github.com/argoproj-labs/argocd-operator@v0.10.0/deploy/olm-catalog/argocd-operator/0.5.0/argoproj.io_argocds.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 controller-gen.kubebuilder.io/version: v0.6.1 6 creationTimestamp: null 7 name: argocds.argoproj.io 8 spec: 9 group: argoproj.io 10 names: 11 kind: ArgoCD 12 listKind: ArgoCDList 13 plural: argocds 14 singular: argocd 15 scope: Namespaced 16 versions: 17 - name: v1alpha1 18 schema: 19 openAPIV3Schema: 20 description: ArgoCD is the Schema for the argocds API 21 properties: 22 apiVersion: 23 description: 'APIVersion defines the versioned schema of this representation 24 of an object. Servers should convert recognized schemas to the latest 25 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 26 type: string 27 kind: 28 description: 'Kind is a string value representing the REST resource this 29 object represents. Servers may infer this from the endpoint the client 30 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 31 type: string 32 metadata: 33 type: object 34 spec: 35 description: ArgoCDSpec defines the desired state of ArgoCD 36 properties: 37 applicationInstanceLabelKey: 38 description: ApplicationInstanceLabelKey is the key name where Argo 39 CD injects the app name as a tracking label. 40 type: string 41 applicationSet: 42 description: ArgoCDApplicationSet defines whether the Argo CD ApplicationSet 43 controller should be installed. 44 properties: 45 image: 46 description: Image is the Argo CD ApplicationSet image (optional) 47 type: string 48 logLevel: 49 description: LogLevel describes the log level that should be used 50 by the ApplicationSet controller. Defaults to ArgoCDDefaultLogLevel 51 if not set. Valid options are debug,info, error, and warn. 52 type: string 53 resources: 54 description: Resources defines the Compute Resources required 55 by the container for ApplicationSet. 56 properties: 57 limits: 58 additionalProperties: 59 anyOf: 60 - type: integer 61 - type: string 62 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 63 x-kubernetes-int-or-string: true 64 description: 'Limits describes the maximum amount of compute 65 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 66 type: object 67 requests: 68 additionalProperties: 69 anyOf: 70 - type: integer 71 - type: string 72 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 73 x-kubernetes-int-or-string: true 74 description: 'Requests describes the minimum amount of compute 75 resources required. If Requests is omitted for a container, 76 it defaults to Limits if that is explicitly specified, otherwise 77 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 78 type: object 79 type: object 80 version: 81 description: Version is the Argo CD ApplicationSet image tag. 82 (optional) 83 type: string 84 webhookServer: 85 description: WebhookServerSpec defines the options for the ApplicationSet 86 Webhook Server component. 87 properties: 88 host: 89 description: Host is the hostname to use for Ingress/Route 90 resources. 91 type: string 92 ingress: 93 description: Ingress defines the desired state for an Ingress 94 for the Application set webhook component. 95 properties: 96 annotations: 97 additionalProperties: 98 type: string 99 description: Annotations is the map of annotations to 100 apply to the Ingress. 101 type: object 102 enabled: 103 description: Enabled will toggle the creation of the Ingress. 104 type: boolean 105 ingressClassName: 106 description: IngressClassName for the Ingress resource. 107 type: string 108 path: 109 description: Path used for the Ingress resource. 110 type: string 111 tls: 112 description: TLS configuration. Currently the Ingress 113 only supports a single TLS port, 443. If multiple members 114 of this list specify different hosts, they will be multiplexed 115 on the same port according to the hostname specified 116 through the SNI TLS extension, if the ingress controller 117 fulfilling the ingress supports SNI. 118 items: 119 description: IngressTLS describes the transport layer 120 security associated with an Ingress. 121 properties: 122 hosts: 123 description: Hosts are a list of hosts included 124 in the TLS certificate. The values in this list 125 must match the name/s used in the tlsSecret. Defaults 126 to the wildcard host setting for the loadbalancer 127 controller fulfilling this Ingress, if left unspecified. 128 items: 129 type: string 130 type: array 131 x-kubernetes-list-type: atomic 132 secretName: 133 description: SecretName is the name of the secret 134 used to terminate TLS traffic on port 443. Field 135 is left optional to allow TLS routing based on 136 SNI hostname alone. If the SNI host in a listener 137 conflicts with the "Host" header field used by 138 an IngressRule, the SNI host is used for termination 139 and value of the Host header is used for routing. 140 type: string 141 type: object 142 type: array 143 required: 144 - enabled 145 type: object 146 route: 147 description: Route defines the desired state for an OpenShift 148 Route for the Application set webhook component. 149 properties: 150 annotations: 151 additionalProperties: 152 type: string 153 description: Annotations is the map of annotations to 154 use for the Route resource. 155 type: object 156 enabled: 157 description: Enabled will toggle the creation of the OpenShift 158 Route. 159 type: boolean 160 labels: 161 additionalProperties: 162 type: string 163 description: Labels is the map of labels to use for the 164 Route resource 165 type: object 166 path: 167 description: Path the router watches for, to route traffic 168 for to the service. 169 type: string 170 tls: 171 description: TLS provides the ability to configure certificates 172 and termination for the Route. 173 properties: 174 caCertificate: 175 description: caCertificate provides the cert authority 176 certificate contents 177 type: string 178 certificate: 179 description: certificate provides certificate contents 180 type: string 181 destinationCACertificate: 182 description: destinationCACertificate provides the 183 contents of the ca certificate of the final destination. When 184 using reencrypt termination this file should be 185 provided in order to have routers use it for health 186 checks on the secure connection. If this field is 187 not specified, the router may provide its own destination 188 CA and perform hostname validation using the short 189 service name (service.namespace.svc), which allows 190 infrastructure generated certificates to automatically 191 verify. 192 type: string 193 insecureEdgeTerminationPolicy: 194 description: "insecureEdgeTerminationPolicy indicates 195 the desired behavior for insecure connections to 196 a route. While each router may make its own decisions 197 on which ports to expose, this is normally port 198 80. \n * Allow - traffic is sent to the server on 199 the insecure port (default) * Disable - no traffic 200 is allowed on the insecure port. * Redirect - clients 201 are redirected to the secure port." 202 type: string 203 key: 204 description: key provides key file contents 205 type: string 206 termination: 207 description: termination indicates termination type. 208 type: string 209 required: 210 - termination 211 type: object 212 wildcardPolicy: 213 description: WildcardPolicy if any for the route. Currently 214 only 'Subdomain' or 'None' is allowed. 215 type: string 216 required: 217 - enabled 218 type: object 219 type: object 220 type: object 221 banner: 222 description: Banner defines an additional banner to be displayed in 223 Argo CD UI 224 properties: 225 content: 226 description: Content defines the banner message content to display 227 type: string 228 url: 229 description: URL defines an optional URL to be used as banner 230 message link 231 type: string 232 required: 233 - content 234 type: object 235 configManagementPlugins: 236 description: ConfigManagementPlugins is used to specify additional 237 config management plugins. 238 type: string 239 controller: 240 description: Controller defines the Application Controller options 241 for ArgoCD. 242 properties: 243 appSync: 244 description: "AppSync is used to control the sync frequency, by 245 default the ArgoCD controller polls Git every 3m. \n Set this 246 to a duration, e.g. 10m or 600s to control the synchronisation 247 frequency." 248 type: string 249 env: 250 description: Env lets you specify environment for application 251 controller pods 252 items: 253 description: EnvVar represents an environment variable present 254 in a Container. 255 properties: 256 name: 257 description: Name of the environment variable. Must be a 258 C_IDENTIFIER. 259 type: string 260 value: 261 description: 'Variable references $(VAR_NAME) are expanded 262 using the previously defined environment variables in 263 the container and any service environment variables. If 264 a variable cannot be resolved, the reference in the input 265 string will be unchanged. Double $$ are reduced to a single 266 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 267 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 268 Escaped references will never be expanded, regardless 269 of whether the variable exists or not. Defaults to "".' 270 type: string 271 valueFrom: 272 description: Source for the environment variable's value. 273 Cannot be used if value is not empty. 274 properties: 275 configMapKeyRef: 276 description: Selects a key of a ConfigMap. 277 properties: 278 key: 279 description: The key to select. 280 type: string 281 name: 282 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 283 TODO: Add other useful fields. apiVersion, kind, 284 uid?' 285 type: string 286 optional: 287 description: Specify whether the ConfigMap or its 288 key must be defined 289 type: boolean 290 required: 291 - key 292 type: object 293 fieldRef: 294 description: 'Selects a field of the pod: supports metadata.name, 295 metadata.namespace, `metadata.labels[''<KEY>'']`, 296 `metadata.annotations[''<KEY>'']`, spec.nodeName, 297 spec.serviceAccountName, status.hostIP, status.podIP, 298 status.podIPs.' 299 properties: 300 apiVersion: 301 description: Version of the schema the FieldPath 302 is written in terms of, defaults to "v1". 303 type: string 304 fieldPath: 305 description: Path of the field to select in the 306 specified API version. 307 type: string 308 required: 309 - fieldPath 310 type: object 311 resourceFieldRef: 312 description: 'Selects a resource of the container: only 313 resources limits and requests (limits.cpu, limits.memory, 314 limits.ephemeral-storage, requests.cpu, requests.memory 315 and requests.ephemeral-storage) are currently supported.' 316 properties: 317 containerName: 318 description: 'Container name: required for volumes, 319 optional for env vars' 320 type: string 321 divisor: 322 anyOf: 323 - type: integer 324 - type: string 325 description: Specifies the output format of the 326 exposed resources, defaults to "1" 327 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 328 x-kubernetes-int-or-string: true 329 resource: 330 description: 'Required: resource to select' 331 type: string 332 required: 333 - resource 334 type: object 335 secretKeyRef: 336 description: Selects a key of a secret in the pod's 337 namespace 338 properties: 339 key: 340 description: The key of the secret to select from. Must 341 be a valid secret key. 342 type: string 343 name: 344 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 345 TODO: Add other useful fields. apiVersion, kind, 346 uid?' 347 type: string 348 optional: 349 description: Specify whether the Secret or its key 350 must be defined 351 type: boolean 352 required: 353 - key 354 type: object 355 type: object 356 required: 357 - name 358 type: object 359 type: array 360 logFormat: 361 description: LogFormat refers to the log format used by the Application 362 Controller component. Defaults to ArgoCDDefaultLogFormat if 363 not configured. Valid options are text or json. 364 type: string 365 logLevel: 366 description: LogLevel refers to the log level used by the Application 367 Controller component. Defaults to ArgoCDDefaultLogLevel if not 368 configured. Valid options are debug, info, error, and warn. 369 type: string 370 parallelismLimit: 371 description: ParallelismLimit defines the limit for parallel kubectl 372 operations 373 format: int32 374 type: integer 375 processors: 376 description: Processors contains the options for the Application 377 Controller processors. 378 properties: 379 operation: 380 description: Operation is the number of application operation 381 processors. 382 format: int32 383 type: integer 384 status: 385 description: Status is the number of application status processors. 386 format: int32 387 type: integer 388 type: object 389 resources: 390 description: Resources defines the Compute Resources required 391 by the container for the Application Controller. 392 properties: 393 limits: 394 additionalProperties: 395 anyOf: 396 - type: integer 397 - type: string 398 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 399 x-kubernetes-int-or-string: true 400 description: 'Limits describes the maximum amount of compute 401 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 402 type: object 403 requests: 404 additionalProperties: 405 anyOf: 406 - type: integer 407 - type: string 408 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 409 x-kubernetes-int-or-string: true 410 description: 'Requests describes the minimum amount of compute 411 resources required. If Requests is omitted for a container, 412 it defaults to Limits if that is explicitly specified, otherwise 413 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 414 type: object 415 type: object 416 sharding: 417 description: Sharding contains the options for the Application 418 Controller sharding configuration. 419 properties: 420 enabled: 421 description: Enabled defines whether sharding should be enabled 422 on the Application Controller component. 423 type: boolean 424 replicas: 425 description: Replicas defines the number of replicas to run 426 in the Application controller shard. 427 format: int32 428 type: integer 429 type: object 430 type: object 431 dex: 432 description: Dex defines the Dex server options for ArgoCD. 433 properties: 434 config: 435 description: Config is the dex connector configuration. 436 type: string 437 groups: 438 description: Optional list of required groups a user must be a 439 member of 440 items: 441 type: string 442 type: array 443 image: 444 description: Image is the Dex container image. 445 type: string 446 openShiftOAuth: 447 description: OpenShiftOAuth enables OpenShift OAuth authentication 448 for the Dex server. 449 type: boolean 450 resources: 451 description: Resources defines the Compute Resources required 452 by the container for Dex. 453 properties: 454 limits: 455 additionalProperties: 456 anyOf: 457 - type: integer 458 - type: string 459 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 460 x-kubernetes-int-or-string: true 461 description: 'Limits describes the maximum amount of compute 462 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 463 type: object 464 requests: 465 additionalProperties: 466 anyOf: 467 - type: integer 468 - type: string 469 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 470 x-kubernetes-int-or-string: true 471 description: 'Requests describes the minimum amount of compute 472 resources required. If Requests is omitted for a container, 473 it defaults to Limits if that is explicitly specified, otherwise 474 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 475 type: object 476 type: object 477 version: 478 description: Version is the Dex container image tag. 479 type: string 480 type: object 481 disableAdmin: 482 description: DisableAdmin will disable the admin user. 483 type: boolean 484 extraConfig: 485 additionalProperties: 486 type: string 487 description: "ExtraConfig can be used to add fields to Argo CD configmap 488 that are not supported by Argo CD CRD. \n Note: ExtraConfig takes 489 precedence over Argo CD CRD. For example, A user sets `argocd.Spec.DisableAdmin` 490 = true and also `a.Spec.ExtraConfig[\"admin.enabled\"]` = true. 491 In this case, operator updates Argo CD Configmap as follows -> argocd-cm.Data[\"admin.enabled\"] 492 = true." 493 type: object 494 gaAnonymizeUsers: 495 description: GAAnonymizeUsers toggles user IDs being hashed before 496 sending to google analytics. 497 type: boolean 498 gaTrackingID: 499 description: GATrackingID is the google analytics tracking ID to use. 500 type: string 501 grafana: 502 description: Grafana defines the Grafana server options for ArgoCD. 503 properties: 504 enabled: 505 description: Enabled will toggle Grafana support globally for 506 ArgoCD. 507 type: boolean 508 host: 509 description: Host is the hostname to use for Ingress/Route resources. 510 type: string 511 image: 512 description: Image is the Grafana container image. 513 type: string 514 ingress: 515 description: Ingress defines the desired state for an Ingress 516 for the Grafana component. 517 properties: 518 annotations: 519 additionalProperties: 520 type: string 521 description: Annotations is the map of annotations to apply 522 to the Ingress. 523 type: object 524 enabled: 525 description: Enabled will toggle the creation of the Ingress. 526 type: boolean 527 ingressClassName: 528 description: IngressClassName for the Ingress resource. 529 type: string 530 path: 531 description: Path used for the Ingress resource. 532 type: string 533 tls: 534 description: TLS configuration. Currently the Ingress only 535 supports a single TLS port, 443. If multiple members of 536 this list specify different hosts, they will be multiplexed 537 on the same port according to the hostname specified through 538 the SNI TLS extension, if the ingress controller fulfilling 539 the ingress supports SNI. 540 items: 541 description: IngressTLS describes the transport layer security 542 associated with an Ingress. 543 properties: 544 hosts: 545 description: Hosts are a list of hosts included in the 546 TLS certificate. The values in this list must match 547 the name/s used in the tlsSecret. Defaults to the 548 wildcard host setting for the loadbalancer controller 549 fulfilling this Ingress, if left unspecified. 550 items: 551 type: string 552 type: array 553 x-kubernetes-list-type: atomic 554 secretName: 555 description: SecretName is the name of the secret used 556 to terminate TLS traffic on port 443. Field is left 557 optional to allow TLS routing based on SNI hostname 558 alone. If the SNI host in a listener conflicts with 559 the "Host" header field used by an IngressRule, the 560 SNI host is used for termination and value of the 561 Host header is used for routing. 562 type: string 563 type: object 564 type: array 565 required: 566 - enabled 567 type: object 568 resources: 569 description: Resources defines the Compute Resources required 570 by the container for Grafana. 571 properties: 572 limits: 573 additionalProperties: 574 anyOf: 575 - type: integer 576 - type: string 577 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 578 x-kubernetes-int-or-string: true 579 description: 'Limits describes the maximum amount of compute 580 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 581 type: object 582 requests: 583 additionalProperties: 584 anyOf: 585 - type: integer 586 - type: string 587 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 588 x-kubernetes-int-or-string: true 589 description: 'Requests describes the minimum amount of compute 590 resources required. If Requests is omitted for a container, 591 it defaults to Limits if that is explicitly specified, otherwise 592 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 593 type: object 594 type: object 595 route: 596 description: Route defines the desired state for an OpenShift 597 Route for the Grafana component. 598 properties: 599 annotations: 600 additionalProperties: 601 type: string 602 description: Annotations is the map of annotations to use 603 for the Route resource. 604 type: object 605 enabled: 606 description: Enabled will toggle the creation of the OpenShift 607 Route. 608 type: boolean 609 labels: 610 additionalProperties: 611 type: string 612 description: Labels is the map of labels to use for the Route 613 resource 614 type: object 615 path: 616 description: Path the router watches for, to route traffic 617 for to the service. 618 type: string 619 tls: 620 description: TLS provides the ability to configure certificates 621 and termination for the Route. 622 properties: 623 caCertificate: 624 description: caCertificate provides the cert authority 625 certificate contents 626 type: string 627 certificate: 628 description: certificate provides certificate contents 629 type: string 630 destinationCACertificate: 631 description: destinationCACertificate provides the contents 632 of the ca certificate of the final destination. When 633 using reencrypt termination this file should be provided 634 in order to have routers use it for health checks on 635 the secure connection. If this field is not specified, 636 the router may provide its own destination CA and perform 637 hostname validation using the short service name (service.namespace.svc), 638 which allows infrastructure generated certificates to 639 automatically verify. 640 type: string 641 insecureEdgeTerminationPolicy: 642 description: "insecureEdgeTerminationPolicy indicates 643 the desired behavior for insecure connections to a route. 644 While each router may make its own decisions on which 645 ports to expose, this is normally port 80. \n * Allow 646 - traffic is sent to the server on the insecure port 647 (default) * Disable - no traffic is allowed on the insecure 648 port. * Redirect - clients are redirected to the secure 649 port." 650 type: string 651 key: 652 description: key provides key file contents 653 type: string 654 termination: 655 description: termination indicates termination type. 656 type: string 657 required: 658 - termination 659 type: object 660 wildcardPolicy: 661 description: WildcardPolicy if any for the route. Currently 662 only 'Subdomain' or 'None' is allowed. 663 type: string 664 required: 665 - enabled 666 type: object 667 size: 668 description: Size is the replica count for the Grafana Deployment. 669 format: int32 670 type: integer 671 version: 672 description: Version is the Grafana container image tag. 673 type: string 674 required: 675 - enabled 676 type: object 677 ha: 678 description: HA options for High Availability support for the Redis 679 component. 680 properties: 681 enabled: 682 description: Enabled will toggle HA support globally for Argo 683 CD. 684 type: boolean 685 redisProxyImage: 686 description: RedisProxyImage is the Redis HAProxy container image. 687 type: string 688 redisProxyVersion: 689 description: RedisProxyVersion is the Redis HAProxy container 690 image tag. 691 type: string 692 resources: 693 description: Resources defines the Compute Resources required 694 by the container for HA. 695 properties: 696 limits: 697 additionalProperties: 698 anyOf: 699 - type: integer 700 - type: string 701 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 702 x-kubernetes-int-or-string: true 703 description: 'Limits describes the maximum amount of compute 704 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 705 type: object 706 requests: 707 additionalProperties: 708 anyOf: 709 - type: integer 710 - type: string 711 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 712 x-kubernetes-int-or-string: true 713 description: 'Requests describes the minimum amount of compute 714 resources required. If Requests is omitted for a container, 715 it defaults to Limits if that is explicitly specified, otherwise 716 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 717 type: object 718 type: object 719 required: 720 - enabled 721 type: object 722 helpChatText: 723 description: HelpChatText is the text for getting chat help, defaults 724 to "Chat now!" 725 type: string 726 helpChatURL: 727 description: HelpChatURL is the URL for getting chat help, this will 728 typically be your Slack channel for support. 729 type: string 730 image: 731 description: Image is the ArgoCD container image for all ArgoCD components. 732 type: string 733 import: 734 description: Import is the import/restore options for ArgoCD. 735 properties: 736 name: 737 description: Name of an ArgoCDExport from which to import data. 738 type: string 739 namespace: 740 description: Namespace for the ArgoCDExport, defaults to the same 741 namespace as the ArgoCD. 742 type: string 743 required: 744 - name 745 type: object 746 initialRepositories: 747 description: InitialRepositories to configure Argo CD with upon creation 748 of the cluster. 749 type: string 750 initialSSHKnownHosts: 751 description: InitialSSHKnownHosts defines the SSH known hosts data 752 upon creation of the cluster for connecting Git repositories via 753 SSH. 754 properties: 755 excludedefaulthosts: 756 description: ExcludeDefaultHosts describes whether you would like 757 to include the default list of SSH Known Hosts provided by ArgoCD. 758 type: boolean 759 keys: 760 description: Keys describes a custom set of SSH Known Hosts that 761 you would like to have included in your ArgoCD server. 762 type: string 763 type: object 764 kustomizeBuildOptions: 765 description: KustomizeBuildOptions is used to specify build options/parameters 766 to use with `kustomize build`. 767 type: string 768 kustomizeVersions: 769 description: KustomizeVersions is a listing of configured versions 770 of Kustomize to be made available within ArgoCD. 771 items: 772 description: KustomizeVersionSpec is used to specify information 773 about a kustomize version to be used within ArgoCD. 774 properties: 775 path: 776 description: Path is the path to a configured kustomize version 777 on the filesystem of your repo server. 778 type: string 779 version: 780 description: Version is a configured kustomize version in the 781 format of vX.Y.Z 782 type: string 783 type: object 784 type: array 785 nodePlacement: 786 description: NodePlacement defines NodeSelectors and Taints for Argo 787 CD workloads 788 properties: 789 nodeSelector: 790 additionalProperties: 791 type: string 792 description: NodeSelector is a field of PodSpec, it is a map of 793 key value pairs used for node selection 794 type: object 795 tolerations: 796 description: Tolerations allow the pods to schedule onto nodes 797 with matching taints 798 items: 799 description: The pod this Toleration is attached to tolerates 800 any taint that matches the triple <key,value,effect> using 801 the matching operator <operator>. 802 properties: 803 effect: 804 description: Effect indicates the taint effect to match. 805 Empty means match all taint effects. When specified, allowed 806 values are NoSchedule, PreferNoSchedule and NoExecute. 807 type: string 808 key: 809 description: Key is the taint key that the toleration applies 810 to. Empty means match all taint keys. If the key is empty, 811 operator must be Exists; this combination means to match 812 all values and all keys. 813 type: string 814 operator: 815 description: Operator represents a key's relationship to 816 the value. Valid operators are Exists and Equal. Defaults 817 to Equal. Exists is equivalent to wildcard for value, 818 so that a pod can tolerate all taints of a particular 819 category. 820 type: string 821 tolerationSeconds: 822 description: TolerationSeconds represents the period of 823 time the toleration (which must be of effect NoExecute, 824 otherwise this field is ignored) tolerates the taint. 825 By default, it is not set, which means tolerate the taint 826 forever (do not evict). Zero and negative values will 827 be treated as 0 (evict immediately) by the system. 828 format: int64 829 type: integer 830 value: 831 description: Value is the taint value the toleration matches 832 to. If the operator is Exists, the value should be empty, 833 otherwise just a regular string. 834 type: string 835 type: object 836 type: array 837 type: object 838 notifications: 839 description: Notifications defines whether the Argo CD Notifications 840 controller should be installed. 841 properties: 842 enabled: 843 description: Enabled defines whether argocd-notifications controller 844 should be deployed or not 845 type: boolean 846 env: 847 description: Env let you specify environment variables for Notifications 848 pods 849 items: 850 description: EnvVar represents an environment variable present 851 in a Container. 852 properties: 853 name: 854 description: Name of the environment variable. Must be a 855 C_IDENTIFIER. 856 type: string 857 value: 858 description: 'Variable references $(VAR_NAME) are expanded 859 using the previously defined environment variables in 860 the container and any service environment variables. If 861 a variable cannot be resolved, the reference in the input 862 string will be unchanged. Double $$ are reduced to a single 863 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 864 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 865 Escaped references will never be expanded, regardless 866 of whether the variable exists or not. Defaults to "".' 867 type: string 868 valueFrom: 869 description: Source for the environment variable's value. 870 Cannot be used if value is not empty. 871 properties: 872 configMapKeyRef: 873 description: Selects a key of a ConfigMap. 874 properties: 875 key: 876 description: The key to select. 877 type: string 878 name: 879 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 880 TODO: Add other useful fields. apiVersion, kind, 881 uid?' 882 type: string 883 optional: 884 description: Specify whether the ConfigMap or its 885 key must be defined 886 type: boolean 887 required: 888 - key 889 type: object 890 fieldRef: 891 description: 'Selects a field of the pod: supports metadata.name, 892 metadata.namespace, `metadata.labels[''<KEY>'']`, 893 `metadata.annotations[''<KEY>'']`, spec.nodeName, 894 spec.serviceAccountName, status.hostIP, status.podIP, 895 status.podIPs.' 896 properties: 897 apiVersion: 898 description: Version of the schema the FieldPath 899 is written in terms of, defaults to "v1". 900 type: string 901 fieldPath: 902 description: Path of the field to select in the 903 specified API version. 904 type: string 905 required: 906 - fieldPath 907 type: object 908 resourceFieldRef: 909 description: 'Selects a resource of the container: only 910 resources limits and requests (limits.cpu, limits.memory, 911 limits.ephemeral-storage, requests.cpu, requests.memory 912 and requests.ephemeral-storage) are currently supported.' 913 properties: 914 containerName: 915 description: 'Container name: required for volumes, 916 optional for env vars' 917 type: string 918 divisor: 919 anyOf: 920 - type: integer 921 - type: string 922 description: Specifies the output format of the 923 exposed resources, defaults to "1" 924 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 925 x-kubernetes-int-or-string: true 926 resource: 927 description: 'Required: resource to select' 928 type: string 929 required: 930 - resource 931 type: object 932 secretKeyRef: 933 description: Selects a key of a secret in the pod's 934 namespace 935 properties: 936 key: 937 description: The key of the secret to select from. Must 938 be a valid secret key. 939 type: string 940 name: 941 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 942 TODO: Add other useful fields. apiVersion, kind, 943 uid?' 944 type: string 945 optional: 946 description: Specify whether the Secret or its key 947 must be defined 948 type: boolean 949 required: 950 - key 951 type: object 952 type: object 953 required: 954 - name 955 type: object 956 type: array 957 image: 958 description: Image is the Argo CD Notifications image (optional) 959 type: string 960 logLevel: 961 description: LogLevel describes the log level that should be used 962 by the argocd-notifications. Defaults to ArgoCDDefaultLogLevel 963 if not set. Valid options are debug,info, error, and warn. 964 type: string 965 replicas: 966 description: Replicas defines the number of replicas to run for 967 notifications-controller 968 format: int32 969 type: integer 970 resources: 971 description: Resources defines the Compute Resources required 972 by the container for Argo CD Notifications. 973 properties: 974 limits: 975 additionalProperties: 976 anyOf: 977 - type: integer 978 - type: string 979 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 980 x-kubernetes-int-or-string: true 981 description: 'Limits describes the maximum amount of compute 982 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 983 type: object 984 requests: 985 additionalProperties: 986 anyOf: 987 - type: integer 988 - type: string 989 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 990 x-kubernetes-int-or-string: true 991 description: 'Requests describes the minimum amount of compute 992 resources required. If Requests is omitted for a container, 993 it defaults to Limits if that is explicitly specified, otherwise 994 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 995 type: object 996 type: object 997 version: 998 description: Version is the Argo CD Notifications image tag. (optional) 999 type: string 1000 required: 1001 - enabled 1002 type: object 1003 oidcConfig: 1004 description: OIDCConfig is the OIDC configuration as an alternative 1005 to dex. 1006 type: string 1007 prometheus: 1008 description: Prometheus defines the Prometheus server options for 1009 ArgoCD. 1010 properties: 1011 enabled: 1012 description: Enabled will toggle Prometheus support globally for 1013 ArgoCD. 1014 type: boolean 1015 host: 1016 description: Host is the hostname to use for Ingress/Route resources. 1017 type: string 1018 ingress: 1019 description: Ingress defines the desired state for an Ingress 1020 for the Prometheus component. 1021 properties: 1022 annotations: 1023 additionalProperties: 1024 type: string 1025 description: Annotations is the map of annotations to apply 1026 to the Ingress. 1027 type: object 1028 enabled: 1029 description: Enabled will toggle the creation of the Ingress. 1030 type: boolean 1031 ingressClassName: 1032 description: IngressClassName for the Ingress resource. 1033 type: string 1034 path: 1035 description: Path used for the Ingress resource. 1036 type: string 1037 tls: 1038 description: TLS configuration. Currently the Ingress only 1039 supports a single TLS port, 443. If multiple members of 1040 this list specify different hosts, they will be multiplexed 1041 on the same port according to the hostname specified through 1042 the SNI TLS extension, if the ingress controller fulfilling 1043 the ingress supports SNI. 1044 items: 1045 description: IngressTLS describes the transport layer security 1046 associated with an Ingress. 1047 properties: 1048 hosts: 1049 description: Hosts are a list of hosts included in the 1050 TLS certificate. The values in this list must match 1051 the name/s used in the tlsSecret. Defaults to the 1052 wildcard host setting for the loadbalancer controller 1053 fulfilling this Ingress, if left unspecified. 1054 items: 1055 type: string 1056 type: array 1057 x-kubernetes-list-type: atomic 1058 secretName: 1059 description: SecretName is the name of the secret used 1060 to terminate TLS traffic on port 443. Field is left 1061 optional to allow TLS routing based on SNI hostname 1062 alone. If the SNI host in a listener conflicts with 1063 the "Host" header field used by an IngressRule, the 1064 SNI host is used for termination and value of the 1065 Host header is used for routing. 1066 type: string 1067 type: object 1068 type: array 1069 required: 1070 - enabled 1071 type: object 1072 route: 1073 description: Route defines the desired state for an OpenShift 1074 Route for the Prometheus component. 1075 properties: 1076 annotations: 1077 additionalProperties: 1078 type: string 1079 description: Annotations is the map of annotations to use 1080 for the Route resource. 1081 type: object 1082 enabled: 1083 description: Enabled will toggle the creation of the OpenShift 1084 Route. 1085 type: boolean 1086 labels: 1087 additionalProperties: 1088 type: string 1089 description: Labels is the map of labels to use for the Route 1090 resource 1091 type: object 1092 path: 1093 description: Path the router watches for, to route traffic 1094 for to the service. 1095 type: string 1096 tls: 1097 description: TLS provides the ability to configure certificates 1098 and termination for the Route. 1099 properties: 1100 caCertificate: 1101 description: caCertificate provides the cert authority 1102 certificate contents 1103 type: string 1104 certificate: 1105 description: certificate provides certificate contents 1106 type: string 1107 destinationCACertificate: 1108 description: destinationCACertificate provides the contents 1109 of the ca certificate of the final destination. When 1110 using reencrypt termination this file should be provided 1111 in order to have routers use it for health checks on 1112 the secure connection. If this field is not specified, 1113 the router may provide its own destination CA and perform 1114 hostname validation using the short service name (service.namespace.svc), 1115 which allows infrastructure generated certificates to 1116 automatically verify. 1117 type: string 1118 insecureEdgeTerminationPolicy: 1119 description: "insecureEdgeTerminationPolicy indicates 1120 the desired behavior for insecure connections to a route. 1121 While each router may make its own decisions on which 1122 ports to expose, this is normally port 80. \n * Allow 1123 - traffic is sent to the server on the insecure port 1124 (default) * Disable - no traffic is allowed on the insecure 1125 port. * Redirect - clients are redirected to the secure 1126 port." 1127 type: string 1128 key: 1129 description: key provides key file contents 1130 type: string 1131 termination: 1132 description: termination indicates termination type. 1133 type: string 1134 required: 1135 - termination 1136 type: object 1137 wildcardPolicy: 1138 description: WildcardPolicy if any for the route. Currently 1139 only 'Subdomain' or 'None' is allowed. 1140 type: string 1141 required: 1142 - enabled 1143 type: object 1144 size: 1145 description: Size is the replica count for the Prometheus StatefulSet. 1146 format: int32 1147 type: integer 1148 required: 1149 - enabled 1150 type: object 1151 rbac: 1152 description: RBAC defines the RBAC configuration for Argo CD. 1153 properties: 1154 defaultPolicy: 1155 description: DefaultPolicy is the name of the default role which 1156 Argo CD will falls back to, when authorizing API requests (optional). 1157 If omitted or empty, users may be still be able to login, but 1158 will see no apps, projects, etc... 1159 type: string 1160 policy: 1161 description: 'Policy is CSV containing user-defined RBAC policies 1162 and role definitions. Policy rules are in the form: p, subject, 1163 resource, action, object, effect Role definitions and bindings 1164 are in the form: g, subject, inherited-subject See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md 1165 for additional information.' 1166 type: string 1167 policyMatcherMode: 1168 description: PolicyMatcherMode configures the matchers function 1169 mode for casbin. There are two options for this, 'glob' for 1170 glob matcher or 'regex' for regex matcher. 1171 type: string 1172 scopes: 1173 description: 'Scopes controls which OIDC scopes to examine during 1174 rbac enforcement (in addition to `sub` scope). If omitted, defaults 1175 to: ''[groups]''.' 1176 type: string 1177 type: object 1178 redis: 1179 description: Redis defines the Redis server options for ArgoCD. 1180 properties: 1181 autotls: 1182 description: 'AutoTLS specifies the method to use for automatic 1183 TLS configuration for the redis server The value specified here 1184 can currently be: - openshift - Use the OpenShift service CA 1185 to request TLS config' 1186 type: string 1187 disableTLSVerification: 1188 description: DisableTLSVerification defines whether redis server 1189 API should be accessed using strict TLS validation 1190 type: boolean 1191 image: 1192 description: Image is the Redis container image. 1193 type: string 1194 resources: 1195 description: Resources defines the Compute Resources required 1196 by the container for Redis. 1197 properties: 1198 limits: 1199 additionalProperties: 1200 anyOf: 1201 - type: integer 1202 - type: string 1203 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1204 x-kubernetes-int-or-string: true 1205 description: 'Limits describes the maximum amount of compute 1206 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1207 type: object 1208 requests: 1209 additionalProperties: 1210 anyOf: 1211 - type: integer 1212 - type: string 1213 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1214 x-kubernetes-int-or-string: true 1215 description: 'Requests describes the minimum amount of compute 1216 resources required. If Requests is omitted for a container, 1217 it defaults to Limits if that is explicitly specified, otherwise 1218 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1219 type: object 1220 type: object 1221 version: 1222 description: Version is the Redis container image tag. 1223 type: string 1224 type: object 1225 repo: 1226 description: Repo defines the repo server options for Argo CD. 1227 properties: 1228 autotls: 1229 description: 'AutoTLS specifies the method to use for automatic 1230 TLS configuration for the repo server The value specified here 1231 can currently be: - openshift - Use the OpenShift service CA 1232 to request TLS config' 1233 type: string 1234 env: 1235 description: Env lets you specify environment for repo server 1236 pods 1237 items: 1238 description: EnvVar represents an environment variable present 1239 in a Container. 1240 properties: 1241 name: 1242 description: Name of the environment variable. Must be a 1243 C_IDENTIFIER. 1244 type: string 1245 value: 1246 description: 'Variable references $(VAR_NAME) are expanded 1247 using the previously defined environment variables in 1248 the container and any service environment variables. If 1249 a variable cannot be resolved, the reference in the input 1250 string will be unchanged. Double $$ are reduced to a single 1251 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 1252 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 1253 Escaped references will never be expanded, regardless 1254 of whether the variable exists or not. Defaults to "".' 1255 type: string 1256 valueFrom: 1257 description: Source for the environment variable's value. 1258 Cannot be used if value is not empty. 1259 properties: 1260 configMapKeyRef: 1261 description: Selects a key of a ConfigMap. 1262 properties: 1263 key: 1264 description: The key to select. 1265 type: string 1266 name: 1267 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1268 TODO: Add other useful fields. apiVersion, kind, 1269 uid?' 1270 type: string 1271 optional: 1272 description: Specify whether the ConfigMap or its 1273 key must be defined 1274 type: boolean 1275 required: 1276 - key 1277 type: object 1278 fieldRef: 1279 description: 'Selects a field of the pod: supports metadata.name, 1280 metadata.namespace, `metadata.labels[''<KEY>'']`, 1281 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1282 spec.serviceAccountName, status.hostIP, status.podIP, 1283 status.podIPs.' 1284 properties: 1285 apiVersion: 1286 description: Version of the schema the FieldPath 1287 is written in terms of, defaults to "v1". 1288 type: string 1289 fieldPath: 1290 description: Path of the field to select in the 1291 specified API version. 1292 type: string 1293 required: 1294 - fieldPath 1295 type: object 1296 resourceFieldRef: 1297 description: 'Selects a resource of the container: only 1298 resources limits and requests (limits.cpu, limits.memory, 1299 limits.ephemeral-storage, requests.cpu, requests.memory 1300 and requests.ephemeral-storage) are currently supported.' 1301 properties: 1302 containerName: 1303 description: 'Container name: required for volumes, 1304 optional for env vars' 1305 type: string 1306 divisor: 1307 anyOf: 1308 - type: integer 1309 - type: string 1310 description: Specifies the output format of the 1311 exposed resources, defaults to "1" 1312 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1313 x-kubernetes-int-or-string: true 1314 resource: 1315 description: 'Required: resource to select' 1316 type: string 1317 required: 1318 - resource 1319 type: object 1320 secretKeyRef: 1321 description: Selects a key of a secret in the pod's 1322 namespace 1323 properties: 1324 key: 1325 description: The key of the secret to select from. Must 1326 be a valid secret key. 1327 type: string 1328 name: 1329 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1330 TODO: Add other useful fields. apiVersion, kind, 1331 uid?' 1332 type: string 1333 optional: 1334 description: Specify whether the Secret or its key 1335 must be defined 1336 type: boolean 1337 required: 1338 - key 1339 type: object 1340 type: object 1341 required: 1342 - name 1343 type: object 1344 type: array 1345 execTimeout: 1346 description: ExecTimeout specifies the timeout in seconds for 1347 tool execution 1348 type: integer 1349 image: 1350 description: Image is the ArgoCD Repo Server container image. 1351 type: string 1352 initContainers: 1353 description: InitContainers defines the list of initialization 1354 containers for the repo server deployment 1355 items: 1356 description: A single application container that you want to 1357 run within a pod. 1358 properties: 1359 args: 1360 description: 'Arguments to the entrypoint. The docker image''s 1361 CMD is used if this is not provided. Variable references 1362 $(VAR_NAME) are expanded using the container''s environment. 1363 If a variable cannot be resolved, the reference in the 1364 input string will be unchanged. Double $$ are reduced 1365 to a single $, which allows for escaping the $(VAR_NAME) 1366 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 1367 "$(VAR_NAME)". Escaped references will never be expanded, 1368 regardless of whether the variable exists or not. Cannot 1369 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1370 items: 1371 type: string 1372 type: array 1373 command: 1374 description: 'Entrypoint array. Not executed within a shell. 1375 The docker image''s ENTRYPOINT is used if this is not 1376 provided. Variable references $(VAR_NAME) are expanded 1377 using the container''s environment. If a variable cannot 1378 be resolved, the reference in the input string will be 1379 unchanged. Double $$ are reduced to a single $, which 1380 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1381 will produce the string literal "$(VAR_NAME)". Escaped 1382 references will never be expanded, regardless of whether 1383 the variable exists or not. Cannot be updated. More info: 1384 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1385 items: 1386 type: string 1387 type: array 1388 env: 1389 description: List of environment variables to set in the 1390 container. Cannot be updated. 1391 items: 1392 description: EnvVar represents an environment variable 1393 present in a Container. 1394 properties: 1395 name: 1396 description: Name of the environment variable. Must 1397 be a C_IDENTIFIER. 1398 type: string 1399 value: 1400 description: 'Variable references $(VAR_NAME) are 1401 expanded using the previously defined environment 1402 variables in the container and any service environment 1403 variables. If a variable cannot be resolved, the 1404 reference in the input string will be unchanged. 1405 Double $$ are reduced to a single $, which allows 1406 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1407 will produce the string literal "$(VAR_NAME)". Escaped 1408 references will never be expanded, regardless of 1409 whether the variable exists or not. Defaults to 1410 "".' 1411 type: string 1412 valueFrom: 1413 description: Source for the environment variable's 1414 value. Cannot be used if value is not empty. 1415 properties: 1416 configMapKeyRef: 1417 description: Selects a key of a ConfigMap. 1418 properties: 1419 key: 1420 description: The key to select. 1421 type: string 1422 name: 1423 description: 'Name of the referent. More info: 1424 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1425 TODO: Add other useful fields. apiVersion, 1426 kind, uid?' 1427 type: string 1428 optional: 1429 description: Specify whether the ConfigMap 1430 or its key must be defined 1431 type: boolean 1432 required: 1433 - key 1434 type: object 1435 fieldRef: 1436 description: 'Selects a field of the pod: supports 1437 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 1438 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1439 spec.serviceAccountName, status.hostIP, status.podIP, 1440 status.podIPs.' 1441 properties: 1442 apiVersion: 1443 description: Version of the schema the FieldPath 1444 is written in terms of, defaults to "v1". 1445 type: string 1446 fieldPath: 1447 description: Path of the field to select in 1448 the specified API version. 1449 type: string 1450 required: 1451 - fieldPath 1452 type: object 1453 resourceFieldRef: 1454 description: 'Selects a resource of the container: 1455 only resources limits and requests (limits.cpu, 1456 limits.memory, limits.ephemeral-storage, requests.cpu, 1457 requests.memory and requests.ephemeral-storage) 1458 are currently supported.' 1459 properties: 1460 containerName: 1461 description: 'Container name: required for 1462 volumes, optional for env vars' 1463 type: string 1464 divisor: 1465 anyOf: 1466 - type: integer 1467 - type: string 1468 description: Specifies the output format of 1469 the exposed resources, defaults to "1" 1470 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1471 x-kubernetes-int-or-string: true 1472 resource: 1473 description: 'Required: resource to select' 1474 type: string 1475 required: 1476 - resource 1477 type: object 1478 secretKeyRef: 1479 description: Selects a key of a secret in the 1480 pod's namespace 1481 properties: 1482 key: 1483 description: The key of the secret to select 1484 from. Must be a valid secret key. 1485 type: string 1486 name: 1487 description: 'Name of the referent. More info: 1488 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1489 TODO: Add other useful fields. apiVersion, 1490 kind, uid?' 1491 type: string 1492 optional: 1493 description: Specify whether the Secret or 1494 its key must be defined 1495 type: boolean 1496 required: 1497 - key 1498 type: object 1499 type: object 1500 required: 1501 - name 1502 type: object 1503 type: array 1504 envFrom: 1505 description: List of sources to populate environment variables 1506 in the container. The keys defined within a source must 1507 be a C_IDENTIFIER. All invalid keys will be reported as 1508 an event when the container is starting. When a key exists 1509 in multiple sources, the value associated with the last 1510 source will take precedence. Values defined by an Env 1511 with a duplicate key will take precedence. Cannot be updated. 1512 items: 1513 description: EnvFromSource represents the source of a 1514 set of ConfigMaps 1515 properties: 1516 configMapRef: 1517 description: The ConfigMap to select from 1518 properties: 1519 name: 1520 description: 'Name of the referent. More info: 1521 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1522 TODO: Add other useful fields. apiVersion, kind, 1523 uid?' 1524 type: string 1525 optional: 1526 description: Specify whether the ConfigMap must 1527 be defined 1528 type: boolean 1529 type: object 1530 prefix: 1531 description: An optional identifier to prepend to 1532 each key in the ConfigMap. Must be a C_IDENTIFIER. 1533 type: string 1534 secretRef: 1535 description: The Secret to select from 1536 properties: 1537 name: 1538 description: 'Name of the referent. More info: 1539 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1540 TODO: Add other useful fields. apiVersion, kind, 1541 uid?' 1542 type: string 1543 optional: 1544 description: Specify whether the Secret must be 1545 defined 1546 type: boolean 1547 type: object 1548 type: object 1549 type: array 1550 image: 1551 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images 1552 This field is optional to allow higher level config management 1553 to default or override container images in workload controllers 1554 like Deployments and StatefulSets.' 1555 type: string 1556 imagePullPolicy: 1557 description: 'Image pull policy. One of Always, Never, IfNotPresent. 1558 Defaults to Always if :latest tag is specified, or IfNotPresent 1559 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1560 type: string 1561 lifecycle: 1562 description: Actions that the management system should take 1563 in response to container lifecycle events. Cannot be updated. 1564 properties: 1565 postStart: 1566 description: 'PostStart is called immediately after 1567 a container is created. If the handler fails, the 1568 container is terminated and restarted according to 1569 its restart policy. Other management of the container 1570 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1571 properties: 1572 exec: 1573 description: Exec specifies the action to take. 1574 properties: 1575 command: 1576 description: Command is the command line to 1577 execute inside the container, the working 1578 directory for the command is root ('/') in 1579 the container's filesystem. The command is 1580 simply exec'd, it is not run inside a shell, 1581 so traditional shell instructions ('|', etc) 1582 won't work. To use a shell, you need to explicitly 1583 call out to that shell. Exit status of 0 is 1584 treated as live/healthy and non-zero is unhealthy. 1585 items: 1586 type: string 1587 type: array 1588 type: object 1589 httpGet: 1590 description: HTTPGet specifies the http request 1591 to perform. 1592 properties: 1593 host: 1594 description: Host name to connect to, defaults 1595 to the pod IP. You probably want to set "Host" 1596 in httpHeaders instead. 1597 type: string 1598 httpHeaders: 1599 description: Custom headers to set in the request. 1600 HTTP allows repeated headers. 1601 items: 1602 description: HTTPHeader describes a custom 1603 header to be used in HTTP probes 1604 properties: 1605 name: 1606 description: The header field name 1607 type: string 1608 value: 1609 description: The header field value 1610 type: string 1611 required: 1612 - name 1613 - value 1614 type: object 1615 type: array 1616 path: 1617 description: Path to access on the HTTP server. 1618 type: string 1619 port: 1620 anyOf: 1621 - type: integer 1622 - type: string 1623 description: Name or number of the port to access 1624 on the container. Number must be in the range 1625 1 to 65535. Name must be an IANA_SVC_NAME. 1626 x-kubernetes-int-or-string: true 1627 scheme: 1628 description: Scheme to use for connecting to 1629 the host. Defaults to HTTP. 1630 type: string 1631 required: 1632 - port 1633 type: object 1634 tcpSocket: 1635 description: Deprecated. TCPSocket is NOT supported 1636 as a LifecycleHandler and kept for the backward 1637 compatibility. There are no validation of this 1638 field and lifecycle hooks will fail in runtime 1639 when tcp handler is specified. 1640 properties: 1641 host: 1642 description: 'Optional: Host name to connect 1643 to, defaults to the pod IP.' 1644 type: string 1645 port: 1646 anyOf: 1647 - type: integer 1648 - type: string 1649 description: Number or name of the port to access 1650 on the container. Number must be in the range 1651 1 to 65535. Name must be an IANA_SVC_NAME. 1652 x-kubernetes-int-or-string: true 1653 required: 1654 - port 1655 type: object 1656 type: object 1657 preStop: 1658 description: 'PreStop is called immediately before a 1659 container is terminated due to an API request or management 1660 event such as liveness/startup probe failure, preemption, 1661 resource contention, etc. The handler is not called 1662 if the container crashes or exits. The Pod''s termination 1663 grace period countdown begins before the PreStop hook 1664 is executed. Regardless of the outcome of the handler, 1665 the container will eventually terminate within the 1666 Pod''s termination grace period (unless delayed by 1667 finalizers). Other management of the container blocks 1668 until the hook completes or until the termination 1669 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1670 properties: 1671 exec: 1672 description: Exec specifies the action to take. 1673 properties: 1674 command: 1675 description: Command is the command line to 1676 execute inside the container, the working 1677 directory for the command is root ('/') in 1678 the container's filesystem. The command is 1679 simply exec'd, it is not run inside a shell, 1680 so traditional shell instructions ('|', etc) 1681 won't work. To use a shell, you need to explicitly 1682 call out to that shell. Exit status of 0 is 1683 treated as live/healthy and non-zero is unhealthy. 1684 items: 1685 type: string 1686 type: array 1687 type: object 1688 httpGet: 1689 description: HTTPGet specifies the http request 1690 to perform. 1691 properties: 1692 host: 1693 description: Host name to connect to, defaults 1694 to the pod IP. You probably want to set "Host" 1695 in httpHeaders instead. 1696 type: string 1697 httpHeaders: 1698 description: Custom headers to set in the request. 1699 HTTP allows repeated headers. 1700 items: 1701 description: HTTPHeader describes a custom 1702 header to be used in HTTP probes 1703 properties: 1704 name: 1705 description: The header field name 1706 type: string 1707 value: 1708 description: The header field value 1709 type: string 1710 required: 1711 - name 1712 - value 1713 type: object 1714 type: array 1715 path: 1716 description: Path to access on the HTTP server. 1717 type: string 1718 port: 1719 anyOf: 1720 - type: integer 1721 - type: string 1722 description: Name or number of the port to access 1723 on the container. Number must be in the range 1724 1 to 65535. Name must be an IANA_SVC_NAME. 1725 x-kubernetes-int-or-string: true 1726 scheme: 1727 description: Scheme to use for connecting to 1728 the host. Defaults to HTTP. 1729 type: string 1730 required: 1731 - port 1732 type: object 1733 tcpSocket: 1734 description: Deprecated. TCPSocket is NOT supported 1735 as a LifecycleHandler and kept for the backward 1736 compatibility. There are no validation of this 1737 field and lifecycle hooks will fail in runtime 1738 when tcp handler is specified. 1739 properties: 1740 host: 1741 description: 'Optional: Host name to connect 1742 to, defaults to the pod IP.' 1743 type: string 1744 port: 1745 anyOf: 1746 - type: integer 1747 - type: string 1748 description: Number or name of the port to access 1749 on the container. Number must be in the range 1750 1 to 65535. Name must be an IANA_SVC_NAME. 1751 x-kubernetes-int-or-string: true 1752 required: 1753 - port 1754 type: object 1755 type: object 1756 type: object 1757 livenessProbe: 1758 description: 'Periodic probe of container liveness. Container 1759 will be restarted if the probe fails. Cannot be updated. 1760 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1761 properties: 1762 exec: 1763 description: Exec specifies the action to take. 1764 properties: 1765 command: 1766 description: Command is the command line to execute 1767 inside the container, the working directory for 1768 the command is root ('/') in the container's 1769 filesystem. The command is simply exec'd, it is 1770 not run inside a shell, so traditional shell instructions 1771 ('|', etc) won't work. To use a shell, you need 1772 to explicitly call out to that shell. Exit status 1773 of 0 is treated as live/healthy and non-zero is 1774 unhealthy. 1775 items: 1776 type: string 1777 type: array 1778 type: object 1779 failureThreshold: 1780 description: Minimum consecutive failures for the probe 1781 to be considered failed after having succeeded. Defaults 1782 to 3. Minimum value is 1. 1783 format: int32 1784 type: integer 1785 grpc: 1786 description: GRPC specifies an action involving a GRPC 1787 port. This is an alpha field and requires enabling 1788 GRPCContainerProbe feature gate. 1789 properties: 1790 port: 1791 description: Port number of the gRPC service. Number 1792 must be in the range 1 to 65535. 1793 format: int32 1794 type: integer 1795 service: 1796 description: "Service is the name of the service 1797 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1798 \n If this is not specified, the default behavior 1799 is defined by gRPC." 1800 type: string 1801 required: 1802 - port 1803 type: object 1804 httpGet: 1805 description: HTTPGet specifies the http request to perform. 1806 properties: 1807 host: 1808 description: Host name to connect to, defaults to 1809 the pod IP. You probably want to set "Host" in 1810 httpHeaders instead. 1811 type: string 1812 httpHeaders: 1813 description: Custom headers to set in the request. 1814 HTTP allows repeated headers. 1815 items: 1816 description: HTTPHeader describes a custom header 1817 to be used in HTTP probes 1818 properties: 1819 name: 1820 description: The header field name 1821 type: string 1822 value: 1823 description: The header field value 1824 type: string 1825 required: 1826 - name 1827 - value 1828 type: object 1829 type: array 1830 path: 1831 description: Path to access on the HTTP server. 1832 type: string 1833 port: 1834 anyOf: 1835 - type: integer 1836 - type: string 1837 description: Name or number of the port to access 1838 on the container. Number must be in the range 1839 1 to 65535. Name must be an IANA_SVC_NAME. 1840 x-kubernetes-int-or-string: true 1841 scheme: 1842 description: Scheme to use for connecting to the 1843 host. Defaults to HTTP. 1844 type: string 1845 required: 1846 - port 1847 type: object 1848 initialDelaySeconds: 1849 description: 'Number of seconds after the container 1850 has started before liveness probes are initiated. 1851 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1852 format: int32 1853 type: integer 1854 periodSeconds: 1855 description: How often (in seconds) to perform the probe. 1856 Default to 10 seconds. Minimum value is 1. 1857 format: int32 1858 type: integer 1859 successThreshold: 1860 description: Minimum consecutive successes for the probe 1861 to be considered successful after having failed. Defaults 1862 to 1. Must be 1 for liveness and startup. Minimum 1863 value is 1. 1864 format: int32 1865 type: integer 1866 tcpSocket: 1867 description: TCPSocket specifies an action involving 1868 a TCP port. 1869 properties: 1870 host: 1871 description: 'Optional: Host name to connect to, 1872 defaults to the pod IP.' 1873 type: string 1874 port: 1875 anyOf: 1876 - type: integer 1877 - type: string 1878 description: Number or name of the port to access 1879 on the container. Number must be in the range 1880 1 to 65535. Name must be an IANA_SVC_NAME. 1881 x-kubernetes-int-or-string: true 1882 required: 1883 - port 1884 type: object 1885 terminationGracePeriodSeconds: 1886 description: Optional duration in seconds the pod needs 1887 to terminate gracefully upon probe failure. The grace 1888 period is the duration in seconds after the processes 1889 running in the pod are sent a termination signal and 1890 the time when the processes are forcibly halted with 1891 a kill signal. Set this value longer than the expected 1892 cleanup time for your process. If this value is nil, 1893 the pod's terminationGracePeriodSeconds will be used. 1894 Otherwise, this value overrides the value provided 1895 by the pod spec. Value must be non-negative integer. 1896 The value zero indicates stop immediately via the 1897 kill signal (no opportunity to shut down). This is 1898 a beta field and requires enabling ProbeTerminationGracePeriod 1899 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 1900 is used if unset. 1901 format: int64 1902 type: integer 1903 timeoutSeconds: 1904 description: 'Number of seconds after which the probe 1905 times out. Defaults to 1 second. Minimum value is 1906 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1907 format: int32 1908 type: integer 1909 type: object 1910 name: 1911 description: Name of the container specified as a DNS_LABEL. 1912 Each container in a pod must have a unique name (DNS_LABEL). 1913 Cannot be updated. 1914 type: string 1915 ports: 1916 description: List of ports to expose from the container. 1917 Exposing a port here gives the system additional information 1918 about the network connections a container uses, but is 1919 primarily informational. Not specifying a port here DOES 1920 NOT prevent that port from being exposed. Any port which 1921 is listening on the default "0.0.0.0" address inside a 1922 container will be accessible from the network. Cannot 1923 be updated. 1924 items: 1925 description: ContainerPort represents a network port in 1926 a single container. 1927 properties: 1928 containerPort: 1929 description: Number of port to expose on the pod's 1930 IP address. This must be a valid port number, 0 1931 < x < 65536. 1932 format: int32 1933 type: integer 1934 hostIP: 1935 description: What host IP to bind the external port 1936 to. 1937 type: string 1938 hostPort: 1939 description: Number of port to expose on the host. 1940 If specified, this must be a valid port number, 1941 0 < x < 65536. If HostNetwork is specified, this 1942 must match ContainerPort. Most containers do not 1943 need this. 1944 format: int32 1945 type: integer 1946 name: 1947 description: If specified, this must be an IANA_SVC_NAME 1948 and unique within the pod. Each named port in a 1949 pod must have a unique name. Name for the port that 1950 can be referred to by services. 1951 type: string 1952 protocol: 1953 default: TCP 1954 description: Protocol for port. Must be UDP, TCP, 1955 or SCTP. Defaults to "TCP". 1956 type: string 1957 required: 1958 - containerPort 1959 type: object 1960 type: array 1961 x-kubernetes-list-map-keys: 1962 - containerPort 1963 - protocol 1964 x-kubernetes-list-type: map 1965 readinessProbe: 1966 description: 'Periodic probe of container service readiness. 1967 Container will be removed from service endpoints if the 1968 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1969 properties: 1970 exec: 1971 description: Exec specifies the action to take. 1972 properties: 1973 command: 1974 description: Command is the command line to execute 1975 inside the container, the working directory for 1976 the command is root ('/') in the container's 1977 filesystem. The command is simply exec'd, it is 1978 not run inside a shell, so traditional shell instructions 1979 ('|', etc) won't work. To use a shell, you need 1980 to explicitly call out to that shell. Exit status 1981 of 0 is treated as live/healthy and non-zero is 1982 unhealthy. 1983 items: 1984 type: string 1985 type: array 1986 type: object 1987 failureThreshold: 1988 description: Minimum consecutive failures for the probe 1989 to be considered failed after having succeeded. Defaults 1990 to 3. Minimum value is 1. 1991 format: int32 1992 type: integer 1993 grpc: 1994 description: GRPC specifies an action involving a GRPC 1995 port. This is an alpha field and requires enabling 1996 GRPCContainerProbe feature gate. 1997 properties: 1998 port: 1999 description: Port number of the gRPC service. Number 2000 must be in the range 1 to 65535. 2001 format: int32 2002 type: integer 2003 service: 2004 description: "Service is the name of the service 2005 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2006 \n If this is not specified, the default behavior 2007 is defined by gRPC." 2008 type: string 2009 required: 2010 - port 2011 type: object 2012 httpGet: 2013 description: HTTPGet specifies the http request to perform. 2014 properties: 2015 host: 2016 description: Host name to connect to, defaults to 2017 the pod IP. You probably want to set "Host" in 2018 httpHeaders instead. 2019 type: string 2020 httpHeaders: 2021 description: Custom headers to set in the request. 2022 HTTP allows repeated headers. 2023 items: 2024 description: HTTPHeader describes a custom header 2025 to be used in HTTP probes 2026 properties: 2027 name: 2028 description: The header field name 2029 type: string 2030 value: 2031 description: The header field value 2032 type: string 2033 required: 2034 - name 2035 - value 2036 type: object 2037 type: array 2038 path: 2039 description: Path to access on the HTTP server. 2040 type: string 2041 port: 2042 anyOf: 2043 - type: integer 2044 - type: string 2045 description: Name or number of the port to access 2046 on the container. Number must be in the range 2047 1 to 65535. Name must be an IANA_SVC_NAME. 2048 x-kubernetes-int-or-string: true 2049 scheme: 2050 description: Scheme to use for connecting to the 2051 host. Defaults to HTTP. 2052 type: string 2053 required: 2054 - port 2055 type: object 2056 initialDelaySeconds: 2057 description: 'Number of seconds after the container 2058 has started before liveness probes are initiated. 2059 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2060 format: int32 2061 type: integer 2062 periodSeconds: 2063 description: How often (in seconds) to perform the probe. 2064 Default to 10 seconds. Minimum value is 1. 2065 format: int32 2066 type: integer 2067 successThreshold: 2068 description: Minimum consecutive successes for the probe 2069 to be considered successful after having failed. Defaults 2070 to 1. Must be 1 for liveness and startup. Minimum 2071 value is 1. 2072 format: int32 2073 type: integer 2074 tcpSocket: 2075 description: TCPSocket specifies an action involving 2076 a TCP port. 2077 properties: 2078 host: 2079 description: 'Optional: Host name to connect to, 2080 defaults to the pod IP.' 2081 type: string 2082 port: 2083 anyOf: 2084 - type: integer 2085 - type: string 2086 description: Number or name of the port to access 2087 on the container. Number must be in the range 2088 1 to 65535. Name must be an IANA_SVC_NAME. 2089 x-kubernetes-int-or-string: true 2090 required: 2091 - port 2092 type: object 2093 terminationGracePeriodSeconds: 2094 description: Optional duration in seconds the pod needs 2095 to terminate gracefully upon probe failure. The grace 2096 period is the duration in seconds after the processes 2097 running in the pod are sent a termination signal and 2098 the time when the processes are forcibly halted with 2099 a kill signal. Set this value longer than the expected 2100 cleanup time for your process. If this value is nil, 2101 the pod's terminationGracePeriodSeconds will be used. 2102 Otherwise, this value overrides the value provided 2103 by the pod spec. Value must be non-negative integer. 2104 The value zero indicates stop immediately via the 2105 kill signal (no opportunity to shut down). This is 2106 a beta field and requires enabling ProbeTerminationGracePeriod 2107 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2108 is used if unset. 2109 format: int64 2110 type: integer 2111 timeoutSeconds: 2112 description: 'Number of seconds after which the probe 2113 times out. Defaults to 1 second. Minimum value is 2114 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2115 format: int32 2116 type: integer 2117 type: object 2118 resources: 2119 description: 'Compute Resources required by this container. 2120 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2121 properties: 2122 limits: 2123 additionalProperties: 2124 anyOf: 2125 - type: integer 2126 - type: string 2127 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2128 x-kubernetes-int-or-string: true 2129 description: 'Limits describes the maximum amount of 2130 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2131 type: object 2132 requests: 2133 additionalProperties: 2134 anyOf: 2135 - type: integer 2136 - type: string 2137 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2138 x-kubernetes-int-or-string: true 2139 description: 'Requests describes the minimum amount 2140 of compute resources required. If Requests is omitted 2141 for a container, it defaults to Limits if that is 2142 explicitly specified, otherwise to an implementation-defined 2143 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2144 type: object 2145 type: object 2146 securityContext: 2147 description: 'SecurityContext defines the security options 2148 the container should be run with. If set, the fields of 2149 SecurityContext override the equivalent fields of PodSecurityContext. 2150 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2151 properties: 2152 allowPrivilegeEscalation: 2153 description: 'AllowPrivilegeEscalation controls whether 2154 a process can gain more privileges than its parent 2155 process. This bool directly controls if the no_new_privs 2156 flag will be set on the container process. AllowPrivilegeEscalation 2157 is true always when the container is: 1) run as Privileged 2158 2) has CAP_SYS_ADMIN Note that this field cannot be 2159 set when spec.os.name is windows.' 2160 type: boolean 2161 capabilities: 2162 description: The capabilities to add/drop when running 2163 containers. Defaults to the default set of capabilities 2164 granted by the container runtime. Note that this field 2165 cannot be set when spec.os.name is windows. 2166 properties: 2167 add: 2168 description: Added capabilities 2169 items: 2170 description: Capability represent POSIX capabilities 2171 type 2172 type: string 2173 type: array 2174 drop: 2175 description: Removed capabilities 2176 items: 2177 description: Capability represent POSIX capabilities 2178 type 2179 type: string 2180 type: array 2181 type: object 2182 privileged: 2183 description: Run container in privileged mode. Processes 2184 in privileged containers are essentially equivalent 2185 to root on the host. Defaults to false. Note that 2186 this field cannot be set when spec.os.name is windows. 2187 type: boolean 2188 procMount: 2189 description: procMount denotes the type of proc mount 2190 to use for the containers. The default is DefaultProcMount 2191 which uses the container runtime defaults for readonly 2192 paths and masked paths. This requires the ProcMountType 2193 feature flag to be enabled. Note that this field cannot 2194 be set when spec.os.name is windows. 2195 type: string 2196 readOnlyRootFilesystem: 2197 description: Whether this container has a read-only 2198 root filesystem. Default is false. Note that this 2199 field cannot be set when spec.os.name is windows. 2200 type: boolean 2201 runAsGroup: 2202 description: The GID to run the entrypoint of the container 2203 process. Uses runtime default if unset. May also be 2204 set in PodSecurityContext. If set in both SecurityContext 2205 and PodSecurityContext, the value specified in SecurityContext 2206 takes precedence. Note that this field cannot be set 2207 when spec.os.name is windows. 2208 format: int64 2209 type: integer 2210 runAsNonRoot: 2211 description: Indicates that the container must run as 2212 a non-root user. If true, the Kubelet will validate 2213 the image at runtime to ensure that it does not run 2214 as UID 0 (root) and fail to start the container if 2215 it does. If unset or false, no such validation will 2216 be performed. May also be set in PodSecurityContext. If 2217 set in both SecurityContext and PodSecurityContext, 2218 the value specified in SecurityContext takes precedence. 2219 type: boolean 2220 runAsUser: 2221 description: The UID to run the entrypoint of the container 2222 process. Defaults to user specified in image metadata 2223 if unspecified. May also be set in PodSecurityContext. If 2224 set in both SecurityContext and PodSecurityContext, 2225 the value specified in SecurityContext takes precedence. 2226 Note that this field cannot be set when spec.os.name 2227 is windows. 2228 format: int64 2229 type: integer 2230 seLinuxOptions: 2231 description: The SELinux context to be applied to the 2232 container. If unspecified, the container runtime will 2233 allocate a random SELinux context for each container. May 2234 also be set in PodSecurityContext. If set in both 2235 SecurityContext and PodSecurityContext, the value 2236 specified in SecurityContext takes precedence. Note 2237 that this field cannot be set when spec.os.name is 2238 windows. 2239 properties: 2240 level: 2241 description: Level is SELinux level label that applies 2242 to the container. 2243 type: string 2244 role: 2245 description: Role is a SELinux role label that applies 2246 to the container. 2247 type: string 2248 type: 2249 description: Type is a SELinux type label that applies 2250 to the container. 2251 type: string 2252 user: 2253 description: User is a SELinux user label that applies 2254 to the container. 2255 type: string 2256 type: object 2257 seccompProfile: 2258 description: The seccomp options to use by this container. 2259 If seccomp options are provided at both the pod & 2260 container level, the container options override the 2261 pod options. Note that this field cannot be set when 2262 spec.os.name is windows. 2263 properties: 2264 localhostProfile: 2265 description: localhostProfile indicates a profile 2266 defined in a file on the node should be used. 2267 The profile must be preconfigured on the node 2268 to work. Must be a descending path, relative to 2269 the kubelet's configured seccomp profile location. 2270 Must only be set if type is "Localhost". 2271 type: string 2272 type: 2273 description: "type indicates which kind of seccomp 2274 profile will be applied. Valid options are: \n 2275 Localhost - a profile defined in a file on the 2276 node should be used. RuntimeDefault - the container 2277 runtime default profile should be used. Unconfined 2278 - no profile should be applied." 2279 type: string 2280 required: 2281 - type 2282 type: object 2283 windowsOptions: 2284 description: The Windows specific settings applied to 2285 all containers. If unspecified, the options from the 2286 PodSecurityContext will be used. If set in both SecurityContext 2287 and PodSecurityContext, the value specified in SecurityContext 2288 takes precedence. Note that this field cannot be set 2289 when spec.os.name is linux. 2290 properties: 2291 gmsaCredentialSpec: 2292 description: GMSACredentialSpec is where the GMSA 2293 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2294 inlines the contents of the GMSA credential spec 2295 named by the GMSACredentialSpecName field. 2296 type: string 2297 gmsaCredentialSpecName: 2298 description: GMSACredentialSpecName is the name 2299 of the GMSA credential spec to use. 2300 type: string 2301 hostProcess: 2302 description: HostProcess determines if a container 2303 should be run as a 'Host Process' container. This 2304 field is alpha-level and will only be honored 2305 by components that enable the WindowsHostProcessContainers 2306 feature flag. Setting this field without the feature 2307 flag will result in errors when validating the 2308 Pod. All of a Pod's containers must have the same 2309 effective HostProcess value (it is not allowed 2310 to have a mix of HostProcess containers and non-HostProcess 2311 containers). In addition, if HostProcess is true 2312 then HostNetwork must also be set to true. 2313 type: boolean 2314 runAsUserName: 2315 description: The UserName in Windows to run the 2316 entrypoint of the container process. Defaults 2317 to the user specified in image metadata if unspecified. 2318 May also be set in PodSecurityContext. If set 2319 in both SecurityContext and PodSecurityContext, 2320 the value specified in SecurityContext takes precedence. 2321 type: string 2322 type: object 2323 type: object 2324 startupProbe: 2325 description: 'StartupProbe indicates that the Pod has successfully 2326 initialized. If specified, no other probes are executed 2327 until this completes successfully. If this probe fails, 2328 the Pod will be restarted, just as if the livenessProbe 2329 failed. This can be used to provide different probe parameters 2330 at the beginning of a Pod''s lifecycle, when it might 2331 take a long time to load data or warm a cache, than during 2332 steady-state operation. This cannot be updated. More info: 2333 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2334 properties: 2335 exec: 2336 description: Exec specifies the action to take. 2337 properties: 2338 command: 2339 description: Command is the command line to execute 2340 inside the container, the working directory for 2341 the command is root ('/') in the container's 2342 filesystem. The command is simply exec'd, it is 2343 not run inside a shell, so traditional shell instructions 2344 ('|', etc) won't work. To use a shell, you need 2345 to explicitly call out to that shell. Exit status 2346 of 0 is treated as live/healthy and non-zero is 2347 unhealthy. 2348 items: 2349 type: string 2350 type: array 2351 type: object 2352 failureThreshold: 2353 description: Minimum consecutive failures for the probe 2354 to be considered failed after having succeeded. Defaults 2355 to 3. Minimum value is 1. 2356 format: int32 2357 type: integer 2358 grpc: 2359 description: GRPC specifies an action involving a GRPC 2360 port. This is an alpha field and requires enabling 2361 GRPCContainerProbe feature gate. 2362 properties: 2363 port: 2364 description: Port number of the gRPC service. Number 2365 must be in the range 1 to 65535. 2366 format: int32 2367 type: integer 2368 service: 2369 description: "Service is the name of the service 2370 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2371 \n If this is not specified, the default behavior 2372 is defined by gRPC." 2373 type: string 2374 required: 2375 - port 2376 type: object 2377 httpGet: 2378 description: HTTPGet specifies the http request to perform. 2379 properties: 2380 host: 2381 description: Host name to connect to, defaults to 2382 the pod IP. You probably want to set "Host" in 2383 httpHeaders instead. 2384 type: string 2385 httpHeaders: 2386 description: Custom headers to set in the request. 2387 HTTP allows repeated headers. 2388 items: 2389 description: HTTPHeader describes a custom header 2390 to be used in HTTP probes 2391 properties: 2392 name: 2393 description: The header field name 2394 type: string 2395 value: 2396 description: The header field value 2397 type: string 2398 required: 2399 - name 2400 - value 2401 type: object 2402 type: array 2403 path: 2404 description: Path to access on the HTTP server. 2405 type: string 2406 port: 2407 anyOf: 2408 - type: integer 2409 - type: string 2410 description: Name or number of the port to access 2411 on the container. Number must be in the range 2412 1 to 65535. Name must be an IANA_SVC_NAME. 2413 x-kubernetes-int-or-string: true 2414 scheme: 2415 description: Scheme to use for connecting to the 2416 host. Defaults to HTTP. 2417 type: string 2418 required: 2419 - port 2420 type: object 2421 initialDelaySeconds: 2422 description: 'Number of seconds after the container 2423 has started before liveness probes are initiated. 2424 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2425 format: int32 2426 type: integer 2427 periodSeconds: 2428 description: How often (in seconds) to perform the probe. 2429 Default to 10 seconds. Minimum value is 1. 2430 format: int32 2431 type: integer 2432 successThreshold: 2433 description: Minimum consecutive successes for the probe 2434 to be considered successful after having failed. Defaults 2435 to 1. Must be 1 for liveness and startup. Minimum 2436 value is 1. 2437 format: int32 2438 type: integer 2439 tcpSocket: 2440 description: TCPSocket specifies an action involving 2441 a TCP port. 2442 properties: 2443 host: 2444 description: 'Optional: Host name to connect to, 2445 defaults to the pod IP.' 2446 type: string 2447 port: 2448 anyOf: 2449 - type: integer 2450 - type: string 2451 description: Number or name of the port to access 2452 on the container. Number must be in the range 2453 1 to 65535. Name must be an IANA_SVC_NAME. 2454 x-kubernetes-int-or-string: true 2455 required: 2456 - port 2457 type: object 2458 terminationGracePeriodSeconds: 2459 description: Optional duration in seconds the pod needs 2460 to terminate gracefully upon probe failure. The grace 2461 period is the duration in seconds after the processes 2462 running in the pod are sent a termination signal and 2463 the time when the processes are forcibly halted with 2464 a kill signal. Set this value longer than the expected 2465 cleanup time for your process. If this value is nil, 2466 the pod's terminationGracePeriodSeconds will be used. 2467 Otherwise, this value overrides the value provided 2468 by the pod spec. Value must be non-negative integer. 2469 The value zero indicates stop immediately via the 2470 kill signal (no opportunity to shut down). This is 2471 a beta field and requires enabling ProbeTerminationGracePeriod 2472 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2473 is used if unset. 2474 format: int64 2475 type: integer 2476 timeoutSeconds: 2477 description: 'Number of seconds after which the probe 2478 times out. Defaults to 1 second. Minimum value is 2479 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2480 format: int32 2481 type: integer 2482 type: object 2483 stdin: 2484 description: Whether this container should allocate a buffer 2485 for stdin in the container runtime. If this is not set, 2486 reads from stdin in the container will always result in 2487 EOF. Default is false. 2488 type: boolean 2489 stdinOnce: 2490 description: Whether the container runtime should close 2491 the stdin channel after it has been opened by a single 2492 attach. When stdin is true the stdin stream will remain 2493 open across multiple attach sessions. If stdinOnce is 2494 set to true, stdin is opened on container start, is empty 2495 until the first client attaches to stdin, and then remains 2496 open and accepts data until the client disconnects, at 2497 which time stdin is closed and remains closed until the 2498 container is restarted. If this flag is false, a container 2499 processes that reads from stdin will never receive an 2500 EOF. Default is false 2501 type: boolean 2502 terminationMessagePath: 2503 description: 'Optional: Path at which the file to which 2504 the container''s termination message will be written is 2505 mounted into the container''s filesystem. Message written 2506 is intended to be brief final status, such as an assertion 2507 failure message. Will be truncated by the node if greater 2508 than 4096 bytes. The total message length across all containers 2509 will be limited to 12kb. Defaults to /dev/termination-log. 2510 Cannot be updated.' 2511 type: string 2512 terminationMessagePolicy: 2513 description: Indicate how the termination message should 2514 be populated. File will use the contents of terminationMessagePath 2515 to populate the container status message on both success 2516 and failure. FallbackToLogsOnError will use the last chunk 2517 of container log output if the termination message file 2518 is empty and the container exited with an error. The log 2519 output is limited to 2048 bytes or 80 lines, whichever 2520 is smaller. Defaults to File. Cannot be updated. 2521 type: string 2522 tty: 2523 description: Whether this container should allocate a TTY 2524 for itself, also requires 'stdin' to be true. Default 2525 is false. 2526 type: boolean 2527 volumeDevices: 2528 description: volumeDevices is the list of block devices 2529 to be used by the container. 2530 items: 2531 description: volumeDevice describes a mapping of a raw 2532 block device within a container. 2533 properties: 2534 devicePath: 2535 description: devicePath is the path inside of the 2536 container that the device will be mapped to. 2537 type: string 2538 name: 2539 description: name must match the name of a persistentVolumeClaim 2540 in the pod 2541 type: string 2542 required: 2543 - devicePath 2544 - name 2545 type: object 2546 type: array 2547 volumeMounts: 2548 description: Pod volumes to mount into the container's filesystem. 2549 Cannot be updated. 2550 items: 2551 description: VolumeMount describes a mounting of a Volume 2552 within a container. 2553 properties: 2554 mountPath: 2555 description: Path within the container at which the 2556 volume should be mounted. Must not contain ':'. 2557 type: string 2558 mountPropagation: 2559 description: mountPropagation determines how mounts 2560 are propagated from the host to container and the 2561 other way around. When not set, MountPropagationNone 2562 is used. This field is beta in 1.10. 2563 type: string 2564 name: 2565 description: This must match the Name of a Volume. 2566 type: string 2567 readOnly: 2568 description: Mounted read-only if true, read-write 2569 otherwise (false or unspecified). Defaults to false. 2570 type: boolean 2571 subPath: 2572 description: Path within the volume from which the 2573 container's volume should be mounted. Defaults to 2574 "" (volume's root). 2575 type: string 2576 subPathExpr: 2577 description: Expanded path within the volume from 2578 which the container's volume should be mounted. 2579 Behaves similarly to SubPath but environment variable 2580 references $(VAR_NAME) are expanded using the container's 2581 environment. Defaults to "" (volume's root). SubPathExpr 2582 and SubPath are mutually exclusive. 2583 type: string 2584 required: 2585 - mountPath 2586 - name 2587 type: object 2588 type: array 2589 workingDir: 2590 description: Container's working directory. If not specified, 2591 the container runtime's default will be used, which might 2592 be configured in the container image. Cannot be updated. 2593 type: string 2594 required: 2595 - name 2596 type: object 2597 type: array 2598 logFormat: 2599 description: LogFormat describes the log format that should be 2600 used by the Repo Server. Defaults to ArgoCDDefaultLogFormat 2601 if not configured. Valid options are text or json. 2602 type: string 2603 logLevel: 2604 description: LogLevel describes the log level that should be used 2605 by the Repo Server. Defaults to ArgoCDDefaultLogLevel if not 2606 set. Valid options are debug, info, error, and warn. 2607 type: string 2608 mountsatoken: 2609 description: MountSAToken describes whether you would like to 2610 have the Repo server mount the service account token 2611 type: boolean 2612 replicas: 2613 description: Replicas defines the number of replicas for argocd-repo-server. 2614 Value should be greater than or equal to 0. Default is nil. 2615 format: int32 2616 type: integer 2617 resources: 2618 description: Resources defines the Compute Resources required 2619 by the container for Redis. 2620 properties: 2621 limits: 2622 additionalProperties: 2623 anyOf: 2624 - type: integer 2625 - type: string 2626 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2627 x-kubernetes-int-or-string: true 2628 description: 'Limits describes the maximum amount of compute 2629 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2630 type: object 2631 requests: 2632 additionalProperties: 2633 anyOf: 2634 - type: integer 2635 - type: string 2636 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2637 x-kubernetes-int-or-string: true 2638 description: 'Requests describes the minimum amount of compute 2639 resources required. If Requests is omitted for a container, 2640 it defaults to Limits if that is explicitly specified, otherwise 2641 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2642 type: object 2643 type: object 2644 serviceaccount: 2645 description: ServiceAccount defines the ServiceAccount user that 2646 you would like the Repo server to use 2647 type: string 2648 sidecarContainers: 2649 description: SidecarContainers defines the list of sidecar containers 2650 for the repo server deployment 2651 items: 2652 description: A single application container that you want to 2653 run within a pod. 2654 properties: 2655 args: 2656 description: 'Arguments to the entrypoint. The docker image''s 2657 CMD is used if this is not provided. Variable references 2658 $(VAR_NAME) are expanded using the container''s environment. 2659 If a variable cannot be resolved, the reference in the 2660 input string will be unchanged. Double $$ are reduced 2661 to a single $, which allows for escaping the $(VAR_NAME) 2662 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 2663 "$(VAR_NAME)". Escaped references will never be expanded, 2664 regardless of whether the variable exists or not. Cannot 2665 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2666 items: 2667 type: string 2668 type: array 2669 command: 2670 description: 'Entrypoint array. Not executed within a shell. 2671 The docker image''s ENTRYPOINT is used if this is not 2672 provided. Variable references $(VAR_NAME) are expanded 2673 using the container''s environment. If a variable cannot 2674 be resolved, the reference in the input string will be 2675 unchanged. Double $$ are reduced to a single $, which 2676 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 2677 will produce the string literal "$(VAR_NAME)". Escaped 2678 references will never be expanded, regardless of whether 2679 the variable exists or not. Cannot be updated. More info: 2680 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2681 items: 2682 type: string 2683 type: array 2684 env: 2685 description: List of environment variables to set in the 2686 container. Cannot be updated. 2687 items: 2688 description: EnvVar represents an environment variable 2689 present in a Container. 2690 properties: 2691 name: 2692 description: Name of the environment variable. Must 2693 be a C_IDENTIFIER. 2694 type: string 2695 value: 2696 description: 'Variable references $(VAR_NAME) are 2697 expanded using the previously defined environment 2698 variables in the container and any service environment 2699 variables. If a variable cannot be resolved, the 2700 reference in the input string will be unchanged. 2701 Double $$ are reduced to a single $, which allows 2702 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 2703 will produce the string literal "$(VAR_NAME)". Escaped 2704 references will never be expanded, regardless of 2705 whether the variable exists or not. Defaults to 2706 "".' 2707 type: string 2708 valueFrom: 2709 description: Source for the environment variable's 2710 value. Cannot be used if value is not empty. 2711 properties: 2712 configMapKeyRef: 2713 description: Selects a key of a ConfigMap. 2714 properties: 2715 key: 2716 description: The key to select. 2717 type: string 2718 name: 2719 description: 'Name of the referent. More info: 2720 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2721 TODO: Add other useful fields. apiVersion, 2722 kind, uid?' 2723 type: string 2724 optional: 2725 description: Specify whether the ConfigMap 2726 or its key must be defined 2727 type: boolean 2728 required: 2729 - key 2730 type: object 2731 fieldRef: 2732 description: 'Selects a field of the pod: supports 2733 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 2734 `metadata.annotations[''<KEY>'']`, spec.nodeName, 2735 spec.serviceAccountName, status.hostIP, status.podIP, 2736 status.podIPs.' 2737 properties: 2738 apiVersion: 2739 description: Version of the schema the FieldPath 2740 is written in terms of, defaults to "v1". 2741 type: string 2742 fieldPath: 2743 description: Path of the field to select in 2744 the specified API version. 2745 type: string 2746 required: 2747 - fieldPath 2748 type: object 2749 resourceFieldRef: 2750 description: 'Selects a resource of the container: 2751 only resources limits and requests (limits.cpu, 2752 limits.memory, limits.ephemeral-storage, requests.cpu, 2753 requests.memory and requests.ephemeral-storage) 2754 are currently supported.' 2755 properties: 2756 containerName: 2757 description: 'Container name: required for 2758 volumes, optional for env vars' 2759 type: string 2760 divisor: 2761 anyOf: 2762 - type: integer 2763 - type: string 2764 description: Specifies the output format of 2765 the exposed resources, defaults to "1" 2766 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2767 x-kubernetes-int-or-string: true 2768 resource: 2769 description: 'Required: resource to select' 2770 type: string 2771 required: 2772 - resource 2773 type: object 2774 secretKeyRef: 2775 description: Selects a key of a secret in the 2776 pod's namespace 2777 properties: 2778 key: 2779 description: The key of the secret to select 2780 from. Must be a valid secret key. 2781 type: string 2782 name: 2783 description: 'Name of the referent. More info: 2784 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2785 TODO: Add other useful fields. apiVersion, 2786 kind, uid?' 2787 type: string 2788 optional: 2789 description: Specify whether the Secret or 2790 its key must be defined 2791 type: boolean 2792 required: 2793 - key 2794 type: object 2795 type: object 2796 required: 2797 - name 2798 type: object 2799 type: array 2800 envFrom: 2801 description: List of sources to populate environment variables 2802 in the container. The keys defined within a source must 2803 be a C_IDENTIFIER. All invalid keys will be reported as 2804 an event when the container is starting. When a key exists 2805 in multiple sources, the value associated with the last 2806 source will take precedence. Values defined by an Env 2807 with a duplicate key will take precedence. Cannot be updated. 2808 items: 2809 description: EnvFromSource represents the source of a 2810 set of ConfigMaps 2811 properties: 2812 configMapRef: 2813 description: The ConfigMap to select from 2814 properties: 2815 name: 2816 description: 'Name of the referent. More info: 2817 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2818 TODO: Add other useful fields. apiVersion, kind, 2819 uid?' 2820 type: string 2821 optional: 2822 description: Specify whether the ConfigMap must 2823 be defined 2824 type: boolean 2825 type: object 2826 prefix: 2827 description: An optional identifier to prepend to 2828 each key in the ConfigMap. Must be a C_IDENTIFIER. 2829 type: string 2830 secretRef: 2831 description: The Secret to select from 2832 properties: 2833 name: 2834 description: 'Name of the referent. More info: 2835 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2836 TODO: Add other useful fields. apiVersion, kind, 2837 uid?' 2838 type: string 2839 optional: 2840 description: Specify whether the Secret must be 2841 defined 2842 type: boolean 2843 type: object 2844 type: object 2845 type: array 2846 image: 2847 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images 2848 This field is optional to allow higher level config management 2849 to default or override container images in workload controllers 2850 like Deployments and StatefulSets.' 2851 type: string 2852 imagePullPolicy: 2853 description: 'Image pull policy. One of Always, Never, IfNotPresent. 2854 Defaults to Always if :latest tag is specified, or IfNotPresent 2855 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2856 type: string 2857 lifecycle: 2858 description: Actions that the management system should take 2859 in response to container lifecycle events. Cannot be updated. 2860 properties: 2861 postStart: 2862 description: 'PostStart is called immediately after 2863 a container is created. If the handler fails, the 2864 container is terminated and restarted according to 2865 its restart policy. Other management of the container 2866 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2867 properties: 2868 exec: 2869 description: Exec specifies the action to take. 2870 properties: 2871 command: 2872 description: Command is the command line to 2873 execute inside the container, the working 2874 directory for the command is root ('/') in 2875 the container's filesystem. The command is 2876 simply exec'd, it is not run inside a shell, 2877 so traditional shell instructions ('|', etc) 2878 won't work. To use a shell, you need to explicitly 2879 call out to that shell. Exit status of 0 is 2880 treated as live/healthy and non-zero is unhealthy. 2881 items: 2882 type: string 2883 type: array 2884 type: object 2885 httpGet: 2886 description: HTTPGet specifies the http request 2887 to perform. 2888 properties: 2889 host: 2890 description: Host name to connect to, defaults 2891 to the pod IP. You probably want to set "Host" 2892 in httpHeaders instead. 2893 type: string 2894 httpHeaders: 2895 description: Custom headers to set in the request. 2896 HTTP allows repeated headers. 2897 items: 2898 description: HTTPHeader describes a custom 2899 header to be used in HTTP probes 2900 properties: 2901 name: 2902 description: The header field name 2903 type: string 2904 value: 2905 description: The header field value 2906 type: string 2907 required: 2908 - name 2909 - value 2910 type: object 2911 type: array 2912 path: 2913 description: Path to access on the HTTP server. 2914 type: string 2915 port: 2916 anyOf: 2917 - type: integer 2918 - type: string 2919 description: Name or number of the port to access 2920 on the container. Number must be in the range 2921 1 to 65535. Name must be an IANA_SVC_NAME. 2922 x-kubernetes-int-or-string: true 2923 scheme: 2924 description: Scheme to use for connecting to 2925 the host. Defaults to HTTP. 2926 type: string 2927 required: 2928 - port 2929 type: object 2930 tcpSocket: 2931 description: Deprecated. TCPSocket is NOT supported 2932 as a LifecycleHandler and kept for the backward 2933 compatibility. There are no validation of this 2934 field and lifecycle hooks will fail in runtime 2935 when tcp handler is specified. 2936 properties: 2937 host: 2938 description: 'Optional: Host name to connect 2939 to, defaults to the pod IP.' 2940 type: string 2941 port: 2942 anyOf: 2943 - type: integer 2944 - type: string 2945 description: Number or name of the port to access 2946 on the container. Number must be in the range 2947 1 to 65535. Name must be an IANA_SVC_NAME. 2948 x-kubernetes-int-or-string: true 2949 required: 2950 - port 2951 type: object 2952 type: object 2953 preStop: 2954 description: 'PreStop is called immediately before a 2955 container is terminated due to an API request or management 2956 event such as liveness/startup probe failure, preemption, 2957 resource contention, etc. The handler is not called 2958 if the container crashes or exits. The Pod''s termination 2959 grace period countdown begins before the PreStop hook 2960 is executed. Regardless of the outcome of the handler, 2961 the container will eventually terminate within the 2962 Pod''s termination grace period (unless delayed by 2963 finalizers). Other management of the container blocks 2964 until the hook completes or until the termination 2965 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2966 properties: 2967 exec: 2968 description: Exec specifies the action to take. 2969 properties: 2970 command: 2971 description: Command is the command line to 2972 execute inside the container, the working 2973 directory for the command is root ('/') in 2974 the container's filesystem. The command is 2975 simply exec'd, it is not run inside a shell, 2976 so traditional shell instructions ('|', etc) 2977 won't work. To use a shell, you need to explicitly 2978 call out to that shell. Exit status of 0 is 2979 treated as live/healthy and non-zero is unhealthy. 2980 items: 2981 type: string 2982 type: array 2983 type: object 2984 httpGet: 2985 description: HTTPGet specifies the http request 2986 to perform. 2987 properties: 2988 host: 2989 description: Host name to connect to, defaults 2990 to the pod IP. You probably want to set "Host" 2991 in httpHeaders instead. 2992 type: string 2993 httpHeaders: 2994 description: Custom headers to set in the request. 2995 HTTP allows repeated headers. 2996 items: 2997 description: HTTPHeader describes a custom 2998 header to be used in HTTP probes 2999 properties: 3000 name: 3001 description: The header field name 3002 type: string 3003 value: 3004 description: The header field value 3005 type: string 3006 required: 3007 - name 3008 - value 3009 type: object 3010 type: array 3011 path: 3012 description: Path to access on the HTTP server. 3013 type: string 3014 port: 3015 anyOf: 3016 - type: integer 3017 - type: string 3018 description: Name or number of the port to access 3019 on the container. Number must be in the range 3020 1 to 65535. Name must be an IANA_SVC_NAME. 3021 x-kubernetes-int-or-string: true 3022 scheme: 3023 description: Scheme to use for connecting to 3024 the host. Defaults to HTTP. 3025 type: string 3026 required: 3027 - port 3028 type: object 3029 tcpSocket: 3030 description: Deprecated. TCPSocket is NOT supported 3031 as a LifecycleHandler and kept for the backward 3032 compatibility. There are no validation of this 3033 field and lifecycle hooks will fail in runtime 3034 when tcp handler is specified. 3035 properties: 3036 host: 3037 description: 'Optional: Host name to connect 3038 to, defaults to the pod IP.' 3039 type: string 3040 port: 3041 anyOf: 3042 - type: integer 3043 - type: string 3044 description: Number or name of the port to access 3045 on the container. Number must be in the range 3046 1 to 65535. Name must be an IANA_SVC_NAME. 3047 x-kubernetes-int-or-string: true 3048 required: 3049 - port 3050 type: object 3051 type: object 3052 type: object 3053 livenessProbe: 3054 description: 'Periodic probe of container liveness. Container 3055 will be restarted if the probe fails. Cannot be updated. 3056 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3057 properties: 3058 exec: 3059 description: Exec specifies the action to take. 3060 properties: 3061 command: 3062 description: Command is the command line to execute 3063 inside the container, the working directory for 3064 the command is root ('/') in the container's 3065 filesystem. The command is simply exec'd, it is 3066 not run inside a shell, so traditional shell instructions 3067 ('|', etc) won't work. To use a shell, you need 3068 to explicitly call out to that shell. Exit status 3069 of 0 is treated as live/healthy and non-zero is 3070 unhealthy. 3071 items: 3072 type: string 3073 type: array 3074 type: object 3075 failureThreshold: 3076 description: Minimum consecutive failures for the probe 3077 to be considered failed after having succeeded. Defaults 3078 to 3. Minimum value is 1. 3079 format: int32 3080 type: integer 3081 grpc: 3082 description: GRPC specifies an action involving a GRPC 3083 port. This is an alpha field and requires enabling 3084 GRPCContainerProbe feature gate. 3085 properties: 3086 port: 3087 description: Port number of the gRPC service. Number 3088 must be in the range 1 to 65535. 3089 format: int32 3090 type: integer 3091 service: 3092 description: "Service is the name of the service 3093 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3094 \n If this is not specified, the default behavior 3095 is defined by gRPC." 3096 type: string 3097 required: 3098 - port 3099 type: object 3100 httpGet: 3101 description: HTTPGet specifies the http request to perform. 3102 properties: 3103 host: 3104 description: Host name to connect to, defaults to 3105 the pod IP. You probably want to set "Host" in 3106 httpHeaders instead. 3107 type: string 3108 httpHeaders: 3109 description: Custom headers to set in the request. 3110 HTTP allows repeated headers. 3111 items: 3112 description: HTTPHeader describes a custom header 3113 to be used in HTTP probes 3114 properties: 3115 name: 3116 description: The header field name 3117 type: string 3118 value: 3119 description: The header field value 3120 type: string 3121 required: 3122 - name 3123 - value 3124 type: object 3125 type: array 3126 path: 3127 description: Path to access on the HTTP server. 3128 type: string 3129 port: 3130 anyOf: 3131 - type: integer 3132 - type: string 3133 description: Name or number of the port to access 3134 on the container. Number must be in the range 3135 1 to 65535. Name must be an IANA_SVC_NAME. 3136 x-kubernetes-int-or-string: true 3137 scheme: 3138 description: Scheme to use for connecting to the 3139 host. Defaults to HTTP. 3140 type: string 3141 required: 3142 - port 3143 type: object 3144 initialDelaySeconds: 3145 description: 'Number of seconds after the container 3146 has started before liveness probes are initiated. 3147 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3148 format: int32 3149 type: integer 3150 periodSeconds: 3151 description: How often (in seconds) to perform the probe. 3152 Default to 10 seconds. Minimum value is 1. 3153 format: int32 3154 type: integer 3155 successThreshold: 3156 description: Minimum consecutive successes for the probe 3157 to be considered successful after having failed. Defaults 3158 to 1. Must be 1 for liveness and startup. Minimum 3159 value is 1. 3160 format: int32 3161 type: integer 3162 tcpSocket: 3163 description: TCPSocket specifies an action involving 3164 a TCP port. 3165 properties: 3166 host: 3167 description: 'Optional: Host name to connect to, 3168 defaults to the pod IP.' 3169 type: string 3170 port: 3171 anyOf: 3172 - type: integer 3173 - type: string 3174 description: Number or name of the port to access 3175 on the container. Number must be in the range 3176 1 to 65535. Name must be an IANA_SVC_NAME. 3177 x-kubernetes-int-or-string: true 3178 required: 3179 - port 3180 type: object 3181 terminationGracePeriodSeconds: 3182 description: Optional duration in seconds the pod needs 3183 to terminate gracefully upon probe failure. The grace 3184 period is the duration in seconds after the processes 3185 running in the pod are sent a termination signal and 3186 the time when the processes are forcibly halted with 3187 a kill signal. Set this value longer than the expected 3188 cleanup time for your process. If this value is nil, 3189 the pod's terminationGracePeriodSeconds will be used. 3190 Otherwise, this value overrides the value provided 3191 by the pod spec. Value must be non-negative integer. 3192 The value zero indicates stop immediately via the 3193 kill signal (no opportunity to shut down). This is 3194 a beta field and requires enabling ProbeTerminationGracePeriod 3195 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3196 is used if unset. 3197 format: int64 3198 type: integer 3199 timeoutSeconds: 3200 description: 'Number of seconds after which the probe 3201 times out. Defaults to 1 second. Minimum value is 3202 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3203 format: int32 3204 type: integer 3205 type: object 3206 name: 3207 description: Name of the container specified as a DNS_LABEL. 3208 Each container in a pod must have a unique name (DNS_LABEL). 3209 Cannot be updated. 3210 type: string 3211 ports: 3212 description: List of ports to expose from the container. 3213 Exposing a port here gives the system additional information 3214 about the network connections a container uses, but is 3215 primarily informational. Not specifying a port here DOES 3216 NOT prevent that port from being exposed. Any port which 3217 is listening on the default "0.0.0.0" address inside a 3218 container will be accessible from the network. Cannot 3219 be updated. 3220 items: 3221 description: ContainerPort represents a network port in 3222 a single container. 3223 properties: 3224 containerPort: 3225 description: Number of port to expose on the pod's 3226 IP address. This must be a valid port number, 0 3227 < x < 65536. 3228 format: int32 3229 type: integer 3230 hostIP: 3231 description: What host IP to bind the external port 3232 to. 3233 type: string 3234 hostPort: 3235 description: Number of port to expose on the host. 3236 If specified, this must be a valid port number, 3237 0 < x < 65536. If HostNetwork is specified, this 3238 must match ContainerPort. Most containers do not 3239 need this. 3240 format: int32 3241 type: integer 3242 name: 3243 description: If specified, this must be an IANA_SVC_NAME 3244 and unique within the pod. Each named port in a 3245 pod must have a unique name. Name for the port that 3246 can be referred to by services. 3247 type: string 3248 protocol: 3249 default: TCP 3250 description: Protocol for port. Must be UDP, TCP, 3251 or SCTP. Defaults to "TCP". 3252 type: string 3253 required: 3254 - containerPort 3255 type: object 3256 type: array 3257 x-kubernetes-list-map-keys: 3258 - containerPort 3259 - protocol 3260 x-kubernetes-list-type: map 3261 readinessProbe: 3262 description: 'Periodic probe of container service readiness. 3263 Container will be removed from service endpoints if the 3264 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3265 properties: 3266 exec: 3267 description: Exec specifies the action to take. 3268 properties: 3269 command: 3270 description: Command is the command line to execute 3271 inside the container, the working directory for 3272 the command is root ('/') in the container's 3273 filesystem. The command is simply exec'd, it is 3274 not run inside a shell, so traditional shell instructions 3275 ('|', etc) won't work. To use a shell, you need 3276 to explicitly call out to that shell. Exit status 3277 of 0 is treated as live/healthy and non-zero is 3278 unhealthy. 3279 items: 3280 type: string 3281 type: array 3282 type: object 3283 failureThreshold: 3284 description: Minimum consecutive failures for the probe 3285 to be considered failed after having succeeded. Defaults 3286 to 3. Minimum value is 1. 3287 format: int32 3288 type: integer 3289 grpc: 3290 description: GRPC specifies an action involving a GRPC 3291 port. This is an alpha field and requires enabling 3292 GRPCContainerProbe feature gate. 3293 properties: 3294 port: 3295 description: Port number of the gRPC service. Number 3296 must be in the range 1 to 65535. 3297 format: int32 3298 type: integer 3299 service: 3300 description: "Service is the name of the service 3301 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3302 \n If this is not specified, the default behavior 3303 is defined by gRPC." 3304 type: string 3305 required: 3306 - port 3307 type: object 3308 httpGet: 3309 description: HTTPGet specifies the http request to perform. 3310 properties: 3311 host: 3312 description: Host name to connect to, defaults to 3313 the pod IP. You probably want to set "Host" in 3314 httpHeaders instead. 3315 type: string 3316 httpHeaders: 3317 description: Custom headers to set in the request. 3318 HTTP allows repeated headers. 3319 items: 3320 description: HTTPHeader describes a custom header 3321 to be used in HTTP probes 3322 properties: 3323 name: 3324 description: The header field name 3325 type: string 3326 value: 3327 description: The header field value 3328 type: string 3329 required: 3330 - name 3331 - value 3332 type: object 3333 type: array 3334 path: 3335 description: Path to access on the HTTP server. 3336 type: string 3337 port: 3338 anyOf: 3339 - type: integer 3340 - type: string 3341 description: Name or number of the port to access 3342 on the container. Number must be in the range 3343 1 to 65535. Name must be an IANA_SVC_NAME. 3344 x-kubernetes-int-or-string: true 3345 scheme: 3346 description: Scheme to use for connecting to the 3347 host. Defaults to HTTP. 3348 type: string 3349 required: 3350 - port 3351 type: object 3352 initialDelaySeconds: 3353 description: 'Number of seconds after the container 3354 has started before liveness probes are initiated. 3355 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3356 format: int32 3357 type: integer 3358 periodSeconds: 3359 description: How often (in seconds) to perform the probe. 3360 Default to 10 seconds. Minimum value is 1. 3361 format: int32 3362 type: integer 3363 successThreshold: 3364 description: Minimum consecutive successes for the probe 3365 to be considered successful after having failed. Defaults 3366 to 1. Must be 1 for liveness and startup. Minimum 3367 value is 1. 3368 format: int32 3369 type: integer 3370 tcpSocket: 3371 description: TCPSocket specifies an action involving 3372 a TCP port. 3373 properties: 3374 host: 3375 description: 'Optional: Host name to connect to, 3376 defaults to the pod IP.' 3377 type: string 3378 port: 3379 anyOf: 3380 - type: integer 3381 - type: string 3382 description: Number or name of the port to access 3383 on the container. Number must be in the range 3384 1 to 65535. Name must be an IANA_SVC_NAME. 3385 x-kubernetes-int-or-string: true 3386 required: 3387 - port 3388 type: object 3389 terminationGracePeriodSeconds: 3390 description: Optional duration in seconds the pod needs 3391 to terminate gracefully upon probe failure. The grace 3392 period is the duration in seconds after the processes 3393 running in the pod are sent a termination signal and 3394 the time when the processes are forcibly halted with 3395 a kill signal. Set this value longer than the expected 3396 cleanup time for your process. If this value is nil, 3397 the pod's terminationGracePeriodSeconds will be used. 3398 Otherwise, this value overrides the value provided 3399 by the pod spec. Value must be non-negative integer. 3400 The value zero indicates stop immediately via the 3401 kill signal (no opportunity to shut down). This is 3402 a beta field and requires enabling ProbeTerminationGracePeriod 3403 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3404 is used if unset. 3405 format: int64 3406 type: integer 3407 timeoutSeconds: 3408 description: 'Number of seconds after which the probe 3409 times out. Defaults to 1 second. Minimum value is 3410 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3411 format: int32 3412 type: integer 3413 type: object 3414 resources: 3415 description: 'Compute Resources required by this container. 3416 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3417 properties: 3418 limits: 3419 additionalProperties: 3420 anyOf: 3421 - type: integer 3422 - type: string 3423 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3424 x-kubernetes-int-or-string: true 3425 description: 'Limits describes the maximum amount of 3426 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3427 type: object 3428 requests: 3429 additionalProperties: 3430 anyOf: 3431 - type: integer 3432 - type: string 3433 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3434 x-kubernetes-int-or-string: true 3435 description: 'Requests describes the minimum amount 3436 of compute resources required. If Requests is omitted 3437 for a container, it defaults to Limits if that is 3438 explicitly specified, otherwise to an implementation-defined 3439 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3440 type: object 3441 type: object 3442 securityContext: 3443 description: 'SecurityContext defines the security options 3444 the container should be run with. If set, the fields of 3445 SecurityContext override the equivalent fields of PodSecurityContext. 3446 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 3447 properties: 3448 allowPrivilegeEscalation: 3449 description: 'AllowPrivilegeEscalation controls whether 3450 a process can gain more privileges than its parent 3451 process. This bool directly controls if the no_new_privs 3452 flag will be set on the container process. AllowPrivilegeEscalation 3453 is true always when the container is: 1) run as Privileged 3454 2) has CAP_SYS_ADMIN Note that this field cannot be 3455 set when spec.os.name is windows.' 3456 type: boolean 3457 capabilities: 3458 description: The capabilities to add/drop when running 3459 containers. Defaults to the default set of capabilities 3460 granted by the container runtime. Note that this field 3461 cannot be set when spec.os.name is windows. 3462 properties: 3463 add: 3464 description: Added capabilities 3465 items: 3466 description: Capability represent POSIX capabilities 3467 type 3468 type: string 3469 type: array 3470 drop: 3471 description: Removed capabilities 3472 items: 3473 description: Capability represent POSIX capabilities 3474 type 3475 type: string 3476 type: array 3477 type: object 3478 privileged: 3479 description: Run container in privileged mode. Processes 3480 in privileged containers are essentially equivalent 3481 to root on the host. Defaults to false. Note that 3482 this field cannot be set when spec.os.name is windows. 3483 type: boolean 3484 procMount: 3485 description: procMount denotes the type of proc mount 3486 to use for the containers. The default is DefaultProcMount 3487 which uses the container runtime defaults for readonly 3488 paths and masked paths. This requires the ProcMountType 3489 feature flag to be enabled. Note that this field cannot 3490 be set when spec.os.name is windows. 3491 type: string 3492 readOnlyRootFilesystem: 3493 description: Whether this container has a read-only 3494 root filesystem. Default is false. Note that this 3495 field cannot be set when spec.os.name is windows. 3496 type: boolean 3497 runAsGroup: 3498 description: The GID to run the entrypoint of the container 3499 process. Uses runtime default if unset. May also be 3500 set in PodSecurityContext. If set in both SecurityContext 3501 and PodSecurityContext, the value specified in SecurityContext 3502 takes precedence. Note that this field cannot be set 3503 when spec.os.name is windows. 3504 format: int64 3505 type: integer 3506 runAsNonRoot: 3507 description: Indicates that the container must run as 3508 a non-root user. If true, the Kubelet will validate 3509 the image at runtime to ensure that it does not run 3510 as UID 0 (root) and fail to start the container if 3511 it does. If unset or false, no such validation will 3512 be performed. May also be set in PodSecurityContext. If 3513 set in both SecurityContext and PodSecurityContext, 3514 the value specified in SecurityContext takes precedence. 3515 type: boolean 3516 runAsUser: 3517 description: The UID to run the entrypoint of the container 3518 process. Defaults to user specified in image metadata 3519 if unspecified. May also be set in PodSecurityContext. If 3520 set in both SecurityContext and PodSecurityContext, 3521 the value specified in SecurityContext takes precedence. 3522 Note that this field cannot be set when spec.os.name 3523 is windows. 3524 format: int64 3525 type: integer 3526 seLinuxOptions: 3527 description: The SELinux context to be applied to the 3528 container. If unspecified, the container runtime will 3529 allocate a random SELinux context for each container. May 3530 also be set in PodSecurityContext. If set in both 3531 SecurityContext and PodSecurityContext, the value 3532 specified in SecurityContext takes precedence. Note 3533 that this field cannot be set when spec.os.name is 3534 windows. 3535 properties: 3536 level: 3537 description: Level is SELinux level label that applies 3538 to the container. 3539 type: string 3540 role: 3541 description: Role is a SELinux role label that applies 3542 to the container. 3543 type: string 3544 type: 3545 description: Type is a SELinux type label that applies 3546 to the container. 3547 type: string 3548 user: 3549 description: User is a SELinux user label that applies 3550 to the container. 3551 type: string 3552 type: object 3553 seccompProfile: 3554 description: The seccomp options to use by this container. 3555 If seccomp options are provided at both the pod & 3556 container level, the container options override the 3557 pod options. Note that this field cannot be set when 3558 spec.os.name is windows. 3559 properties: 3560 localhostProfile: 3561 description: localhostProfile indicates a profile 3562 defined in a file on the node should be used. 3563 The profile must be preconfigured on the node 3564 to work. Must be a descending path, relative to 3565 the kubelet's configured seccomp profile location. 3566 Must only be set if type is "Localhost". 3567 type: string 3568 type: 3569 description: "type indicates which kind of seccomp 3570 profile will be applied. Valid options are: \n 3571 Localhost - a profile defined in a file on the 3572 node should be used. RuntimeDefault - the container 3573 runtime default profile should be used. Unconfined 3574 - no profile should be applied." 3575 type: string 3576 required: 3577 - type 3578 type: object 3579 windowsOptions: 3580 description: The Windows specific settings applied to 3581 all containers. If unspecified, the options from the 3582 PodSecurityContext will be used. If set in both SecurityContext 3583 and PodSecurityContext, the value specified in SecurityContext 3584 takes precedence. Note that this field cannot be set 3585 when spec.os.name is linux. 3586 properties: 3587 gmsaCredentialSpec: 3588 description: GMSACredentialSpec is where the GMSA 3589 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 3590 inlines the contents of the GMSA credential spec 3591 named by the GMSACredentialSpecName field. 3592 type: string 3593 gmsaCredentialSpecName: 3594 description: GMSACredentialSpecName is the name 3595 of the GMSA credential spec to use. 3596 type: string 3597 hostProcess: 3598 description: HostProcess determines if a container 3599 should be run as a 'Host Process' container. This 3600 field is alpha-level and will only be honored 3601 by components that enable the WindowsHostProcessContainers 3602 feature flag. Setting this field without the feature 3603 flag will result in errors when validating the 3604 Pod. All of a Pod's containers must have the same 3605 effective HostProcess value (it is not allowed 3606 to have a mix of HostProcess containers and non-HostProcess 3607 containers). In addition, if HostProcess is true 3608 then HostNetwork must also be set to true. 3609 type: boolean 3610 runAsUserName: 3611 description: The UserName in Windows to run the 3612 entrypoint of the container process. Defaults 3613 to the user specified in image metadata if unspecified. 3614 May also be set in PodSecurityContext. If set 3615 in both SecurityContext and PodSecurityContext, 3616 the value specified in SecurityContext takes precedence. 3617 type: string 3618 type: object 3619 type: object 3620 startupProbe: 3621 description: 'StartupProbe indicates that the Pod has successfully 3622 initialized. If specified, no other probes are executed 3623 until this completes successfully. If this probe fails, 3624 the Pod will be restarted, just as if the livenessProbe 3625 failed. This can be used to provide different probe parameters 3626 at the beginning of a Pod''s lifecycle, when it might 3627 take a long time to load data or warm a cache, than during 3628 steady-state operation. This cannot be updated. More info: 3629 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3630 properties: 3631 exec: 3632 description: Exec specifies the action to take. 3633 properties: 3634 command: 3635 description: Command is the command line to execute 3636 inside the container, the working directory for 3637 the command is root ('/') in the container's 3638 filesystem. The command is simply exec'd, it is 3639 not run inside a shell, so traditional shell instructions 3640 ('|', etc) won't work. To use a shell, you need 3641 to explicitly call out to that shell. Exit status 3642 of 0 is treated as live/healthy and non-zero is 3643 unhealthy. 3644 items: 3645 type: string 3646 type: array 3647 type: object 3648 failureThreshold: 3649 description: Minimum consecutive failures for the probe 3650 to be considered failed after having succeeded. Defaults 3651 to 3. Minimum value is 1. 3652 format: int32 3653 type: integer 3654 grpc: 3655 description: GRPC specifies an action involving a GRPC 3656 port. This is an alpha field and requires enabling 3657 GRPCContainerProbe feature gate. 3658 properties: 3659 port: 3660 description: Port number of the gRPC service. Number 3661 must be in the range 1 to 65535. 3662 format: int32 3663 type: integer 3664 service: 3665 description: "Service is the name of the service 3666 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3667 \n If this is not specified, the default behavior 3668 is defined by gRPC." 3669 type: string 3670 required: 3671 - port 3672 type: object 3673 httpGet: 3674 description: HTTPGet specifies the http request to perform. 3675 properties: 3676 host: 3677 description: Host name to connect to, defaults to 3678 the pod IP. You probably want to set "Host" in 3679 httpHeaders instead. 3680 type: string 3681 httpHeaders: 3682 description: Custom headers to set in the request. 3683 HTTP allows repeated headers. 3684 items: 3685 description: HTTPHeader describes a custom header 3686 to be used in HTTP probes 3687 properties: 3688 name: 3689 description: The header field name 3690 type: string 3691 value: 3692 description: The header field value 3693 type: string 3694 required: 3695 - name 3696 - value 3697 type: object 3698 type: array 3699 path: 3700 description: Path to access on the HTTP server. 3701 type: string 3702 port: 3703 anyOf: 3704 - type: integer 3705 - type: string 3706 description: Name or number of the port to access 3707 on the container. Number must be in the range 3708 1 to 65535. Name must be an IANA_SVC_NAME. 3709 x-kubernetes-int-or-string: true 3710 scheme: 3711 description: Scheme to use for connecting to the 3712 host. Defaults to HTTP. 3713 type: string 3714 required: 3715 - port 3716 type: object 3717 initialDelaySeconds: 3718 description: 'Number of seconds after the container 3719 has started before liveness probes are initiated. 3720 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3721 format: int32 3722 type: integer 3723 periodSeconds: 3724 description: How often (in seconds) to perform the probe. 3725 Default to 10 seconds. Minimum value is 1. 3726 format: int32 3727 type: integer 3728 successThreshold: 3729 description: Minimum consecutive successes for the probe 3730 to be considered successful after having failed. Defaults 3731 to 1. Must be 1 for liveness and startup. Minimum 3732 value is 1. 3733 format: int32 3734 type: integer 3735 tcpSocket: 3736 description: TCPSocket specifies an action involving 3737 a TCP port. 3738 properties: 3739 host: 3740 description: 'Optional: Host name to connect to, 3741 defaults to the pod IP.' 3742 type: string 3743 port: 3744 anyOf: 3745 - type: integer 3746 - type: string 3747 description: Number or name of the port to access 3748 on the container. Number must be in the range 3749 1 to 65535. Name must be an IANA_SVC_NAME. 3750 x-kubernetes-int-or-string: true 3751 required: 3752 - port 3753 type: object 3754 terminationGracePeriodSeconds: 3755 description: Optional duration in seconds the pod needs 3756 to terminate gracefully upon probe failure. The grace 3757 period is the duration in seconds after the processes 3758 running in the pod are sent a termination signal and 3759 the time when the processes are forcibly halted with 3760 a kill signal. Set this value longer than the expected 3761 cleanup time for your process. If this value is nil, 3762 the pod's terminationGracePeriodSeconds will be used. 3763 Otherwise, this value overrides the value provided 3764 by the pod spec. Value must be non-negative integer. 3765 The value zero indicates stop immediately via the 3766 kill signal (no opportunity to shut down). This is 3767 a beta field and requires enabling ProbeTerminationGracePeriod 3768 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3769 is used if unset. 3770 format: int64 3771 type: integer 3772 timeoutSeconds: 3773 description: 'Number of seconds after which the probe 3774 times out. Defaults to 1 second. Minimum value is 3775 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3776 format: int32 3777 type: integer 3778 type: object 3779 stdin: 3780 description: Whether this container should allocate a buffer 3781 for stdin in the container runtime. If this is not set, 3782 reads from stdin in the container will always result in 3783 EOF. Default is false. 3784 type: boolean 3785 stdinOnce: 3786 description: Whether the container runtime should close 3787 the stdin channel after it has been opened by a single 3788 attach. When stdin is true the stdin stream will remain 3789 open across multiple attach sessions. If stdinOnce is 3790 set to true, stdin is opened on container start, is empty 3791 until the first client attaches to stdin, and then remains 3792 open and accepts data until the client disconnects, at 3793 which time stdin is closed and remains closed until the 3794 container is restarted. If this flag is false, a container 3795 processes that reads from stdin will never receive an 3796 EOF. Default is false 3797 type: boolean 3798 terminationMessagePath: 3799 description: 'Optional: Path at which the file to which 3800 the container''s termination message will be written is 3801 mounted into the container''s filesystem. Message written 3802 is intended to be brief final status, such as an assertion 3803 failure message. Will be truncated by the node if greater 3804 than 4096 bytes. The total message length across all containers 3805 will be limited to 12kb. Defaults to /dev/termination-log. 3806 Cannot be updated.' 3807 type: string 3808 terminationMessagePolicy: 3809 description: Indicate how the termination message should 3810 be populated. File will use the contents of terminationMessagePath 3811 to populate the container status message on both success 3812 and failure. FallbackToLogsOnError will use the last chunk 3813 of container log output if the termination message file 3814 is empty and the container exited with an error. The log 3815 output is limited to 2048 bytes or 80 lines, whichever 3816 is smaller. Defaults to File. Cannot be updated. 3817 type: string 3818 tty: 3819 description: Whether this container should allocate a TTY 3820 for itself, also requires 'stdin' to be true. Default 3821 is false. 3822 type: boolean 3823 volumeDevices: 3824 description: volumeDevices is the list of block devices 3825 to be used by the container. 3826 items: 3827 description: volumeDevice describes a mapping of a raw 3828 block device within a container. 3829 properties: 3830 devicePath: 3831 description: devicePath is the path inside of the 3832 container that the device will be mapped to. 3833 type: string 3834 name: 3835 description: name must match the name of a persistentVolumeClaim 3836 in the pod 3837 type: string 3838 required: 3839 - devicePath 3840 - name 3841 type: object 3842 type: array 3843 volumeMounts: 3844 description: Pod volumes to mount into the container's filesystem. 3845 Cannot be updated. 3846 items: 3847 description: VolumeMount describes a mounting of a Volume 3848 within a container. 3849 properties: 3850 mountPath: 3851 description: Path within the container at which the 3852 volume should be mounted. Must not contain ':'. 3853 type: string 3854 mountPropagation: 3855 description: mountPropagation determines how mounts 3856 are propagated from the host to container and the 3857 other way around. When not set, MountPropagationNone 3858 is used. This field is beta in 1.10. 3859 type: string 3860 name: 3861 description: This must match the Name of a Volume. 3862 type: string 3863 readOnly: 3864 description: Mounted read-only if true, read-write 3865 otherwise (false or unspecified). Defaults to false. 3866 type: boolean 3867 subPath: 3868 description: Path within the volume from which the 3869 container's volume should be mounted. Defaults to 3870 "" (volume's root). 3871 type: string 3872 subPathExpr: 3873 description: Expanded path within the volume from 3874 which the container's volume should be mounted. 3875 Behaves similarly to SubPath but environment variable 3876 references $(VAR_NAME) are expanded using the container's 3877 environment. Defaults to "" (volume's root). SubPathExpr 3878 and SubPath are mutually exclusive. 3879 type: string 3880 required: 3881 - mountPath 3882 - name 3883 type: object 3884 type: array 3885 workingDir: 3886 description: Container's working directory. If not specified, 3887 the container runtime's default will be used, which might 3888 be configured in the container image. Cannot be updated. 3889 type: string 3890 required: 3891 - name 3892 type: object 3893 type: array 3894 verifytls: 3895 description: VerifyTLS defines whether repo server API should 3896 be accessed using strict TLS validation 3897 type: boolean 3898 version: 3899 description: Version is the ArgoCD Repo Server container image 3900 tag. 3901 type: string 3902 volumeMounts: 3903 description: VolumeMounts adds volumeMounts to the repo server 3904 container 3905 items: 3906 description: VolumeMount describes a mounting of a Volume within 3907 a container. 3908 properties: 3909 mountPath: 3910 description: Path within the container at which the volume 3911 should be mounted. Must not contain ':'. 3912 type: string 3913 mountPropagation: 3914 description: mountPropagation determines how mounts are 3915 propagated from the host to container and the other way 3916 around. When not set, MountPropagationNone is used. This 3917 field is beta in 1.10. 3918 type: string 3919 name: 3920 description: This must match the Name of a Volume. 3921 type: string 3922 readOnly: 3923 description: Mounted read-only if true, read-write otherwise 3924 (false or unspecified). Defaults to false. 3925 type: boolean 3926 subPath: 3927 description: Path within the volume from which the container's 3928 volume should be mounted. Defaults to "" (volume's root). 3929 type: string 3930 subPathExpr: 3931 description: Expanded path within the volume from which 3932 the container's volume should be mounted. Behaves similarly 3933 to SubPath but environment variable references $(VAR_NAME) 3934 are expanded using the container's environment. Defaults 3935 to "" (volume's root). SubPathExpr and SubPath are mutually 3936 exclusive. 3937 type: string 3938 required: 3939 - mountPath 3940 - name 3941 type: object 3942 type: array 3943 volumes: 3944 description: Volumes adds volumes to the repo server deployment 3945 items: 3946 description: Volume represents a named volume in a pod that 3947 may be accessed by any container in the pod. 3948 properties: 3949 awsElasticBlockStore: 3950 description: 'AWSElasticBlockStore represents an AWS Disk 3951 resource that is attached to a kubelet''s host machine 3952 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3953 properties: 3954 fsType: 3955 description: 'Filesystem type of the volume that you 3956 want to mount. Tip: Ensure that the filesystem type 3957 is supported by the host operating system. Examples: 3958 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 3959 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 3960 TODO: how do we prevent errors in the filesystem from 3961 compromising the machine' 3962 type: string 3963 partition: 3964 description: 'The partition in the volume that you want 3965 to mount. If omitted, the default is to mount by volume 3966 name. Examples: For volume /dev/sda1, you specify 3967 the partition as "1". Similarly, the volume partition 3968 for /dev/sda is "0" (or you can leave the property 3969 empty).' 3970 format: int32 3971 type: integer 3972 readOnly: 3973 description: 'Specify "true" to force and set the ReadOnly 3974 property in VolumeMounts to "true". If omitted, the 3975 default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3976 type: boolean 3977 volumeID: 3978 description: 'Unique ID of the persistent disk resource 3979 in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3980 type: string 3981 required: 3982 - volumeID 3983 type: object 3984 azureDisk: 3985 description: AzureDisk represents an Azure Data Disk mount 3986 on the host and bind mount to the pod. 3987 properties: 3988 cachingMode: 3989 description: 'Host Caching mode: None, Read Only, Read 3990 Write.' 3991 type: string 3992 diskName: 3993 description: The Name of the data disk in the blob storage 3994 type: string 3995 diskURI: 3996 description: The URI the data disk in the blob storage 3997 type: string 3998 fsType: 3999 description: Filesystem type to mount. Must be a filesystem 4000 type supported by the host operating system. Ex. "ext4", 4001 "xfs", "ntfs". Implicitly inferred to be "ext4" if 4002 unspecified. 4003 type: string 4004 kind: 4005 description: 'Expected values Shared: multiple blob 4006 disks per storage account Dedicated: single blob 4007 disk per storage account Managed: azure managed data 4008 disk (only in managed availability set). defaults 4009 to shared' 4010 type: string 4011 readOnly: 4012 description: Defaults to false (read/write). ReadOnly 4013 here will force the ReadOnly setting in VolumeMounts. 4014 type: boolean 4015 required: 4016 - diskName 4017 - diskURI 4018 type: object 4019 azureFile: 4020 description: AzureFile represents an Azure File Service 4021 mount on the host and bind mount to the pod. 4022 properties: 4023 readOnly: 4024 description: Defaults to false (read/write). ReadOnly 4025 here will force the ReadOnly setting in VolumeMounts. 4026 type: boolean 4027 secretName: 4028 description: the name of secret that contains Azure 4029 Storage Account Name and Key 4030 type: string 4031 shareName: 4032 description: Share Name 4033 type: string 4034 required: 4035 - secretName 4036 - shareName 4037 type: object 4038 cephfs: 4039 description: CephFS represents a Ceph FS mount on the host 4040 that shares a pod's lifetime 4041 properties: 4042 monitors: 4043 description: 'Required: Monitors is a collection of 4044 Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 4045 items: 4046 type: string 4047 type: array 4048 path: 4049 description: 'Optional: Used as the mounted root, rather 4050 than the full Ceph tree, default is /' 4051 type: string 4052 readOnly: 4053 description: 'Optional: Defaults to false (read/write). 4054 ReadOnly here will force the ReadOnly setting in VolumeMounts. 4055 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 4056 type: boolean 4057 secretFile: 4058 description: 'Optional: SecretFile is the path to key 4059 ring for User, default is /etc/ceph/user.secret More 4060 info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 4061 type: string 4062 secretRef: 4063 description: 'Optional: SecretRef is reference to the 4064 authentication secret for User, default is empty. 4065 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 4066 properties: 4067 name: 4068 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4069 TODO: Add other useful fields. apiVersion, kind, 4070 uid?' 4071 type: string 4072 type: object 4073 user: 4074 description: 'Optional: User is the rados user name, 4075 default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 4076 type: string 4077 required: 4078 - monitors 4079 type: object 4080 cinder: 4081 description: 'Cinder represents a cinder volume attached 4082 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 4083 properties: 4084 fsType: 4085 description: 'Filesystem type to mount. Must be a filesystem 4086 type supported by the host operating system. Examples: 4087 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 4088 if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 4089 type: string 4090 readOnly: 4091 description: 'Optional: Defaults to false (read/write). 4092 ReadOnly here will force the ReadOnly setting in VolumeMounts. 4093 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 4094 type: boolean 4095 secretRef: 4096 description: 'Optional: points to a secret object containing 4097 parameters used to connect to OpenStack.' 4098 properties: 4099 name: 4100 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4101 TODO: Add other useful fields. apiVersion, kind, 4102 uid?' 4103 type: string 4104 type: object 4105 volumeID: 4106 description: 'volume id used to identify the volume 4107 in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 4108 type: string 4109 required: 4110 - volumeID 4111 type: object 4112 configMap: 4113 description: ConfigMap represents a configMap that should 4114 populate this volume 4115 properties: 4116 defaultMode: 4117 description: 'Optional: mode bits used to set permissions 4118 on created files by default. Must be an octal value 4119 between 0000 and 0777 or a decimal value between 0 4120 and 511. YAML accepts both octal and decimal values, 4121 JSON requires decimal values for mode bits. Defaults 4122 to 0644. Directories within the path are not affected 4123 by this setting. This might be in conflict with other 4124 options that affect the file mode, like fsGroup, and 4125 the result can be other mode bits set.' 4126 format: int32 4127 type: integer 4128 items: 4129 description: If unspecified, each key-value pair in 4130 the Data field of the referenced ConfigMap will be 4131 projected into the volume as a file whose name is 4132 the key and content is the value. If specified, the 4133 listed keys will be projected into the specified paths, 4134 and unlisted keys will not be present. If a key is 4135 specified which is not present in the ConfigMap, the 4136 volume setup will error unless it is marked optional. 4137 Paths must be relative and may not contain the '..' 4138 path or start with '..'. 4139 items: 4140 description: Maps a string key to a path within a 4141 volume. 4142 properties: 4143 key: 4144 description: The key to project. 4145 type: string 4146 mode: 4147 description: 'Optional: mode bits used to set 4148 permissions on this file. Must be an octal value 4149 between 0000 and 0777 or a decimal value between 4150 0 and 511. YAML accepts both octal and decimal 4151 values, JSON requires decimal values for mode 4152 bits. If not specified, the volume defaultMode 4153 will be used. This might be in conflict with 4154 other options that affect the file mode, like 4155 fsGroup, and the result can be other mode bits 4156 set.' 4157 format: int32 4158 type: integer 4159 path: 4160 description: The relative path of the file to 4161 map the key to. May not be an absolute path. 4162 May not contain the path element '..'. May not 4163 start with the string '..'. 4164 type: string 4165 required: 4166 - key 4167 - path 4168 type: object 4169 type: array 4170 name: 4171 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4172 TODO: Add other useful fields. apiVersion, kind, uid?' 4173 type: string 4174 optional: 4175 description: Specify whether the ConfigMap or its keys 4176 must be defined 4177 type: boolean 4178 type: object 4179 csi: 4180 description: CSI (Container Storage Interface) represents 4181 ephemeral storage that is handled by certain external 4182 CSI drivers (Beta feature). 4183 properties: 4184 driver: 4185 description: Driver is the name of the CSI driver that 4186 handles this volume. Consult with your admin for the 4187 correct name as registered in the cluster. 4188 type: string 4189 fsType: 4190 description: Filesystem type to mount. Ex. "ext4", "xfs", 4191 "ntfs". If not provided, the empty value is passed 4192 to the associated CSI driver which will determine 4193 the default filesystem to apply. 4194 type: string 4195 nodePublishSecretRef: 4196 description: NodePublishSecretRef is a reference to 4197 the secret object containing sensitive information 4198 to pass to the CSI driver to complete the CSI NodePublishVolume 4199 and NodeUnpublishVolume calls. This field is optional, 4200 and may be empty if no secret is required. If the 4201 secret object contains more than one secret, all secret 4202 references are passed. 4203 properties: 4204 name: 4205 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4206 TODO: Add other useful fields. apiVersion, kind, 4207 uid?' 4208 type: string 4209 type: object 4210 readOnly: 4211 description: Specifies a read-only configuration for 4212 the volume. Defaults to false (read/write). 4213 type: boolean 4214 volumeAttributes: 4215 additionalProperties: 4216 type: string 4217 description: VolumeAttributes stores driver-specific 4218 properties that are passed to the CSI driver. Consult 4219 your driver's documentation for supported values. 4220 type: object 4221 required: 4222 - driver 4223 type: object 4224 downwardAPI: 4225 description: DownwardAPI represents downward API about the 4226 pod that should populate this volume 4227 properties: 4228 defaultMode: 4229 description: 'Optional: mode bits to use on created 4230 files by default. Must be a Optional: mode bits used 4231 to set permissions on created files by default. Must 4232 be an octal value between 0000 and 0777 or a decimal 4233 value between 0 and 511. YAML accepts both octal and 4234 decimal values, JSON requires decimal values for mode 4235 bits. Defaults to 0644. Directories within the path 4236 are not affected by this setting. This might be in 4237 conflict with other options that affect the file mode, 4238 like fsGroup, and the result can be other mode bits 4239 set.' 4240 format: int32 4241 type: integer 4242 items: 4243 description: Items is a list of downward API volume 4244 file 4245 items: 4246 description: DownwardAPIVolumeFile represents information 4247 to create the file containing the pod field 4248 properties: 4249 fieldRef: 4250 description: 'Required: Selects a field of the 4251 pod: only annotations, labels, name and namespace 4252 are supported.' 4253 properties: 4254 apiVersion: 4255 description: Version of the schema the FieldPath 4256 is written in terms of, defaults to "v1". 4257 type: string 4258 fieldPath: 4259 description: Path of the field to select in 4260 the specified API version. 4261 type: string 4262 required: 4263 - fieldPath 4264 type: object 4265 mode: 4266 description: 'Optional: mode bits used to set 4267 permissions on this file, must be an octal value 4268 between 0000 and 0777 or a decimal value between 4269 0 and 511. YAML accepts both octal and decimal 4270 values, JSON requires decimal values for mode 4271 bits. If not specified, the volume defaultMode 4272 will be used. This might be in conflict with 4273 other options that affect the file mode, like 4274 fsGroup, and the result can be other mode bits 4275 set.' 4276 format: int32 4277 type: integer 4278 path: 4279 description: 'Required: Path is the relative 4280 path name of the file to be created. Must not 4281 be absolute or contain the ''..'' path. Must 4282 be utf-8 encoded. The first item of the relative 4283 path must not start with ''..''' 4284 type: string 4285 resourceFieldRef: 4286 description: 'Selects a resource of the container: 4287 only resources limits and requests (limits.cpu, 4288 limits.memory, requests.cpu and requests.memory) 4289 are currently supported.' 4290 properties: 4291 containerName: 4292 description: 'Container name: required for 4293 volumes, optional for env vars' 4294 type: string 4295 divisor: 4296 anyOf: 4297 - type: integer 4298 - type: string 4299 description: Specifies the output format of 4300 the exposed resources, defaults to "1" 4301 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4302 x-kubernetes-int-or-string: true 4303 resource: 4304 description: 'Required: resource to select' 4305 type: string 4306 required: 4307 - resource 4308 type: object 4309 required: 4310 - path 4311 type: object 4312 type: array 4313 type: object 4314 emptyDir: 4315 description: 'EmptyDir represents a temporary directory 4316 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 4317 properties: 4318 medium: 4319 description: 'What type of storage medium should back 4320 this directory. The default is "" which means to use 4321 the node''s default medium. Must be an empty string 4322 (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 4323 type: string 4324 sizeLimit: 4325 anyOf: 4326 - type: integer 4327 - type: string 4328 description: 'Total amount of local storage required 4329 for this EmptyDir volume. The size limit is also applicable 4330 for memory medium. The maximum usage on memory medium 4331 EmptyDir would be the minimum value between the SizeLimit 4332 specified here and the sum of memory limits of all 4333 containers in a pod. The default is nil which means 4334 that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 4335 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4336 x-kubernetes-int-or-string: true 4337 type: object 4338 ephemeral: 4339 description: "Ephemeral represents a volume that is handled 4340 by a cluster storage driver. The volume's lifecycle is 4341 tied to the pod that defines it - it will be created before 4342 the pod starts, and deleted when the pod is removed. \n 4343 Use this if: a) the volume is only needed while the pod 4344 runs, b) features of normal volumes like restoring from 4345 snapshot or capacity tracking are needed, c) the storage 4346 driver is specified through a storage class, and d) the 4347 storage driver supports dynamic volume provisioning through 4348 \ a PersistentVolumeClaim (see EphemeralVolumeSource 4349 for more information on the connection between this 4350 volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 4351 or one of the vendor-specific APIs for volumes that persist 4352 for longer than the lifecycle of an individual pod. \n 4353 Use CSI for light-weight local ephemeral volumes if the 4354 CSI driver is meant to be used that way - see the documentation 4355 of the driver for more information. \n A pod can use both 4356 types of ephemeral volumes and persistent volumes at the 4357 same time." 4358 properties: 4359 volumeClaimTemplate: 4360 description: "Will be used to create a stand-alone PVC 4361 to provision the volume. The pod in which this EphemeralVolumeSource 4362 is embedded will be the owner of the PVC, i.e. the 4363 PVC will be deleted together with the pod. The name 4364 of the PVC will be `<pod name>-<volume name>` where 4365 `<volume name>` is the name from the `PodSpec.Volumes` 4366 array entry. Pod validation will reject the pod if 4367 the concatenated name is not valid for a PVC (for 4368 example, too long). \n An existing PVC with that name 4369 that is not owned by the pod will *not* be used for 4370 the pod to avoid using an unrelated volume by mistake. 4371 Starting the pod is then blocked until the unrelated 4372 PVC is removed. If such a pre-created PVC is meant 4373 to be used by the pod, the PVC has to updated with 4374 an owner reference to the pod once the pod exists. 4375 Normally this should not be necessary, but it may 4376 be useful when manually reconstructing a broken cluster. 4377 \n This field is read-only and no changes will be 4378 made by Kubernetes to the PVC after it has been created. 4379 \n Required, must not be nil." 4380 properties: 4381 metadata: 4382 description: May contain labels and annotations 4383 that will be copied into the PVC when creating 4384 it. No other fields are allowed and will be rejected 4385 during validation. 4386 type: object 4387 spec: 4388 description: The specification for the PersistentVolumeClaim. 4389 The entire content is copied unchanged into the 4390 PVC that gets created from this template. The 4391 same fields as in a PersistentVolumeClaim are 4392 also valid here. 4393 properties: 4394 accessModes: 4395 description: 'AccessModes contains the desired 4396 access modes the volume should have. More 4397 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 4398 items: 4399 type: string 4400 type: array 4401 dataSource: 4402 description: 'This field can be used to specify 4403 either: * An existing VolumeSnapshot object 4404 (snapshot.storage.k8s.io/VolumeSnapshot) * 4405 An existing PVC (PersistentVolumeClaim) If 4406 the provisioner or an external controller 4407 can support the specified data source, it 4408 will create a new volume based on the contents 4409 of the specified data source. If the AnyVolumeDataSource 4410 feature gate is enabled, this field will always 4411 have the same contents as the DataSourceRef 4412 field.' 4413 properties: 4414 apiGroup: 4415 description: APIGroup is the group for the 4416 resource being referenced. If APIGroup 4417 is not specified, the specified Kind must 4418 be in the core API group. For any other 4419 third-party types, APIGroup is required. 4420 type: string 4421 kind: 4422 description: Kind is the type of resource 4423 being referenced 4424 type: string 4425 name: 4426 description: Name is the name of resource 4427 being referenced 4428 type: string 4429 required: 4430 - kind 4431 - name 4432 type: object 4433 dataSourceRef: 4434 description: 'Specifies the object from which 4435 to populate the volume with data, if a non-empty 4436 volume is desired. This may be any local object 4437 from a non-empty API group (non core object) 4438 or a PersistentVolumeClaim object. When this 4439 field is specified, volume binding will only 4440 succeed if the type of the specified object 4441 matches some installed volume populator or 4442 dynamic provisioner. This field will replace 4443 the functionality of the DataSource field 4444 and as such if both fields are non-empty, 4445 they must have the same value. For backwards 4446 compatibility, both fields (DataSource and 4447 DataSourceRef) will be set to the same value 4448 automatically if one of them is empty and 4449 the other is non-empty. There are two important 4450 differences between DataSource and DataSourceRef: 4451 * While DataSource only allows two specific 4452 types of objects, DataSourceRef allows any 4453 non-core object, as well as PersistentVolumeClaim 4454 objects. * While DataSource ignores disallowed 4455 values (dropping them), DataSourceRef preserves 4456 all values, and generates an error if a disallowed 4457 value is specified. (Alpha) Using this field 4458 requires the AnyVolumeDataSource feature gate 4459 to be enabled.' 4460 properties: 4461 apiGroup: 4462 description: APIGroup is the group for the 4463 resource being referenced. If APIGroup 4464 is not specified, the specified Kind must 4465 be in the core API group. For any other 4466 third-party types, APIGroup is required. 4467 type: string 4468 kind: 4469 description: Kind is the type of resource 4470 being referenced 4471 type: string 4472 name: 4473 description: Name is the name of resource 4474 being referenced 4475 type: string 4476 required: 4477 - kind 4478 - name 4479 type: object 4480 resources: 4481 description: 'Resources represents the minimum 4482 resources the volume should have. If RecoverVolumeExpansionFailure 4483 feature is enabled users are allowed to specify 4484 resource requirements that are lower than 4485 previous value but must still be higher than 4486 capacity recorded in the status field of the 4487 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 4488 properties: 4489 limits: 4490 additionalProperties: 4491 anyOf: 4492 - type: integer 4493 - type: string 4494 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4495 x-kubernetes-int-or-string: true 4496 description: 'Limits describes the maximum 4497 amount of compute resources allowed. More 4498 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4499 type: object 4500 requests: 4501 additionalProperties: 4502 anyOf: 4503 - type: integer 4504 - type: string 4505 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4506 x-kubernetes-int-or-string: true 4507 description: 'Requests describes the minimum 4508 amount of compute resources required. 4509 If Requests is omitted for a container, 4510 it defaults to Limits if that is explicitly 4511 specified, otherwise to an implementation-defined 4512 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4513 type: object 4514 type: object 4515 selector: 4516 description: A label query over volumes to consider 4517 for binding. 4518 properties: 4519 matchExpressions: 4520 description: matchExpressions is a list 4521 of label selector requirements. The requirements 4522 are ANDed. 4523 items: 4524 description: A label selector requirement 4525 is a selector that contains values, 4526 a key, and an operator that relates 4527 the key and values. 4528 properties: 4529 key: 4530 description: key is the label key 4531 that the selector applies to. 4532 type: string 4533 operator: 4534 description: operator represents a 4535 key's relationship to a set of values. 4536 Valid operators are In, NotIn, Exists 4537 and DoesNotExist. 4538 type: string 4539 values: 4540 description: values is an array of 4541 string values. If the operator is 4542 In or NotIn, the values array must 4543 be non-empty. If the operator is 4544 Exists or DoesNotExist, the values 4545 array must be empty. This array 4546 is replaced during a strategic merge 4547 patch. 4548 items: 4549 type: string 4550 type: array 4551 required: 4552 - key 4553 - operator 4554 type: object 4555 type: array 4556 matchLabels: 4557 additionalProperties: 4558 type: string 4559 description: matchLabels is a map of {key,value} 4560 pairs. A single {key,value} in the matchLabels 4561 map is equivalent to an element of matchExpressions, 4562 whose key field is "key", the operator 4563 is "In", and the values array contains 4564 only "value". The requirements are ANDed. 4565 type: object 4566 type: object 4567 storageClassName: 4568 description: 'Name of the StorageClass required 4569 by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 4570 type: string 4571 volumeMode: 4572 description: volumeMode defines what type of 4573 volume is required by the claim. Value of 4574 Filesystem is implied when not included in 4575 claim spec. 4576 type: string 4577 volumeName: 4578 description: VolumeName is the binding reference 4579 to the PersistentVolume backing this claim. 4580 type: string 4581 type: object 4582 required: 4583 - spec 4584 type: object 4585 type: object 4586 fc: 4587 description: FC represents a Fibre Channel resource that 4588 is attached to a kubelet's host machine and then exposed 4589 to the pod. 4590 properties: 4591 fsType: 4592 description: 'Filesystem type to mount. Must be a filesystem 4593 type supported by the host operating system. Ex. "ext4", 4594 "xfs", "ntfs". Implicitly inferred to be "ext4" if 4595 unspecified. TODO: how do we prevent errors in the 4596 filesystem from compromising the machine' 4597 type: string 4598 lun: 4599 description: 'Optional: FC target lun number' 4600 format: int32 4601 type: integer 4602 readOnly: 4603 description: 'Optional: Defaults to false (read/write). 4604 ReadOnly here will force the ReadOnly setting in VolumeMounts.' 4605 type: boolean 4606 targetWWNs: 4607 description: 'Optional: FC target worldwide names (WWNs)' 4608 items: 4609 type: string 4610 type: array 4611 wwids: 4612 description: 'Optional: FC volume world wide identifiers 4613 (wwids) Either wwids or combination of targetWWNs 4614 and lun must be set, but not both simultaneously.' 4615 items: 4616 type: string 4617 type: array 4618 type: object 4619 flexVolume: 4620 description: FlexVolume represents a generic volume resource 4621 that is provisioned/attached using an exec based plugin. 4622 properties: 4623 driver: 4624 description: Driver is the name of the driver to use 4625 for this volume. 4626 type: string 4627 fsType: 4628 description: Filesystem type to mount. Must be a filesystem 4629 type supported by the host operating system. Ex. "ext4", 4630 "xfs", "ntfs". The default filesystem depends on FlexVolume 4631 script. 4632 type: string 4633 options: 4634 additionalProperties: 4635 type: string 4636 description: 'Optional: Extra command options if any.' 4637 type: object 4638 readOnly: 4639 description: 'Optional: Defaults to false (read/write). 4640 ReadOnly here will force the ReadOnly setting in VolumeMounts.' 4641 type: boolean 4642 secretRef: 4643 description: 'Optional: SecretRef is reference to the 4644 secret object containing sensitive information to 4645 pass to the plugin scripts. This may be empty if no 4646 secret object is specified. If the secret object contains 4647 more than one secret, all secrets are passed to the 4648 plugin scripts.' 4649 properties: 4650 name: 4651 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4652 TODO: Add other useful fields. apiVersion, kind, 4653 uid?' 4654 type: string 4655 type: object 4656 required: 4657 - driver 4658 type: object 4659 flocker: 4660 description: Flocker represents a Flocker volume attached 4661 to a kubelet's host machine. This depends on the Flocker 4662 control service being running 4663 properties: 4664 datasetName: 4665 description: Name of the dataset stored as metadata 4666 -> name on the dataset for Flocker should be considered 4667 as deprecated 4668 type: string 4669 datasetUUID: 4670 description: UUID of the dataset. This is unique identifier 4671 of a Flocker dataset 4672 type: string 4673 type: object 4674 gcePersistentDisk: 4675 description: 'GCEPersistentDisk represents a GCE Disk resource 4676 that is attached to a kubelet''s host machine and then 4677 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4678 properties: 4679 fsType: 4680 description: 'Filesystem type of the volume that you 4681 want to mount. Tip: Ensure that the filesystem type 4682 is supported by the host operating system. Examples: 4683 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 4684 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 4685 TODO: how do we prevent errors in the filesystem from 4686 compromising the machine' 4687 type: string 4688 partition: 4689 description: 'The partition in the volume that you want 4690 to mount. If omitted, the default is to mount by volume 4691 name. Examples: For volume /dev/sda1, you specify 4692 the partition as "1". Similarly, the volume partition 4693 for /dev/sda is "0" (or you can leave the property 4694 empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4695 format: int32 4696 type: integer 4697 pdName: 4698 description: 'Unique name of the PD resource in GCE. 4699 Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4700 type: string 4701 readOnly: 4702 description: 'ReadOnly here will force the ReadOnly 4703 setting in VolumeMounts. Defaults to false. More info: 4704 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4705 type: boolean 4706 required: 4707 - pdName 4708 type: object 4709 gitRepo: 4710 description: 'GitRepo represents a git repository at a particular 4711 revision. DEPRECATED: GitRepo is deprecated. To provision 4712 a container with a git repo, mount an EmptyDir into an 4713 InitContainer that clones the repo using git, then mount 4714 the EmptyDir into the Pod''s container.' 4715 properties: 4716 directory: 4717 description: Target directory name. Must not contain 4718 or start with '..'. If '.' is supplied, the volume 4719 directory will be the git repository. Otherwise, 4720 if specified, the volume will contain the git repository 4721 in the subdirectory with the given name. 4722 type: string 4723 repository: 4724 description: Repository URL 4725 type: string 4726 revision: 4727 description: Commit hash for the specified revision. 4728 type: string 4729 required: 4730 - repository 4731 type: object 4732 glusterfs: 4733 description: 'Glusterfs represents a Glusterfs mount on 4734 the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 4735 properties: 4736 endpoints: 4737 description: 'EndpointsName is the endpoint name that 4738 details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 4739 type: string 4740 path: 4741 description: 'Path is the Glusterfs volume path. More 4742 info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 4743 type: string 4744 readOnly: 4745 description: 'ReadOnly here will force the Glusterfs 4746 volume to be mounted with read-only permissions. Defaults 4747 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 4748 type: boolean 4749 required: 4750 - endpoints 4751 - path 4752 type: object 4753 hostPath: 4754 description: 'HostPath represents a pre-existing file or 4755 directory on the host machine that is directly exposed 4756 to the container. This is generally used for system agents 4757 or other privileged things that are allowed to see the 4758 host machine. Most containers will NOT need this. More 4759 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 4760 --- TODO(jonesdl) We need to restrict who can use host 4761 directory mounts and who can/can not mount host directories 4762 as read/write.' 4763 properties: 4764 path: 4765 description: 'Path of the directory on the host. If 4766 the path is a symlink, it will follow the link to 4767 the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 4768 type: string 4769 type: 4770 description: 'Type for HostPath Volume Defaults to "" 4771 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 4772 type: string 4773 required: 4774 - path 4775 type: object 4776 iscsi: 4777 description: 'ISCSI represents an ISCSI Disk resource that 4778 is attached to a kubelet''s host machine and then exposed 4779 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 4780 properties: 4781 chapAuthDiscovery: 4782 description: whether support iSCSI Discovery CHAP authentication 4783 type: boolean 4784 chapAuthSession: 4785 description: whether support iSCSI Session CHAP authentication 4786 type: boolean 4787 fsType: 4788 description: 'Filesystem type of the volume that you 4789 want to mount. Tip: Ensure that the filesystem type 4790 is supported by the host operating system. Examples: 4791 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 4792 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 4793 TODO: how do we prevent errors in the filesystem from 4794 compromising the machine' 4795 type: string 4796 initiatorName: 4797 description: Custom iSCSI Initiator Name. If initiatorName 4798 is specified with iscsiInterface simultaneously, new 4799 iSCSI interface <target portal>:<volume name> will 4800 be created for the connection. 4801 type: string 4802 iqn: 4803 description: Target iSCSI Qualified Name. 4804 type: string 4805 iscsiInterface: 4806 description: iSCSI Interface Name that uses an iSCSI 4807 transport. Defaults to 'default' (tcp). 4808 type: string 4809 lun: 4810 description: iSCSI Target Lun number. 4811 format: int32 4812 type: integer 4813 portals: 4814 description: iSCSI Target Portal List. The portal is 4815 either an IP or ip_addr:port if the port is other 4816 than default (typically TCP ports 860 and 3260). 4817 items: 4818 type: string 4819 type: array 4820 readOnly: 4821 description: ReadOnly here will force the ReadOnly setting 4822 in VolumeMounts. Defaults to false. 4823 type: boolean 4824 secretRef: 4825 description: CHAP Secret for iSCSI target and initiator 4826 authentication 4827 properties: 4828 name: 4829 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4830 TODO: Add other useful fields. apiVersion, kind, 4831 uid?' 4832 type: string 4833 type: object 4834 targetPortal: 4835 description: iSCSI Target Portal. The Portal is either 4836 an IP or ip_addr:port if the port is other than default 4837 (typically TCP ports 860 and 3260). 4838 type: string 4839 required: 4840 - iqn 4841 - lun 4842 - targetPortal 4843 type: object 4844 name: 4845 description: 'Volume''s name. Must be a DNS_LABEL and unique 4846 within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 4847 type: string 4848 nfs: 4849 description: 'NFS represents an NFS mount on the host that 4850 shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4851 properties: 4852 path: 4853 description: 'Path that is exported by the NFS server. 4854 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4855 type: string 4856 readOnly: 4857 description: 'ReadOnly here will force the NFS export 4858 to be mounted with read-only permissions. Defaults 4859 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4860 type: boolean 4861 server: 4862 description: 'Server is the hostname or IP address of 4863 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4864 type: string 4865 required: 4866 - path 4867 - server 4868 type: object 4869 persistentVolumeClaim: 4870 description: 'PersistentVolumeClaimVolumeSource represents 4871 a reference to a PersistentVolumeClaim in the same namespace. 4872 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 4873 properties: 4874 claimName: 4875 description: 'ClaimName is the name of a PersistentVolumeClaim 4876 in the same namespace as the pod using this volume. 4877 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 4878 type: string 4879 readOnly: 4880 description: Will force the ReadOnly setting in VolumeMounts. 4881 Default false. 4882 type: boolean 4883 required: 4884 - claimName 4885 type: object 4886 photonPersistentDisk: 4887 description: PhotonPersistentDisk represents a PhotonController 4888 persistent disk attached and mounted on kubelets host 4889 machine 4890 properties: 4891 fsType: 4892 description: Filesystem type to mount. Must be a filesystem 4893 type supported by the host operating system. Ex. "ext4", 4894 "xfs", "ntfs". Implicitly inferred to be "ext4" if 4895 unspecified. 4896 type: string 4897 pdID: 4898 description: ID that identifies Photon Controller persistent 4899 disk 4900 type: string 4901 required: 4902 - pdID 4903 type: object 4904 portworxVolume: 4905 description: PortworxVolume represents a portworx volume 4906 attached and mounted on kubelets host machine 4907 properties: 4908 fsType: 4909 description: FSType represents the filesystem type to 4910 mount Must be a filesystem type supported by the host 4911 operating system. Ex. "ext4", "xfs". Implicitly inferred 4912 to be "ext4" if unspecified. 4913 type: string 4914 readOnly: 4915 description: Defaults to false (read/write). ReadOnly 4916 here will force the ReadOnly setting in VolumeMounts. 4917 type: boolean 4918 volumeID: 4919 description: VolumeID uniquely identifies a Portworx 4920 volume 4921 type: string 4922 required: 4923 - volumeID 4924 type: object 4925 projected: 4926 description: Items for all in one resources secrets, configmaps, 4927 and downward API 4928 properties: 4929 defaultMode: 4930 description: Mode bits used to set permissions on created 4931 files by default. Must be an octal value between 0000 4932 and 0777 or a decimal value between 0 and 511. YAML 4933 accepts both octal and decimal values, JSON requires 4934 decimal values for mode bits. Directories within the 4935 path are not affected by this setting. This might 4936 be in conflict with other options that affect the 4937 file mode, like fsGroup, and the result can be other 4938 mode bits set. 4939 format: int32 4940 type: integer 4941 sources: 4942 description: list of volume projections 4943 items: 4944 description: Projection that may be projected along 4945 with other supported volume types 4946 properties: 4947 configMap: 4948 description: information about the configMap data 4949 to project 4950 properties: 4951 items: 4952 description: If unspecified, each key-value 4953 pair in the Data field of the referenced 4954 ConfigMap will be projected into the volume 4955 as a file whose name is the key and content 4956 is the value. If specified, the listed keys 4957 will be projected into the specified paths, 4958 and unlisted keys will not be present. If 4959 a key is specified which is not present 4960 in the ConfigMap, the volume setup will 4961 error unless it is marked optional. Paths 4962 must be relative and may not contain the 4963 '..' path or start with '..'. 4964 items: 4965 description: Maps a string key to a path 4966 within a volume. 4967 properties: 4968 key: 4969 description: The key to project. 4970 type: string 4971 mode: 4972 description: 'Optional: mode bits used 4973 to set permissions on this file. Must 4974 be an octal value between 0000 and 4975 0777 or a decimal value between 0 4976 and 511. YAML accepts both octal and 4977 decimal values, JSON requires decimal 4978 values for mode bits. If not specified, 4979 the volume defaultMode will be used. 4980 This might be in conflict with other 4981 options that affect the file mode, 4982 like fsGroup, and the result can be 4983 other mode bits set.' 4984 format: int32 4985 type: integer 4986 path: 4987 description: The relative path of the 4988 file to map the key to. May not be 4989 an absolute path. May not contain 4990 the path element '..'. May not start 4991 with the string '..'. 4992 type: string 4993 required: 4994 - key 4995 - path 4996 type: object 4997 type: array 4998 name: 4999 description: 'Name of the referent. More info: 5000 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5001 TODO: Add other useful fields. apiVersion, 5002 kind, uid?' 5003 type: string 5004 optional: 5005 description: Specify whether the ConfigMap 5006 or its keys must be defined 5007 type: boolean 5008 type: object 5009 downwardAPI: 5010 description: information about the downwardAPI 5011 data to project 5012 properties: 5013 items: 5014 description: Items is a list of DownwardAPIVolume 5015 file 5016 items: 5017 description: DownwardAPIVolumeFile represents 5018 information to create the file containing 5019 the pod field 5020 properties: 5021 fieldRef: 5022 description: 'Required: Selects a field 5023 of the pod: only annotations, labels, 5024 name and namespace are supported.' 5025 properties: 5026 apiVersion: 5027 description: Version of the schema 5028 the FieldPath is written in terms 5029 of, defaults to "v1". 5030 type: string 5031 fieldPath: 5032 description: Path of the field to 5033 select in the specified API version. 5034 type: string 5035 required: 5036 - fieldPath 5037 type: object 5038 mode: 5039 description: 'Optional: mode bits used 5040 to set permissions on this file, must 5041 be an octal value between 0000 and 5042 0777 or a decimal value between 0 5043 and 511. YAML accepts both octal and 5044 decimal values, JSON requires decimal 5045 values for mode bits. If not specified, 5046 the volume defaultMode will be used. 5047 This might be in conflict with other 5048 options that affect the file mode, 5049 like fsGroup, and the result can be 5050 other mode bits set.' 5051 format: int32 5052 type: integer 5053 path: 5054 description: 'Required: Path is the 5055 relative path name of the file to 5056 be created. Must not be absolute or 5057 contain the ''..'' path. Must be utf-8 5058 encoded. The first item of the relative 5059 path must not start with ''..''' 5060 type: string 5061 resourceFieldRef: 5062 description: 'Selects a resource of 5063 the container: only resources limits 5064 and requests (limits.cpu, limits.memory, 5065 requests.cpu and requests.memory) 5066 are currently supported.' 5067 properties: 5068 containerName: 5069 description: 'Container name: required 5070 for volumes, optional for env 5071 vars' 5072 type: string 5073 divisor: 5074 anyOf: 5075 - type: integer 5076 - type: string 5077 description: Specifies the output 5078 format of the exposed resources, 5079 defaults to "1" 5080 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5081 x-kubernetes-int-or-string: true 5082 resource: 5083 description: 'Required: resource 5084 to select' 5085 type: string 5086 required: 5087 - resource 5088 type: object 5089 required: 5090 - path 5091 type: object 5092 type: array 5093 type: object 5094 secret: 5095 description: information about the secret data 5096 to project 5097 properties: 5098 items: 5099 description: If unspecified, each key-value 5100 pair in the Data field of the referenced 5101 Secret will be projected into the volume 5102 as a file whose name is the key and content 5103 is the value. If specified, the listed keys 5104 will be projected into the specified paths, 5105 and unlisted keys will not be present. If 5106 a key is specified which is not present 5107 in the Secret, the volume setup will error 5108 unless it is marked optional. Paths must 5109 be relative and may not contain the '..' 5110 path or start with '..'. 5111 items: 5112 description: Maps a string key to a path 5113 within a volume. 5114 properties: 5115 key: 5116 description: The key to project. 5117 type: string 5118 mode: 5119 description: 'Optional: mode bits used 5120 to set permissions on this file. Must 5121 be an octal value between 0000 and 5122 0777 or a decimal value between 0 5123 and 511. YAML accepts both octal and 5124 decimal values, JSON requires decimal 5125 values for mode bits. If not specified, 5126 the volume defaultMode will be used. 5127 This might be in conflict with other 5128 options that affect the file mode, 5129 like fsGroup, and the result can be 5130 other mode bits set.' 5131 format: int32 5132 type: integer 5133 path: 5134 description: The relative path of the 5135 file to map the key to. May not be 5136 an absolute path. May not contain 5137 the path element '..'. May not start 5138 with the string '..'. 5139 type: string 5140 required: 5141 - key 5142 - path 5143 type: object 5144 type: array 5145 name: 5146 description: 'Name of the referent. More info: 5147 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5148 TODO: Add other useful fields. apiVersion, 5149 kind, uid?' 5150 type: string 5151 optional: 5152 description: Specify whether the Secret or 5153 its key must be defined 5154 type: boolean 5155 type: object 5156 serviceAccountToken: 5157 description: information about the serviceAccountToken 5158 data to project 5159 properties: 5160 audience: 5161 description: Audience is the intended audience 5162 of the token. A recipient of a token must 5163 identify itself with an identifier specified 5164 in the audience of the token, and otherwise 5165 should reject the token. The audience defaults 5166 to the identifier of the apiserver. 5167 type: string 5168 expirationSeconds: 5169 description: ExpirationSeconds is the requested 5170 duration of validity of the service account 5171 token. As the token approaches expiration, 5172 the kubelet volume plugin will proactively 5173 rotate the service account token. The kubelet 5174 will start trying to rotate the token if 5175 the token is older than 80 percent of its 5176 time to live or if the token is older than 5177 24 hours.Defaults to 1 hour and must be 5178 at least 10 minutes. 5179 format: int64 5180 type: integer 5181 path: 5182 description: Path is the path relative to 5183 the mount point of the file to project the 5184 token into. 5185 type: string 5186 required: 5187 - path 5188 type: object 5189 type: object 5190 type: array 5191 type: object 5192 quobyte: 5193 description: Quobyte represents a Quobyte mount on the host 5194 that shares a pod's lifetime 5195 properties: 5196 group: 5197 description: Group to map volume access to Default is 5198 no group 5199 type: string 5200 readOnly: 5201 description: ReadOnly here will force the Quobyte volume 5202 to be mounted with read-only permissions. Defaults 5203 to false. 5204 type: boolean 5205 registry: 5206 description: Registry represents a single or multiple 5207 Quobyte Registry services specified as a string as 5208 host:port pair (multiple entries are separated with 5209 commas) which acts as the central registry for volumes 5210 type: string 5211 tenant: 5212 description: Tenant owning the given Quobyte volume 5213 in the Backend Used with dynamically provisioned Quobyte 5214 volumes, value is set by the plugin 5215 type: string 5216 user: 5217 description: User to map volume access to Defaults to 5218 serivceaccount user 5219 type: string 5220 volume: 5221 description: Volume is a string that references an already 5222 created Quobyte volume by name. 5223 type: string 5224 required: 5225 - registry 5226 - volume 5227 type: object 5228 rbd: 5229 description: 'RBD represents a Rados Block Device mount 5230 on the host that shares a pod''s lifetime. More info: 5231 https://examples.k8s.io/volumes/rbd/README.md' 5232 properties: 5233 fsType: 5234 description: 'Filesystem type of the volume that you 5235 want to mount. Tip: Ensure that the filesystem type 5236 is supported by the host operating system. Examples: 5237 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 5238 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 5239 TODO: how do we prevent errors in the filesystem from 5240 compromising the machine' 5241 type: string 5242 image: 5243 description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5244 type: string 5245 keyring: 5246 description: 'Keyring is the path to key ring for RBDUser. 5247 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5248 type: string 5249 monitors: 5250 description: 'A collection of Ceph monitors. More info: 5251 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5252 items: 5253 type: string 5254 type: array 5255 pool: 5256 description: 'The rados pool name. Default is rbd. More 5257 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5258 type: string 5259 readOnly: 5260 description: 'ReadOnly here will force the ReadOnly 5261 setting in VolumeMounts. Defaults to false. More info: 5262 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5263 type: boolean 5264 secretRef: 5265 description: 'SecretRef is name of the authentication 5266 secret for RBDUser. If provided overrides keyring. 5267 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5268 properties: 5269 name: 5270 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5271 TODO: Add other useful fields. apiVersion, kind, 5272 uid?' 5273 type: string 5274 type: object 5275 user: 5276 description: 'The rados user name. Default is admin. 5277 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 5278 type: string 5279 required: 5280 - image 5281 - monitors 5282 type: object 5283 scaleIO: 5284 description: ScaleIO represents a ScaleIO persistent volume 5285 attached and mounted on Kubernetes nodes. 5286 properties: 5287 fsType: 5288 description: Filesystem type to mount. Must be a filesystem 5289 type supported by the host operating system. Ex. "ext4", 5290 "xfs", "ntfs". Default is "xfs". 5291 type: string 5292 gateway: 5293 description: The host address of the ScaleIO API Gateway. 5294 type: string 5295 protectionDomain: 5296 description: The name of the ScaleIO Protection Domain 5297 for the configured storage. 5298 type: string 5299 readOnly: 5300 description: Defaults to false (read/write). ReadOnly 5301 here will force the ReadOnly setting in VolumeMounts. 5302 type: boolean 5303 secretRef: 5304 description: SecretRef references to the secret for 5305 ScaleIO user and other sensitive information. If this 5306 is not provided, Login operation will fail. 5307 properties: 5308 name: 5309 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5310 TODO: Add other useful fields. apiVersion, kind, 5311 uid?' 5312 type: string 5313 type: object 5314 sslEnabled: 5315 description: Flag to enable/disable SSL communication 5316 with Gateway, default false 5317 type: boolean 5318 storageMode: 5319 description: Indicates whether the storage for a volume 5320 should be ThickProvisioned or ThinProvisioned. Default 5321 is ThinProvisioned. 5322 type: string 5323 storagePool: 5324 description: The ScaleIO Storage Pool associated with 5325 the protection domain. 5326 type: string 5327 system: 5328 description: The name of the storage system as configured 5329 in ScaleIO. 5330 type: string 5331 volumeName: 5332 description: The name of a volume already created in 5333 the ScaleIO system that is associated with this volume 5334 source. 5335 type: string 5336 required: 5337 - gateway 5338 - secretRef 5339 - system 5340 type: object 5341 secret: 5342 description: 'Secret represents a secret that should populate 5343 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 5344 properties: 5345 defaultMode: 5346 description: 'Optional: mode bits used to set permissions 5347 on created files by default. Must be an octal value 5348 between 0000 and 0777 or a decimal value between 0 5349 and 511. YAML accepts both octal and decimal values, 5350 JSON requires decimal values for mode bits. Defaults 5351 to 0644. Directories within the path are not affected 5352 by this setting. This might be in conflict with other 5353 options that affect the file mode, like fsGroup, and 5354 the result can be other mode bits set.' 5355 format: int32 5356 type: integer 5357 items: 5358 description: If unspecified, each key-value pair in 5359 the Data field of the referenced Secret will be projected 5360 into the volume as a file whose name is the key and 5361 content is the value. If specified, the listed keys 5362 will be projected into the specified paths, and unlisted 5363 keys will not be present. If a key is specified which 5364 is not present in the Secret, the volume setup will 5365 error unless it is marked optional. Paths must be 5366 relative and may not contain the '..' path or start 5367 with '..'. 5368 items: 5369 description: Maps a string key to a path within a 5370 volume. 5371 properties: 5372 key: 5373 description: The key to project. 5374 type: string 5375 mode: 5376 description: 'Optional: mode bits used to set 5377 permissions on this file. Must be an octal value 5378 between 0000 and 0777 or a decimal value between 5379 0 and 511. YAML accepts both octal and decimal 5380 values, JSON requires decimal values for mode 5381 bits. If not specified, the volume defaultMode 5382 will be used. This might be in conflict with 5383 other options that affect the file mode, like 5384 fsGroup, and the result can be other mode bits 5385 set.' 5386 format: int32 5387 type: integer 5388 path: 5389 description: The relative path of the file to 5390 map the key to. May not be an absolute path. 5391 May not contain the path element '..'. May not 5392 start with the string '..'. 5393 type: string 5394 required: 5395 - key 5396 - path 5397 type: object 5398 type: array 5399 optional: 5400 description: Specify whether the Secret or its keys 5401 must be defined 5402 type: boolean 5403 secretName: 5404 description: 'Name of the secret in the pod''s namespace 5405 to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 5406 type: string 5407 type: object 5408 storageos: 5409 description: StorageOS represents a StorageOS volume attached 5410 and mounted on Kubernetes nodes. 5411 properties: 5412 fsType: 5413 description: Filesystem type to mount. Must be a filesystem 5414 type supported by the host operating system. Ex. "ext4", 5415 "xfs", "ntfs". Implicitly inferred to be "ext4" if 5416 unspecified. 5417 type: string 5418 readOnly: 5419 description: Defaults to false (read/write). ReadOnly 5420 here will force the ReadOnly setting in VolumeMounts. 5421 type: boolean 5422 secretRef: 5423 description: SecretRef specifies the secret to use for 5424 obtaining the StorageOS API credentials. If not specified, 5425 default values will be attempted. 5426 properties: 5427 name: 5428 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5429 TODO: Add other useful fields. apiVersion, kind, 5430 uid?' 5431 type: string 5432 type: object 5433 volumeName: 5434 description: VolumeName is the human-readable name of 5435 the StorageOS volume. Volume names are only unique 5436 within a namespace. 5437 type: string 5438 volumeNamespace: 5439 description: VolumeNamespace specifies the scope of 5440 the volume within StorageOS. If no namespace is specified 5441 then the Pod's namespace will be used. This allows 5442 the Kubernetes name scoping to be mirrored within 5443 StorageOS for tighter integration. Set VolumeName 5444 to any name to override the default behaviour. Set 5445 to "default" if you are not using namespaces within 5446 StorageOS. Namespaces that do not pre-exist within 5447 StorageOS will be created. 5448 type: string 5449 type: object 5450 vsphereVolume: 5451 description: VsphereVolume represents a vSphere volume attached 5452 and mounted on kubelets host machine 5453 properties: 5454 fsType: 5455 description: Filesystem type to mount. Must be a filesystem 5456 type supported by the host operating system. Ex. "ext4", 5457 "xfs", "ntfs". Implicitly inferred to be "ext4" if 5458 unspecified. 5459 type: string 5460 storagePolicyID: 5461 description: Storage Policy Based Management (SPBM) 5462 profile ID associated with the StoragePolicyName. 5463 type: string 5464 storagePolicyName: 5465 description: Storage Policy Based Management (SPBM) 5466 profile name. 5467 type: string 5468 volumePath: 5469 description: Path that identifies vSphere volume vmdk 5470 type: string 5471 required: 5472 - volumePath 5473 type: object 5474 required: 5475 - name 5476 type: object 5477 type: array 5478 type: object 5479 repositoryCredentials: 5480 description: RepositoryCredentials are the Git pull credentials to 5481 configure Argo CD with upon creation of the cluster. 5482 type: string 5483 resourceActions: 5484 description: ResourceActions customizes resource action behavior. 5485 items: 5486 description: Resource Customization for custom action 5487 properties: 5488 action: 5489 type: string 5490 group: 5491 type: string 5492 kind: 5493 type: string 5494 type: object 5495 type: array 5496 resourceCustomizations: 5497 description: 'ResourceCustomizations customizes resource behavior. 5498 Keys are in the form: group/Kind. Please note that this is being 5499 deprecated in favor of ResourceHealthChecks, ResourceIgnoreDifferences, 5500 and ResourceActions.' 5501 type: string 5502 resourceExclusions: 5503 description: ResourceExclusions is used to completely ignore entire 5504 classes of resource group/kinds. 5505 type: string 5506 resourceHealthChecks: 5507 description: ResourceHealthChecks customizes resource health check 5508 behavior. 5509 items: 5510 description: Resource Customization for custom health check 5511 properties: 5512 check: 5513 type: string 5514 group: 5515 type: string 5516 kind: 5517 type: string 5518 type: object 5519 type: array 5520 resourceIgnoreDifferences: 5521 description: ResourceIgnoreDifferences customizes resource ignore 5522 difference behavior. 5523 properties: 5524 all: 5525 properties: 5526 jqPathExpressions: 5527 items: 5528 type: string 5529 type: array 5530 jsonPointers: 5531 items: 5532 type: string 5533 type: array 5534 managedFieldsManagers: 5535 items: 5536 type: string 5537 type: array 5538 type: object 5539 resourceIdentifiers: 5540 items: 5541 description: Resource Customization fields for ignore difference 5542 properties: 5543 customization: 5544 properties: 5545 jqPathExpressions: 5546 items: 5547 type: string 5548 type: array 5549 jsonPointers: 5550 items: 5551 type: string 5552 type: array 5553 managedFieldsManagers: 5554 items: 5555 type: string 5556 type: array 5557 type: object 5558 group: 5559 type: string 5560 kind: 5561 type: string 5562 type: object 5563 type: array 5564 type: object 5565 resourceInclusions: 5566 description: ResourceInclusions is used to only include specific group/kinds 5567 in the reconciliation process. 5568 type: string 5569 resourceTrackingMethod: 5570 description: ResourceTrackingMethod defines how Argo CD should track 5571 resources that it manages 5572 type: string 5573 server: 5574 description: Server defines the options for the ArgoCD Server component. 5575 properties: 5576 autoscale: 5577 description: Autoscale defines the autoscale options for the Argo 5578 CD Server component. 5579 properties: 5580 enabled: 5581 description: Enabled will toggle autoscaling support for the 5582 Argo CD Server component. 5583 type: boolean 5584 hpa: 5585 description: HPA defines the HorizontalPodAutoscaler options 5586 for the Argo CD Server component. 5587 properties: 5588 maxReplicas: 5589 description: upper limit for the number of pods that can 5590 be set by the autoscaler; cannot be smaller than MinReplicas. 5591 format: int32 5592 type: integer 5593 minReplicas: 5594 description: minReplicas is the lower limit for the number 5595 of replicas to which the autoscaler can scale down. It 5596 defaults to 1 pod. minReplicas is allowed to be 0 if 5597 the alpha feature gate HPAScaleToZero is enabled and 5598 at least one Object or External metric is configured. Scaling 5599 is active as long as at least one metric value is available. 5600 format: int32 5601 type: integer 5602 scaleTargetRef: 5603 description: reference to scaled resource; horizontal 5604 pod autoscaler will learn the current resource consumption 5605 and will set the desired number of pods by using its 5606 Scale subresource. 5607 properties: 5608 apiVersion: 5609 description: API version of the referent 5610 type: string 5611 kind: 5612 description: 'Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' 5613 type: string 5614 name: 5615 description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' 5616 type: string 5617 required: 5618 - kind 5619 - name 5620 type: object 5621 targetCPUUtilizationPercentage: 5622 description: target average CPU utilization (represented 5623 as a percentage of requested CPU) over all the pods; 5624 if not specified the default autoscaling policy will 5625 be used. 5626 format: int32 5627 type: integer 5628 required: 5629 - maxReplicas 5630 - scaleTargetRef 5631 type: object 5632 required: 5633 - enabled 5634 type: object 5635 env: 5636 description: Env lets you specify environment for API server pods 5637 items: 5638 description: EnvVar represents an environment variable present 5639 in a Container. 5640 properties: 5641 name: 5642 description: Name of the environment variable. Must be a 5643 C_IDENTIFIER. 5644 type: string 5645 value: 5646 description: 'Variable references $(VAR_NAME) are expanded 5647 using the previously defined environment variables in 5648 the container and any service environment variables. If 5649 a variable cannot be resolved, the reference in the input 5650 string will be unchanged. Double $$ are reduced to a single 5651 $, which allows for escaping the $(VAR_NAME) syntax: i.e. 5652 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 5653 Escaped references will never be expanded, regardless 5654 of whether the variable exists or not. Defaults to "".' 5655 type: string 5656 valueFrom: 5657 description: Source for the environment variable's value. 5658 Cannot be used if value is not empty. 5659 properties: 5660 configMapKeyRef: 5661 description: Selects a key of a ConfigMap. 5662 properties: 5663 key: 5664 description: The key to select. 5665 type: string 5666 name: 5667 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5668 TODO: Add other useful fields. apiVersion, kind, 5669 uid?' 5670 type: string 5671 optional: 5672 description: Specify whether the ConfigMap or its 5673 key must be defined 5674 type: boolean 5675 required: 5676 - key 5677 type: object 5678 fieldRef: 5679 description: 'Selects a field of the pod: supports metadata.name, 5680 metadata.namespace, `metadata.labels[''<KEY>'']`, 5681 `metadata.annotations[''<KEY>'']`, spec.nodeName, 5682 spec.serviceAccountName, status.hostIP, status.podIP, 5683 status.podIPs.' 5684 properties: 5685 apiVersion: 5686 description: Version of the schema the FieldPath 5687 is written in terms of, defaults to "v1". 5688 type: string 5689 fieldPath: 5690 description: Path of the field to select in the 5691 specified API version. 5692 type: string 5693 required: 5694 - fieldPath 5695 type: object 5696 resourceFieldRef: 5697 description: 'Selects a resource of the container: only 5698 resources limits and requests (limits.cpu, limits.memory, 5699 limits.ephemeral-storage, requests.cpu, requests.memory 5700 and requests.ephemeral-storage) are currently supported.' 5701 properties: 5702 containerName: 5703 description: 'Container name: required for volumes, 5704 optional for env vars' 5705 type: string 5706 divisor: 5707 anyOf: 5708 - type: integer 5709 - type: string 5710 description: Specifies the output format of the 5711 exposed resources, defaults to "1" 5712 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5713 x-kubernetes-int-or-string: true 5714 resource: 5715 description: 'Required: resource to select' 5716 type: string 5717 required: 5718 - resource 5719 type: object 5720 secretKeyRef: 5721 description: Selects a key of a secret in the pod's 5722 namespace 5723 properties: 5724 key: 5725 description: The key of the secret to select from. Must 5726 be a valid secret key. 5727 type: string 5728 name: 5729 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5730 TODO: Add other useful fields. apiVersion, kind, 5731 uid?' 5732 type: string 5733 optional: 5734 description: Specify whether the Secret or its key 5735 must be defined 5736 type: boolean 5737 required: 5738 - key 5739 type: object 5740 type: object 5741 required: 5742 - name 5743 type: object 5744 type: array 5745 extraCommandArgs: 5746 description: Extra Command arguments that would append to the 5747 Argo CD server command. ExtraCommandArgs will not be added, 5748 if one of these commands is already part of the server command 5749 with same or different value. 5750 items: 5751 type: string 5752 type: array 5753 grpc: 5754 description: GRPC defines the state for the Argo CD Server GRPC 5755 options. 5756 properties: 5757 host: 5758 description: Host is the hostname to use for Ingress/Route 5759 resources. 5760 type: string 5761 ingress: 5762 description: Ingress defines the desired state for the Argo 5763 CD Server GRPC Ingress. 5764 properties: 5765 annotations: 5766 additionalProperties: 5767 type: string 5768 description: Annotations is the map of annotations to 5769 apply to the Ingress. 5770 type: object 5771 enabled: 5772 description: Enabled will toggle the creation of the Ingress. 5773 type: boolean 5774 ingressClassName: 5775 description: IngressClassName for the Ingress resource. 5776 type: string 5777 path: 5778 description: Path used for the Ingress resource. 5779 type: string 5780 tls: 5781 description: TLS configuration. Currently the Ingress 5782 only supports a single TLS port, 443. If multiple members 5783 of this list specify different hosts, they will be multiplexed 5784 on the same port according to the hostname specified 5785 through the SNI TLS extension, if the ingress controller 5786 fulfilling the ingress supports SNI. 5787 items: 5788 description: IngressTLS describes the transport layer 5789 security associated with an Ingress. 5790 properties: 5791 hosts: 5792 description: Hosts are a list of hosts included 5793 in the TLS certificate. The values in this list 5794 must match the name/s used in the tlsSecret. Defaults 5795 to the wildcard host setting for the loadbalancer 5796 controller fulfilling this Ingress, if left unspecified. 5797 items: 5798 type: string 5799 type: array 5800 x-kubernetes-list-type: atomic 5801 secretName: 5802 description: SecretName is the name of the secret 5803 used to terminate TLS traffic on port 443. Field 5804 is left optional to allow TLS routing based on 5805 SNI hostname alone. If the SNI host in a listener 5806 conflicts with the "Host" header field used by 5807 an IngressRule, the SNI host is used for termination 5808 and value of the Host header is used for routing. 5809 type: string 5810 type: object 5811 type: array 5812 required: 5813 - enabled 5814 type: object 5815 type: object 5816 host: 5817 description: Host is the hostname to use for Ingress/Route resources. 5818 type: string 5819 ingress: 5820 description: Ingress defines the desired state for an Ingress 5821 for the Argo CD Server component. 5822 properties: 5823 annotations: 5824 additionalProperties: 5825 type: string 5826 description: Annotations is the map of annotations to apply 5827 to the Ingress. 5828 type: object 5829 enabled: 5830 description: Enabled will toggle the creation of the Ingress. 5831 type: boolean 5832 ingressClassName: 5833 description: IngressClassName for the Ingress resource. 5834 type: string 5835 path: 5836 description: Path used for the Ingress resource. 5837 type: string 5838 tls: 5839 description: TLS configuration. Currently the Ingress only 5840 supports a single TLS port, 443. If multiple members of 5841 this list specify different hosts, they will be multiplexed 5842 on the same port according to the hostname specified through 5843 the SNI TLS extension, if the ingress controller fulfilling 5844 the ingress supports SNI. 5845 items: 5846 description: IngressTLS describes the transport layer security 5847 associated with an Ingress. 5848 properties: 5849 hosts: 5850 description: Hosts are a list of hosts included in the 5851 TLS certificate. The values in this list must match 5852 the name/s used in the tlsSecret. Defaults to the 5853 wildcard host setting for the loadbalancer controller 5854 fulfilling this Ingress, if left unspecified. 5855 items: 5856 type: string 5857 type: array 5858 x-kubernetes-list-type: atomic 5859 secretName: 5860 description: SecretName is the name of the secret used 5861 to terminate TLS traffic on port 443. Field is left 5862 optional to allow TLS routing based on SNI hostname 5863 alone. If the SNI host in a listener conflicts with 5864 the "Host" header field used by an IngressRule, the 5865 SNI host is used for termination and value of the 5866 Host header is used for routing. 5867 type: string 5868 type: object 5869 type: array 5870 required: 5871 - enabled 5872 type: object 5873 insecure: 5874 description: Insecure toggles the insecure flag. 5875 type: boolean 5876 logFormat: 5877 description: LogFormat refers to the log level to be used by the 5878 ArgoCD Server component. Defaults to ArgoCDDefaultLogFormat 5879 if not configured. Valid options are text or json. 5880 type: string 5881 logLevel: 5882 description: LogLevel refers to the log level to be used by the 5883 ArgoCD Server component. Defaults to ArgoCDDefaultLogLevel if 5884 not set. Valid options are debug, info, error, and warn. 5885 type: string 5886 replicas: 5887 description: Replicas defines the number of replicas for argocd-server. 5888 Default is nil. Value should be greater than or equal to 0. 5889 Value will be ignored if Autoscaler is enabled. 5890 format: int32 5891 type: integer 5892 resources: 5893 description: Resources defines the Compute Resources required 5894 by the container for the Argo CD server component. 5895 properties: 5896 limits: 5897 additionalProperties: 5898 anyOf: 5899 - type: integer 5900 - type: string 5901 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5902 x-kubernetes-int-or-string: true 5903 description: 'Limits describes the maximum amount of compute 5904 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5905 type: object 5906 requests: 5907 additionalProperties: 5908 anyOf: 5909 - type: integer 5910 - type: string 5911 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5912 x-kubernetes-int-or-string: true 5913 description: 'Requests describes the minimum amount of compute 5914 resources required. If Requests is omitted for a container, 5915 it defaults to Limits if that is explicitly specified, otherwise 5916 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5917 type: object 5918 type: object 5919 route: 5920 description: Route defines the desired state for an OpenShift 5921 Route for the Argo CD Server component. 5922 properties: 5923 annotations: 5924 additionalProperties: 5925 type: string 5926 description: Annotations is the map of annotations to use 5927 for the Route resource. 5928 type: object 5929 enabled: 5930 description: Enabled will toggle the creation of the OpenShift 5931 Route. 5932 type: boolean 5933 labels: 5934 additionalProperties: 5935 type: string 5936 description: Labels is the map of labels to use for the Route 5937 resource 5938 type: object 5939 path: 5940 description: Path the router watches for, to route traffic 5941 for to the service. 5942 type: string 5943 tls: 5944 description: TLS provides the ability to configure certificates 5945 and termination for the Route. 5946 properties: 5947 caCertificate: 5948 description: caCertificate provides the cert authority 5949 certificate contents 5950 type: string 5951 certificate: 5952 description: certificate provides certificate contents 5953 type: string 5954 destinationCACertificate: 5955 description: destinationCACertificate provides the contents 5956 of the ca certificate of the final destination. When 5957 using reencrypt termination this file should be provided 5958 in order to have routers use it for health checks on 5959 the secure connection. If this field is not specified, 5960 the router may provide its own destination CA and perform 5961 hostname validation using the short service name (service.namespace.svc), 5962 which allows infrastructure generated certificates to 5963 automatically verify. 5964 type: string 5965 insecureEdgeTerminationPolicy: 5966 description: "insecureEdgeTerminationPolicy indicates 5967 the desired behavior for insecure connections to a route. 5968 While each router may make its own decisions on which 5969 ports to expose, this is normally port 80. \n * Allow 5970 - traffic is sent to the server on the insecure port 5971 (default) * Disable - no traffic is allowed on the insecure 5972 port. * Redirect - clients are redirected to the secure 5973 port." 5974 type: string 5975 key: 5976 description: key provides key file contents 5977 type: string 5978 termination: 5979 description: termination indicates termination type. 5980 type: string 5981 required: 5982 - termination 5983 type: object 5984 wildcardPolicy: 5985 description: WildcardPolicy if any for the route. Currently 5986 only 'Subdomain' or 'None' is allowed. 5987 type: string 5988 required: 5989 - enabled 5990 type: object 5991 service: 5992 description: Service defines the options for the Service backing 5993 the ArgoCD Server component. 5994 properties: 5995 type: 5996 description: Type is the ServiceType to use for the Service 5997 resource. 5998 type: string 5999 required: 6000 - type 6001 type: object 6002 type: object 6003 sourceNamespaces: 6004 description: SourceNamespaces defines the namespaces application resources 6005 are allowed to be created in 6006 items: 6007 type: string 6008 type: array 6009 sso: 6010 description: SSO defines the Single Sign-on configuration for Argo 6011 CD 6012 properties: 6013 dex: 6014 description: Dex contains the configuration for Argo CD dex authentication 6015 properties: 6016 config: 6017 description: Config is the dex connector configuration. 6018 type: string 6019 groups: 6020 description: Optional list of required groups a user must 6021 be a member of 6022 items: 6023 type: string 6024 type: array 6025 image: 6026 description: Image is the Dex container image. 6027 type: string 6028 openShiftOAuth: 6029 description: OpenShiftOAuth enables OpenShift OAuth authentication 6030 for the Dex server. 6031 type: boolean 6032 resources: 6033 description: Resources defines the Compute Resources required 6034 by the container for Dex. 6035 properties: 6036 limits: 6037 additionalProperties: 6038 anyOf: 6039 - type: integer 6040 - type: string 6041 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6042 x-kubernetes-int-or-string: true 6043 description: 'Limits describes the maximum amount of compute 6044 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6045 type: object 6046 requests: 6047 additionalProperties: 6048 anyOf: 6049 - type: integer 6050 - type: string 6051 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6052 x-kubernetes-int-or-string: true 6053 description: 'Requests describes the minimum amount of 6054 compute resources required. If Requests is omitted for 6055 a container, it defaults to Limits if that is explicitly 6056 specified, otherwise to an implementation-defined value. 6057 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6058 type: object 6059 type: object 6060 version: 6061 description: Version is the Dex container image tag. 6062 type: string 6063 type: object 6064 image: 6065 description: Image is the SSO container image. 6066 type: string 6067 keycloak: 6068 description: Keycloak contains the configuration for Argo CD keycloak 6069 authentication 6070 properties: 6071 image: 6072 description: Image is the Keycloak container image. 6073 type: string 6074 resources: 6075 description: Resources defines the Compute Resources required 6076 by the container for Keycloak. 6077 properties: 6078 limits: 6079 additionalProperties: 6080 anyOf: 6081 - type: integer 6082 - type: string 6083 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6084 x-kubernetes-int-or-string: true 6085 description: 'Limits describes the maximum amount of compute 6086 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6087 type: object 6088 requests: 6089 additionalProperties: 6090 anyOf: 6091 - type: integer 6092 - type: string 6093 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6094 x-kubernetes-int-or-string: true 6095 description: 'Requests describes the minimum amount of 6096 compute resources required. If Requests is omitted for 6097 a container, it defaults to Limits if that is explicitly 6098 specified, otherwise to an implementation-defined value. 6099 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6100 type: object 6101 type: object 6102 rootCA: 6103 description: Custom root CA certificate for communicating 6104 with the Keycloak OIDC provider 6105 type: string 6106 verifyTLS: 6107 description: VerifyTLS set to false disables strict TLS validation. 6108 type: boolean 6109 version: 6110 description: Version is the Keycloak container image tag. 6111 type: string 6112 type: object 6113 provider: 6114 description: Provider installs and configures the given SSO Provider 6115 with Argo CD. 6116 type: string 6117 resources: 6118 description: Resources defines the Compute Resources required 6119 by the container for SSO. 6120 properties: 6121 limits: 6122 additionalProperties: 6123 anyOf: 6124 - type: integer 6125 - type: string 6126 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6127 x-kubernetes-int-or-string: true 6128 description: 'Limits describes the maximum amount of compute 6129 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6130 type: object 6131 requests: 6132 additionalProperties: 6133 anyOf: 6134 - type: integer 6135 - type: string 6136 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6137 x-kubernetes-int-or-string: true 6138 description: 'Requests describes the minimum amount of compute 6139 resources required. If Requests is omitted for a container, 6140 it defaults to Limits if that is explicitly specified, otherwise 6141 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6142 type: object 6143 type: object 6144 verifyTLS: 6145 description: VerifyTLS set to false disables strict TLS validation. 6146 type: boolean 6147 version: 6148 description: Version is the SSO container image tag. 6149 type: string 6150 type: object 6151 statusBadgeEnabled: 6152 description: StatusBadgeEnabled toggles application status badge feature. 6153 type: boolean 6154 tls: 6155 description: TLS defines the TLS options for ArgoCD. 6156 properties: 6157 ca: 6158 description: CA defines the CA options. 6159 properties: 6160 configMapName: 6161 description: ConfigMapName is the name of the ConfigMap containing 6162 the CA Certificate. 6163 type: string 6164 secretName: 6165 description: SecretName is the name of the Secret containing 6166 the CA Certificate and Key. 6167 type: string 6168 type: object 6169 initialCerts: 6170 additionalProperties: 6171 type: string 6172 description: InitialCerts defines custom TLS certificates upon 6173 creation of the cluster for connecting Git repositories via 6174 HTTPS. 6175 type: object 6176 type: object 6177 usersAnonymousEnabled: 6178 description: UsersAnonymousEnabled toggles anonymous user access. 6179 The anonymous users get default role permissions specified argocd-rbac-cm. 6180 type: boolean 6181 version: 6182 description: Version is the tag to use with the ArgoCD container image 6183 for all ArgoCD components. 6184 type: string 6185 type: object 6186 status: 6187 description: ArgoCDStatus defines the observed state of ArgoCD 6188 properties: 6189 applicationController: 6190 description: 'ApplicationController is a simple, high-level summary 6191 of where the Argo CD application controller component is in its 6192 lifecycle. There are five possible ApplicationController values: 6193 Pending: The Argo CD application controller component has been accepted 6194 by the Kubernetes system, but one or more of the required resources 6195 have not been created. Running: All of the required Pods for the 6196 Argo CD application controller component are in a Ready state. Failed: 6197 At least one of the Argo CD application controller component Pods 6198 had a failure. Unknown: For some reason the state of the Argo CD 6199 application controller component could not be obtained.' 6200 type: string 6201 dex: 6202 description: 'Dex is a simple, high-level summary of where the Argo 6203 CD Dex component is in its lifecycle. There are five possible dex 6204 values: Pending: The Argo CD Dex component has been accepted by 6205 the Kubernetes system, but one or more of the required resources 6206 have not been created. Running: All of the required Pods for the 6207 Argo CD Dex component are in a Ready state. Failed: At least one 6208 of the Argo CD Dex component Pods had a failure. Unknown: For some 6209 reason the state of the Argo CD Dex component could not be obtained.' 6210 type: string 6211 host: 6212 description: Host is the hostname of the Ingress. 6213 type: string 6214 notificationsController: 6215 description: 'NotificationsController is a simple, high-level summary 6216 of where the Argo CD notifications controller component is in its 6217 lifecycle. There are five possible NotificationsController values: 6218 Pending: The Argo CD notifications controller component has been 6219 accepted by the Kubernetes system, but one or more of the required 6220 resources have not been created. Running: All of the required Pods 6221 for the Argo CD notifications controller component are in a Ready 6222 state. Failed: At least one of the Argo CD notifications controller 6223 component Pods had a failure. Unknown: For some reason the state 6224 of the Argo CD notifications controller component could not be obtained.' 6225 type: string 6226 phase: 6227 description: 'Phase is a simple, high-level summary of where the ArgoCD 6228 is in its lifecycle. There are five possible phase values: Pending: 6229 The ArgoCD has been accepted by the Kubernetes system, but one or 6230 more of the required resources have not been created. Available: 6231 All of the resources for the ArgoCD are ready. Failed: At least 6232 one resource has experienced a failure. Unknown: For some reason 6233 the state of the ArgoCD phase could not be obtained.' 6234 type: string 6235 redis: 6236 description: 'Redis is a simple, high-level summary of where the Argo 6237 CD Redis component is in its lifecycle. There are five possible 6238 redis values: Pending: The Argo CD Redis component has been accepted 6239 by the Kubernetes system, but one or more of the required resources 6240 have not been created. Running: All of the required Pods for the 6241 Argo CD Redis component are in a Ready state. Failed: At least one 6242 of the Argo CD Redis component Pods had a failure. Unknown: For 6243 some reason the state of the Argo CD Redis component could not be 6244 obtained.' 6245 type: string 6246 redisTLSChecksum: 6247 description: RedisTLSChecksum contains the SHA256 checksum of the 6248 latest known state of tls.crt and tls.key in the argocd-operator-redis-tls 6249 secret. 6250 type: string 6251 repo: 6252 description: 'Repo is a simple, high-level summary of where the Argo 6253 CD Repo component is in its lifecycle. There are five possible repo 6254 values: Pending: The Argo CD Repo component has been accepted by 6255 the Kubernetes system, but one or more of the required resources 6256 have not been created. Running: All of the required Pods for the 6257 Argo CD Repo component are in a Ready state. Failed: At least one 6258 of the Argo CD Repo component Pods had a failure. Unknown: For 6259 some reason the state of the Argo CD Repo component could not be 6260 obtained.' 6261 type: string 6262 repoTLSChecksum: 6263 description: RepoTLSChecksum contains the SHA256 checksum of the latest 6264 known state of tls.crt and tls.key in the argocd-repo-server-tls 6265 secret. 6266 type: string 6267 server: 6268 description: 'Server is a simple, high-level summary of where the 6269 Argo CD server component is in its lifecycle. There are five possible 6270 server values: Pending: The Argo CD server component has been accepted 6271 by the Kubernetes system, but one or more of the required resources 6272 have not been created. Running: All of the required Pods for the 6273 Argo CD server component are in a Ready state. Failed: At least 6274 one of the Argo CD server component Pods had a failure. Unknown: 6275 For some reason the state of the Argo CD server component could 6276 not be obtained.' 6277 type: string 6278 ssoConfig: 6279 description: 'SSOConfig defines the status of SSO configuration. Success: 6280 Only one SSO provider is configured in CR. Failed: SSO configuration 6281 is illegal or more than one SSO providers are configured in CR. 6282 Unknown: For some reason the SSO configuration could not be obtained.' 6283 type: string 6284 type: object 6285 type: object 6286 served: true 6287 storage: true 6288 subresources: 6289 status: {} 6290 status: 6291 acceptedNames: 6292 kind: "" 6293 plural: "" 6294 conditions: [] 6295 storedVersions: [] 6296