will 3393 be performed. May also be set in PodSecurityContext. If 3394 set in both SecurityContext and PodSecurityContext, 3395 the value specified in SecurityContext takes precedence. 3396 type: boolean 3397 runAsUser: 3398 description: The UID to run the entrypoint of the container 3399 process. Defaults to user specified in image metadata 3400 if unspecified. May also be set in PodSecurityContext. If 3401 set in both SecurityContext and PodSecurityContext, 3402 the value specified in SecurityContext takes precedence. 3403 Note that this field cannot be set when spec.os.name 3404 is windows. 3405 format: int64 3406 type: integer 3407 seLinuxOptions: 3408 description: The SELinux context to be applied to the 3409 container. If unspecified, the container runtime will 3410 allocate a random SELinux context for each container. May 3411 also be set in PodSecurityContext. If set in both 3412 SecurityContext and PodSecurityContext, the value 3413 specified in SecurityContext takes precedence. Note 3414 that this field cannot be set when spec.os.name is 3415 windows. 3416 properties: 3417 level: 3418 description: Level is SELinux level label that applies 3419 to the container. 3420 type: string 3421 role: 3422 description: Role is a SELinux role label that applies 3423 to the container. 3424 type: string 3425 type: 3426 description: Type is a SELinux type label that applies 3427 to the container. 3428 type: string 3429 user: 3430 description: User is a SELinux user label that applies 3431 to the container. 3432 type: string 3433 type: object 3434 seccompProfile: 3435 description: The seccomp options to use by this container. 3436 If seccomp options are provided at both the pod & 3437 container level, the container options override the 3438 pod options. Note that this field cannot be set when 3439 spec.os.name is windows. 3440 properties: 3441 localhostProfile: 3442 description: localhostProfile indicates a profile 3443 defined in a file on the node should be used. 3444 The profile must be preconfigured on the node 3445 to work. Must be a descending path, relative to 3446 the kubelet's configured seccomp profile location. 3447 Must only be set if type is "Localhost". 3448 type: string 3449 type: 3450 description: "type indicates which kind of seccomp 3451 profile will be applied. Valid options are: \n 3452 Localhost - a profile defined in a file on the 3453 node should be used. RuntimeDefault - the container 3454 runtime default profile should be used. Unconfined 3455 - no profile should be applied." 3456 type: string 3457 required: 3458 - type 3459 type: object 3460 windowsOptions: 3461 description: The Windows specific settings applied to 3462 all containers. If unspecified, the options from the 3463 PodSecurityContext will be used. If set in both SecurityContext 3464 and PodSecurityContext, the value specified in SecurityContext 3465 takes precedence. Note that this field cannot be set 3466 when spec.os.name is linux. 3467 properties: 3468 gmsaCredentialSpec: 3469 description: GMSACredentialSpec is where the GMSA 3470 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 3471 inlines the contents of the GMSA credential spec 3472 named by the GMSACredentialSpecName field. 3473 type: string 3474 gmsaCredentialSpecName: 3475 description: GMSACredentialSpecName is the name 3476 of the GMSA credential spec to use. 3477 type: string 3478 hostProcess: 3479 description: HostProcess determines if a container 3480 should be run as a 'Host Process' container. This 3481 field is alpha-level and will only be honored 3482 by components that enable the WindowsHostProcessContainers 3483 feature flag. Setting this field without the feature 3484 flag will result in errors when validating the 3485 Pod. All of a Pod's containers must have the same 3486 effective HostProcess value (it is not allowed 3487 to have a mix of HostProcess containers and non-HostProcess 3488 containers). In addition, if HostProcess is true 3489 then HostNetwork must also be set to true. 3490 type: boolean 3491 runAsUserName: 3492 description: The UserName in Windows to run the 3493 entrypoint of the container process. Defaults 3494 to the user specified in image metadata if unspecified. 3495 May also be set in PodSecurityContext. If set 3496 in both SecurityContext and PodSecurityContext, 3497 the value specified in SecurityContext takes precedence. 3498 type: string 3499 type: object 3500 type: object 3501 startupProbe: 3502 description: 'StartupProbe indicates that the Pod has successfully 3503 initialized. If specified, no other probes are executed 3504 until this completes successfully. If this probe fails, 3505 the Pod will be restarted, just as if the livenessProbe 3506 failed. This can be used to provide different probe parameters 3507 at the beginning of a Pod''s lifecycle, when it might 3508 take a long time to load data or warm a cache, than during 3509 steady-state operation. This cannot be updated. More info: 3510 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3511 properties: 3512 exec: 3513 description: Exec specifies the action to take. 3514 properties: 3515 command: 3516 description: Command is the command line to execute 3517 inside the container, the working directory for 3518 the command is root ('/') in the container's 3519 filesystem. The command is simply exec'd, it is 3520 not run inside a shell, so traditional shell instructions 3521 ('|', etc) won't work. To use a shell, you need 3522 to explicitly call out to that shell. Exit status 3523 of 0 is treated as live/healthy and non-zero is 3524 unhealthy. 3525 items: 3526 type: string 3527 type: array 3528 type: object 3529 failureThreshold: 3530 description: Minimum consecutive failures for the probe 3531 to be considered failed after having succeeded. Defaults 3532 to 3. Minimum value is 1. 3533 format: int32 3534 type: integer 3535 grpc: 3536 description: GRPC specifies an action involving a GRPC 3537 port. This is an alpha field and requires enabling 3538 GRPCContainerProbe feature gate. 3539 properties: 3540 port: 3541 description: Port number of the gRPC service. Number 3542 must be in the range 1 to 65535. 3543 format: int32 3544 type: integer 3545 service: 3546 description: "Service is the name of the service 3547 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3548 \n If this is not specified, the default behavior 3549 is defined by gRPC." 3550 type: string 3551 required: 3552 - port 3553 type: object 3554 httpGet: 3555 description: HTTPGet specifies the http request to perform. 3556 properties: 3557 host: 3558 description: Host name to connect to, defaults to 3559 the pod IP. You probably want to set "Host" in 3560 httpHeaders instead. 3561 type: string 3562 httpHeaders: 3563 description: Custom headers to set in the request. 3564 HTTP allows repeated headers. 3565 items: 3566 description: HTTPHeader describes a custom header 3567 to be used in HTTP probes 3568 properties: 3569 name: 3570 description: The header field name 3571 type: string 3572 value: 3573 description: The header field value 3574 type: string 3575 required: 3576 - name 3577 - value 3578 type: object 3579 type: array 3580 path: 3581 description: Path to access on the HTTP server. 3582 type: string 3583 port: 3584 anyOf: 3585 - type: integer 3586 - type: string 3587 description: Name or number of the port to access 3588 on the container. Number must be in the range 3589 1 to 65535. Name must be an IANA_SVC_NAME. 3590 x-kubernetes-int-or-string: true 3591 scheme: 3592 description: Scheme to use for connecting to the 3593 host. Defaults to HTTP. 3594 type: string 3595 required: 3596 - port 3597 type: object 3598 initialDelaySeconds: 3599 description: 'Number of seconds after the container 3600 has started before liveness probes are initiated. 3601 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3602 format: int32 3603 type: integer 3604 periodSeconds: 3605 description: How often (in seconds) to perform the probe. 3606 Default to 10 seconds. Minimum value is 1. 3607 format: int32 3608 type: integer 3609 successThreshold: 3610 description: Minimum consecutive successes for the probe 3611 to be considered successful after having failed. Defaults 3612 to 1. Must be 1 for liveness and startup. Minimum 3613 value is 1. 3614 format: int32 3615 type: integer 3616 tcpSocket: 3617 description: TCPSocket specifies an action involving 3618 a TCP port. 3619 properties: 3620 host: 3621 description: 'Optional: Host name to connect to, 3622 defaults to the pod IP.' 3623 type: string 3624 port: 3625 anyOf: 3626 - type: integer 3627 - type: string 3628 description: Number or name of the port to access 3629 on the container. Number must be in the range 3630 1 to 65535. Name must be an IANA_SVC_NAME. 3631 x-kubernetes-int-or-string: true 3632 required: 3633 - port 3634 type: object 3635 terminationGracePeriodSeconds: 3636 description: Optional duration in seconds the pod needs 3637 to terminate gracefully upon probe failure. The grace 3638 period is the duration in seconds after the processes 3639 running in the pod are sent a termination signal and 3640 the time when the processes are forcibly halted with 3641 a kill signal. Set this value longer than the expected 3642 cleanup time for your process. If this value is nil, 3643 the pod's terminationGracePeriodSeconds will be used. 3644 Otherwise, this value overrides the value provided 3645 by the pod spec. Value must be non-negative integer. 3646 The value zero indicates stop immediately via the 3647 kill signal (no opportunity to shut down). This is 3648 a beta field and requires enabling ProbeTerminationGracePeriod 3649 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3650 is used if unset. 3651 format: int64 3652 type: integer 3653 timeoutSeconds: 3654 description: 'Number of seconds after which the probe 3655 times out. Defaults to 1 second. Minimum value is 3656 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3657 format: int32 3658 type: integer 3659 type: object 3660 stdin: 3661 description: Whether this container should allocate a buffer 3662 for stdin in the container runtime. If this is not set, 3663 reads from stdin in the container will always result in 3664 EOF. Default is false. 3665 type: boolean 3666 stdinOnce: 3667 description: Whether the container runtime should close 3668 the stdin channel after it has been opened by a single 3669 attach. When stdin is true the stdin stream will remain 3670 open across multiple attach sessions. If stdinOnce is 3671 set to true, stdin is opened on container start, is empty 3672 until the first client attaches to stdin, and then remains 3673 open and accepts data until the client disconnects, at 3674 which time stdin is closed and remains closed until the 3675 container is restarted. If this flag is false, a container 3676 processes that reads from stdin will never receive an 3677 EOF. Default is false 3678 type: boolean 3679 terminationMessagePath: 3680 description: 'Optional: Path at which the file to which 3681 the container''s termination message will be written is 3682 mounted into the container''s filesystem. Message written 3683 is intended to be brief final status, such as an assertion 3684 failure message. Will be truncated by the node if greater 3685 than 4096 bytes. The total message length across all containers 3686 will be limited to 12kb. Defaults to /dev/termination-log. 3687 Cannot be updated.' 3688 type: string 3689 terminationMessagePolicy: 3690 description: Indicate how the termination message should 3691 be populated. File will use the contents of terminationMessagePath 3692 to populate the container status message on both success 3693 and failure. FallbackToLogsOnError will use the last chunk 3694 of container log output if the termination message file 3695 is empty and the container exited with an error. The log 3696 output is limited to 2048 bytes or 80 lines, whichever 3697 is smaller. Defaults to File. Cannot be updated. 3698 type: string 3699 tty: 3700 description: Whether this container should allocate a TTY 3701 for itself, also requires 'stdin' to be true. Default 3702 is false. 3703 type: boolean 3704 volumeDevices: 3705 description: volumeDevices is the list of block devices 3706 to be used by the container. 3707 items: 3708 description: volumeDevice describes a mapping of a raw 3709 block device within a container. 3710 properties: 3711 devicePath: 3712 description: devicePath is the path inside of the 3713 container that the device will be mapped to. 3714 type: string 3715 name: 3716 description: name must match the name of a persistentVolumeClaim 3717 in the pod 3718 type: string 3719 required: 3720 - devicePath 3721 - name 3722 type: object 3723 type: array 3724 volumeMounts: 3725 description: Pod volumes to mount into the container's filesystem. 3726 Cannot be updated. 3727 items: 3728 description: VolumeMount describes a mounting of a Volume 3729 within a container. 3730 properties: 3731 mountPath: 3732 description: Path within the container at which the 3733 volume should be mounted. Must not contain ':'. 3734 type: string 3735 mountPropagation: 3736 description: mountPropagation determines how mounts 3737 are propagated from the host to container and the 3738 other way around. When not set, MountPropagationNone 3739 is used. This field is beta in 1.10. 3740 type: string 3741 name: 3742 description: This must match the Name of a Volume. 3743 type: string 3744 readOnly: 3745 description: Mounted read-only if true, read-write 3746 otherwise (false or unspecified). Defaults to false. 3747 type: boolean 3748 subPath: 3749 description: Path within the volume from which the 3750 container's volume should be mounted. Defaults to 3751 "" (volume's root). 3752 type: string 3753 subPathExpr: 3754 description: Expanded path within the volume from 3755 which the container's volume should be mounted. 3756 Behaves similarly to SubPath but environment variable 3757 references $(VAR_NAME) are expanded using the container's 3758 environment. Defaults to "" (volume's root). SubPathExpr 3759 and SubPath are mutually exclusive. 3760 type: string 3761 required: 3762 - mountPath 3763 - name 3764 type: object 3765 type: array 3766 workingDir: 3767 description: Container's working directory. If not specified, 3768 the container runtime's default will be used, which might 3769 be configured in the container image. Cannot be updated. 3770 type: string 3771 required: 3772 - name 3773 type: object 3774 type: array 3775 verifytls: 3776 description: VerifyTLS defines whether repo server API should 3777 be accessed using strict TLS validation 3778 type: boolean 3779 version: 3780 description: Version is the ArgoCD Repo Server container image 3781 tag. 3782 type: string 3783 volumeMounts: 3784 description: VolumeMounts adds volumeMounts to the repo server 3785 container 3786 items: 3787 description: VolumeMount describes a mounting of a Volume within 3788 a container. 3789 properties: 3790 mountPath: 3791 description: Path within the container at which the volume 3792 should be mounted. Must not contain ':'. 3793 type: string 3794 mountPropagation: 3795 description: mountPropagation determines how mounts are 3796 propagated from the host to container and the other way 3797 around. When not set, MountPropagationNone is used. This 3798 field is beta in 1.10. 3799 type: string 3800 name: 3801 description: This must match the Name of a Volume. 3802 type: string 3803 readOnly: 3804 description: Mounted read-only if true, read-write otherwise 3805 (false or unspecified). Defaults to false. 3806 type: boolean 3807 subPath: 3808 description: Path within the volume from which the container's 3809 volume should be mounted. Defaults to "" (volume's root). 3810 type: string 3811 subPathExpr: 3812 description: Expanded path within the volume from which 3813 the container's volume should be mounted. Behaves similarly 3814 to SubPath but environment variable references $(VAR_NAME) 3815 are expanded using the container's environment. Defaults 3816 to "" (volume's root). SubPathExpr and SubPath are mutually 3817 exclusive. 3818 type: string 3819 required: 3820 - mountPath 3821 - name 3822 type: object 3823 type: array 3824 volumes: 3825 description: Volumes adds volumes to the repo server deployment 3826 items: 3827 description: Volume represents a named volume in a pod that 3828 may be accessed by any container in the pod. 3829 properties: 3830 awsElasticBlockStore: 3831 description: 'AWSElasticBlockStore represents an AWS Disk 3832 resource that is attached to a kubelet''s host machine 3833 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3834 properties: 3835 fsType: 3836 description: 'Filesystem type of the volume that you 3837 want to mount. Tip: Ensure that the filesystem type 3838 is supported by the host operating system. Examples: 3839 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 3840 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 3841 TODO: how do we prevent errors in the filesystem from 3842 compromising the machine' 3843 type: string 3844 partition: 3845 description: 'The partition in the volume that you want 3846 to mount. If omitted, the default is to mount by volume 3847 name. Examples: For volume /dev/sda1, you specify 3848 the partition as "1". Similarly, the volume partition 3849 for /dev/sda is "0" (or you can leave the property 3850 empty).' 3851 format: int32 3852 type: integer 3853 readOnly: 3854 description: 'Specify "true" to force and set the ReadOnly 3855 property in VolumeMounts to "true". If omitted, the 3856 default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3857 type: boolean 3858 volumeID: 3859 description: 'Unique ID of the persistent disk resource 3860 in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3861 type: string 3862 required: 3863 - volumeID 3864 type: object 3865 azureDisk: 3866 description: AzureDisk represents an Azure Data Disk mount 3867 on the host and bind mount to the pod. 3868 properties: 3869 cachingMode: 3870 description: 'Host Caching mode: None, Read Only, Read 3871 Write.' 3872 type: string 3873 diskName: 3874 description: The Name of the data disk in the blob storage 3875 type: string 3876 diskURI: 3877 description: The URI the data disk in the blob storage 3878 type: string 3879 fsType: 3880 description: Filesystem type to mount. Must be a filesystem 3881 type supported by the host operating system. Ex. "ext4", 3882 "xfs", "ntfs". Implicitly inferred to be "ext4" if 3883 unspecified. 3884 type: string 3885 kind: 3886 description: 'Expected values Shared: multiple blob 3887 disks per storage account Dedicated: single blob 3888 disk per storage account Managed: azure managed data 3889 disk (only in managed availability set). defaults 3890 to shared' 3891 type: string 3892 readOnly: 3893 description: Defaults to false (read/write). ReadOnly 3894 here will force the ReadOnly setting in VolumeMounts. 3895 type: boolean 3896 required: 3897 - diskName 3898 - diskURI 3899 type: object 3900 azureFile: 3901 description: AzureFile represents an Azure File Service 3902 mount on the host and bind mount to the pod. 3903 properties: 3904 readOnly: 3905 description: Defaults to false (read/write). ReadOnly 3906 here will force the ReadOnly setting in VolumeMounts. 3907 type: boolean 3908 secretName: 3909 description: the name of secret that contains Azure 3910 Storage Account Name and Key 3911 type: string 3912 shareName: 3913 description: Share Name 3914 type: string 3915 required: 3916 - secretName 3917 - shareName 3918 type: object 3919 cephfs: 3920 description: CephFS represents a Ceph FS mount on the host 3921 that shares a pod's lifetime 3922 properties: 3923 monitors: 3924 description: 'Required: Monitors is a collection of 3925 Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3926 items: 3927 type: string 3928 type: array 3929 path: 3930 description: 'Optional: Used as the mounted root, rather 3931 than the full Ceph tree, default is /' 3932 type: string 3933 readOnly: 3934 description: 'Optional: Defaults to false (read/write). 3935 ReadOnly here will force the ReadOnly setting in VolumeMounts. 3936 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3937 type: boolean 3938 secretFile: 3939 description: 'Optional: SecretFile is the path to key 3940 ring for User, default is /etc/ceph/user.secret More 3941 info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3942 type: string 3943 secretRef: 3944 description: 'Optional: SecretRef is reference to the 3945 authentication secret for User, default is empty. 3946 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3947 properties: 3948 name: 3949 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3950 TODO: Add other useful fields. apiVersion, kind, 3951 uid?' 3952 type: string 3953 type: object 3954 user: 3955 description: 'Optional: User is the rados user name, 3956 default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3957 type: string 3958 required: 3959 - monitors 3960 type: object 3961 cinder: 3962 description: 'Cinder represents a cinder volume attached 3963 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3964 properties: 3965 fsType: 3966 description: 'Filesystem type to mount. Must be a filesystem 3967 type supported by the host operating system. Examples: 3968 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 3969 if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3970 type: string 3971 readOnly: 3972 description: 'Optional: Defaults to false (read/write). 3973 ReadOnly here will force the ReadOnly setting in VolumeMounts. 3974 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3975 type: boolean 3976 secretRef: 3977 description: 'Optional: points to a secret object containing 3978 parameters used to connect to OpenStack.' 3979 properties: 3980 name: 3981 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3982 TODO: Add other useful fields. apiVersion, kind, 3983 uid?' 3984 type: string 3985 type: object 3986 volumeID: 3987 description: 'volume id used to identify the volume 3988 in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3989 type: string 3990 required: 3991 - volumeID 3992 type: object 3993 configMap: 3994 description: ConfigMap represents a configMap that should 3995 populate this volume 3996 properties: 3997 defaultMode: 3998 description: 'Optional: mode bits used to set permissions 3999 on created files by default. Must be an octal value 4000 between 0000 and 0777 or a decimal value between 0 4001 and 511. YAML accepts both octal and decimal values, 4002 JSON requires decimal values for mode bits. Defaults 4003 to 0644. Directories within the path are not affected 4004 by this setting. This might be in conflict with other 4005 options that affect the file mode, like fsGroup, and 4006 the result can be other mode bits set.' 4007 format: int32 4008 type: integer 4009 items: 4010 description: If unspecified, each key-value pair in 4011 the Data field of the referenced ConfigMap will be 4012 projected into the volume as a file whose name is 4013 the key and content is the value. If specified, the 4014 listed keys will be projected into the specified paths, 4015 and unlisted keys will not be present. If a key is 4016 specified which is not present in the ConfigMap, the 4017 volume setup will error unless it is marked optional. 4018 Paths must be relative and may not contain the '..' 4019 path or start with '..'. 4020 items: 4021 description: Maps a string key to a path within a 4022 volume. 4023 properties: 4024 key: 4025 description: The key to project. 4026 type: string 4027 mode: 4028 description: 'Optional: mode bits used to set 4029 permissions on this file. Must be an octal value 4030 between 0000 and 0777 or a decimal value between 4031 0 and 511. YAML accepts both octal and decimal 4032 values, JSON requires decimal values for mode 4033 bits. If not specified, the volume defaultMode 4034 will be used. This might be in conflict with 4035 other options that affect the file mode, like 4036 fsGroup, and the result can be other mode bits 4037 set.' 4038 format: int32 4039 type: integer 4040 path: 4041 description: The relative path of the file to 4042 map the key to. May not be an absolute path. 4043 May not contain the path element '..'. May not 4044 start with the string '..'. 4045 type: string 4046 required: 4047 - key 4048 - path 4049 type: object 4050 type: array 4051 name: 4052 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4053 TODO: Add other useful fields. apiVersion, kind, uid?' 4054 type: string 4055 optional: 4056 description: Specify whether the ConfigMap or its keys 4057 must be defined 4058 type: boolean 4059 type: object 4060 csi: 4061 description: CSI (Container Storage Interface) represents 4062 ephemeral storage that is handled by certain external 4063 CSI drivers (Beta feature). 4064 properties: 4065 driver: 4066 description: Driver is the name of the CSI driver that 4067 handles this volume. Consult with your admin for the 4068 correct name as registered in the cluster. 4069 type: string 4070 fsType: 4071 description: Filesystem type to mount. Ex. "ext4", "xfs", 4072 "ntfs". If not provided, the empty value is passed 4073 to the associated CSI driver which will determine 4074 the default filesystem to apply. 4075 type: string 4076 nodePublishSecretRef: 4077 description: NodePublishSecretRef is a reference to 4078 the secret object containing sensitive information 4079 to pass to the CSI driver to complete the CSI NodePublishVolume 4080 and NodeUnpublishVolume calls. This field is optional, 4081 and may be empty if no secret is required. If the 4082 secret object contains more than one secret, all secret 4083 references are passed. 4084 properties: 4085 name: 4086 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4087 TODO: Add other useful fields. apiVersion, kind, 4088 uid?' 4089 type: string 4090 type: object 4091 readOnly: 4092 description: Specifies a read-only configuration for 4093 the volume. Defaults to false (read/write). 4094 type: boolean 4095 volumeAttributes: 4096 additionalProperties: 4097 type: string 4098 description: VolumeAttributes stores driver-specific 4099 properties that are passed to the CSI driver. Consult 4100 your driver's documentation for supported values. 4101 type: object 4102 required: 4103 - driver 4104 type: object 4105 downwardAPI: 4106 description: DownwardAPI represents downward API about the 4107 pod that should populate this volume 4108 properties: 4109 defaultMode: 4110 description: 'Optional: mode bits to use on created 4111 files by default. Must be a Optional: mode bits used 4112 to set permissions on created files by default. Must 4113 be an octal value between 0000 and 0777 or a decimal 4114 value between 0 and 511. YAML accepts both octal and 4115 decimal values, JSON requires decimal values for mode 4116 bits. Defaults to 0644. Directories within the path 4117 are not affected by this setting. This might be in 4118 conflict with other options that affect the file mode, 4119 like fsGroup, and the result can be other mode bits 4120 set.' 4121 format: int32 4122 type: integer 4123 items: 4124 description: Items is a list of downward API volume 4125 file 4126 items: 4127 description: DownwardAPIVolumeFile represents information 4128 to create the file containing the pod field 4129 properties: 4130 fieldRef: 4131 description: 'Required: Selects a field of the 4132 pod: only annotations, labels, name and namespace 4133 are supported.' 4134 properties: 4135 apiVersion: 4136 description: Version of the schema the FieldPath 4137 is written in terms of, defaults to "v1". 4138 type: string 4139 fieldPath: 4140 description: Path of the field to select in 4141 the specified API version. 4142 type: string 4143 required: 4144 - fieldPath 4145 type: object 4146 mode: 4147 description: 'Optional: mode bits used to set 4148 permissions on this file, must be an octal value 4149 between 0000 and 0777 or a decimal value between 4150 0 and 511. YAML accepts both octal and decimal 4151 values, JSON requires decimal values for mode 4152 bits. If not specified, the volume defaultMode 4153 will be used. This might be in conflict with 4154 other options that affect the file mode, like 4155 fsGroup, and the result can be other mode bits 4156 set.' 4157 format: int32 4158 type: integer 4159 path: 4160 description: 'Required: Path is the relative 4161 path name of the file to be created. Must not 4162 be absolute or contain the ''..'' path. Must 4163 be utf-8 encoded. The first item of the relative 4164 path must not start with ''..''' 4165 type: string 4166 resourceFieldRef: 4167 description: 'Selects a resource of the container: 4168 only resources limits and requests (limits.cpu, 4169 limits.memory, requests.cpu and requests.memory) 4170 are currently supported.' 4171 properties: 4172 containerName: 4173 description: 'Container name: required for 4174 volumes, optional for env vars' 4175 type: string 4176 divisor: 4177 anyOf: 4178 - type: integer 4179 - type: string 4180 description: Specifies the output format of 4181 the exposed resources, defaults to "1" 4182 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4183 x-kubernetes-int-or-string: true 4184 resource: 4185 description: 'Required: resource to select' 4186 type: string 4187 required: 4188 - resource 4189 type: object 4190 required: 4191 - path 4192 type: object 4193 type: array 4194 type: object 4195 emptyDir: 4196 description: 'EmptyDir represents a temporary directory 4197 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 4198 properties: 4199 medium: 4200 description: 'What type of storage medium should back 4201 this directory. The default is "" which means to use 4202 the node''s default medium. Must be an empty string 4203 (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 4204 type: string 4205 sizeLimit: 4206 anyOf: 4207 - type: integer 4208 - type: string 4209 description: 'Total amount of local storage required 4210 for this EmptyDir volume. The size limit is also applicable 4211 for memory medium. The maximum usage on memory medium 4212 EmptyDir would be the minimum value between the SizeLimit 4213 specified here and the sum of memory limits of all 4214 containers in a pod. The default is nil which means 4215 that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 4216 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4217 x-kubernetes-int-or-string: true 4218 type: object 4219 ephemeral: 4220 description: "Ephemeral represents a volume that is handled 4221 by a cluster storage driver. The volume's lifecycle is 4222 tied to the pod that defines it - it will be created before 4223 the pod starts, and deleted when the pod is removed. \n 4224 Use this if: a) the volume is only needed while the pod 4225 runs, b) features of normal volumes like restoring from 4226 snapshot or capacity tracking are needed, c) the storage 4227 driver is specified through a storage class, and d) the 4228 storage driver supports dynamic volume provisioning through 4229 \ a PersistentVolumeClaim (see EphemeralVolumeSource 4230 for more information on the connection between this 4231 volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 4232 or one of the vendor-specific APIs for volumes that persist 4233 for longer than the lifecycle of an individual pod. \n 4234 Use CSI for light-weight local ephemeral volumes if the 4235 CSI driver is meant to be used that way - see the documentation 4236 of the driver for more information. \n A pod can use both 4237 types of ephemeral volumes and persistent volumes at the 4238 same time." 4239 properties: 4240 volumeClaimTemplate: 4241 description: "Will be used to create a stand-alone PVC 4242 to provision the volume. The pod in which this EphemeralVolumeSource 4243 is embedded will be the owner of the PVC, i.e. the 4244 PVC will be deleted together with the pod. The name 4245 of the PVC will be `<pod name>-<volume name>` where 4246 `<volume name>` is the name from the `PodSpec.Volumes` 4247 array entry. Pod validation will reject the pod if 4248 the concatenated name is not valid for a PVC (for 4249 example, too long). \n An existing PVC with that name 4250 that is not owned by the pod will *not* be used for 4251 the pod to avoid using an unrelated volume by mistake. 4252 Starting the pod is then blocked until the unrelated 4253 PVC is removed. If such a pre-created PVC is meant 4254 to be used by the pod, the PVC has to updated with 4255 an owner reference to the pod once the pod exists. 4256 Normally this should not be necessary, but it may 4257 be useful when manually reconstructing a broken cluster. 4258 \n This field is read-only and no changes will be 4259 made by Kubernetes to the PVC after it has been created. 4260 \n Required, must not be nil." 4261 properties: 4262 metadata: 4263 description: May contain labels and annotations 4264 that will be copied into the PVC when creating 4265 it. No other fields are allowed and will be rejected 4266 during validation. 4267 type: object 4268 spec: 4269 description: The specification for the PersistentVolumeClaim. 4270 The entire content is copied unchanged into the 4271 PVC that gets created from this template. The 4272 same fields as in a PersistentVolumeClaim are 4273 also valid here. 4274 properties: 4275 accessModes: 4276 description: 'AccessModes contains the desired 4277 access modes the volume should have. More 4278 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 4279 items: 4280 type: string 4281 type: array 4282 dataSource: 4283 description: 'This field can be used to specify 4284 either: * An existing VolumeSnapshot object 4285 (snapshot.storage.k8s.io/VolumeSnapshot) * 4286 An existing PVC (PersistentVolumeClaim) If 4287 the provisioner or an external controller 4288 can support the specified data source, it 4289 will create a new volume based on the contents 4290 of the specified data source. If the AnyVolumeDataSource 4291 feature gate is enabled, this field will always 4292 have the same contents as the DataSourceRef 4293 field.' 4294 properties: 4295 apiGroup: 4296 description: APIGroup is the group for the 4297 resource being referenced. If APIGroup 4298 is not specified, the specified Kind must 4299 be in the core API group. For any other 4300 third-party types, APIGroup is required. 4301 type: string 4302 kind: 4303 description: Kind is the type of resource 4304 being referenced 4305 type: string 4306 name: 4307 description: Name is the name of resource 4308 being referenced 4309 type: string 4310 required: 4311 - kind 4312 - name 4313 type: object 4314 dataSourceRef: 4315 description: 'Specifies the object from which 4316 to populate the volume with data, if a non-empty 4317 volume is desired. This may be any local object 4318 from a non-empty API group (non core object) 4319 or a PersistentVolumeClaim object. When this 4320 field is specified, volume binding will only 4321 succeed if the type of the specified object 4322 matches some installed volume populator or 4323 dynamic provisioner. This field will replace 4324 the functionality of the DataSource field 4325 and as such if both fields are non-empty, 4326 they must have the same value. For backwards 4327 compatibility, both fields (DataSource and 4328 DataSourceRef) will be set to the same value 4329 automatically if one of them is empty and 4330 the other is non-empty. There are two important 4331 differences between DataSource and DataSourceRef: 4332 * While DataSource only allows two specific 4333 types of objects, DataSourceRef allows any 4334 non-core object, as well as PersistentVolumeClaim 4335 objects. * While DataSource ignores disallowed 4336 values (dropping them), DataSourceRef preserves 4337 all values, and generates an error if a disallowed 4338 value is specified. (Alpha) Using this field 4339 requires the AnyVolumeDataSource feature gate 4340 to be enabled.' 4341 properties: 4342 apiGroup: 4343 description: APIGroup is the group for the 4344 resource being referenced. If APIGroup 4345 is not specified, the specified Kind must 4346 be in the core API group. For any other 4347 third-party types, APIGroup is required. 4348 type: string 4349 kind: 4350 description: Kind is the type of resource 4351 being referenced 4352 type: string 4353 name: 4354 description: Name is the name of resource 4355 being referenced 4356 type: string 4357 required: 4358 - kind 4359 - name 4360 type: object 4361 resources: 4362 description: 'Resources represents the minimum 4363 resources the volume should have. If RecoverVolumeExpansionFailure 4364 feature is enabled users are allowed to specify 4365 resource requirements that are lower than 4366 previous value but must still be higher than 4367 capacity recorded in the status field of the 4368 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 4369 properties: 4370 limits: 4371 additionalProperties: 4372 anyOf: 4373 - type: integer 4374 - type: string 4375 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4376 x-kubernetes-int-or-string: true 4377 description: 'Limits describes the maximum 4378 amount of compute resources allowed. More 4379 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4380 type: object 4381 requests: 4382 additionalProperties: 4383 anyOf: 4384 - type: integer 4385 - type: string 4386 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4387 x-kubernetes-int-or-string: true 4388 description: 'Requests describes the minimum 4389 amount of compute resources required. 4390 If Requests is omitted for a container, 4391 it defaults to Limits if that is explicitly 4392 specified, otherwise to an implementation-defined 4393 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4394 type: object 4395 type: object 4396 selector: 4397 description: A label query over volumes to consider 4398 for binding. 4399 properties: 4400 matchExpressions: 4401 description: matchExpressions is a list 4402 of label selector requirements. The requirements 4403 are ANDed. 4404 items: 4405 description: A label selector requirement 4406 is a selector that contains values, 4407 a key, and an operator that relates 4408 the key and values. 4409 properties: 4410 key: 4411 description: key is the label key 4412 that the selector applies to. 4413 type: string 4414 operator: 4415 description: operator represents a 4416 key's relationship to a set of values. 4417 Valid operators are In, NotIn, Exists 4418 and DoesNotExist. 4419 type: string 4420 values: 4421 description: values is an array of 4422 string values. If the operator is 4423 In or NotIn, the values array must 4424 be non-empty. If the operator is 4425 Exists or DoesNotExist, the values 4426 array must be empty. This array 4427 is replaced during a strategic merge 4428 patch. 4429 items: 4430 type: string 4431 type: array 4432 required: 4433 - key 4434 - operator 4435 type: object 4436 type: array 4437 matchLabels: 4438 additionalProperties: 4439 type: string 4440 description: matchLabels is a map of {key,value} 4441 pairs. A single {key,value} in the matchLabels 4442 map is equivalent to an element of matchExpressions, 4443 whose key field is "key", the operator 4444 is "In", and the values array contains 4445 only "value". The requirements are ANDed. 4446 type: object 4447 type: object 4448 storageClassName: 4449 description: 'Name of the StorageClass required 4450 by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 4451 type: string 4452 volumeMode: 4453 description: volumeMode defines what type of 4454 volume is required by the claim. Value of 4455 Filesystem is implied when not included in 4456 claim spec. 4457 type: string 4458 volumeName: 4459 description: VolumeName is the binding reference 4460 to the PersistentVolume backing this claim. 4461 type: string 4462 type: object 4463 required: 4464 - spec 4465 type: object 4466 type: object 4467 fc: 4468 description: FC represents a Fibre Channel resource that 4469 is attached to a kubelet's host machine and then exposed 4470 to the pod. 4471 properties: 4472 fsType: 4473 description: 'Filesystem type to mount. Must be a filesystem 4474 type supported by the host operating system. Ex. "ext4", 4475 "xfs", "ntfs". Implicitly inferred to be "ext4" if 4476 unspecified. TODO: how do we prevent errors in the 4477 filesystem from compromising the machine' 4478 type: string 4479 lun: 4480 description: 'Optional: FC target lun number' 4481 format: int32 4482 type: integer 4483 readOnly: 4484 description: 'Optional: Defaults to false (read/write). 4485 ReadOnly here will force the ReadOnly setting in VolumeMounts.' 4486 type: boolean 4487 targetWWNs: 4488 description: 'Optional: FC target worldwide names (WWNs)' 4489 items: 4490 type: string 4491 type: array 4492 wwids: 4493 description: 'Optional: FC volume world wide identifiers 4494 (wwids) Either wwids or combination of targetWWNs 4495 and lun must be set, but not both simultaneously.' 4496 items: 4497 type: string 4498 type: array 4499 type: object 4500 flexVolume: 4501 description: FlexVolume represents a generic volume resource 4502 that is provisioned/attached using an exec based plugin. 4503 properties: 4504 driver: 4505 description: Driver is the name of the driver to use 4506 for this volume. 4507 type: string 4508 fsType: 4509 description: Filesystem type to mount. Must be a filesystem 4510 type supported by the host operating system. Ex. "ext4", 4511 "xfs", "ntfs". The default filesystem depends on FlexVolume 4512 script. 4513 type: string 4514 options: 4515 additionalProperties: 4516 type: string 4517 description: 'Optional: Extra command options if any.' 4518 type: object 4519 readOnly: 4520 description: 'Optional: Defaults to false (read/write). 4521 ReadOnly here will force the ReadOnly setting in VolumeMounts.' 4522 type: boolean 4523 secretRef: 4524 description: 'Optional: SecretRef is reference to the 4525 secret object containing sensitive information to 4526 pass to the plugin scripts. This may be empty if no 4527 secret object is specified. If the secret object contains 4528 more than one secret, all secrets are passed to the 4529 plugin scripts.' 4530 properties: 4531 name: 4532 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4533 TODO: Add other useful fields. apiVersion, kind, 4534 uid?' 4535 type: string 4536 type: object 4537 required: 4538 - driver 4539 type: object 4540 flocker: 4541 description: Flocker represents a Flocker volume attached 4542 to a kubelet's host machine. This depends on the Flocker 4543 control service being running 4544 properties: 4545 datasetName: 4546 description: Name of the dataset stored as metadata 4547 -> name on the dataset for Flocker should be considered 4548 as deprecated 4549 type: string 4550 datasetUUID: 4551 description: UUID of the dataset. This is unique identifier 4552 of a Flocker dataset 4553 type: string 4554 type: object 4555 gcePersistentDisk: 4556 description: 'GCEPersistentDisk represents a GCE Disk resource 4557 that is attached to a kubelet''s host machine and then 4558 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4559 properties: 4560 fsType: 4561 description: 'Filesystem type of the volume that you 4562 want to mount. Tip: Ensure that the filesystem type 4563 is supported by the host operating system. Examples: 4564 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 4565 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 4566 TODO: how do we prevent errors in the filesystem from 4567 compromising the machine' 4568 type: string 4569 partition: 4570 description: 'The partition in the volume that you want 4571 to mount. If omitted, the default is to mount by volume 4572 name. Examples: For volume /dev/sda1, you specify 4573 the partition as "1". Similarly, the volume partition 4574 for /dev/sda is "0" (or you can leave the property 4575 empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4576 format: int32 4577 type: integer 4578 pdName: 4579 description: 'Unique name of the PD resource in GCE. 4580 Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4581 type: string 4582 readOnly: 4583 description: 'ReadOnly here will force the ReadOnly 4584 setting in VolumeMounts. Defaults to false. More info: 4585 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4586 type: boolean 4587 required: 4588 - pdName 4589 type: object 4590 gitRepo: 4591 description: 'GitRepo represents a git repository at a particular 4592 revision. DEPRECATED: GitRepo is deprecated. To provision 4593 a container with a git repo, mount an EmptyDir into an 4594 InitContainer that clones the repo using git, then mount 4595 the EmptyDir into the Pod''s container.' 4596 properties: 4597 directory: 4598 description: Target directory name. Must not contain 4599 or start with '..'. If '.' is supplied, the volume 4600 directory will be the git repository. Otherwise, 4601 if specified, the volume will contain the git repository 4602 in the subdirectory with the given name. 4603 type: string 4604 repository: 4605 description: Repository URL 4606 type: string 4607 revision: 4608 description: Commit hash for the specified revision. 4609 type: string 4610 required: 4611 - repository 4612 type: object 4613 glusterfs: 4614 description: 'Glusterfs represents a Glusterfs mount on 4615 the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 4616 properties: 4617 endpoints: 4618 description: 'EndpointsName is the endpoint name that 4619 details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 4620 type: string 4621 path: 4622 description: 'Path is the Glusterfs volume path. More 4623 info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 4624 type: string 4625 readOnly: 4626 description: 'ReadOnly here will force the Glusterfs 4627 volume to be mounted with read-only permissions. Defaults 4628 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 4629 type: boolean 4630 required: 4631 - endpoints 4632 - path 4633 type: object 4634 hostPath: 4635 description: 'HostPath represents a pre-existing file or 4636 directory on the host machine that is directly exposed 4637 to the container. This is generally used for system agents 4638 or other privileged things that are allowed to see the 4639 host machine. Most containers will NOT need this. More 4640 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 4641 --- TODO(jonesdl) We need to restrict who can use host 4642 directory mounts and who can/can not mount host directories 4643 as read/write.' 4644 properties: 4645 path: 4646 description: 'Path of the directory on the host. If 4647 the path is a symlink, it will follow the link to 4648 the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 4649 type: string 4650 type: 4651 description: 'Type for HostPath Volume Defaults to "" 4652 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 4653 type: string 4654 required: 4655 - path 4656 type: object 4657 iscsi: 4658 description: 'ISCSI represents an ISCSI Disk resource that 4659 is attached to a kubelet''s host machine and then exposed 4660 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 4661 properties: 4662 chapAuthDiscovery: 4663 description: whether support iSCSI Discovery CHAP authentication 4664 type: boolean 4665 chapAuthSession: 4666 description: whether support iSCSI Session CHAP authentication 4667 type: boolean 4668 fsType: 4669 description: 'Filesystem type of the volume that you 4670 want to mount. Tip: Ensure that the filesystem type 4671 is supported by the host operating system. Examples: 4672 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 4673 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 4674 TODO: how do we prevent errors in the filesystem from 4675 compromising the machine' 4676 type: string 4677 initiatorName: 4678 description: Custom iSCSI Initiator Name. If initiatorName 4679 is specified with iscsiInterface simultaneously, new 4680 iSCSI interface <target portal>:<volume name> will 4681 be created for the connection. 4682 type: string 4683 iqn: 4684 description: Target iSCSI Qualified Name. 4685 type: string 4686 iscsiInterface: 4687 description: iSCSI Interface Name that uses an iSCSI 4688 transport. Defaults to 'default' (tcp). 4689 type: string 4690 lun: 4691 description: iSCSI Target Lun number. 4692 format: int32 4693 type: integer 4694 portals: 4695 description: iSCSI Target Portal List. The portal is 4696 either an IP or ip_addr:port if the port is other 4697 than default (typically TCP ports 860 and 3260). 4698 items: 4699 type: string 4700 type: array 4701 readOnly: 4702 description: ReadOnly here will force the ReadOnly setting 4703 in VolumeMounts. Defaults to false. 4704 type: boolean 4705 secretRef: 4706 description: CHAP Secret for iSCSI target and initiator 4707 authentication 4708 properties: 4709 name: 4710 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4711 TODO: Add other useful fields. apiVersion, kind, 4712 uid?' 4713 type: string 4714 type: object 4715 targetPortal: 4716 description: iSCSI Target Portal. The Portal is either 4717 an IP or ip_addr:port if the port is other than default 4718 (typically TCP ports 860 and 3260). 4719 type: string 4720 required: 4721 - iqn 4722 - lun 4723 - targetPortal 4724 type: object 4725 name: 4726 description: 'Volume''s name. Must be a DNS_LABEL and unique 4727 within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 4728 type: string 4729 nfs: 4730 description: 'NFS represents an NFS mount on the host that 4731 shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4732 properties: 4733 path: 4734 description: 'Path that is exported by the NFS server. 4735 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4736 type: string 4737 readOnly: 4738 description: 'ReadOnly here will force the NFS export 4739 to be mounted with read-only permissions. Defaults 4740 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4741 type: boolean 4742 server: 4743 description: 'Server is the hostname or IP address of 4744 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4745 type: string 4746 required: 4747 - path 4748 - server 4749 type: object 4750 persistentVolumeClaim: 4751 description: 'PersistentVolumeClaimVolumeSource represents 4752 a reference to a PersistentVolumeClaim in the same namespace. 4753 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 4754 properties: 4755 claimName: 4756 description: 'ClaimName is the name of a PersistentVolumeClaim 4757 in the same namespace as the pod using this volume. 4758 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 4759 type: string 4760 readOnly: 4761 description: Will force the ReadOnly setting in VolumeMounts. 4762 Default false. 4763 type: boolean 4764 required: 4765 - claimName 4766 type: object 4767 photonPersistentDisk: 4768 description: PhotonPersistentDisk represents a PhotonController 4769 persistent disk attached and mounted on kubelets host 4770 machine 4771 properties: 4772 fsType: 4773 description: Filesystem type to mount. Must be a filesystem 4774 type supported by the host operating system. Ex. "ext4", 4775 "xfs", "ntfs". Implicitly inferred to be "ext4" if 4776 unspecified. 4777 type: string 4778 pdID: 4779 description: ID that identifies Photon Controller persistent 4780 disk 4781 type: string 4782 required: 4783 - pdID 4784 type: object 4785 portworxVolume: 4786 description: PortworxVolume represents a portworx volume 4787 attached and mounted on kubelets host machine 4788 properties: 4789 fsType: 4790 description: FSType represents the filesystem type to 4791 mount Must be a filesystem type supported by the host 4792 operating system. Ex. "ext4", "xfs". Implicitly inferred 4793 to be "ext4" if unspecified. 4794 type: string 4795 readOnly: 4796 description: Defaults to false (read/write). ReadOnly 4797 here will force the ReadOnly setting in VolumeMounts. 4798 type: boolean 4799 volumeID: 4800 description: VolumeID uniquely identifies a Portworx 4801 volume 4802 type: string 4803 required: 4804 - volumeID 4805 type: object 4806 projected: 4807 description: Items for all in one resources secrets, configmaps, 4808 and downward API 4809 properties: 4810 defaultMode: 4811 description: Mode bits used to set permissions on created 4812 files by default. Must be an octal value between 0000 4813 and 0777 or a decimal value between 0 and 511. YAML 4814 accepts both octal and decimal values, JSON requires 4815 decimal values for mode bits. Directories within the 4816 path are not affected by this setting. This might 4817 be in conflict with other options that affect the 4818 file mode, like fsGroup, and the result can be other 4819 mode bits set. 4820 format: int32 4821 type: integer 4822 sources: 4823 description: list of volume projections 4824 items: 4825 description: Projection that may be projected along 4826 with other supported volume types 4827 properties: 4828 configMap: 4829 description: information about the configMap data 4830 to project 4831 properties: 4832 items: 4833 description: If unspecified, each key-value 4834 pair in the Data field of the referenced 4835 ConfigMap will be projected into the volume 4836 as a file whose name is the key and content 4837 is the value. If specified, the listed keys 4838 will be projected into the specified paths, 4839 and unlisted keys will not be present. If 4840 a key is specified which is not present 4841 in the ConfigMap, the volume setup will 4842 error unless it is marked optional. Paths 4843 must be relative and may not contain the 4844 '..' path or start with '..'. 4845 items: 4846 description: Maps a string key to a path 4847 within a volume. 4848 properties: 4849 key: 4850 description: The key to project. 4851 type: string 4852 mode: 4853 description: 'Optional: mode bits used 4854 to set permissions on this file. Must 4855 be an octal value between 0000 and 4856 0777 or a decimal value between 0 4857 and 511. YAML accepts both octal and 4858 decimal values, JSON requires decimal 4859 values for mode bits. If not specified, 4860 the volume defaultMode will be used. 4861 This might be in conflict with other 4862 options that affect the file mode, 4863 like fsGroup, and the result can be 4864 other mode bits set.' 4865 format: int32 4866 type: integer 4867 path: 4868 description: The relative path of the 4869 file to map the key to. May not be 4870 an absolute path. May not contain 4871 the path element '..'. May not start 4872 with the string '..'. 4873 type: string 4874 required: 4875 - key 4876 - path 4877 type: object 4878 type: array 4879 name: 4880 description: 'Name of the referent. More info: 4881 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4882 TODO: Add other useful fields. apiVersion, 4883 kind, uid?' 4884 type: string 4885 optional: 4886 description: Specify whether the ConfigMap 4887 or its keys must be defined 4888 type: boolean 4889 type: object 4890 downwardAPI: 4891 description: information about the downwardAPI 4892 data to project 4893 properties: 4894 items: 4895 description: Items is a list of DownwardAPIVolume 4896 file 4897 items: 4898 description: DownwardAPIVolumeFile represents 4899 information to create the file containing 4900 the pod field 4901 properties: 4902 fieldRef: 4903 description: 'Required: Selects a field 4904 of the pod: only annotations, labels, 4905 name and namespace are supported.' 4906 properties: 4907 apiVersion: 4908 description: Version of the schema 4909 the FieldPath is written in terms 4910 of, defaults to "v1". 4911 type: string 4912 fieldPath: 4913 description: Path of the field to 4914 select in the specified API version. 4915 type: string 4916 required: 4917 - fieldPath 4918 type: object 4919 mode: 4920 description: 'Optional: mode bits used 4921 to set permissions on this file, must 4922 be an octal value between 0000 and 4923 0777 or a decimal value between 0 4924 and 511. YAML accepts both octal and 4925 decimal values, JSON requires decimal 4926 values for mode bits. If not specified, 4927 the volume defaultMode will be used. 4928 This might be in conflict with other 4929 options that affect the file mode, 4930 like fsGroup, and the result can be 4931 other mode bits set.' 4932 format: int32 4933 type: integer 4934 path: 4935 description: 'Required: Path is the 4936 relative path name of the file to 4937 be created. Must not be absolute or 4938 contain the ''..'' path. Must be utf-8 4939 encoded. The first item of the relative 4940 path must not start with ''..''' 4941 type: string 4942 resourceFieldRef: 4943 description: 'Selects a resource of 4944 the container: only resources limits 4945 and requests (limits.cpu, limits.memory, 4946 requests.cpu and requests.memory) 4947 are currently supported.' 4948 properties: 4949 containerName: 4950 description: 'Container name: required 4951 for volumes, optional for env 4952 vars' 4953 type: string 4954 divisor: 4955 anyOf: 4956 - type: integer 4957 - type: string 4958 description: Specifies the output 4959 format of the exposed resources, 4960 defaults to "1" 4961 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4962 x-kubernetes-int-or-string: true 4963 resource: 4964 description: 'Required: resource 4965 to select' 4966 type: string 4967 required: 4968 - resource 4969 type: object 4970 required: 4971 - path 4972 type: object 4973 type: array 4974 type: object 4975 secret: 4976 description: information about the secret data 4977 to project 4978 properties: 4979 items: 4980 description: If unspecified, each key-value 4981 pair in the Data field of the referenced 4982 Secret will be projected into the volume 4983 as a file whose name is the key and content 4984 is the value. If specified, the listed keys 4985 will be projected into the specified paths, 4986 and unlisted keys will not be present. If 4987 a key is specified which is not present 4988 in the Secret, the volume setup will error 4989 unless it is marked optional. Paths must 4990 be relative and may not contain the '..' 4991 path or start with '..'. 4992 items: 4993 description: Maps a string key to a path 4994 within a volume. 4995 properties: 4996 key: 4997 description: The key to project. 4998 type: string 4999 mode: 5000 description: 'Optional: mode bits used 5001 to set permissions on this file. Must 5002 be an octal value between 0000 and 5003 0777 or a decimal value between 0 5004 and 511. YAML accepts both octal and 5005 decimal values, JSON requires decimal 5006 values for mode bits. If not specified, 5007 the volume defaultMode will be used. 5008 This might be in conflict with other 5009 options that affect the file mode, 5010 like fsGroup, and the result can be 5011 other mode bits set.' 5012 format: int32 5013 type: integer 5014 path: 5015 description: The relative path of the 5016 file to map the key to. May not be 5017 an absolute path. May not contain 5018 the path element '..'. May not start 5019 with the string '..'. 5020 type: string 5021 required: 5022 - key 5023 - path 5024 type: object 5025 type: array 5026 name: 5027 description: 'Name of the referent. More info: 5028 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5029 TODO: Add other useful fields. apiVersion, 5030 kind, uid?' 5031 type: string 5032 optional: 5033 description: Specify whether the Secret or 5034 its key must be defined 5035 type: boolean 5036 type: object 5037 serviceAccountToken: 5038 description: information about the serviceAccountToken 5039 data to project 5040 properties: 5041 audience: 5042 description: Audience is the intended audience 5043 of the token. A recipient of a token must 5044 identify itself with an identifier specified 5045 in the audience of the token, and otherwise 5046 should reject the token. The audience defaults 5047 to the identifier of the apiserver. 5048 type: string 5049 expirationSeconds: 5050 description: ExpirationSeconds is the requested 5051 duration of validity of the service account 5052 token. As the token approaches expiration, 5053 the kubelet volume plugin will proactively 5054 rotate the service account token. The kubelet 5055 will start trying to rotate the token if 5056 the token is older than 80 percent of its 5057 time to live or if the token is older than 5058 24 hours.Defaults to 1 hour and must be 5059 at least 10 minutes. 5060 format: int64 5061 type: integer 5062 path: 5063 description: Path is the path relative to 5064 the mount point of the file to project the 5065 token into. 5066 type: string 5067 required: 5068 - path 5069 type: object 5070 type: object 5071 type: array 5072 type: object 5073 quobyte: 5074 description: Quobyte represents a Quobyte mount on the host 5075 that shares a pod's lifetime 5076 properties: 5077 group: 5078 description: Group to map volume access to Default is 5079 no group 5080 type: string 5081 readOnly: 5082 description: ReadOnly here will force the Quobyte volume 5083 to be mounted with read-only permissions. Defaults 5084 to false. 5085 type: boolean 5086 registry: 5087 description: Registry represents a single or multiple 5088 Quobyte Registry services specified as a string as 5089 host:port pair (multiple entries are separated with 5090 commas) which acts as the central registry for volumes 5091 type: string 5092 tenant: 5093 description: Tenant owning the given Quobyte volume 5094 in the Backend Used with dynamically provisioned Quobyte 5095 volumes, value is set by the plugin 5096 type: string 5097 user: 5098 description: User to map volume access to Defaults to 5099 serivceaccount user 5100 type: string 5101 volume: 5102 description: Volume is a string that references an already 5103 created Quobyte volume by name. 5104 type: string 5105 required: 5106 - registry 5107 - volume 5108 type: object 5109 rbd: 5110 description: 'RBD represents a Rados Block Device mount 5111 on the host that shares a pod''s lifetime. More info: 5112 https://examples.k8s.io/volumes/rbd/README.md' 5113 properties: 5114 fsType: 5115 description: 'Filesystem type of the volume that you 5116 want to mount. Tip: Ensure that the filesystem type 5117 is supported by the host operating system. Examples: 5118 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 5119 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 5120 TODO: how do we prevent errors in the filesystem from 5121 compromising the machine' 5122 type: string 5123 image: 5124 description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5125 type: string 5126 keyring: 5127 description: 'Keyring is the path to key ring for RBDUser. 5128 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5129 type: string 5130 monitors: 5131 description: 'A collection of Ceph monitors. More info: 5132 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5133 items: 5134 type: string 5135 type: array 5136 pool: 5137 description: 'The rados pool name. Default is rbd. More 5138 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5139 type: string 5140 readOnly: 5141 description: 'ReadOnly here will force the ReadOnly 5142 setting in VolumeMounts. Defaults to false. More info: 5143 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5144 type: boolean 5145 secretRef: 5146 description: 'SecretRef is name of the authentication 5147 secret for RBDUser. If provided overrides keyring. 5148 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5149 properties: 5150 name: 5151 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5152 TODO: Add other useful fields. apiVersion, kind, 5153 uid?' 5154 type: string 5155 type: object 5156 user: 5157 description: 'The rados user name. Default is admin. 5158 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5159 type: string 5160 required: 5161 - image 5162 - monitors 5163 type: object 5164 scaleIO: 5165 description: ScaleIO represents a ScaleIO persistent volume 5166 attached and mounted on Kubernetes nodes. 5167 properties: 5168 fsType: 5169 description: Filesystem type to mount. Must be a filesystem 5170 type supported by the host operating system. Ex. "ext4", 5171 "xfs", "ntfs". Default is "xfs". 5172 type: string 5173 gateway: 5174 description: The host address of the ScaleIO API Gateway. 5175 type: string 5176 protectionDomain: 5177 description: The name of the ScaleIO Protection Domain 5178 for the configured storage. 5179 type: string 5180 readOnly: 5181 description: Defaults to false (read/write). ReadOnly 5182 here will force the ReadOnly setting in VolumeMounts. 5183 type: boolean 5184 secretRef: 5185 description: SecretRef references to the secret for 5186 ScaleIO user and other sensitive information. If this 5187 is not provided, Login operation will fail. 5188 properties: 5189 name: 5190 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5191 TODO: Add other useful fields. apiVersion, kind, 5192 uid?' 5193 type: string 5194 type: object 5195 sslEnabled: 5196 description: Flag to enable/disable SSL communication 5197 with Gateway, default false 5198 type: boolean 5199 storageMode: 5200 description: Indicates whether the storage for a volume 5201 should be ThickProvisioned or ThinProvisioned. Default 5202 is ThinProvisioned. 5203 type: string 5204 storagePool: 5205 description: The ScaleIO Storage Pool associated with 5206 the protection domain. 5207 type: string 5208 system: 5209 description: The name of the storage system as configured 5210 in ScaleIO. 5211 type: string 5212 volumeName: 5213 description: The name of a volume already created in 5214 the ScaleIO system that is associated with this volume 5215 source. 5216 type: string 5217 required: 5218 - gateway 5219 - secretRef 5220 - system 5221 type: object 5222 secret: 5223 description: 'Secret represents a secret that should populate 5224 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 5225 properties: 5226 defaultMode: 5227 description: 'Optional: mode bits used to set permissions 5228 on created files by default. Must be an octal value 5229 between 0000 and 0777 or a decimal value between 0 5230 and 511. YAML accepts both octal and decimal values, 5231 JSON requires decimal values for mode bits. Defaults 5232 to 0644. Directories within the path are not affected 5233 by this setting. This might be in conflict with other 5234 options that affect the file mode, like fsGroup, and 5235 the result can be other mode bits set.' 5236 format: int32 5237 type: integer 5238 items: 5239 description: If unspecified, each key-value pair in 5240 the Data field of the referenced Secret will be projected 5241 into the volume as a file whose name is the key and 5242 content is the value. If specified, the listed keys 5243 will be projected into the specified paths, and unlisted 5244 keys will not be present. If a key is specified which 5245 is not present in the Secret, the volume setup will 5246 error unless it is marked optional. Paths must be 5247 relative and may not contain the '..' path or start 5248 with '..'. 5249 items: 5250 description: Maps a string key to a path within a 5251 volume. 5252 properties: 5253 key: 5254 description: The key to project. 5255 type: string 5256 mode: 5257 description: 'Optional: mode bits used to set 5258 permissions on this file. Must be an octal value 5259 between 0000 and 0777 or a decimal value between 5260 0 and 511. YAML accepts both octal and decimal 5261 values, JSON requires decimal values for mode 5262 bits. If not specified, the volume defaultMode 5263 will be used. This might be in conflict with 5264 other options that affect the file mode, like 5265 fsGroup, and the result can be other mode bits 5266 set.' 5267 format: int32 5268 type: integer 5269 path: 5270 description: The relative path of the file to 5271 map the key to. May not be an absolute path. 5272 May not contain the path element '..'. May not 5273 start with the string '..'. 5274 type: string 5275 required: 5276 - key 5277 - path 5278 type: object 5279 type: array 5280 optional: 5281 description: Specify whether the Secret or its keys 5282 must be defined 5283 type: boolean 5284 secretName: 5285 description: 'Name of the secret in the pod''s namespace 5286 to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 5287 type: string 5288 type: object 5289 storageos: 5290 description: StorageOS represents a StorageOS volume attached 5291 and mounted on Kubernetes nodes. 5292 properties: 5293 fsType: 5294 description: Filesystem type to mount. Must be a filesystem 5295 type supported by the host operating system. Ex. "ext4", 5296 "xfs", "ntfs". Implicitly inferred to be "ext4" if 5297 unspecified. 5298 type: string 5299 readOnly: 5300 description: Defaults to false (read/write). ReadOnly 5301 here will force the ReadOnly setting in VolumeMounts. 5302 type: boolean 5303 secretRef: 5304 description: SecretRef specifies the secret to use for 5305 obtaining the StorageOS API credentials. If not specified, 5306 default values will be attempted. 5307 properties: 5308 name: 5309 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5310 TODO: Add other useful fields. apiVersion, kind, 5311 uid?' 5312 type: string 5313 type: object 5314 volumeName: 5315 description: VolumeName is the human-readable name of 5316 the StorageOS volume. Volume names are only unique 5317 within a namespace. 5318 type: string 5319 volumeNamespace: 5320 description: VolumeNamespace specifies the scope of 5321 the volume within StorageOS. If no namespace is specified 5322 then the Pod's namespace will be used. This allows 5323 the Kubernetes name scoping to be mirrored within 5324 StorageOS for tighter integration. Set VolumeName 5325 to any name to override the default behaviour. Set 5326 to "default" if you are not using namespaces within 5327 StorageOS. Namespaces that do not pre-exist within 5328 StorageOS will be created. 5329 type: string 5330 type: object 5331 vsphereVolume: 5332 description: VsphereVolume represents a vSphere volume attached 5333 and mounted on kubelets host machine 5334 properties: 5335 fsType: 5336 description: Filesystem type to mount. Must be a filesystem 5337 type supported by the host operating system. Ex. "ext4", 5338 "xfs", "ntfs". Implicitly inferred to be "ext4" if 5339 unspecified. 5340 type: string 5341 storagePolicyID: 5342 description: Storage Policy Based Management (SPBM) 5343 profile ID associated with the StoragePolicyName. 5344 type: string 5345 storagePolicyName: 5346 description: Storage Policy Based Management (SPBM) 5347 profile name. 5348 type: string 5349 volumePath: 5350 description: Path that identifies vSphere volume vmdk 5351 type: string 5352 required: 5353 - volumePath 5354 type: object 5355 required: 5356 - name 5357 type: object 5358 type: array 5359 type: object 5360 repositoryCredentials: 5361 description: RepositoryCredentials are the Git pull credentials to 5362 configure Argo CD with upon creation of the cluster. 5363 type: string 5364 resourceCustomizations: 5365 description: 'ResourceCustomizations customizes resource behavior. 5366 Keys are in the form: group/Kind.' 5367 type: string 5368 resourceExclusions: 5369 description: ResourceExclusions is used to completely ignore entire 5370 classes of resource group/kinds. 5371 type: string 5372 resourceInclusions: 5373 description: ResourceInclusions is used to only include specific group/kinds 5374 in the reconciliation process. 5375 type: string 5376 resourceTrackingMethod: 5377 description: ResourceTrackingMethod defines how Argo CD should track 5378 resources that it manages 5379 type: string 5380 server: 5381 description: Server defines the options for the ArgoCD Server component. 5382 properties: 5383 autoscale: 5384 description: Autoscale defines the autoscale options for the Argo 5385 CD Server component. 5386 properties: 5387 enabled: 5388 description: Enabled will toggle autoscaling support for the 5389 Argo CD Server component. 5390 type: boolean 5391 hpa: 5392 description: HPA defines the HorizontalPodAutoscaler options 5393 for the Argo CD Server component. 5394 properties: 5395 maxReplicas: 5396 description: upper limit for the number of pods that can 5397 be set by the autoscaler; cannot be smaller than MinReplicas. 5398 format: int32 5399 type: integer 5400 minReplicas: 5401 description: minReplicas is the lower limit for the number 5402 of replicas to which the autoscaler can scale down. It 5403 defaults to 1 pod. minReplicas is allowed to be 0 if 5404 the alpha feature gate HPAScaleToZero is enabled and 5405 at least one Object or External metric is configured. Scaling 5406 is active as long as at least one metric value is available. 5407 format: int32 5408 type: integer 5409 scaleTargetRef: 5410 description: reference to scaled resource; horizontal 5411 pod autoscaler will learn the current resource consumption 5412 and will set the desired number of pods by using its 5413 Scale subresource. 5414 properties: 5415 apiVersion: 5416 description: API version of the referent 5417 type: string 5418 kind: 5419 description: 'Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' 5420 type: string 5421 name: 5422 description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' 5423 type: string 5424 required: 5425 - kind 5426 - name 5427 type: object 5428 targetCPUUtilizationPercentage: 5429 description: target average CPU utilization (represented 5430 as a percentage of requested CPU) over all the pods; 5431 if not specified the default autoscaling policy will 5432 be used. 5433 format: int32 5434 type: integer 5435 required: 5436 - maxReplicas 5437 - scaleTargetRef 5438 type: object 5439 required: 5440 - enabled 5441 type: object 5442 env: 5443 description: Env lets you specify environment for API server pods 5444 items: 5445 description: EnvVar represents an environment variable present 5446 in a Container. 5447 properties: 5448 name: 5449 description: Name of the environment variable. Must be a 5450 C_IDENTIFIER. 5451 type: string 5452 value: 5453 description: 'Variable references $(VAR_NAME) are expanded 5454 using the previously defined environment variables in 5455 the container and any service environment variables. If 5456 a variable cannot be resolved, the reference in the input 5457 string will be unchanged. Double $$ are reduced to a single 5458 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 5459 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 5460 Escaped references will never be expanded, regardless 5461 of whether the variable exists or not. Defaults to "".' 5462 type: string 5463 valueFrom: 5464 description: Source for the environment variable's value. 5465 Cannot be used if value is not empty. 5466 properties: 5467 configMapKeyRef: 5468 description: Selects a key of a ConfigMap. 5469 properties: 5470 key: 5471 description: The key to select. 5472 type: string 5473 name: 5474 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5475 TODO: Add other useful fields. apiVersion, kind, 5476 uid?' 5477 type: string 5478 optional: 5479 description: Specify whether the ConfigMap or its 5480 key must be defined 5481 type: boolean 5482 required: 5483 - key 5484 type: object 5485 fieldRef: 5486 description: 'Selects a field of the pod: supports metadata.name, 5487 metadata.namespace, `metadata.labels[''<KEY>'']`, 5488 `metadata.annotations[''<KEY>'']`, spec.nodeName, 5489 spec.serviceAccountName, status.hostIP, status.podIP, 5490 status.podIPs.' 5491 properties: 5492 apiVersion: 5493 description: Version of the schema the FieldPath 5494 is written in terms of, defaults to "v1". 5495 type: string 5496 fieldPath: 5497 description: Path of the field to select in the 5498 specified API version. 5499 type: string 5500 required: 5501 - fieldPath 5502 type: object 5503 resourceFieldRef: 5504 description: 'Selects a resource of the container: only 5505 resources limits and requests (limits.cpu, limits.memory, 5506 limits.ephemeral-storage, requests.cpu, requests.memory 5507 and requests.ephemeral-storage) are currently supported.' 5508 properties: 5509 containerName: 5510 description: 'Container name: required for volumes, 5511 optional for env vars' 5512 type: string 5513 divisor: 5514 anyOf: 5515 - type: integer 5516 - type: string 5517 description: Specifies the output format of the 5518 exposed resources, defaults to "1" 5519 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5520 x-kubernetes-int-or-string: true 5521 resource: 5522 description: 'Required: resource to select' 5523 type: string 5524 required: 5525 - resource 5526 type: object 5527 secretKeyRef: 5528 description: Selects a key of a secret in the pod's 5529 namespace 5530 properties: 5531 key: 5532 description: The key of the secret to select from. Must 5533 be a valid secret key. 5534 type: string 5535 name: 5536 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5537 TODO: Add other useful fields. apiVersion, kind, 5538 uid?' 5539 type: string 5540 optional: 5541 description: Specify whether the Secret or its key 5542 must be defined 5543 type: boolean 5544 required: 5545 - key 5546 type: object 5547 type: object 5548 required: 5549 - name 5550 type: object 5551 type: array 5552 extraCommandArgs: 5553 description: Extra Command arguments that would append to the 5554 Argo CD server command. ExtraCommandArgs will not be added, 5555 if one of these commands is already part of the server command 5556 with same or different value. 5557 items: 5558 type: string 5559 type: array 5560 grpc: 5561 description: GRPC defines the state for the Argo CD Server GRPC 5562 options. 5563 properties: 5564 host: 5565 description: Host is the hostname to use for Ingress/Route 5566 resources. 5567 type: string 5568 ingress: 5569 description: Ingress defines the desired state for the Argo 5570 CD Server GRPC Ingress. 5571 properties: 5572 annotations: 5573 additionalProperties: 5574 type: string 5575 description: Annotations is the map of annotations to 5576 apply to the Ingress. 5577 type: object 5578 enabled: 5579 description: Enabled will toggle the creation of the Ingress. 5580 type: boolean 5581 ingressClassName: 5582 description: IngressClassName for the Ingress resource. 5583 type: string 5584 path: 5585 description: Path used for the Ingress resource. 5586 type: string 5587 tls: 5588 description: TLS configuration. Currently the Ingress 5589 only supports a single TLS port, 443. If multiple members 5590 of this list specify different hosts, they will be multiplexed 5591 on the same port according to the hostname specified 5592 through the SNI TLS extension, if the ingress controller 5593 fulfilling the ingress supports SNI. 5594 items: 5595 description: IngressTLS describes the transport layer 5596 security associated with an Ingress. 5597 properties: 5598 hosts: 5599 description: Hosts are a list of hosts included 5600 in the TLS certificate. The values in this list 5601 must match the name/s used in the tlsSecret. Defaults 5602 to the wildcard host setting for the loadbalancer 5603 controller fulfilling this Ingress, if left unspecified. 5604 items: 5605 type: string 5606 type: array 5607 x-kubernetes-list-type: atomic 5608 secretName: 5609 description: SecretName is the name of the secret 5610 used to terminate TLS traffic on port 443. Field 5611 is left optional to allow TLS routing based on 5612 SNI hostname alone. If the SNI host in a listener 5613 conflicts with the "Host" header field used by 5614 an IngressRule, the SNI host is used for termination 5615 and value of the Host header is used for routing. 5616 type: string 5617 type: object 5618 type: array 5619 required: 5620 - enabled 5621 type: object 5622 type: object 5623 host: 5624 description: Host is the hostname to use for Ingress/Route resources. 5625 type: string 5626 ingress: 5627 description: Ingress defines the desired state for an Ingress 5628 for the Argo CD Server component. 5629 properties: 5630 annotations: 5631 additionalProperties: 5632 type: string 5633 description: Annotations is the map of annotations to apply 5634 to the Ingress. 5635 type: object 5636 enabled: 5637 description: Enabled will toggle the creation of the Ingress. 5638 type: boolean 5639 ingressClassName: 5640 description: IngressClassName for the Ingress resource. 5641 type: string 5642 path: 5643 description: Path used for the Ingress resource. 5644 type: string 5645 tls: 5646 description: TLS configuration. Currently the Ingress only 5647 supports a single TLS port, 443. If multiple members of 5648 this list specify different hosts, they will be multiplexed 5649 on the same port according to the hostname specified through 5650 the SNI TLS extension, if the ingress controller fulfilling 5651 the ingress supports SNI. 5652 items: 5653 description: IngressTLS describes the transport layer security 5654 associated with an Ingress. 5655 properties: 5656 hosts: 5657 description: Hosts are a list of hosts included in the 5658 TLS certificate. The values in this list must match 5659 the name/s used in the tlsSecret. Defaults to the 5660 wildcard host setting for the loadbalancer controller 5661 fulfilling this Ingress, if left unspecified. 5662 items: 5663 type: string 5664 type: array 5665 x-kubernetes-list-type: atomic 5666 secretName: 5667 description: SecretName is the name of the secret used 5668 to terminate TLS traffic on port 443. Field is left 5669 optional to allow TLS routing based on SNI hostname 5670 alone. If the SNI host in a listener conflicts with 5671 the "Host" header field used by an IngressRule, the 5672 SNI host is used for termination and value of the 5673 Host header is used for routing. 5674 type: string 5675 type: object 5676 type: array 5677 required: 5678 - enabled 5679 type: object 5680 insecure: 5681 description: Insecure toggles the insecure flag. 5682 type: boolean 5683 logFormat: 5684 description: LogFormat refers to the log level to be used by the 5685 ArgoCD Server component. Defaults to ArgoCDDefaultLogFormat 5686 if not configured. Valid options are text or json. 5687 type: string 5688 logLevel: 5689 description: LogLevel refers to the log level to be used by the 5690 ArgoCD Server component. Defaults to ArgoCDDefaultLogLevel if 5691 not set. Valid options are debug, info, error, and warn. 5692 type: string 5693 replicas: 5694 description: Replicas defines the number of replicas for argocd-server. 5695 Default is nil. Value should be greater than or equal to 0. 5696 Value will be ignored if Autoscaler is enabled. 5697 format: int32 5698 type: integer 5699 resources: 5700 description: Resources defines the Compute Resources required 5701 by the container for the Argo CD server component. 5702 properties: 5703 limits: 5704 additionalProperties: 5705 anyOf: 5706 - type: integer 5707 - type: string 5708 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5709 x-kubernetes-int-or-string: true 5710 description: 'Limits describes the maximum amount of compute 5711 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5712 type: object 5713 requests: 5714 additionalProperties: 5715 anyOf: 5716 - type: integer 5717 - type: string 5718 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5719 x-kubernetes-int-or-string: true 5720 description: 'Requests describes the minimum amount of compute 5721 resources required. If Requests is omitted for a container, 5722 it defaults to Limits if that is explicitly specified, otherwise 5723 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5724 type: object 5725 type: object 5726 route: 5727 description: Route defines the desired state for an OpenShift 5728 Route for the Argo CD Server component. 5729 properties: 5730 annotations: 5731 additionalProperties: 5732 type: string 5733 description: Annotations is the map of annotations to use 5734 for the Route resource. 5735 type: object 5736 enabled: 5737 description: Enabled will toggle the creation of the OpenShift 5738 Route. 5739 type: boolean 5740 labels: 5741 additionalProperties: 5742 type: string 5743 description: Labels is the map of labels to use for the Route 5744 resource 5745 type: object 5746 path: 5747 description: Path the router watches for, to route traffic 5748 for to the service. 5749 type: string 5750 tls: 5751 description: TLS provides the ability to configure certificates 5752 and termination for the Route. 5753 properties: 5754 caCertificate: 5755 description: caCertificate provides the cert authority 5756 certificate contents 5757 type: string 5758 certificate: 5759 description: certificate provides certificate contents 5760 type: string 5761 destinationCACertificate: 5762 description: destinationCACertificate provides the contents 5763 of the ca certificate of the final destination. When 5764 using reencrypt termination this file should be provided 5765 in order to have routers use it for health checks on 5766 the secure connection. If this field is not specified, 5767 the router may provide its own destination CA and perform 5768 hostname validation using the short service name (service.namespace.svc), 5769 which allows infrastructure generated certificates to 5770 automatically verify. 5771 type: string 5772 insecureEdgeTerminationPolicy: 5773 description: "insecureEdgeTerminationPolicy indicates 5774 the desired behavior for insecure connections to a route. 5775 While each router may make its own decisions on which 5776 ports to expose, this is normally port 80. \n * Allow 5777 - traffic is sent to the server on the insecure port 5778 (default) * Disable - no traffic is allowed on the insecure 5779 port. * Redirect - clients are redirected to the secure 5780 port." 5781 type: string 5782 key: 5783 description: key provides key file contents 5784 type: string 5785 termination: 5786 description: termination indicates termination type. 5787 type: string 5788 required: 5789 - termination 5790 type: object 5791 wildcardPolicy: 5792 description: WildcardPolicy if any for the route. Currently 5793 only 'Subdomain' or 'None' is allowed. 5794 type: string 5795 required: 5796 - enabled 5797 type: object 5798 service: 5799 description: Service defines the options for the Service backing 5800 the ArgoCD Server component. 5801 properties: 5802 type: 5803 description: Type is the ServiceType to use for the Service 5804 resource. 5805 type: string 5806 required: 5807 - type 5808 type: object 5809 type: object 5810 sso: 5811 description: SSO defines the Single Sign-on configuration for Argo 5812 CD 5813 properties: 5814 dex: 5815 description: Dex contains the configuration for Argo CD dex authentication 5816 properties: 5817 config: 5818 description: Config is the dex connector configuration. 5819 type: string 5820 groups: 5821 description: Optional list of required groups a user must 5822 be a member of 5823 items: 5824 type: string 5825 type: array 5826 image: 5827 description: Image is the Dex container image. 5828 type: string 5829 openShiftOAuth: 5830 description: OpenShiftOAuth enables OpenShift OAuth authentication 5831 for the Dex server. 5832 type: boolean 5833 resources: 5834 description: Resources defines the Compute Resources required 5835 by the container for Dex. 5836 properties: 5837 limits: 5838 additionalProperties: 5839 anyOf: 5840 - type: integer 5841 - type: string 5842 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5843 x-kubernetes-int-or-string: true 5844 description: 'Limits describes the maximum amount of compute 5845 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5846 type: object 5847 requests: 5848 additionalProperties: 5849 anyOf: 5850 - type: integer 5851 - type: string 5852 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5853 x-kubernetes-int-or-string: true 5854 description: 'Requests describes the minimum amount of 5855 compute resources required. If Requests is omitted for 5856 a container, it defaults to Limits if that is explicitly 5857 specified, otherwise to an implementation-defined value. 5858 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5859 type: object 5860 type: object 5861 version: 5862 description: Version is the Dex container image tag. 5863 type: string 5864 type: object 5865 image: 5866 description: Image is the SSO container image. 5867 type: string 5868 keycloak: 5869 description: Keycloak contains the configuration for Argo CD keycloak 5870 authentication 5871 properties: 5872 image: 5873 description: Image is the Keycloak container image. 5874 type: string 5875 resources: 5876 description: Resources defines the Compute Resources required 5877 by the container for Keycloak. 5878 properties: 5879 limits: 5880 additionalProperties: 5881 anyOf: 5882 - type: integer 5883 - type: string 5884 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5885 x-kubernetes-int-or-string: true 5886 description: 'Limits describes the maximum amount of compute 5887 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5888 type: object 5889 requests: 5890 additionalProperties: 5891 anyOf: 5892 - type: integer 5893 - type: string 5894 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5895 x-kubernetes-int-or-string: true 5896 description: 'Requests describes the minimum amount of 5897 compute resources required. If Requests is omitted for 5898 a container, it defaults to Limits if that is explicitly 5899 specified, otherwise to an implementation-defined value. 5900 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5901 type: object 5902 type: object 5903 verifyTLS: 5904 description: VerifyTLS set to false disables strict TLS validation. 5905 type: boolean 5906 version: 5907 description: Version is the Keycloak container image tag. 5908 type: string 5909 type: object 5910 provider: 5911 description: Provider installs and configures the given SSO Provider 5912 with Argo CD. 5913 type: string 5914 resources: 5915 description: Resources defines the Compute Resources required 5916 by the container for SSO. 5917 properties: 5918 limits: 5919 additionalProperties: 5920 anyOf: 5921 - type: integer 5922 - type: string 5923 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5924 x-kubernetes-int-or-string: true 5925 description: 'Limits describes the maximum amount of compute 5926 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5927 type: object 5928 requests: 5929 additionalProperties: 5930 anyOf: 5931 - type: integer 5932 - type: string 5933 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5934 x-kubernetes-int-or-string: true 5935 description: 'Requests describes the minimum amount of compute 5936 resources required. If Requests is omitted for a container, 5937 it defaults to Limits if that is explicitly specified, otherwise 5938 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5939 type: object 5940 type: object 5941 verifyTLS: 5942 description: VerifyTLS set to false disables strict TLS validation. 5943 type: boolean 5944 version: 5945 description: Version is the SSO container image tag. 5946 type: string 5947 type: object 5948 statusBadgeEnabled: 5949 description: StatusBadgeEnabled toggles application status badge feature. 5950 type: boolean 5951 tls: 5952 description: TLS defines the TLS options for ArgoCD. 5953 properties: 5954 ca: 5955 description: CA defines the CA options. 5956 properties: 5957 configMapName: 5958 description: ConfigMapName is the name of the ConfigMap containing 5959 the CA Certificate. 5960 type: string 5961 secretName: 5962 description: SecretName is the name of the Secret containing 5963 the CA Certificate and Key. 5964 type: string 5965 type: object 5966 initialCerts: 5967 additionalProperties: 5968 type: string 5969 description: InitialCerts defines custom TLS certificates upon 5970 creation of the cluster for connecting Git repositories via 5971 HTTPS. 5972 type: object 5973 type: object 5974 usersAnonymousEnabled: 5975 description: UsersAnonymousEnabled toggles anonymous user access. 5976 The anonymous users get default role permissions specified argocd-rbac-cm. 5977 type: boolean 5978 version: 5979 description: Version is the tag to use with the ArgoCD container image 5980 for all ArgoCD components. 5981 type: string 5982 type: object 5983 status: 5984 description: ArgoCDStatus defines the observed state of ArgoCD 5985 properties: 5986 applicationController: 5987 description: 'ApplicationController is a simple, high-level summary 5988 of where the Argo CD application controller component is in its 5989 lifecycle. There are five possible ApplicationController values: 5990 Pending: The Argo CD application controller component has been accepted 5991 by the Kubernetes system, but one or more of the required resources 5992 have not been created. Running: All of the required Pods for the 5993 Argo CD application controller component are in a Ready state. Failed: 5994 At least one of the Argo CD application controller component Pods 5995 had a failure. Unknown: For some reason the state of the Argo CD 5996 application controller component could not be obtained.' 5997 type: string 5998 dex: 5999 description: 'Dex is a simple, high-level summary of where the Argo 6000 CD Dex component is in its lifecycle. There are five possible dex 6001 values: Pending: The Argo CD Dex component has been accepted by 6002 the Kubernetes system, but one or more of the required resources 6003 have not been created. Running: All of the required Pods for the 6004 Argo CD Dex component are in a Ready state. Failed: At least one 6005 of the Argo CD Dex component Pods had a failure. Unknown: For some 6006 reason the state of the Argo CD Dex component could not be obtained.' 6007 type: string 6008 host: 6009 description: Host is the hostname of the Ingress. 6010 type: string 6011 notificationsController: 6012 description: 'NotificationsController is a simple, high-level summary 6013 of where the Argo CD notifications controller component is in its 6014 lifecycle. There are five possible NotificationsController values: 6015 Pending: The Argo CD notifications controller component has been 6016 accepted by the Kubernetes system, but one or more of the required 6017 resources have not been created. Running: All of the required Pods 6018 for the Argo CD notifications controller component are in a Ready 6019 state. Failed: At least one of the Argo CD notifications controller 6020 component Pods had a failure. Unknown: For some reason the state 6021 of the Argo CD notifications controller component could not be obtained.' 6022 type: string 6023 phase: 6024 description: 'Phase is a simple, high-level summary of where the ArgoCD 6025 is in its lifecycle. There are five possible phase values: Pending: 6026 The ArgoCD has been accepted by the Kubernetes system, but one or 6027 more of the required resources have not been created. Available: 6028 All of the resources for the ArgoCD are ready. Failed: At least 6029 one resource has experienced a failure. Unknown: For some reason 6030 the state of the ArgoCD phase could not be obtained.' 6031 type: string 6032 redis: 6033 description: 'Redis is a simple, high-level summary of where the Argo 6034 CD Redis component is in its lifecycle. There are five possible 6035 redis values: Pending: The Argo CD Redis component has been accepted 6036 by the Kubernetes system, but one or more of the required resources 6037 have not been created. Running: All of the required Pods for the 6038 Argo CD Redis component are in a Ready state. Failed: At least one 6039 of the Argo CD Redis component Pods had a failure. Unknown: For 6040 some reason the state of the Argo CD Redis component could not be 6041 obtained.' 6042 type: string 6043 redisTLSChecksum: 6044 description: RedisTLSChecksum contains the SHA256 checksum of the 6045 latest known state of tls.crt and tls.key in the argocd-operator-redis-tls 6046 secret. 6047 type: string 6048 repo: 6049 description: 'Repo is a simple, high-level summary of where the Argo 6050 CD Repo component is in its lifecycle. There are five possible repo 6051 values: Pending: The Argo CD Repo component has been accepted by 6052 the Kubernetes system, but one or more of the required resources 6053 have not been created. Running: All of the required Pods for the 6054 Argo CD Repo component are in a Ready state. Failed: At least one 6055 of the Argo CD Repo component Pods had a failure. Unknown: For 6056 some reason the state of the Argo CD Repo component could not be 6057 obtained.' 6058 type: string 6059 repoTLSChecksum: 6060 description: RepoTLSChecksum contains the SHA256 checksum of the latest 6061 known state of tls.crt and tls.key in the argocd-repo-server-tls 6062 secret. 6063 type: string 6064 server: 6065 description: 'Server is a simple, high-level summary of where the 6066 Argo CD server component is in its lifecycle. There are five possible 6067 server values: Pending: The Argo CD server component has been accepted 6068 by the Kubernetes system, but one or more of the required resources 6069 have not been created. Running: All of the required Pods for the 6070 Argo CD server component are in a Ready state. Failed: At least 6071 one of the Argo CD server component Pods had a failure. Unknown: 6072 For some reason the state of the Argo CD server component could 6073 not be obtained.' 6074 type: string 6075 ssoConfig: 6076 description: 'SSOConfig defines the status of SSO configuration. Success: 6077 Only one SSO provider is configured in CR. Failed: SSO configuration 6078 is illegal or more than one SSO providers are configured in CR. 6079 Unknown: For some reason the SSO configuration could not be obtained.' 6080 type: string 6081 type: object 6082 type: object 6083 served: true 6084 storage: true 6085 subresources: 6086 status: {} 6087 status: 6088 acceptedNames: 6089 kind: "" 6090 plural: "" 6091 conditions: [] 6092 storedVersions: []