github.com/kubeflow/training-operator@v1.7.0/manifests/base/crds/kubeflow.org_tfjobs.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.12.0 7 name: tfjobs.kubeflow.org 8 spec: 9 group: kubeflow.org 10 names: 11 kind: TFJob 12 listKind: TFJobList 13 plural: tfjobs 14 singular: tfjob 15 scope: Namespaced 16 versions: 17 - additionalPrinterColumns: 18 - jsonPath: .status.conditions[-1:].type 19 name: State 20 type: string 21 - jsonPath: .metadata.creationTimestamp 22 name: Age 23 type: date 24 name: v1 25 schema: 26 openAPIV3Schema: 27 description: TFJob represents a TFJob resource. 28 properties: 29 apiVersion: 30 description: 'APIVersion defines the versioned schema of this representation 31 of an object. Servers should convert recognized schemas to the latest 32 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 33 type: string 34 kind: 35 description: 'Kind is a string value representing the REST resource this 36 object represents. Servers may infer this from the endpoint the client 37 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 38 type: string 39 metadata: 40 type: object 41 spec: 42 description: Specification of the desired state of the TFJob. 43 properties: 44 enableDynamicWorker: 45 description: A switch to enable dynamic worker 46 type: boolean 47 runPolicy: 48 description: RunPolicy encapsulates various runtime policies of the 49 distributed training job, for example how to clean up resources 50 and how long the job can stay active. 51 properties: 52 activeDeadlineSeconds: 53 description: Specifies the duration in seconds relative to the 54 startTime that the job may be active before the system tries 55 to terminate it; value must be positive integer. 56 format: int64 57 type: integer 58 backoffLimit: 59 description: Optional number of retries before marking this job 60 failed. 61 format: int32 62 type: integer 63 cleanPodPolicy: 64 description: CleanPodPolicy defines the policy to kill pods after 65 the job completes. Default to None. 66 type: string 67 schedulingPolicy: 68 description: SchedulingPolicy defines the policy related to scheduling, 69 e.g. gang-scheduling 70 properties: 71 minAvailable: 72 format: int32 73 type: integer 74 minResources: 75 additionalProperties: 76 anyOf: 77 - type: integer 78 - type: string 79 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 80 x-kubernetes-int-or-string: true 81 type: object 82 priorityClass: 83 type: string 84 queue: 85 type: string 86 scheduleTimeoutSeconds: 87 format: int32 88 type: integer 89 type: object 90 suspend: 91 default: false 92 description: suspend specifies whether the Job controller should 93 create Pods or not. If a Job is created with suspend set to 94 true, no Pods are created by the Job controller. If a Job is 95 suspended after creation (i.e. the flag goes from false to true), 96 the Job controller will delete all active Pods and PodGroups 97 associated with this Job. Users must design their workload to 98 gracefully handle this. 99 type: boolean 100 ttlSecondsAfterFinished: 101 description: TTLSecondsAfterFinished is the TTL to clean up jobs. 102 It may take extra ReconcilePeriod seconds for the cleanup, since 103 reconcile gets called periodically. Default to infinite. 104 format: int32 105 type: integer 106 type: object 107 successPolicy: 108 description: SuccessPolicy defines the policy to mark the TFJob as 109 succeeded. Default to "", using the default rules. 110 type: string 111 tfReplicaSpecs: 112 additionalProperties: 113 description: ReplicaSpec is a description of the replica 114 properties: 115 replicas: 116 description: Replicas is the desired number of replicas of the 117 given template. If unspecified, defaults to 1. 118 format: int32 119 type: integer 120 restartPolicy: 121 description: Restart policy for all replicas within the job. 122 One of Always, OnFailure, Never and ExitCode. Default to Never. 123 type: string 124 template: 125 description: Template is the object that describes the pod that 126 will be created for this replica. RestartPolicy in PodTemplateSpec 127 will be overide by RestartPolicy in ReplicaSpec 128 properties: 129 metadata: 130 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 131 properties: 132 annotations: 133 additionalProperties: 134 type: string 135 type: object 136 finalizers: 137 items: 138 type: string 139 type: array 140 labels: 141 additionalProperties: 142 type: string 143 type: object 144 name: 145 type: string 146 namespace: 147 type: string 148 type: object 149 spec: 150 description: 'Specification of the desired behavior of the 151 pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 152 properties: 153 activeDeadlineSeconds: 154 description: Optional duration in seconds the pod may 155 be active on the node relative to StartTime before 156 the system will actively try to mark it failed and 157 kill associated containers. Value must be a positive 158 integer. 159 format: int64 160 type: integer 161 affinity: 162 description: If specified, the pod's scheduling constraints 163 properties: 164 nodeAffinity: 165 description: Describes node affinity scheduling 166 rules for the pod. 167 properties: 168 preferredDuringSchedulingIgnoredDuringExecution: 169 description: The scheduler will prefer to schedule 170 pods to nodes that satisfy the affinity expressions 171 specified by this field, but it may choose 172 a node that violates one or more of the expressions. 173 The node that is most preferred is the one 174 with the greatest sum of weights, i.e. for 175 each node that meets all of the scheduling 176 requirements (resource request, requiredDuringScheduling 177 affinity expressions, etc. 178 items: 179 description: An empty preferred scheduling 180 term matches all objects with implicit weight 181 0 (i.e. it's a no-op). A null preferred 182 scheduling term matches no objects (i.e. 183 is also a no-op). 184 properties: 185 preference: 186 description: A node selector term, associated 187 with the corresponding weight. 188 properties: 189 matchExpressions: 190 description: A list of node selector 191 requirements by node's labels. 192 items: 193 description: A node selector requirement 194 is a selector that contains values, 195 a key, and an operator that relates 196 the key and values. 197 properties: 198 key: 199 description: The label key that 200 the selector applies to. 201 type: string 202 operator: 203 description: Represents a key's 204 relationship to a set of values. 205 Valid operators are In, NotIn, 206 Exists, DoesNotExist. Gt, 207 and Lt. 208 type: string 209 values: 210 description: An array of string 211 values. If the operator is 212 In or NotIn, the values array 213 must be non-empty. If the 214 operator is Exists or DoesNotExist, 215 the values array must be empty. 216 If the operator is Gt or Lt, 217 the values array must have 218 a single element, which will 219 be interpreted as an integer. 220 This array is replaced during 221 a strategic merge patch. 222 items: 223 type: string 224 type: array 225 required: 226 - key 227 - operator 228 type: object 229 type: array 230 matchFields: 231 description: A list of node selector 232 requirements by node's fields. 233 items: 234 description: A node selector requirement 235 is a selector that contains values, 236 a key, and an operator that relates 237 the key and values. 238 properties: 239 key: 240 description: The label key that 241 the selector applies to. 242 type: string 243 operator: 244 description: Represents a key's 245 relationship to a set of values. 246 Valid operators are In, NotIn, 247 Exists, DoesNotExist. Gt, 248 and Lt. 249 type: string 250 values: 251 description: An array of string 252 values. If the operator is 253 In or NotIn, the values array 254 must be non-empty. If the 255 operator is Exists or DoesNotExist, 256 the values array must be empty. 257 If the operator is Gt or Lt, 258 the values array must have 259 a single element, which will 260 be interpreted as an integer. 261 This array is replaced during 262 a strategic merge patch. 263 items: 264 type: string 265 type: array 266 required: 267 - key 268 - operator 269 type: object 270 type: array 271 type: object 272 x-kubernetes-map-type: atomic 273 weight: 274 description: Weight associated with matching 275 the corresponding nodeSelectorTerm, 276 in the range 1-100. 277 format: int32 278 type: integer 279 required: 280 - preference 281 - weight 282 type: object 283 type: array 284 requiredDuringSchedulingIgnoredDuringExecution: 285 description: If the affinity requirements specified 286 by this field are not met at scheduling time, 287 the pod will not be scheduled onto the node. 288 If the affinity requirements specified by 289 this field cease to be met at some point during 290 pod execution (e.g. due to an update), the 291 system may or may not try to eventually evict 292 the pod from its node. 293 properties: 294 nodeSelectorTerms: 295 description: Required. A list of node selector 296 terms. The terms are ORed. 297 items: 298 description: A null or empty node selector 299 term matches no objects. The requirements 300 of them are ANDed. The TopologySelectorTerm 301 type implements a subset of the NodeSelectorTerm. 302 properties: 303 matchExpressions: 304 description: A list of node selector 305 requirements by node's labels. 306 items: 307 description: A node selector requirement 308 is a selector that contains values, 309 a key, and an operator that relates 310 the key and values. 311 properties: 312 key: 313 description: The label key that 314 the selector applies to. 315 type: string 316 operator: 317 description: Represents a key's 318 relationship to a set of values. 319 Valid operators are In, NotIn, 320 Exists, DoesNotExist. Gt, 321 and Lt. 322 type: string 323 values: 324 description: An array of string 325 values. If the operator is 326 In or NotIn, the values array 327 must be non-empty. If the 328 operator is Exists or DoesNotExist, 329 the values array must be empty. 330 If the operator is Gt or Lt, 331 the values array must have 332 a single element, which will 333 be interpreted as an integer. 334 This array is replaced during 335 a strategic merge patch. 336 items: 337 type: string 338 type: array 339 required: 340 - key 341 - operator 342 type: object 343 type: array 344 matchFields: 345 description: A list of node selector 346 requirements by node's fields. 347 items: 348 description: A node selector requirement 349 is a selector that contains values, 350 a key, and an operator that relates 351 the key and values. 352 properties: 353 key: 354 description: The label key that 355 the selector applies to. 356 type: string 357 operator: 358 description: Represents a key's 359 relationship to a set of values. 360 Valid operators are In, NotIn, 361 Exists, DoesNotExist. Gt, 362 and Lt. 363 type: string 364 values: 365 description: An array of string 366 values. If the operator is 367 In or NotIn, the values array 368 must be non-empty. If the 369 operator is Exists or DoesNotExist, 370 the values array must be empty. 371 If the operator is Gt or Lt, 372 the values array must have 373 a single element, which will 374 be interpreted as an integer. 375 This array is replaced during 376 a strategic merge patch. 377 items: 378 type: string 379 type: array 380 required: 381 - key 382 - operator 383 type: object 384 type: array 385 type: object 386 x-kubernetes-map-type: atomic 387 type: array 388 required: 389 - nodeSelectorTerms 390 type: object 391 x-kubernetes-map-type: atomic 392 type: object 393 podAffinity: 394 description: Describes pod affinity scheduling rules 395 (e.g. co-locate this pod in the same node, zone, 396 etc. as some other pod(s)). 397 properties: 398 preferredDuringSchedulingIgnoredDuringExecution: 399 description: The scheduler will prefer to schedule 400 pods to nodes that satisfy the affinity expressions 401 specified by this field, but it may choose 402 a node that violates one or more of the expressions. 403 The node that is most preferred is the one 404 with the greatest sum of weights, i.e. for 405 each node that meets all of the scheduling 406 requirements (resource request, requiredDuringScheduling 407 affinity expressions, etc. 408 items: 409 description: The weights of all of the matched 410 WeightedPodAffinityTerm fields are added 411 per-node to find the most preferred node(s) 412 properties: 413 podAffinityTerm: 414 description: Required. A pod affinity 415 term, associated with the corresponding 416 weight. 417 properties: 418 labelSelector: 419 description: A label query over a 420 set of resources, in this case pods. 421 properties: 422 matchExpressions: 423 description: matchExpressions 424 is a list of label selector 425 requirements. The requirements 426 are ANDed. 427 items: 428 description: A label selector 429 requirement is a selector 430 that contains values, a key, 431 and an operator that relates 432 the key and values. 433 properties: 434 key: 435 description: key is the 436 label key that the selector 437 applies to. 438 type: string 439 operator: 440 description: operator represents 441 a key's relationship to 442 a set of values. Valid 443 operators are In, NotIn, 444 Exists and DoesNotExist. 445 type: string 446 values: 447 description: values is an 448 array of string values. 449 If the operator is In 450 or NotIn, the values array 451 must be non-empty. If 452 the operator is Exists 453 or DoesNotExist, the values 454 array must be empty. This 455 array is replaced during 456 a strategic merge patch. 457 items: 458 type: string 459 type: array 460 required: 461 - key 462 - operator 463 type: object 464 type: array 465 matchLabels: 466 additionalProperties: 467 type: string 468 description: matchLabels is a 469 map of {key,value} pairs. A 470 single {key,value} in the matchLabels 471 map is equivalent to an element 472 of matchExpressions, whose key 473 field is "key", the operator 474 is "In", and the values array 475 contains only "value". The requirements 476 are ANDed. 477 type: object 478 type: object 479 x-kubernetes-map-type: atomic 480 namespaceSelector: 481 description: A label query over the 482 set of namespaces that the term 483 applies to. The term is applied 484 to the union of the namespaces selected 485 by this field and the ones listed 486 in the namespaces field. null selector 487 and null or empty namespaces list 488 means "this pod's namespace". An 489 empty selector ({}) matches all 490 namespaces. 491 properties: 492 matchExpressions: 493 description: matchExpressions 494 is a list of label selector 495 requirements. The requirements 496 are ANDed. 497 items: 498 description: A label selector 499 requirement is a selector 500 that contains values, a key, 501 and an operator that relates 502 the key and values. 503 properties: 504 key: 505 description: key is the 506 label key that the selector 507 applies to. 508 type: string 509 operator: 510 description: operator represents 511 a key's relationship to 512 a set of values. Valid 513 operators are In, NotIn, 514 Exists and DoesNotExist. 515 type: string 516 values: 517 description: values is an 518 array of string values. 519 If the operator is In 520 or NotIn, the values array 521 must be non-empty. If 522 the operator is Exists 523 or DoesNotExist, the values 524 array must be empty. This 525 array is replaced during 526 a strategic merge patch. 527 items: 528 type: string 529 type: array 530 required: 531 - key 532 - operator 533 type: object 534 type: array 535 matchLabels: 536 additionalProperties: 537 type: string 538 description: matchLabels is a 539 map of {key,value} pairs. A 540 single {key,value} in the matchLabels 541 map is equivalent to an element 542 of matchExpressions, whose key 543 field is "key", the operator 544 is "In", and the values array 545 contains only "value". The requirements 546 are ANDed. 547 type: object 548 type: object 549 x-kubernetes-map-type: atomic 550 namespaces: 551 description: namespaces specifies 552 a static list of namespace names 553 that the term applies to. The term 554 is applied to the union of the namespaces 555 listed in this field and the ones 556 selected by namespaceSelector. null 557 or empty namespaces list and null 558 namespaceSelector means "this pod's 559 namespace". 560 items: 561 type: string 562 type: array 563 topologyKey: 564 description: This pod should be co-located 565 (affinity) or not co-located (anti-affinity) 566 with the pods matching the labelSelector 567 in the specified namespaces, where 568 co-located is defined as running 569 on a node whose value of the label 570 with key topologyKey matches that 571 of any node on which any of the 572 selected pods is running. Empty 573 topologyKey is not allowed. 574 type: string 575 required: 576 - topologyKey 577 type: object 578 weight: 579 description: weight associated with matching 580 the corresponding podAffinityTerm, in 581 the range 1-100. 582 format: int32 583 type: integer 584 required: 585 - podAffinityTerm 586 - weight 587 type: object 588 type: array 589 requiredDuringSchedulingIgnoredDuringExecution: 590 description: If the affinity requirements specified 591 by this field are not met at scheduling time, 592 the pod will not be scheduled onto the node. 593 If the affinity requirements specified by 594 this field cease to be met at some point during 595 pod execution (e.g. due to a pod label update), 596 the system may or may not try to eventually 597 evict the pod from its node. 598 items: 599 description: Defines a set of pods (namely 600 those matching the labelSelector relative 601 to the given namespace(s)) that this pod 602 should be co-located (affinity) or not co-located 603 (anti-affinity) with, where co-located is 604 defined as running on a node whose value 605 of the label with key <topologyKey> matches 606 that of any node on which a pod of the set 607 of pods is running 608 properties: 609 labelSelector: 610 description: A label query over a set 611 of resources, in this case pods. 612 properties: 613 matchExpressions: 614 description: matchExpressions is a 615 list of label selector requirements. 616 The requirements are ANDed. 617 items: 618 description: A label selector requirement 619 is a selector that contains values, 620 a key, and an operator that relates 621 the key and values. 622 properties: 623 key: 624 description: key is the label 625 key that the selector applies 626 to. 627 type: string 628 operator: 629 description: operator represents 630 a key's relationship to a 631 set of values. Valid operators 632 are In, NotIn, Exists and 633 DoesNotExist. 634 type: string 635 values: 636 description: values is an array 637 of string values. If the operator 638 is In or NotIn, the values 639 array must be non-empty. If 640 the operator is Exists or 641 DoesNotExist, the values array 642 must be empty. This array 643 is replaced during a strategic 644 merge patch. 645 items: 646 type: string 647 type: array 648 required: 649 - key 650 - operator 651 type: object 652 type: array 653 matchLabels: 654 additionalProperties: 655 type: string 656 description: matchLabels is a map 657 of {key,value} pairs. A single {key,value} 658 in the matchLabels map is equivalent 659 to an element of matchExpressions, 660 whose key field is "key", the operator 661 is "In", and the values array contains 662 only "value". The requirements are 663 ANDed. 664 type: object 665 type: object 666 x-kubernetes-map-type: atomic 667 namespaceSelector: 668 description: A label query over the set 669 of namespaces that the term applies 670 to. The term is applied to the union 671 of the namespaces selected by this field 672 and the ones listed in the namespaces 673 field. null selector and null or empty 674 namespaces list means "this pod's namespace". 675 An empty selector ({}) matches all namespaces. 676 properties: 677 matchExpressions: 678 description: matchExpressions is a 679 list of label selector requirements. 680 The requirements are ANDed. 681 items: 682 description: A label selector requirement 683 is a selector that contains values, 684 a key, and an operator that relates 685 the key and values. 686 properties: 687 key: 688 description: key is the label 689 key that the selector applies 690 to. 691 type: string 692 operator: 693 description: operator represents 694 a key's relationship to a 695 set of values. Valid operators 696 are In, NotIn, Exists and 697 DoesNotExist. 698 type: string 699 values: 700 description: values is an array 701 of string values. If the operator 702 is In or NotIn, the values 703 array must be non-empty. If 704 the operator is Exists or 705 DoesNotExist, the values array 706 must be empty. This array 707 is replaced during a strategic 708 merge patch. 709 items: 710 type: string 711 type: array 712 required: 713 - key 714 - operator 715 type: object 716 type: array 717 matchLabels: 718 additionalProperties: 719 type: string 720 description: matchLabels is a map 721 of {key,value} pairs. A single {key,value} 722 in the matchLabels map is equivalent 723 to an element of matchExpressions, 724 whose key field is "key", the operator 725 is "In", and the values array contains 726 only "value". The requirements are 727 ANDed. 728 type: object 729 type: object 730 x-kubernetes-map-type: atomic 731 namespaces: 732 description: namespaces specifies a static 733 list of namespace names that the term 734 applies to. The term is applied to the 735 union of the namespaces listed in this 736 field and the ones selected by namespaceSelector. 737 null or empty namespaces list and null 738 namespaceSelector means "this pod's 739 namespace". 740 items: 741 type: string 742 type: array 743 topologyKey: 744 description: This pod should be co-located 745 (affinity) or not co-located (anti-affinity) 746 with the pods matching the labelSelector 747 in the specified namespaces, where co-located 748 is defined as running on a node whose 749 value of the label with key topologyKey 750 matches that of any node on which any 751 of the selected pods is running. Empty 752 topologyKey is not allowed. 753 type: string 754 required: 755 - topologyKey 756 type: object 757 type: array 758 type: object 759 podAntiAffinity: 760 description: Describes pod anti-affinity scheduling 761 rules (e.g. avoid putting this pod in the same 762 node, zone, etc. as some other pod(s)). 763 properties: 764 preferredDuringSchedulingIgnoredDuringExecution: 765 description: The scheduler will prefer to schedule 766 pods to nodes that satisfy the anti-affinity 767 expressions specified by this field, but it 768 may choose a node that violates one or more 769 of the expressions. The node that is most 770 preferred is the one with the greatest sum 771 of weights, i.e. 772 items: 773 description: The weights of all of the matched 774 WeightedPodAffinityTerm fields are added 775 per-node to find the most preferred node(s) 776 properties: 777 podAffinityTerm: 778 description: Required. A pod affinity 779 term, associated with the corresponding 780 weight. 781 properties: 782 labelSelector: 783 description: A label query over a 784 set of resources, in this case pods. 785 properties: 786 matchExpressions: 787 description: matchExpressions 788 is a list of label selector 789 requirements. The requirements 790 are ANDed. 791 items: 792 description: A label selector 793 requirement is a selector 794 that contains values, a key, 795 and an operator that relates 796 the key and values. 797 properties: 798 key: 799 description: key is the 800 label key that the selector 801 applies to. 802 type: string 803 operator: 804 description: operator represents 805 a key's relationship to 806 a set of values. Valid 807 operators are In, NotIn, 808 Exists and DoesNotExist. 809 type: string 810 values: 811 description: values is an 812 array of string values. 813 If the operator is In 814 or NotIn, the values array 815 must be non-empty. If 816 the operator is Exists 817 or DoesNotExist, the values 818 array must be empty. This 819 array is replaced during 820 a strategic merge patch. 821 items: 822 type: string 823 type: array 824 required: 825 - key 826 - operator 827 type: object 828 type: array 829 matchLabels: 830 additionalProperties: 831 type: string 832 description: matchLabels is a 833 map of {key,value} pairs. A 834 single {key,value} in the matchLabels 835 map is equivalent to an element 836 of matchExpressions, whose key 837 field is "key", the operator 838 is "In", and the values array 839 contains only "value". The requirements 840 are ANDed. 841 type: object 842 type: object 843 x-kubernetes-map-type: atomic 844 namespaceSelector: 845 description: A label query over the 846 set of namespaces that the term 847 applies to. The term is applied 848 to the union of the namespaces selected 849 by this field and the ones listed 850 in the namespaces field. null selector 851 and null or empty namespaces list 852 means "this pod's namespace". An 853 empty selector ({}) matches all 854 namespaces. 855 properties: 856 matchExpressions: 857 description: matchExpressions 858 is a list of label selector 859 requirements. The requirements 860 are ANDed. 861 items: 862 description: A label selector 863 requirement is a selector 864 that contains values, a key, 865 and an operator that relates 866 the key and values. 867 properties: 868 key: 869 description: key is the 870 label key that the selector 871 applies to. 872 type: string 873 operator: 874 description: operator represents 875 a key's relationship to 876 a set of values. Valid 877 operators are In, NotIn, 878 Exists and DoesNotExist. 879 type: string 880 values: 881 description: values is an 882 array of string values. 883 If the operator is In 884 or NotIn, the values array 885 must be non-empty. If 886 the operator is Exists 887 or DoesNotExist, the values 888 array must be empty. This 889 array is replaced during 890 a strategic merge patch. 891 items: 892 type: string 893 type: array 894 required: 895 - key 896 - operator 897 type: object 898 type: array 899 matchLabels: 900 additionalProperties: 901 type: string 902 description: matchLabels is a 903 map of {key,value} pairs. A 904 single {key,value} in the matchLabels 905 map is equivalent to an element 906 of matchExpressions, whose key 907 field is "key", the operator 908 is "In", and the values array 909 contains only "value". The requirements 910 are ANDed. 911 type: object 912 type: object 913 x-kubernetes-map-type: atomic 914 namespaces: 915 description: namespaces specifies 916 a static list of namespace names 917 that the term applies to. The term 918 is applied to the union of the namespaces 919 listed in this field and the ones 920 selected by namespaceSelector. null 921 or empty namespaces list and null 922 namespaceSelector means "this pod's 923 namespace". 924 items: 925 type: string 926 type: array 927 topologyKey: 928 description: This pod should be co-located 929 (affinity) or not co-located (anti-affinity) 930 with the pods matching the labelSelector 931 in the specified namespaces, where 932 co-located is defined as running 933 on a node whose value of the label 934 with key topologyKey matches that 935 of any node on which any of the 936 selected pods is running. Empty 937 topologyKey is not allowed. 938 type: string 939 required: 940 - topologyKey 941 type: object 942 weight: 943 description: weight associated with matching 944 the corresponding podAffinityTerm, in 945 the range 1-100. 946 format: int32 947 type: integer 948 required: 949 - podAffinityTerm 950 - weight 951 type: object 952 type: array 953 requiredDuringSchedulingIgnoredDuringExecution: 954 description: If the anti-affinity requirements 955 specified by this field are not met at scheduling 956 time, the pod will not be scheduled onto the 957 node. If the anti-affinity requirements specified 958 by this field cease to be met at some point 959 during pod execution (e.g. due to a pod label 960 update), the system may or may not try to 961 eventually evict the pod from its node. 962 items: 963 description: Defines a set of pods (namely 964 those matching the labelSelector relative 965 to the given namespace(s)) that this pod 966 should be co-located (affinity) or not co-located 967 (anti-affinity) with, where co-located is 968 defined as running on a node whose value 969 of the label with key <topologyKey> matches 970 that of any node on which a pod of the set 971 of pods is running 972 properties: 973 labelSelector: 974 description: A label query over a set 975 of resources, in this case pods. 976 properties: 977 matchExpressions: 978 description: matchExpressions is a 979 list of label selector requirements. 980 The requirements are ANDed. 981 items: 982 description: A label selector requirement 983 is a selector that contains values, 984 a key, and an operator that relates 985 the key and values. 986 properties: 987 key: 988 description: key is the label 989 key that the selector applies 990 to. 991 type: string 992 operator: 993 description: operator represents 994 a key's relationship to a 995 set of values. Valid operators 996 are In, NotIn, Exists and 997 DoesNotExist. 998 type: string 999 values: 1000 description: values is an array 1001 of string values. If the operator 1002 is In or NotIn, the values 1003 array must be non-empty. If 1004 the operator is Exists or 1005 DoesNotExist, the values array 1006 must be empty. This array 1007 is replaced during a strategic 1008 merge patch. 1009 items: 1010 type: string 1011 type: array 1012 required: 1013 - key 1014 - operator 1015 type: object 1016 type: array 1017 matchLabels: 1018 additionalProperties: 1019 type: string 1020 description: matchLabels is a map 1021 of {key,value} pairs. A single {key,value} 1022 in the matchLabels map is equivalent 1023 to an element of matchExpressions, 1024 whose key field is "key", the operator 1025 is "In", and the values array contains 1026 only "value". The requirements are 1027 ANDed. 1028 type: object 1029 type: object 1030 x-kubernetes-map-type: atomic 1031 namespaceSelector: 1032 description: A label query over the set 1033 of namespaces that the term applies 1034 to. The term is applied to the union 1035 of the namespaces selected by this field 1036 and the ones listed in the namespaces 1037 field. null selector and null or empty 1038 namespaces list means "this pod's namespace". 1039 An empty selector ({}) matches all namespaces. 1040 properties: 1041 matchExpressions: 1042 description: matchExpressions is a 1043 list of label selector requirements. 1044 The requirements are ANDed. 1045 items: 1046 description: A label selector requirement 1047 is a selector that contains values, 1048 a key, and an operator that relates 1049 the key and values. 1050 properties: 1051 key: 1052 description: key is the label 1053 key that the selector applies 1054 to. 1055 type: string 1056 operator: 1057 description: operator represents 1058 a key's relationship to a 1059 set of values. Valid operators 1060 are In, NotIn, Exists and 1061 DoesNotExist. 1062 type: string 1063 values: 1064 description: values is an array 1065 of string values. If the operator 1066 is In or NotIn, the values 1067 array must be non-empty. If 1068 the operator is Exists or 1069 DoesNotExist, the values array 1070 must be empty. This array 1071 is replaced during a strategic 1072 merge patch. 1073 items: 1074 type: string 1075 type: array 1076 required: 1077 - key 1078 - operator 1079 type: object 1080 type: array 1081 matchLabels: 1082 additionalProperties: 1083 type: string 1084 description: matchLabels is a map 1085 of {key,value} pairs. A single {key,value} 1086 in the matchLabels map is equivalent 1087 to an element of matchExpressions, 1088 whose key field is "key", the operator 1089 is "In", and the values array contains 1090 only "value". The requirements are 1091 ANDed. 1092 type: object 1093 type: object 1094 x-kubernetes-map-type: atomic 1095 namespaces: 1096 description: namespaces specifies a static 1097 list of namespace names that the term 1098 applies to. The term is applied to the 1099 union of the namespaces listed in this 1100 field and the ones selected by namespaceSelector. 1101 null or empty namespaces list and null 1102 namespaceSelector means "this pod's 1103 namespace". 1104 items: 1105 type: string 1106 type: array 1107 topologyKey: 1108 description: This pod should be co-located 1109 (affinity) or not co-located (anti-affinity) 1110 with the pods matching the labelSelector 1111 in the specified namespaces, where co-located 1112 is defined as running on a node whose 1113 value of the label with key topologyKey 1114 matches that of any node on which any 1115 of the selected pods is running. Empty 1116 topologyKey is not allowed. 1117 type: string 1118 required: 1119 - topologyKey 1120 type: object 1121 type: array 1122 type: object 1123 type: object 1124 automountServiceAccountToken: 1125 description: AutomountServiceAccountToken indicates 1126 whether a service account token should be automatically 1127 mounted. 1128 type: boolean 1129 containers: 1130 description: List of containers belonging to the pod. 1131 Containers cannot currently be added or removed. There 1132 must be at least one container in a Pod. Cannot be 1133 updated. 1134 items: 1135 description: A single application container that you 1136 want to run within a pod. 1137 properties: 1138 args: 1139 description: 'Arguments to the entrypoint. The 1140 container image''s CMD is used if this is not 1141 provided. Variable references $(VAR_NAME) are 1142 expanded using the container''s environment. 1143 If a variable cannot be resolved, the reference 1144 in the input string will be unchanged. Double 1145 $$ are reduced to a single $, which allows for 1146 escaping the $(VAR_NAME) syntax: i.e.' 1147 items: 1148 type: string 1149 type: array 1150 command: 1151 description: 'Entrypoint array. Not executed within 1152 a shell. The container image''s ENTRYPOINT is 1153 used if this is not provided. Variable references 1154 $(VAR_NAME) are expanded using the container''s 1155 environment. If a variable cannot be resolved, 1156 the reference in the input string will be unchanged. 1157 Double $$ are reduced to a single $, which allows 1158 for escaping the $(VAR_NAME) syntax: i.e.' 1159 items: 1160 type: string 1161 type: array 1162 env: 1163 description: List of environment variables to 1164 set in the container. Cannot be updated. 1165 items: 1166 description: EnvVar represents an environment 1167 variable present in a Container. 1168 properties: 1169 name: 1170 description: Name of the environment variable. 1171 Must be a C_IDENTIFIER. 1172 type: string 1173 value: 1174 description: 'Variable references $(VAR_NAME) 1175 are expanded using the previously defined 1176 environment variables in the container 1177 and any service environment variables. 1178 If a variable cannot be resolved, the 1179 reference in the input string will be 1180 unchanged. Double $$ are reduced to a 1181 single $, which allows for escaping the 1182 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1183 will produce the string literal "$(VAR_NAME)".' 1184 type: string 1185 valueFrom: 1186 description: Source for the environment 1187 variable's value. Cannot be used if value 1188 is not empty. 1189 properties: 1190 configMapKeyRef: 1191 description: Selects a key of a ConfigMap. 1192 properties: 1193 key: 1194 description: The key to select. 1195 type: string 1196 name: 1197 description: 'Name of the referent. 1198 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1199 TODO: Add other useful fields. 1200 apiVersion, kind, uid?' 1201 type: string 1202 optional: 1203 description: Specify whether the 1204 ConfigMap or its key must be defined 1205 type: boolean 1206 required: 1207 - key 1208 type: object 1209 x-kubernetes-map-type: atomic 1210 fieldRef: 1211 description: 'Selects a field of the 1212 pod: supports metadata.name, metadata.namespace, 1213 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 1214 spec.nodeName, spec.serviceAccountName, 1215 status.hostIP, status.podIP, status.podIPs.' 1216 properties: 1217 apiVersion: 1218 description: Version of the schema 1219 the FieldPath is written in terms 1220 of, defaults to "v1". 1221 type: string 1222 fieldPath: 1223 description: Path of the field to 1224 select in the specified API version. 1225 type: string 1226 required: 1227 - fieldPath 1228 type: object 1229 x-kubernetes-map-type: atomic 1230 resourceFieldRef: 1231 description: 'Selects a resource of 1232 the container: only resources limits 1233 and requests (limits.cpu, limits.memory, 1234 limits.ephemeral-storage, requests.cpu, 1235 requests.memory and requests.ephemeral-storage) 1236 are currently supported.' 1237 properties: 1238 containerName: 1239 description: 'Container name: required 1240 for volumes, optional for env 1241 vars' 1242 type: string 1243 divisor: 1244 anyOf: 1245 - type: integer 1246 - type: string 1247 description: Specifies the output 1248 format of the exposed resources, 1249 defaults to "1" 1250 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1251 x-kubernetes-int-or-string: true 1252 resource: 1253 description: 'Required: resource 1254 to select' 1255 type: string 1256 required: 1257 - resource 1258 type: object 1259 x-kubernetes-map-type: atomic 1260 secretKeyRef: 1261 description: Selects a key of a secret 1262 in the pod's namespace 1263 properties: 1264 key: 1265 description: The key of the secret 1266 to select from. Must be a valid 1267 secret key. 1268 type: string 1269 name: 1270 description: 'Name of the referent. 1271 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1272 TODO: Add other useful fields. 1273 apiVersion, kind, uid?' 1274 type: string 1275 optional: 1276 description: Specify whether the 1277 Secret or its key must be defined 1278 type: boolean 1279 required: 1280 - key 1281 type: object 1282 x-kubernetes-map-type: atomic 1283 type: object 1284 required: 1285 - name 1286 type: object 1287 type: array 1288 envFrom: 1289 description: List of sources to populate environment 1290 variables in the container. The keys defined 1291 within a source must be a C_IDENTIFIER. All 1292 invalid keys will be reported as an event when 1293 the container is starting. When a key exists 1294 in multiple sources, the value associated with 1295 the last source will take precedence. Values 1296 defined by an Env with a duplicate key will 1297 take precedence. Cannot be updated. 1298 items: 1299 description: EnvFromSource represents the source 1300 of a set of ConfigMaps 1301 properties: 1302 configMapRef: 1303 description: The ConfigMap to select from 1304 properties: 1305 name: 1306 description: 'Name of the referent. 1307 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1308 TODO: Add other useful fields. apiVersion, 1309 kind, uid?' 1310 type: string 1311 optional: 1312 description: Specify whether the ConfigMap 1313 must be defined 1314 type: boolean 1315 type: object 1316 x-kubernetes-map-type: atomic 1317 prefix: 1318 description: An optional identifier to prepend 1319 to each key in the ConfigMap. Must be 1320 a C_IDENTIFIER. 1321 type: string 1322 secretRef: 1323 description: The Secret to select from 1324 properties: 1325 name: 1326 description: 'Name of the referent. 1327 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1328 TODO: Add other useful fields. apiVersion, 1329 kind, uid?' 1330 type: string 1331 optional: 1332 description: Specify whether the Secret 1333 must be defined 1334 type: boolean 1335 type: object 1336 x-kubernetes-map-type: atomic 1337 type: object 1338 type: array 1339 image: 1340 description: 'Container image name. More info: 1341 https://kubernetes.io/docs/concepts/containers/images 1342 This field is optional to allow higher level 1343 config management to default or override container 1344 images in workload controllers like Deployments 1345 and StatefulSets.' 1346 type: string 1347 imagePullPolicy: 1348 description: 'Image pull policy. One of Always, 1349 Never, IfNotPresent. Defaults to Always if :latest 1350 tag is specified, or IfNotPresent otherwise. 1351 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1352 type: string 1353 lifecycle: 1354 description: Actions that the management system 1355 should take in response to container lifecycle 1356 events. Cannot be updated. 1357 properties: 1358 postStart: 1359 description: 'PostStart is called immediately 1360 after a container is created. If the handler 1361 fails, the container is terminated and restarted 1362 according to its restart policy. Other management 1363 of the container blocks until the hook completes. 1364 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1365 properties: 1366 exec: 1367 description: Exec specifies the action 1368 to take. 1369 properties: 1370 command: 1371 description: Command is the command 1372 line to execute inside the container, 1373 the working directory for the command is 1374 root ('/') in the container's filesystem. 1375 The command is simply exec'd, it 1376 is not run inside a shell, so traditional 1377 shell instructions ('|', etc) won't 1378 work. To use a shell, you need to 1379 explicitly call out to that shell. 1380 Exit status of 0 is treated as live/healthy 1381 and non-zero is unhealthy. 1382 items: 1383 type: string 1384 type: array 1385 type: object 1386 httpGet: 1387 description: HTTPGet specifies the http 1388 request to perform. 1389 properties: 1390 host: 1391 description: Host name to connect 1392 to, defaults to the pod IP. You 1393 probably want to set "Host" in httpHeaders 1394 instead. 1395 type: string 1396 httpHeaders: 1397 description: Custom headers to set 1398 in the request. HTTP allows repeated 1399 headers. 1400 items: 1401 description: HTTPHeader describes 1402 a custom header to be used in 1403 HTTP probes 1404 properties: 1405 name: 1406 description: The header field 1407 name. This will be canonicalized 1408 upon output, so case-variant 1409 names will be understood as 1410 the same header. 1411 type: string 1412 value: 1413 description: The header field 1414 value 1415 type: string 1416 required: 1417 - name 1418 - value 1419 type: object 1420 type: array 1421 path: 1422 description: Path to access on the 1423 HTTP server. 1424 type: string 1425 port: 1426 anyOf: 1427 - type: integer 1428 - type: string 1429 description: Name or number of the 1430 port to access on the container. 1431 Number must be in the range 1 to 1432 65535. Name must be an IANA_SVC_NAME. 1433 x-kubernetes-int-or-string: true 1434 scheme: 1435 description: Scheme to use for connecting 1436 to the host. Defaults to HTTP. 1437 type: string 1438 required: 1439 - port 1440 type: object 1441 tcpSocket: 1442 description: Deprecated. TCPSocket is 1443 NOT supported as a LifecycleHandler 1444 and kept for the backward compatibility. 1445 There are no validation of this field 1446 and lifecycle hooks will fail in runtime 1447 when tcp handler is specified. 1448 properties: 1449 host: 1450 description: 'Optional: Host name 1451 to connect to, defaults to the pod 1452 IP.' 1453 type: string 1454 port: 1455 anyOf: 1456 - type: integer 1457 - type: string 1458 description: Number or name of the 1459 port to access on the container. 1460 Number must be in the range 1 to 1461 65535. Name must be an IANA_SVC_NAME. 1462 x-kubernetes-int-or-string: true 1463 required: 1464 - port 1465 type: object 1466 type: object 1467 preStop: 1468 description: PreStop is called immediately 1469 before a container is terminated due to 1470 an API request or management event such 1471 as liveness/startup probe failure, preemption, 1472 resource contention, etc. The handler is 1473 not called if the container crashes or exits. 1474 The Pod's termination grace period countdown 1475 begins before the PreStop hook is executed. 1476 properties: 1477 exec: 1478 description: Exec specifies the action 1479 to take. 1480 properties: 1481 command: 1482 description: Command is the command 1483 line to execute inside the container, 1484 the working directory for the command is 1485 root ('/') in the container's filesystem. 1486 The command is simply exec'd, it 1487 is not run inside a shell, so traditional 1488 shell instructions ('|', etc) won't 1489 work. To use a shell, you need to 1490 explicitly call out to that shell. 1491 Exit status of 0 is treated as live/healthy 1492 and non-zero is unhealthy. 1493 items: 1494 type: string 1495 type: array 1496 type: object 1497 httpGet: 1498 description: HTTPGet specifies the http 1499 request to perform. 1500 properties: 1501 host: 1502 description: Host name to connect 1503 to, defaults to the pod IP. You 1504 probably want to set "Host" in httpHeaders 1505 instead. 1506 type: string 1507 httpHeaders: 1508 description: Custom headers to set 1509 in the request. HTTP allows repeated 1510 headers. 1511 items: 1512 description: HTTPHeader describes 1513 a custom header to be used in 1514 HTTP probes 1515 properties: 1516 name: 1517 description: The header field 1518 name. This will be canonicalized 1519 upon output, so case-variant 1520 names will be understood as 1521 the same header. 1522 type: string 1523 value: 1524 description: The header field 1525 value 1526 type: string 1527 required: 1528 - name 1529 - value 1530 type: object 1531 type: array 1532 path: 1533 description: Path to access on the 1534 HTTP server. 1535 type: string 1536 port: 1537 anyOf: 1538 - type: integer 1539 - type: string 1540 description: Name or number of the 1541 port to access on the container. 1542 Number must be in the range 1 to 1543 65535. Name must be an IANA_SVC_NAME. 1544 x-kubernetes-int-or-string: true 1545 scheme: 1546 description: Scheme to use for connecting 1547 to the host. Defaults to HTTP. 1548 type: string 1549 required: 1550 - port 1551 type: object 1552 tcpSocket: 1553 description: Deprecated. TCPSocket is 1554 NOT supported as a LifecycleHandler 1555 and kept for the backward compatibility. 1556 There are no validation of this field 1557 and lifecycle hooks will fail in runtime 1558 when tcp handler is specified. 1559 properties: 1560 host: 1561 description: 'Optional: Host name 1562 to connect to, defaults to the pod 1563 IP.' 1564 type: string 1565 port: 1566 anyOf: 1567 - type: integer 1568 - type: string 1569 description: Number or name of the 1570 port to access on the container. 1571 Number must be in the range 1 to 1572 65535. Name must be an IANA_SVC_NAME. 1573 x-kubernetes-int-or-string: true 1574 required: 1575 - port 1576 type: object 1577 type: object 1578 type: object 1579 livenessProbe: 1580 description: 'Periodic probe of container liveness. 1581 Container will be restarted if the probe fails. 1582 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1583 properties: 1584 exec: 1585 description: Exec specifies the action to 1586 take. 1587 properties: 1588 command: 1589 description: Command is the command line 1590 to execute inside the container, the 1591 working directory for the command is 1592 root ('/') in the container's filesystem. 1593 The command is simply exec'd, it is 1594 not run inside a shell, so traditional 1595 shell instructions ('|', etc) won't 1596 work. To use a shell, you need to explicitly 1597 call out to that shell. Exit status 1598 of 0 is treated as live/healthy and 1599 non-zero is unhealthy. 1600 items: 1601 type: string 1602 type: array 1603 type: object 1604 failureThreshold: 1605 description: Minimum consecutive failures 1606 for the probe to be considered failed after 1607 having succeeded. Defaults to 3. Minimum 1608 value is 1. 1609 format: int32 1610 type: integer 1611 grpc: 1612 description: GRPC specifies an action involving 1613 a GRPC port. 1614 properties: 1615 port: 1616 description: Port number of the gRPC service. 1617 Number must be in the range 1 to 65535. 1618 format: int32 1619 type: integer 1620 service: 1621 description: "Service is the name of the 1622 service to place in the gRPC HealthCheckRequest 1623 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1624 \n If this is not specified, the default 1625 behavior is defined by gRPC." 1626 type: string 1627 required: 1628 - port 1629 type: object 1630 httpGet: 1631 description: HTTPGet specifies the http request 1632 to perform. 1633 properties: 1634 host: 1635 description: Host name to connect to, 1636 defaults to the pod IP. You probably 1637 want to set "Host" in httpHeaders instead. 1638 type: string 1639 httpHeaders: 1640 description: Custom headers to set in 1641 the request. HTTP allows repeated headers. 1642 items: 1643 description: HTTPHeader describes a 1644 custom header to be used in HTTP probes 1645 properties: 1646 name: 1647 description: The header field name. 1648 This will be canonicalized upon 1649 output, so case-variant names 1650 will be understood as the same 1651 header. 1652 type: string 1653 value: 1654 description: The header field value 1655 type: string 1656 required: 1657 - name 1658 - value 1659 type: object 1660 type: array 1661 path: 1662 description: Path to access on the HTTP 1663 server. 1664 type: string 1665 port: 1666 anyOf: 1667 - type: integer 1668 - type: string 1669 description: Name or number of the port 1670 to access on the container. Number must 1671 be in the range 1 to 65535. Name must 1672 be an IANA_SVC_NAME. 1673 x-kubernetes-int-or-string: true 1674 scheme: 1675 description: Scheme to use for connecting 1676 to the host. Defaults to HTTP. 1677 type: string 1678 required: 1679 - port 1680 type: object 1681 initialDelaySeconds: 1682 description: 'Number of seconds after the 1683 container has started before liveness probes 1684 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1685 format: int32 1686 type: integer 1687 periodSeconds: 1688 description: How often (in seconds) to perform 1689 the probe. Default to 10 seconds. Minimum 1690 value is 1. 1691 format: int32 1692 type: integer 1693 successThreshold: 1694 description: Minimum consecutive successes 1695 for the probe to be considered successful 1696 after having failed. Defaults to 1. Must 1697 be 1 for liveness and startup. Minimum value 1698 is 1. 1699 format: int32 1700 type: integer 1701 tcpSocket: 1702 description: TCPSocket specifies an action 1703 involving a TCP port. 1704 properties: 1705 host: 1706 description: 'Optional: Host name to connect 1707 to, defaults to the pod IP.' 1708 type: string 1709 port: 1710 anyOf: 1711 - type: integer 1712 - type: string 1713 description: Number or name of the port 1714 to access on the container. Number must 1715 be in the range 1 to 65535. Name must 1716 be an IANA_SVC_NAME. 1717 x-kubernetes-int-or-string: true 1718 required: 1719 - port 1720 type: object 1721 terminationGracePeriodSeconds: 1722 description: Optional duration in seconds 1723 the pod needs to terminate gracefully upon 1724 probe failure. The grace period is the duration 1725 in seconds after the processes running in 1726 the pod are sent a termination signal and 1727 the time when the processes are forcibly 1728 halted with a kill signal. Set this value 1729 longer than the expected cleanup time for 1730 your process. 1731 format: int64 1732 type: integer 1733 timeoutSeconds: 1734 description: 'Number of seconds after which 1735 the probe times out. Defaults to 1 second. 1736 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1737 format: int32 1738 type: integer 1739 type: object 1740 name: 1741 description: Name of the container specified as 1742 a DNS_LABEL. Each container in a pod must have 1743 a unique name (DNS_LABEL). Cannot be updated. 1744 type: string 1745 ports: 1746 description: List of ports to expose from the 1747 container. Not specifying a port here DOES NOT 1748 prevent that port from being exposed. Any port 1749 which is listening on the default "0.0.0.0" 1750 address inside a container will be accessible 1751 from the network. Modifying this array with 1752 strategic merge patch may corrupt the data. 1753 For more information See https://github.com/kubernetes/kubernetes/issues/108255. 1754 items: 1755 description: ContainerPort represents a network 1756 port in a single container. 1757 properties: 1758 containerPort: 1759 description: Number of port to expose on 1760 the pod's IP address. This must be a valid 1761 port number, 0 < x < 65536. 1762 format: int32 1763 type: integer 1764 hostIP: 1765 description: What host IP to bind the external 1766 port to. 1767 type: string 1768 hostPort: 1769 description: Number of port to expose on 1770 the host. If specified, this must be a 1771 valid port number, 0 < x < 65536. If HostNetwork 1772 is specified, this must match ContainerPort. 1773 Most containers do not need this. 1774 format: int32 1775 type: integer 1776 name: 1777 description: If specified, this must be 1778 an IANA_SVC_NAME and unique within the 1779 pod. Each named port in a pod must have 1780 a unique name. Name for the port that 1781 can be referred to by services. 1782 type: string 1783 protocol: 1784 default: TCP 1785 description: Protocol for port. Must be 1786 UDP, TCP, or SCTP. Defaults to "TCP". 1787 type: string 1788 required: 1789 - containerPort 1790 type: object 1791 type: array 1792 x-kubernetes-list-map-keys: 1793 - containerPort 1794 - protocol 1795 x-kubernetes-list-type: map 1796 readinessProbe: 1797 description: 'Periodic probe of container service 1798 readiness. Container will be removed from service 1799 endpoints if the probe fails. Cannot be updated. 1800 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1801 properties: 1802 exec: 1803 description: Exec specifies the action to 1804 take. 1805 properties: 1806 command: 1807 description: Command is the command line 1808 to execute inside the container, the 1809 working directory for the command is 1810 root ('/') in the container's filesystem. 1811 The command is simply exec'd, it is 1812 not run inside a shell, so traditional 1813 shell instructions ('|', etc) won't 1814 work. To use a shell, you need to explicitly 1815 call out to that shell. Exit status 1816 of 0 is treated as live/healthy and 1817 non-zero is unhealthy. 1818 items: 1819 type: string 1820 type: array 1821 type: object 1822 failureThreshold: 1823 description: Minimum consecutive failures 1824 for the probe to be considered failed after 1825 having succeeded. Defaults to 3. Minimum 1826 value is 1. 1827 format: int32 1828 type: integer 1829 grpc: 1830 description: GRPC specifies an action involving 1831 a GRPC port. 1832 properties: 1833 port: 1834 description: Port number of the gRPC service. 1835 Number must be in the range 1 to 65535. 1836 format: int32 1837 type: integer 1838 service: 1839 description: "Service is the name of the 1840 service to place in the gRPC HealthCheckRequest 1841 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1842 \n If this is not specified, the default 1843 behavior is defined by gRPC." 1844 type: string 1845 required: 1846 - port 1847 type: object 1848 httpGet: 1849 description: HTTPGet specifies the http request 1850 to perform. 1851 properties: 1852 host: 1853 description: Host name to connect to, 1854 defaults to the pod IP. You probably 1855 want to set "Host" in httpHeaders instead. 1856 type: string 1857 httpHeaders: 1858 description: Custom headers to set in 1859 the request. HTTP allows repeated headers. 1860 items: 1861 description: HTTPHeader describes a 1862 custom header to be used in HTTP probes 1863 properties: 1864 name: 1865 description: The header field name. 1866 This will be canonicalized upon 1867 output, so case-variant names 1868 will be understood as the same 1869 header. 1870 type: string 1871 value: 1872 description: The header field value 1873 type: string 1874 required: 1875 - name 1876 - value 1877 type: object 1878 type: array 1879 path: 1880 description: Path to access on the HTTP 1881 server. 1882 type: string 1883 port: 1884 anyOf: 1885 - type: integer 1886 - type: string 1887 description: Name or number of the port 1888 to access on the container. Number must 1889 be in the range 1 to 65535. Name must 1890 be an IANA_SVC_NAME. 1891 x-kubernetes-int-or-string: true 1892 scheme: 1893 description: Scheme to use for connecting 1894 to the host. Defaults to HTTP. 1895 type: string 1896 required: 1897 - port 1898 type: object 1899 initialDelaySeconds: 1900 description: 'Number of seconds after the 1901 container has started before liveness probes 1902 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1903 format: int32 1904 type: integer 1905 periodSeconds: 1906 description: How often (in seconds) to perform 1907 the probe. Default to 10 seconds. Minimum 1908 value is 1. 1909 format: int32 1910 type: integer 1911 successThreshold: 1912 description: Minimum consecutive successes 1913 for the probe to be considered successful 1914 after having failed. Defaults to 1. Must 1915 be 1 for liveness and startup. Minimum value 1916 is 1. 1917 format: int32 1918 type: integer 1919 tcpSocket: 1920 description: TCPSocket specifies an action 1921 involving a TCP port. 1922 properties: 1923 host: 1924 description: 'Optional: Host name to connect 1925 to, defaults to the pod IP.' 1926 type: string 1927 port: 1928 anyOf: 1929 - type: integer 1930 - type: string 1931 description: Number or name of the port 1932 to access on the container. Number must 1933 be in the range 1 to 65535. Name must 1934 be an IANA_SVC_NAME. 1935 x-kubernetes-int-or-string: true 1936 required: 1937 - port 1938 type: object 1939 terminationGracePeriodSeconds: 1940 description: Optional duration in seconds 1941 the pod needs to terminate gracefully upon 1942 probe failure. The grace period is the duration 1943 in seconds after the processes running in 1944 the pod are sent a termination signal and 1945 the time when the processes are forcibly 1946 halted with a kill signal. Set this value 1947 longer than the expected cleanup time for 1948 your process. 1949 format: int64 1950 type: integer 1951 timeoutSeconds: 1952 description: 'Number of seconds after which 1953 the probe times out. Defaults to 1 second. 1954 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1955 format: int32 1956 type: integer 1957 type: object 1958 resizePolicy: 1959 description: Resources resize policy for the container. 1960 items: 1961 description: ContainerResizePolicy represents 1962 resource resize policy for the container. 1963 properties: 1964 resourceName: 1965 description: 'Name of the resource to which 1966 this resource resize policy applies. Supported 1967 values: cpu, memory.' 1968 type: string 1969 restartPolicy: 1970 description: Restart policy to apply when 1971 specified resource is resized. If not 1972 specified, it defaults to NotRequired. 1973 type: string 1974 required: 1975 - resourceName 1976 - restartPolicy 1977 type: object 1978 type: array 1979 x-kubernetes-list-type: atomic 1980 resources: 1981 description: 'Compute Resources required by this 1982 container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1983 properties: 1984 claims: 1985 description: "Claims lists the names of resources, 1986 defined in spec.resourceClaims, that are 1987 used by this container. \n This is an alpha 1988 field and requires enabling the DynamicResourceAllocation 1989 feature gate. \n This field is immutable. 1990 It can only be set for containers." 1991 items: 1992 description: ResourceClaim references one 1993 entry in PodSpec.ResourceClaims. 1994 properties: 1995 name: 1996 description: Name must match the name 1997 of one entry in pod.spec.resourceClaims 1998 of the Pod where this field is used. 1999 It makes that resource available inside 2000 a container. 2001 type: string 2002 required: 2003 - name 2004 type: object 2005 type: array 2006 x-kubernetes-list-map-keys: 2007 - name 2008 x-kubernetes-list-type: map 2009 limits: 2010 additionalProperties: 2011 anyOf: 2012 - type: integer 2013 - type: string 2014 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2015 x-kubernetes-int-or-string: true 2016 description: 'Limits describes the maximum 2017 amount of compute resources allowed. More 2018 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2019 type: object 2020 requests: 2021 additionalProperties: 2022 anyOf: 2023 - type: integer 2024 - type: string 2025 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2026 x-kubernetes-int-or-string: true 2027 description: 'Requests describes the minimum 2028 amount of compute resources required. If 2029 Requests is omitted for a container, it 2030 defaults to Limits if that is explicitly 2031 specified, otherwise to an implementation-defined 2032 value. Requests cannot exceed Limits. More 2033 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2034 type: object 2035 type: object 2036 securityContext: 2037 description: 'SecurityContext defines the security 2038 options the container should be run with. If 2039 set, the fields of SecurityContext override 2040 the equivalent fields of PodSecurityContext. 2041 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2042 properties: 2043 allowPrivilegeEscalation: 2044 description: 'AllowPrivilegeEscalation controls 2045 whether a process can gain more privileges 2046 than its parent process. This bool directly 2047 controls if the no_new_privs flag will be 2048 set on the container process. AllowPrivilegeEscalation 2049 is true always when the container is: 1) 2050 run as Privileged 2) has CAP_SYS_ADMIN Note 2051 that this field cannot be set when spec.os.name 2052 is windows.' 2053 type: boolean 2054 capabilities: 2055 description: The capabilities to add/drop 2056 when running containers. Defaults to the 2057 default set of capabilities granted by the 2058 container runtime. Note that this field 2059 cannot be set when spec.os.name is windows. 2060 properties: 2061 add: 2062 description: Added capabilities 2063 items: 2064 description: Capability represent POSIX 2065 capabilities type 2066 type: string 2067 type: array 2068 drop: 2069 description: Removed capabilities 2070 items: 2071 description: Capability represent POSIX 2072 capabilities type 2073 type: string 2074 type: array 2075 type: object 2076 privileged: 2077 description: Run container in privileged mode. 2078 Processes in privileged containers are essentially 2079 equivalent to root on the host. Defaults 2080 to false. Note that this field cannot be 2081 set when spec.os.name is windows. 2082 type: boolean 2083 procMount: 2084 description: procMount denotes the type of 2085 proc mount to use for the containers. The 2086 default is DefaultProcMount which uses the 2087 container runtime defaults for readonly 2088 paths and masked paths. This requires the 2089 ProcMountType feature flag to be enabled. 2090 Note that this field cannot be set when 2091 spec.os.name is windows. 2092 type: string 2093 readOnlyRootFilesystem: 2094 description: Whether this container has a 2095 read-only root filesystem. Default is false. 2096 Note that this field cannot be set when 2097 spec.os.name is windows. 2098 type: boolean 2099 runAsGroup: 2100 description: The GID to run the entrypoint 2101 of the container process. Uses runtime default 2102 if unset. May also be set in PodSecurityContext. If 2103 set in both SecurityContext and PodSecurityContext, 2104 the value specified in SecurityContext takes 2105 precedence. Note that this field cannot 2106 be set when spec.os.name is windows. 2107 format: int64 2108 type: integer 2109 runAsNonRoot: 2110 description: Indicates that the container 2111 must run as a non-root user. If true, the 2112 Kubelet will validate the image at runtime 2113 to ensure that it does not run as UID 0 2114 (root) and fail to start the container if 2115 it does. If unset or false, no such validation 2116 will be performed. May also be set in PodSecurityContext. 2117 type: boolean 2118 runAsUser: 2119 description: The UID to run the entrypoint 2120 of the container process. Defaults to user 2121 specified in image metadata if unspecified. 2122 May also be set in PodSecurityContext. If 2123 set in both SecurityContext and PodSecurityContext, 2124 the value specified in SecurityContext takes 2125 precedence. Note that this field cannot 2126 be set when spec.os.name is windows. 2127 format: int64 2128 type: integer 2129 seLinuxOptions: 2130 description: The SELinux context to be applied 2131 to the container. If unspecified, the container 2132 runtime will allocate a random SELinux context 2133 for each container. May also be set in 2134 PodSecurityContext. If set in both SecurityContext 2135 and PodSecurityContext, the value specified 2136 in SecurityContext takes precedence. Note 2137 that this field cannot be set when spec.os.name 2138 is windows. 2139 properties: 2140 level: 2141 description: Level is SELinux level label 2142 that applies to the container. 2143 type: string 2144 role: 2145 description: Role is a SELinux role label 2146 that applies to the container. 2147 type: string 2148 type: 2149 description: Type is a SELinux type label 2150 that applies to the container. 2151 type: string 2152 user: 2153 description: User is a SELinux user label 2154 that applies to the container. 2155 type: string 2156 type: object 2157 seccompProfile: 2158 description: The seccomp options to use by 2159 this container. If seccomp options are provided 2160 at both the pod & container level, the container 2161 options override the pod options. Note that 2162 this field cannot be set when spec.os.name 2163 is windows. 2164 properties: 2165 localhostProfile: 2166 description: localhostProfile indicates 2167 a profile defined in a file on the node 2168 should be used. The profile must be 2169 preconfigured on the node to work. Must 2170 be a descending path, relative to the 2171 kubelet's configured seccomp profile 2172 location. Must only be set if type is 2173 "Localhost". 2174 type: string 2175 type: 2176 description: "type indicates which kind 2177 of seccomp profile will be applied. 2178 Valid options are: \n Localhost - a 2179 profile defined in a file on the node 2180 should be used. RuntimeDefault - the 2181 container runtime default profile should 2182 be used. Unconfined - no profile should 2183 be applied." 2184 type: string 2185 required: 2186 - type 2187 type: object 2188 windowsOptions: 2189 description: The Windows specific settings 2190 applied to all containers. If unspecified, 2191 the options from the PodSecurityContext 2192 will be used. If set in both SecurityContext 2193 and PodSecurityContext, the value specified 2194 in SecurityContext takes precedence. Note 2195 that this field cannot be set when spec.os.name 2196 is linux. 2197 properties: 2198 gmsaCredentialSpec: 2199 description: GMSACredentialSpec is where 2200 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2201 inlines the contents of the GMSA credential 2202 spec named by the GMSACredentialSpecName 2203 field. 2204 type: string 2205 gmsaCredentialSpecName: 2206 description: GMSACredentialSpecName is 2207 the name of the GMSA credential spec 2208 to use. 2209 type: string 2210 hostProcess: 2211 description: HostProcess determines if 2212 a container should be run as a 'Host 2213 Process' container. This field is alpha-level 2214 and will only be honored by components 2215 that enable the WindowsHostProcessContainers 2216 feature flag. Setting this field without 2217 the feature flag will result in errors 2218 when validating the Pod. 2219 type: boolean 2220 runAsUserName: 2221 description: The UserName in Windows to 2222 run the entrypoint of the container 2223 process. Defaults to the user specified 2224 in image metadata if unspecified. May 2225 also be set in PodSecurityContext. If 2226 set in both SecurityContext and PodSecurityContext, 2227 the value specified in SecurityContext 2228 takes precedence. 2229 type: string 2230 type: object 2231 type: object 2232 startupProbe: 2233 description: StartupProbe indicates that the Pod 2234 has successfully initialized. If specified, 2235 no other probes are executed until this completes 2236 successfully. If this probe fails, the Pod will 2237 be restarted, just as if the livenessProbe failed. 2238 properties: 2239 exec: 2240 description: Exec specifies the action to 2241 take. 2242 properties: 2243 command: 2244 description: Command is the command line 2245 to execute inside the container, the 2246 working directory for the command is 2247 root ('/') in the container's filesystem. 2248 The command is simply exec'd, it is 2249 not run inside a shell, so traditional 2250 shell instructions ('|', etc) won't 2251 work. To use a shell, you need to explicitly 2252 call out to that shell. Exit status 2253 of 0 is treated as live/healthy and 2254 non-zero is unhealthy. 2255 items: 2256 type: string 2257 type: array 2258 type: object 2259 failureThreshold: 2260 description: Minimum consecutive failures 2261 for the probe to be considered failed after 2262 having succeeded. Defaults to 3. Minimum 2263 value is 1. 2264 format: int32 2265 type: integer 2266 grpc: 2267 description: GRPC specifies an action involving 2268 a GRPC port. 2269 properties: 2270 port: 2271 description: Port number of the gRPC service. 2272 Number must be in the range 1 to 65535. 2273 format: int32 2274 type: integer 2275 service: 2276 description: "Service is the name of the 2277 service to place in the gRPC HealthCheckRequest 2278 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2279 \n If this is not specified, the default 2280 behavior is defined by gRPC." 2281 type: string 2282 required: 2283 - port 2284 type: object 2285 httpGet: 2286 description: HTTPGet specifies the http request 2287 to perform. 2288 properties: 2289 host: 2290 description: Host name to connect to, 2291 defaults to the pod IP. You probably 2292 want to set "Host" in httpHeaders instead. 2293 type: string 2294 httpHeaders: 2295 description: Custom headers to set in 2296 the request. HTTP allows repeated headers. 2297 items: 2298 description: HTTPHeader describes a 2299 custom header to be used in HTTP probes 2300 properties: 2301 name: 2302 description: The header field name. 2303 This will be canonicalized upon 2304 output, so case-variant names 2305 will be understood as the same 2306 header. 2307 type: string 2308 value: 2309 description: The header field value 2310 type: string 2311 required: 2312 - name 2313 - value 2314 type: object 2315 type: array 2316 path: 2317 description: Path to access on the HTTP 2318 server. 2319 type: string 2320 port: 2321 anyOf: 2322 - type: integer 2323 - type: string 2324 description: Name or number of the port 2325 to access on the container. Number must 2326 be in the range 1 to 65535. Name must 2327 be an IANA_SVC_NAME. 2328 x-kubernetes-int-or-string: true 2329 scheme: 2330 description: Scheme to use for connecting 2331 to the host. Defaults to HTTP. 2332 type: string 2333 required: 2334 - port 2335 type: object 2336 initialDelaySeconds: 2337 description: 'Number of seconds after the 2338 container has started before liveness probes 2339 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2340 format: int32 2341 type: integer 2342 periodSeconds: 2343 description: How often (in seconds) to perform 2344 the probe. Default to 10 seconds. Minimum 2345 value is 1. 2346 format: int32 2347 type: integer 2348 successThreshold: 2349 description: Minimum consecutive successes 2350 for the probe to be considered successful 2351 after having failed. Defaults to 1. Must 2352 be 1 for liveness and startup. Minimum value 2353 is 1. 2354 format: int32 2355 type: integer 2356 tcpSocket: 2357 description: TCPSocket specifies an action 2358 involving a TCP port. 2359 properties: 2360 host: 2361 description: 'Optional: Host name to connect 2362 to, defaults to the pod IP.' 2363 type: string 2364 port: 2365 anyOf: 2366 - type: integer 2367 - type: string 2368 description: Number or name of the port 2369 to access on the container. Number must 2370 be in the range 1 to 65535. Name must 2371 be an IANA_SVC_NAME. 2372 x-kubernetes-int-or-string: true 2373 required: 2374 - port 2375 type: object 2376 terminationGracePeriodSeconds: 2377 description: Optional duration in seconds 2378 the pod needs to terminate gracefully upon 2379 probe failure. The grace period is the duration 2380 in seconds after the processes running in 2381 the pod are sent a termination signal and 2382 the time when the processes are forcibly 2383 halted with a kill signal. Set this value 2384 longer than the expected cleanup time for 2385 your process. 2386 format: int64 2387 type: integer 2388 timeoutSeconds: 2389 description: 'Number of seconds after which 2390 the probe times out. Defaults to 1 second. 2391 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2392 format: int32 2393 type: integer 2394 type: object 2395 stdin: 2396 description: Whether this container should allocate 2397 a buffer for stdin in the container runtime. 2398 If this is not set, reads from stdin in the 2399 container will always result in EOF. Default 2400 is false. 2401 type: boolean 2402 stdinOnce: 2403 description: Whether the container runtime should 2404 close the stdin channel after it has been opened 2405 by a single attach. When stdin is true the stdin 2406 stream will remain open across multiple attach 2407 sessions. 2408 type: boolean 2409 terminationMessagePath: 2410 description: 'Optional: Path at which the file 2411 to which the container''s termination message 2412 will be written is mounted into the container''s 2413 filesystem. Message written is intended to be 2414 brief final status, such as an assertion failure 2415 message. Will be truncated by the node if greater 2416 than 4096 bytes. The total message length across 2417 all containers will be limited to 12kb. Defaults 2418 to /dev/termination-log.' 2419 type: string 2420 terminationMessagePolicy: 2421 description: Indicate how the termination message 2422 should be populated. File will use the contents 2423 of terminationMessagePath to populate the container 2424 status message on both success and failure. 2425 FallbackToLogsOnError will use the last chunk 2426 of container log output if the termination message 2427 file is empty and the container exited with 2428 an error. 2429 type: string 2430 tty: 2431 description: Whether this container should allocate 2432 a TTY for itself, also requires 'stdin' to be 2433 true. Default is false. 2434 type: boolean 2435 volumeDevices: 2436 description: volumeDevices is the list of block 2437 devices to be used by the container. 2438 items: 2439 description: volumeDevice describes a mapping 2440 of a raw block device within a container. 2441 properties: 2442 devicePath: 2443 description: devicePath is the path inside 2444 of the container that the device will 2445 be mapped to. 2446 type: string 2447 name: 2448 description: name must match the name of 2449 a persistentVolumeClaim in the pod 2450 type: string 2451 required: 2452 - devicePath 2453 - name 2454 type: object 2455 type: array 2456 volumeMounts: 2457 description: Pod volumes to mount into the container's 2458 filesystem. Cannot be updated. 2459 items: 2460 description: VolumeMount describes a mounting 2461 of a Volume within a container. 2462 properties: 2463 mountPath: 2464 description: Path within the container at 2465 which the volume should be mounted. Must 2466 not contain ':'. 2467 type: string 2468 mountPropagation: 2469 description: mountPropagation determines 2470 how mounts are propagated from the host 2471 to container and the other way around. 2472 When not set, MountPropagationNone is 2473 used. This field is beta in 1.10. 2474 type: string 2475 name: 2476 description: This must match the Name of 2477 a Volume. 2478 type: string 2479 readOnly: 2480 description: Mounted read-only if true, 2481 read-write otherwise (false or unspecified). 2482 Defaults to false. 2483 type: boolean 2484 subPath: 2485 description: Path within the volume from 2486 which the container's volume should be 2487 mounted. Defaults to "" (volume's root). 2488 type: string 2489 subPathExpr: 2490 description: Expanded path within the volume 2491 from which the container's volume should 2492 be mounted. Behaves similarly to SubPath 2493 but environment variable references $(VAR_NAME) 2494 are expanded using the container's environment. 2495 Defaults to "" (volume's root). SubPathExpr 2496 and SubPath are mutually exclusive. 2497 type: string 2498 required: 2499 - mountPath 2500 - name 2501 type: object 2502 type: array 2503 workingDir: 2504 description: Container's working directory. If 2505 not specified, the container runtime's default 2506 will be used, which might be configured in the 2507 container image. Cannot be updated. 2508 type: string 2509 required: 2510 - name 2511 type: object 2512 type: array 2513 dnsConfig: 2514 description: Specifies the DNS parameters of a pod. 2515 Parameters specified here will be merged to the generated 2516 DNS configuration based on DNSPolicy. 2517 properties: 2518 nameservers: 2519 description: A list of DNS name server IP addresses. 2520 This will be appended to the base nameservers 2521 generated from DNSPolicy. Duplicated nameservers 2522 will be removed. 2523 items: 2524 type: string 2525 type: array 2526 options: 2527 description: A list of DNS resolver options. This 2528 will be merged with the base options generated 2529 from DNSPolicy. Duplicated entries will be removed. 2530 Resolution options given in Options will override 2531 those that appear in the base DNSPolicy. 2532 items: 2533 description: PodDNSConfigOption defines DNS resolver 2534 options of a pod. 2535 properties: 2536 name: 2537 description: Required. 2538 type: string 2539 value: 2540 type: string 2541 type: object 2542 type: array 2543 searches: 2544 description: A list of DNS search domains for host-name 2545 lookup. This will be appended to the base search 2546 paths generated from DNSPolicy. Duplicated search 2547 paths will be removed. 2548 items: 2549 type: string 2550 type: array 2551 type: object 2552 dnsPolicy: 2553 description: Set DNS policy for the pod. Defaults to 2554 "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 2555 'ClusterFirst', 'Default' or 'None'. DNS parameters 2556 given in DNSConfig will be merged with the policy 2557 selected with DNSPolicy. To have DNS options set along 2558 with hostNetwork, you have to specify DNS policy explicitly 2559 to 'ClusterFirstWithHostNet'. 2560 type: string 2561 enableServiceLinks: 2562 description: 'EnableServiceLinks indicates whether information 2563 about services should be injected into pod''s environment 2564 variables, matching the syntax of Docker links. Optional: 2565 Defaults to true.' 2566 type: boolean 2567 ephemeralContainers: 2568 description: List of ephemeral containers run in this 2569 pod. Ephemeral containers may be run in an existing 2570 pod to perform user-initiated actions such as debugging. 2571 This list cannot be specified when creating a pod, 2572 and it cannot be modified by updating the pod spec. 2573 In order to add an ephemeral container to an existing 2574 pod, use the pod's ephemeralcontainers subresource. 2575 items: 2576 description: An EphemeralContainer is a temporary 2577 container that you may add to an existing Pod for 2578 user-initiated activities such as debugging. Ephemeral 2579 containers have no resource or scheduling guarantees, 2580 and they will not be restarted when they exit or 2581 when a Pod is removed or restarted. The kubelet 2582 may evict a Pod if an ephemeral container causes 2583 the Pod to exceed its resource allocation. 2584 properties: 2585 args: 2586 description: 'Arguments to the entrypoint. The 2587 image''s CMD is used if this is not provided. 2588 Variable references $(VAR_NAME) are expanded 2589 using the container''s environment. If a variable 2590 cannot be resolved, the reference in the input 2591 string will be unchanged. Double $$ are reduced 2592 to a single $, which allows for escaping the 2593 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 2594 produce the string literal "$(VAR_NAME)".' 2595 items: 2596 type: string 2597 type: array 2598 command: 2599 description: 'Entrypoint array. Not executed within 2600 a shell. The image''s ENTRYPOINT is used if 2601 this is not provided. Variable references $(VAR_NAME) 2602 are expanded using the container''s environment. 2603 If a variable cannot be resolved, the reference 2604 in the input string will be unchanged. Double 2605 $$ are reduced to a single $, which allows for 2606 escaping the $(VAR_NAME) syntax: i.e.' 2607 items: 2608 type: string 2609 type: array 2610 env: 2611 description: List of environment variables to 2612 set in the container. Cannot be updated. 2613 items: 2614 description: EnvVar represents an environment 2615 variable present in a Container. 2616 properties: 2617 name: 2618 description: Name of the environment variable. 2619 Must be a C_IDENTIFIER. 2620 type: string 2621 value: 2622 description: 'Variable references $(VAR_NAME) 2623 are expanded using the previously defined 2624 environment variables in the container 2625 and any service environment variables. 2626 If a variable cannot be resolved, the 2627 reference in the input string will be 2628 unchanged. Double $$ are reduced to a 2629 single $, which allows for escaping the 2630 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 2631 will produce the string literal "$(VAR_NAME)".' 2632 type: string 2633 valueFrom: 2634 description: Source for the environment 2635 variable's value. Cannot be used if value 2636 is not empty. 2637 properties: 2638 configMapKeyRef: 2639 description: Selects a key of a ConfigMap. 2640 properties: 2641 key: 2642 description: The key to select. 2643 type: string 2644 name: 2645 description: 'Name of the referent. 2646 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2647 TODO: Add other useful fields. 2648 apiVersion, kind, uid?' 2649 type: string 2650 optional: 2651 description: Specify whether the 2652 ConfigMap or its key must be defined 2653 type: boolean 2654 required: 2655 - key 2656 type: object 2657 x-kubernetes-map-type: atomic 2658 fieldRef: 2659 description: 'Selects a field of the 2660 pod: supports metadata.name, metadata.namespace, 2661 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 2662 spec.nodeName, spec.serviceAccountName, 2663 status.hostIP, status.podIP, status.podIPs.' 2664 properties: 2665 apiVersion: 2666 description: Version of the schema 2667 the FieldPath is written in terms 2668 of, defaults to "v1". 2669 type: string 2670 fieldPath: 2671 description: Path of the field to 2672 select in the specified API version. 2673 type: string 2674 required: 2675 - fieldPath 2676 type: object 2677 x-kubernetes-map-type: atomic 2678 resourceFieldRef: 2679 description: 'Selects a resource of 2680 the container: only resources limits 2681 and requests (limits.cpu, limits.memory, 2682 limits.ephemeral-storage, requests.cpu, 2683 requests.memory and requests.ephemeral-storage) 2684 are currently supported.' 2685 properties: 2686 containerName: 2687 description: 'Container name: required 2688 for volumes, optional for env 2689 vars' 2690 type: string 2691 divisor: 2692 anyOf: 2693 - type: integer 2694 - type: string 2695 description: Specifies the output 2696 format of the exposed resources, 2697 defaults to "1" 2698 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2699 x-kubernetes-int-or-string: true 2700 resource: 2701 description: 'Required: resource 2702 to select' 2703 type: string 2704 required: 2705 - resource 2706 type: object 2707 x-kubernetes-map-type: atomic 2708 secretKeyRef: 2709 description: Selects a key of a secret 2710 in the pod's namespace 2711 properties: 2712 key: 2713 description: The key of the secret 2714 to select from. Must be a valid 2715 secret key. 2716 type: string 2717 name: 2718 description: 'Name of the referent. 2719 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2720 TODO: Add other useful fields. 2721 apiVersion, kind, uid?' 2722 type: string 2723 optional: 2724 description: Specify whether the 2725 Secret or its key must be defined 2726 type: boolean 2727 required: 2728 - key 2729 type: object 2730 x-kubernetes-map-type: atomic 2731 type: object 2732 required: 2733 - name 2734 type: object 2735 type: array 2736 envFrom: 2737 description: List of sources to populate environment 2738 variables in the container. The keys defined 2739 within a source must be a C_IDENTIFIER. All 2740 invalid keys will be reported as an event when 2741 the container is starting. When a key exists 2742 in multiple sources, the value associated with 2743 the last source will take precedence. Values 2744 defined by an Env with a duplicate key will 2745 take precedence. Cannot be updated. 2746 items: 2747 description: EnvFromSource represents the source 2748 of a set of ConfigMaps 2749 properties: 2750 configMapRef: 2751 description: The ConfigMap to select from 2752 properties: 2753 name: 2754 description: 'Name of the referent. 2755 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2756 TODO: Add other useful fields. apiVersion, 2757 kind, uid?' 2758 type: string 2759 optional: 2760 description: Specify whether the ConfigMap 2761 must be defined 2762 type: boolean 2763 type: object 2764 x-kubernetes-map-type: atomic 2765 prefix: 2766 description: An optional identifier to prepend 2767 to each key in the ConfigMap. Must be 2768 a C_IDENTIFIER. 2769 type: string 2770 secretRef: 2771 description: The Secret to select from 2772 properties: 2773 name: 2774 description: 'Name of the referent. 2775 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2776 TODO: Add other useful fields. apiVersion, 2777 kind, uid?' 2778 type: string 2779 optional: 2780 description: Specify whether the Secret 2781 must be defined 2782 type: boolean 2783 type: object 2784 x-kubernetes-map-type: atomic 2785 type: object 2786 type: array 2787 image: 2788 description: 'Container image name. More info: 2789 https://kubernetes.io/docs/concepts/containers/images' 2790 type: string 2791 imagePullPolicy: 2792 description: 'Image pull policy. One of Always, 2793 Never, IfNotPresent. Defaults to Always if :latest 2794 tag is specified, or IfNotPresent otherwise. 2795 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2796 type: string 2797 lifecycle: 2798 description: Lifecycle is not allowed for ephemeral 2799 containers. 2800 properties: 2801 postStart: 2802 description: 'PostStart is called immediately 2803 after a container is created. If the handler 2804 fails, the container is terminated and restarted 2805 according to its restart policy. Other management 2806 of the container blocks until the hook completes. 2807 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2808 properties: 2809 exec: 2810 description: Exec specifies the action 2811 to take. 2812 properties: 2813 command: 2814 description: Command is the command 2815 line to execute inside the container, 2816 the working directory for the command is 2817 root ('/') in the container's filesystem. 2818 The command is simply exec'd, it 2819 is not run inside a shell, so traditional 2820 shell instructions ('|', etc) won't 2821 work. To use a shell, you need to 2822 explicitly call out to that shell. 2823 Exit status of 0 is treated as live/healthy 2824 and non-zero is unhealthy. 2825 items: 2826 type: string 2827 type: array 2828 type: object 2829 httpGet: 2830 description: HTTPGet specifies the http 2831 request to perform. 2832 properties: 2833 host: 2834 description: Host name to connect 2835 to, defaults to the pod IP. You 2836 probably want to set "Host" in httpHeaders 2837 instead. 2838 type: string 2839 httpHeaders: 2840 description: Custom headers to set 2841 in the request. HTTP allows repeated 2842 headers. 2843 items: 2844 description: HTTPHeader describes 2845 a custom header to be used in 2846 HTTP probes 2847 properties: 2848 name: 2849 description: The header field 2850 name. This will be canonicalized 2851 upon output, so case-variant 2852 names will be understood as 2853 the same header. 2854 type: string 2855 value: 2856 description: The header field 2857 value 2858 type: string 2859 required: 2860 - name 2861 - value 2862 type: object 2863 type: array 2864 path: 2865 description: Path to access on the 2866 HTTP server. 2867 type: string 2868 port: 2869 anyOf: 2870 - type: integer 2871 - type: string 2872 description: Name or number of the 2873 port to access on the container. 2874 Number must be in the range 1 to 2875 65535. Name must be an IANA_SVC_NAME. 2876 x-kubernetes-int-or-string: true 2877 scheme: 2878 description: Scheme to use for connecting 2879 to the host. Defaults to HTTP. 2880 type: string 2881 required: 2882 - port 2883 type: object 2884 tcpSocket: 2885 description: Deprecated. TCPSocket is 2886 NOT supported as a LifecycleHandler 2887 and kept for the backward compatibility. 2888 There are no validation of this field 2889 and lifecycle hooks will fail in runtime 2890 when tcp handler is specified. 2891 properties: 2892 host: 2893 description: 'Optional: Host name 2894 to connect to, defaults to the pod 2895 IP.' 2896 type: string 2897 port: 2898 anyOf: 2899 - type: integer 2900 - type: string 2901 description: Number or name of the 2902 port to access on the container. 2903 Number must be in the range 1 to 2904 65535. Name must be an IANA_SVC_NAME. 2905 x-kubernetes-int-or-string: true 2906 required: 2907 - port 2908 type: object 2909 type: object 2910 preStop: 2911 description: PreStop is called immediately 2912 before a container is terminated due to 2913 an API request or management event such 2914 as liveness/startup probe failure, preemption, 2915 resource contention, etc. The handler is 2916 not called if the container crashes or exits. 2917 The Pod's termination grace period countdown 2918 begins before the PreStop hook is executed. 2919 properties: 2920 exec: 2921 description: Exec specifies the action 2922 to take. 2923 properties: 2924 command: 2925 description: Command is the command 2926 line to execute inside the container, 2927 the working directory for the command is 2928 root ('/') in the container's filesystem. 2929 The command is simply exec'd, it 2930 is not run inside a shell, so traditional 2931 shell instructions ('|', etc) won't 2932 work. To use a shell, you need to 2933 explicitly call out to that shell. 2934 Exit status of 0 is treated as live/healthy 2935 and non-zero is unhealthy. 2936 items: 2937 type: string 2938 type: array 2939 type: object 2940 httpGet: 2941 description: HTTPGet specifies the http 2942 request to perform. 2943 properties: 2944 host: 2945 description: Host name to connect 2946 to, defaults to the pod IP. You 2947 probably want to set "Host" in httpHeaders 2948 instead. 2949 type: string 2950 httpHeaders: 2951 description: Custom headers to set 2952 in the request. HTTP allows repeated 2953 headers. 2954 items: 2955 description: HTTPHeader describes 2956 a custom header to be used in 2957 HTTP probes 2958 properties: 2959 name: 2960 description: The header field 2961 name. This will be canonicalized 2962 upon output, so case-variant 2963 names will be understood as 2964 the same header. 2965 type: string 2966 value: 2967 description: The header field 2968 value 2969 type: string 2970 required: 2971 - name 2972 - value 2973 type: object 2974 type: array 2975 path: 2976 description: Path to access on the 2977 HTTP server. 2978 type: string 2979 port: 2980 anyOf: 2981 - type: integer 2982 - type: string 2983 description: Name or number of the 2984 port to access on the container. 2985 Number must be in the range 1 to 2986 65535. Name must be an IANA_SVC_NAME. 2987 x-kubernetes-int-or-string: true 2988 scheme: 2989 description: Scheme to use for connecting 2990 to the host. Defaults to HTTP. 2991 type: string 2992 required: 2993 - port 2994 type: object 2995 tcpSocket: 2996 description: Deprecated. TCPSocket is 2997 NOT supported as a LifecycleHandler 2998 and kept for the backward compatibility. 2999 There are no validation of this field 3000 and lifecycle hooks will fail in runtime 3001 when tcp handler is specified. 3002 properties: 3003 host: 3004 description: 'Optional: Host name 3005 to connect to, defaults to the pod 3006 IP.' 3007 type: string 3008 port: 3009 anyOf: 3010 - type: integer 3011 - type: string 3012 description: Number or name of the 3013 port to access on the container. 3014 Number must be in the range 1 to 3015 65535. Name must be an IANA_SVC_NAME. 3016 x-kubernetes-int-or-string: true 3017 required: 3018 - port 3019 type: object 3020 type: object 3021 type: object 3022 livenessProbe: 3023 description: Probes are not allowed for ephemeral 3024 containers. 3025 properties: 3026 exec: 3027 description: Exec specifies the action to 3028 take. 3029 properties: 3030 command: 3031 description: Command is the command line 3032 to execute inside the container, the 3033 working directory for the command is 3034 root ('/') in the container's filesystem. 3035 The command is simply exec'd, it is 3036 not run inside a shell, so traditional 3037 shell instructions ('|', etc) won't 3038 work. To use a shell, you need to explicitly 3039 call out to that shell. Exit status 3040 of 0 is treated as live/healthy and 3041 non-zero is unhealthy. 3042 items: 3043 type: string 3044 type: array 3045 type: object 3046 failureThreshold: 3047 description: Minimum consecutive failures 3048 for the probe to be considered failed after 3049 having succeeded. Defaults to 3. Minimum 3050 value is 1. 3051 format: int32 3052 type: integer 3053 grpc: 3054 description: GRPC specifies an action involving 3055 a GRPC port. 3056 properties: 3057 port: 3058 description: Port number of the gRPC service. 3059 Number must be in the range 1 to 65535. 3060 format: int32 3061 type: integer 3062 service: 3063 description: "Service is the name of the 3064 service to place in the gRPC HealthCheckRequest 3065 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3066 \n If this is not specified, the default 3067 behavior is defined by gRPC." 3068 type: string 3069 required: 3070 - port 3071 type: object 3072 httpGet: 3073 description: HTTPGet specifies the http request 3074 to perform. 3075 properties: 3076 host: 3077 description: Host name to connect to, 3078 defaults to the pod IP. You probably 3079 want to set "Host" in httpHeaders instead. 3080 type: string 3081 httpHeaders: 3082 description: Custom headers to set in 3083 the request. HTTP allows repeated headers. 3084 items: 3085 description: HTTPHeader describes a 3086 custom header to be used in HTTP probes 3087 properties: 3088 name: 3089 description: The header field name. 3090 This will be canonicalized upon 3091 output, so case-variant names 3092 will be understood as the same 3093 header. 3094 type: string 3095 value: 3096 description: The header field value 3097 type: string 3098 required: 3099 - name 3100 - value 3101 type: object 3102 type: array 3103 path: 3104 description: Path to access on the HTTP 3105 server. 3106 type: string 3107 port: 3108 anyOf: 3109 - type: integer 3110 - type: string 3111 description: Name or number of the port 3112 to access on the container. Number must 3113 be in the range 1 to 65535. Name must 3114 be an IANA_SVC_NAME. 3115 x-kubernetes-int-or-string: true 3116 scheme: 3117 description: Scheme to use for connecting 3118 to the host. Defaults to HTTP. 3119 type: string 3120 required: 3121 - port 3122 type: object 3123 initialDelaySeconds: 3124 description: 'Number of seconds after the 3125 container has started before liveness probes 3126 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3127 format: int32 3128 type: integer 3129 periodSeconds: 3130 description: How often (in seconds) to perform 3131 the probe. Default to 10 seconds. Minimum 3132 value is 1. 3133 format: int32 3134 type: integer 3135 successThreshold: 3136 description: Minimum consecutive successes 3137 for the probe to be considered successful 3138 after having failed. Defaults to 1. Must 3139 be 1 for liveness and startup. Minimum value 3140 is 1. 3141 format: int32 3142 type: integer 3143 tcpSocket: 3144 description: TCPSocket specifies an action 3145 involving a TCP port. 3146 properties: 3147 host: 3148 description: 'Optional: Host name to connect 3149 to, defaults to the pod IP.' 3150 type: string 3151 port: 3152 anyOf: 3153 - type: integer 3154 - type: string 3155 description: Number or name of the port 3156 to access on the container. Number must 3157 be in the range 1 to 65535. Name must 3158 be an IANA_SVC_NAME. 3159 x-kubernetes-int-or-string: true 3160 required: 3161 - port 3162 type: object 3163 terminationGracePeriodSeconds: 3164 description: Optional duration in seconds 3165 the pod needs to terminate gracefully upon 3166 probe failure. The grace period is the duration 3167 in seconds after the processes running in 3168 the pod are sent a termination signal and 3169 the time when the processes are forcibly 3170 halted with a kill signal. Set this value 3171 longer than the expected cleanup time for 3172 your process. 3173 format: int64 3174 type: integer 3175 timeoutSeconds: 3176 description: 'Number of seconds after which 3177 the probe times out. Defaults to 1 second. 3178 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3179 format: int32 3180 type: integer 3181 type: object 3182 name: 3183 description: Name of the ephemeral container specified 3184 as a DNS_LABEL. This name must be unique among 3185 all containers, init containers and ephemeral 3186 containers. 3187 type: string 3188 ports: 3189 description: Ports are not allowed for ephemeral 3190 containers. 3191 items: 3192 description: ContainerPort represents a network 3193 port in a single container. 3194 properties: 3195 containerPort: 3196 description: Number of port to expose on 3197 the pod's IP address. This must be a valid 3198 port number, 0 < x < 65536. 3199 format: int32 3200 type: integer 3201 hostIP: 3202 description: What host IP to bind the external 3203 port to. 3204 type: string 3205 hostPort: 3206 description: Number of port to expose on 3207 the host. If specified, this must be a 3208 valid port number, 0 < x < 65536. If HostNetwork 3209 is specified, this must match ContainerPort. 3210 Most containers do not need this. 3211 format: int32 3212 type: integer 3213 name: 3214 description: If specified, this must be 3215 an IANA_SVC_NAME and unique within the 3216 pod. Each named port in a pod must have 3217 a unique name. Name for the port that 3218 can be referred to by services. 3219 type: string 3220 protocol: 3221 default: TCP 3222 description: Protocol for port. Must be 3223 UDP, TCP, or SCTP. Defaults to "TCP". 3224 type: string 3225 required: 3226 - containerPort 3227 type: object 3228 type: array 3229 x-kubernetes-list-map-keys: 3230 - containerPort 3231 - protocol 3232 x-kubernetes-list-type: map 3233 readinessProbe: 3234 description: Probes are not allowed for ephemeral 3235 containers. 3236 properties: 3237 exec: 3238 description: Exec specifies the action to 3239 take. 3240 properties: 3241 command: 3242 description: Command is the command line 3243 to execute inside the container, the 3244 working directory for the command is 3245 root ('/') in the container's filesystem. 3246 The command is simply exec'd, it is 3247 not run inside a shell, so traditional 3248 shell instructions ('|', etc) won't 3249 work. To use a shell, you need to explicitly 3250 call out to that shell. Exit status 3251 of 0 is treated as live/healthy and 3252 non-zero is unhealthy. 3253 items: 3254 type: string 3255 type: array 3256 type: object 3257 failureThreshold: 3258 description: Minimum consecutive failures 3259 for the probe to be considered failed after 3260 having succeeded. Defaults to 3. Minimum 3261 value is 1. 3262 format: int32 3263 type: integer 3264 grpc: 3265 description: GRPC specifies an action involving 3266 a GRPC port. 3267 properties: 3268 port: 3269 description: Port number of the gRPC service. 3270 Number must be in the range 1 to 65535. 3271 format: int32 3272 type: integer 3273 service: 3274 description: "Service is the name of the 3275 service to place in the gRPC HealthCheckRequest 3276 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3277 \n If this is not specified, the default 3278 behavior is defined by gRPC." 3279 type: string 3280 required: 3281 - port 3282 type: object 3283 httpGet: 3284 description: HTTPGet specifies the http request 3285 to perform. 3286 properties: 3287 host: 3288 description: Host name to connect to, 3289 defaults to the pod IP. You probably 3290 want to set "Host" in httpHeaders instead. 3291 type: string 3292 httpHeaders: 3293 description: Custom headers to set in 3294 the request. HTTP allows repeated headers. 3295 items: 3296 description: HTTPHeader describes a 3297 custom header to be used in HTTP probes 3298 properties: 3299 name: 3300 description: The header field name. 3301 This will be canonicalized upon 3302 output, so case-variant names 3303 will be understood as the same 3304 header. 3305 type: string 3306 value: 3307 description: The header field value 3308 type: string 3309 required: 3310 - name 3311 - value 3312 type: object 3313 type: array 3314 path: 3315 description: Path to access on the HTTP 3316 server. 3317 type: string 3318 port: 3319 anyOf: 3320 - type: integer 3321 - type: string 3322 description: Name or number of the port 3323 to access on the container. Number must 3324 be in the range 1 to 65535. Name must 3325 be an IANA_SVC_NAME. 3326 x-kubernetes-int-or-string: true 3327 scheme: 3328 description: Scheme to use for connecting 3329 to the host. Defaults to HTTP. 3330 type: string 3331 required: 3332 - port 3333 type: object 3334 initialDelaySeconds: 3335 description: 'Number of seconds after the 3336 container has started before liveness probes 3337 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3338 format: int32 3339 type: integer 3340 periodSeconds: 3341 description: How often (in seconds) to perform 3342 the probe. Default to 10 seconds. Minimum 3343 value is 1. 3344 format: int32 3345 type: integer 3346 successThreshold: 3347 description: Minimum consecutive successes 3348 for the probe to be considered successful 3349 after having failed. Defaults to 1. Must 3350 be 1 for liveness and startup. Minimum value 3351 is 1. 3352 format: int32 3353 type: integer 3354 tcpSocket: 3355 description: TCPSocket specifies an action 3356 involving a TCP port. 3357 properties: 3358 host: 3359 description: 'Optional: Host name to connect 3360 to, defaults to the pod IP.' 3361 type: string 3362 port: 3363 anyOf: 3364 - type: integer 3365 - type: string 3366 description: Number or name of the port 3367 to access on the container. Number must 3368 be in the range 1 to 65535. Name must 3369 be an IANA_SVC_NAME. 3370 x-kubernetes-int-or-string: true 3371 required: 3372 - port 3373 type: object 3374 terminationGracePeriodSeconds: 3375 description: Optional duration in seconds 3376 the pod needs to terminate gracefully upon 3377 probe failure. The grace period is the duration 3378 in seconds after the processes running in 3379 the pod are sent a termination signal and 3380 the time when the processes are forcibly 3381 halted with a kill signal. Set this value 3382 longer than the expected cleanup time for 3383 your process. 3384 format: int64 3385 type: integer 3386 timeoutSeconds: 3387 description: 'Number of seconds after which 3388 the probe times out. Defaults to 1 second. 3389 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3390 format: int32 3391 type: integer 3392 type: object 3393 resizePolicy: 3394 description: Resources resize policy for the container. 3395 items: 3396 description: ContainerResizePolicy represents 3397 resource resize policy for the container. 3398 properties: 3399 resourceName: 3400 description: 'Name of the resource to which 3401 this resource resize policy applies. Supported 3402 values: cpu, memory.' 3403 type: string 3404 restartPolicy: 3405 description: Restart policy to apply when 3406 specified resource is resized. If not 3407 specified, it defaults to NotRequired. 3408 type: string 3409 required: 3410 - resourceName 3411 - restartPolicy 3412 type: object 3413 type: array 3414 x-kubernetes-list-type: atomic 3415 resources: 3416 description: Resources are not allowed for ephemeral 3417 containers. Ephemeral containers use spare resources 3418 already allocated to the pod. 3419 properties: 3420 claims: 3421 description: "Claims lists the names of resources, 3422 defined in spec.resourceClaims, that are 3423 used by this container. \n This is an alpha 3424 field and requires enabling the DynamicResourceAllocation 3425 feature gate. \n This field is immutable. 3426 It can only be set for containers." 3427 items: 3428 description: ResourceClaim references one 3429 entry in PodSpec.ResourceClaims. 3430 properties: 3431 name: 3432 description: Name must match the name 3433 of one entry in pod.spec.resourceClaims 3434 of the Pod where this field is used. 3435 It makes that resource available inside 3436 a container. 3437 type: string 3438 required: 3439 - name 3440 type: object 3441 type: array 3442 x-kubernetes-list-map-keys: 3443 - name 3444 x-kubernetes-list-type: map 3445 limits: 3446 additionalProperties: 3447 anyOf: 3448 - type: integer 3449 - type: string 3450 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3451 x-kubernetes-int-or-string: true 3452 description: 'Limits describes the maximum 3453 amount of compute resources allowed. More 3454 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3455 type: object 3456 requests: 3457 additionalProperties: 3458 anyOf: 3459 - type: integer 3460 - type: string 3461 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3462 x-kubernetes-int-or-string: true 3463 description: 'Requests describes the minimum 3464 amount of compute resources required. If 3465 Requests is omitted for a container, it 3466 defaults to Limits if that is explicitly 3467 specified, otherwise to an implementation-defined 3468 value. Requests cannot exceed Limits. More 3469 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3470 type: object 3471 type: object 3472 securityContext: 3473 description: 'Optional: SecurityContext defines 3474 the security options the ephemeral container 3475 should be run with. If set, the fields of SecurityContext 3476 override the equivalent fields of PodSecurityContext.' 3477 properties: 3478 allowPrivilegeEscalation: 3479 description: 'AllowPrivilegeEscalation controls 3480 whether a process can gain more privileges 3481 than its parent process. This bool directly 3482 controls if the no_new_privs flag will be 3483 set on the container process. AllowPrivilegeEscalation 3484 is true always when the container is: 1) 3485 run as Privileged 2) has CAP_SYS_ADMIN Note 3486 that this field cannot be set when spec.os.name 3487 is windows.' 3488 type: boolean 3489 capabilities: 3490 description: The capabilities to add/drop 3491 when running containers. Defaults to the 3492 default set of capabilities granted by the 3493 container runtime. Note that this field 3494 cannot be set when spec.os.name is windows. 3495 properties: 3496 add: 3497 description: Added capabilities 3498 items: 3499 description: Capability represent POSIX 3500 capabilities type 3501 type: string 3502 type: array 3503 drop: 3504 description: Removed capabilities 3505 items: 3506 description: Capability represent POSIX 3507 capabilities type 3508 type: string 3509 type: array 3510 type: object 3511 privileged: 3512 description: Run container in privileged mode. 3513 Processes in privileged containers are essentially 3514 equivalent to root on the host. Defaults 3515 to false. Note that this field cannot be 3516 set when spec.os.name is windows. 3517 type: boolean 3518 procMount: 3519 description: procMount denotes the type of 3520 proc mount to use for the containers. The 3521 default is DefaultProcMount which uses the 3522 container runtime defaults for readonly 3523 paths and masked paths. This requires the 3524 ProcMountType feature flag to be enabled. 3525 Note that this field cannot be set when 3526 spec.os.name is windows. 3527 type: string 3528 readOnlyRootFilesystem: 3529 description: Whether this container has a 3530 read-only root filesystem. Default is false. 3531 Note that this field cannot be set when 3532 spec.os.name is windows. 3533 type: boolean 3534 runAsGroup: 3535 description: The GID to run the entrypoint 3536 of the container process. Uses runtime default 3537 if unset. May also be set in PodSecurityContext. If 3538 set in both SecurityContext and PodSecurityContext, 3539 the value specified in SecurityContext takes 3540 precedence. Note that this field cannot 3541 be set when spec.os.name is windows. 3542 format: int64 3543 type: integer 3544 runAsNonRoot: 3545 description: Indicates that the container 3546 must run as a non-root user. If true, the 3547 Kubelet will validate the image at runtime 3548 to ensure that it does not run as UID 0 3549 (root) and fail to start the container if 3550 it does. If unset or false, no such validation 3551 will be performed. May also be set in PodSecurityContext. 3552 type: boolean 3553 runAsUser: 3554 description: The UID to run the entrypoint 3555 of the container process. Defaults to user 3556 specified in image metadata if unspecified. 3557 May also be set in PodSecurityContext. If 3558 set in both SecurityContext and PodSecurityContext, 3559 the value specified in SecurityContext takes 3560 precedence. Note that this field cannot 3561 be set when spec.os.name is windows. 3562 format: int64 3563 type: integer 3564 seLinuxOptions: 3565 description: The SELinux context to be applied 3566 to the container. If unspecified, the container 3567 runtime will allocate a random SELinux context 3568 for each container. May also be set in 3569 PodSecurityContext. If set in both SecurityContext 3570 and PodSecurityContext, the value specified 3571 in SecurityContext takes precedence. Note 3572 that this field cannot be set when spec.os.name 3573 is windows. 3574 properties: 3575 level: 3576 description: Level is SELinux level label 3577 that applies to the container. 3578 type: string 3579 role: 3580 description: Role is a SELinux role label 3581 that applies to the container. 3582 type: string 3583 type: 3584 description: Type is a SELinux type label 3585 that applies to the container. 3586 type: string 3587 user: 3588 description: User is a SELinux user label 3589 that applies to the container. 3590 type: string 3591 type: object 3592 seccompProfile: 3593 description: The seccomp options to use by 3594 this container. If seccomp options are provided 3595 at both the pod & container level, the container 3596 options override the pod options. Note that 3597 this field cannot be set when spec.os.name 3598 is windows. 3599 properties: 3600 localhostProfile: 3601 description: localhostProfile indicates 3602 a profile defined in a file on the node 3603 should be used. The profile must be 3604 preconfigured on the node to work. Must 3605 be a descending path, relative to the 3606 kubelet's configured seccomp profile 3607 location. Must only be set if type is 3608 "Localhost". 3609 type: string 3610 type: 3611 description: "type indicates which kind 3612 of seccomp profile will be applied. 3613 Valid options are: \n Localhost - a 3614 profile defined in a file on the node 3615 should be used. RuntimeDefault - the 3616 container runtime default profile should 3617 be used. Unconfined - no profile should 3618 be applied." 3619 type: string 3620 required: 3621 - type 3622 type: object 3623 windowsOptions: 3624 description: The Windows specific settings 3625 applied to all containers. If unspecified, 3626 the options from the PodSecurityContext 3627 will be used. If set in both SecurityContext 3628 and PodSecurityContext, the value specified 3629 in SecurityContext takes precedence. Note 3630 that this field cannot be set when spec.os.name 3631 is linux. 3632 properties: 3633 gmsaCredentialSpec: 3634 description: GMSACredentialSpec is where 3635 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 3636 inlines the contents of the GMSA credential 3637 spec named by the GMSACredentialSpecName 3638 field. 3639 type: string 3640 gmsaCredentialSpecName: 3641 description: GMSACredentialSpecName is 3642 the name of the GMSA credential spec 3643 to use. 3644 type: string 3645 hostProcess: 3646 description: HostProcess determines if 3647 a container should be run as a 'Host 3648 Process' container. This field is alpha-level 3649 and will only be honored by components 3650 that enable the WindowsHostProcessContainers 3651 feature flag. Setting this field without 3652 the feature flag will result in errors 3653 when validating the Pod. 3654 type: boolean 3655 runAsUserName: 3656 description: The UserName in Windows to 3657 run the entrypoint of the container 3658 process. Defaults to the user specified 3659 in image metadata if unspecified. May 3660 also be set in PodSecurityContext. If 3661 set in both SecurityContext and PodSecurityContext, 3662 the value specified in SecurityContext 3663 takes precedence. 3664 type: string 3665 type: object 3666 type: object 3667 startupProbe: 3668 description: Probes are not allowed for ephemeral 3669 containers. 3670 properties: 3671 exec: 3672 description: Exec specifies the action to 3673 take. 3674 properties: 3675 command: 3676 description: Command is the command line 3677 to execute inside the container, the 3678 working directory for the command is 3679 root ('/') in the container's filesystem. 3680 The command is simply exec'd, it is 3681 not run inside a shell, so traditional 3682 shell instructions ('|', etc) won't 3683 work. To use a shell, you need to explicitly 3684 call out to that shell. Exit status 3685 of 0 is treated as live/healthy and 3686 non-zero is unhealthy. 3687 items: 3688 type: string 3689 type: array 3690 type: object 3691 failureThreshold: 3692 description: Minimum consecutive failures 3693 for the probe to be considered failed after 3694 having succeeded. Defaults to 3. Minimum 3695 value is 1. 3696 format: int32 3697 type: integer 3698 grpc: 3699 description: GRPC specifies an action involving 3700 a GRPC port. 3701 properties: 3702 port: 3703 description: Port number of the gRPC service. 3704 Number must be in the range 1 to 65535. 3705 format: int32 3706 type: integer 3707 service: 3708 description: "Service is the name of the 3709 service to place in the gRPC HealthCheckRequest 3710 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3711 \n If this is not specified, the default 3712 behavior is defined by gRPC." 3713 type: string 3714 required: 3715 - port 3716 type: object 3717 httpGet: 3718 description: HTTPGet specifies the http request 3719 to perform. 3720 properties: 3721 host: 3722 description: Host name to connect to, 3723 defaults to the pod IP. You probably 3724 want to set "Host" in httpHeaders instead. 3725 type: string 3726 httpHeaders: 3727 description: Custom headers to set in 3728 the request. HTTP allows repeated headers. 3729 items: 3730 description: HTTPHeader describes a 3731 custom header to be used in HTTP probes 3732 properties: 3733 name: 3734 description: The header field name. 3735 This will be canonicalized upon 3736 output, so case-variant names 3737 will be understood as the same 3738 header. 3739 type: string 3740 value: 3741 description: The header field value 3742 type: string 3743 required: 3744 - name 3745 - value 3746 type: object 3747 type: array 3748 path: 3749 description: Path to access on the HTTP 3750 server. 3751 type: string 3752 port: 3753 anyOf: 3754 - type: integer 3755 - type: string 3756 description: Name or number of the port 3757 to access on the container. Number must 3758 be in the range 1 to 65535. Name must 3759 be an IANA_SVC_NAME. 3760 x-kubernetes-int-or-string: true 3761 scheme: 3762 description: Scheme to use for connecting 3763 to the host. Defaults to HTTP. 3764 type: string 3765 required: 3766 - port 3767 type: object 3768 initialDelaySeconds: 3769 description: 'Number of seconds after the 3770 container has started before liveness probes 3771 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3772 format: int32 3773 type: integer 3774 periodSeconds: 3775 description: How often (in seconds) to perform 3776 the probe. Default to 10 seconds. Minimum 3777 value is 1. 3778 format: int32 3779 type: integer 3780 successThreshold: 3781 description: Minimum consecutive successes 3782 for the probe to be considered successful 3783 after having failed. Defaults to 1. Must 3784 be 1 for liveness and startup. Minimum value 3785 is 1. 3786 format: int32 3787 type: integer 3788 tcpSocket: 3789 description: TCPSocket specifies an action 3790 involving a TCP port. 3791 properties: 3792 host: 3793 description: 'Optional: Host name to connect 3794 to, defaults to the pod IP.' 3795 type: string 3796 port: 3797 anyOf: 3798 - type: integer 3799 - type: string 3800 description: Number or name of the port 3801 to access on the container. Number must 3802 be in the range 1 to 65535. Name must 3803 be an IANA_SVC_NAME. 3804 x-kubernetes-int-or-string: true 3805 required: 3806 - port 3807 type: object 3808 terminationGracePeriodSeconds: 3809 description: Optional duration in seconds 3810 the pod needs to terminate gracefully upon 3811 probe failure. The grace period is the duration 3812 in seconds after the processes running in 3813 the pod are sent a termination signal and 3814 the time when the processes are forcibly 3815 halted with a kill signal. Set this value 3816 longer than the expected cleanup time for 3817 your process. 3818 format: int64 3819 type: integer 3820 timeoutSeconds: 3821 description: 'Number of seconds after which 3822 the probe times out. Defaults to 1 second. 3823 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3824 format: int32 3825 type: integer 3826 type: object 3827 stdin: 3828 description: Whether this container should allocate 3829 a buffer for stdin in the container runtime. 3830 If this is not set, reads from stdin in the 3831 container will always result in EOF. Default 3832 is false. 3833 type: boolean 3834 stdinOnce: 3835 description: Whether the container runtime should 3836 close the stdin channel after it has been opened 3837 by a single attach. When stdin is true the stdin 3838 stream will remain open across multiple attach 3839 sessions. 3840 type: boolean 3841 targetContainerName: 3842 description: "If set, the name of the container 3843 from PodSpec that this ephemeral container targets. 3844 The ephemeral container will be run in the namespaces 3845 (IPC, PID, etc) of this container. If not set 3846 then the ephemeral container uses the namespaces 3847 configured in the Pod spec. \n The container 3848 runtime must implement support for this feature." 3849 type: string 3850 terminationMessagePath: 3851 description: 'Optional: Path at which the file 3852 to which the container''s termination message 3853 will be written is mounted into the container''s 3854 filesystem. Message written is intended to be 3855 brief final status, such as an assertion failure 3856 message. Will be truncated by the node if greater 3857 than 4096 bytes. The total message length across 3858 all containers will be limited to 12kb. Defaults 3859 to /dev/termination-log.' 3860 type: string 3861 terminationMessagePolicy: 3862 description: Indicate how the termination message 3863 should be populated. File will use the contents 3864 of terminationMessagePath to populate the container 3865 status message on both success and failure. 3866 FallbackToLogsOnError will use the last chunk 3867 of container log output if the termination message 3868 file is empty and the container exited with 3869 an error. 3870 type: string 3871 tty: 3872 description: Whether this container should allocate 3873 a TTY for itself, also requires 'stdin' to be 3874 true. Default is false. 3875 type: boolean 3876 volumeDevices: 3877 description: volumeDevices is the list of block 3878 devices to be used by the container. 3879 items: 3880 description: volumeDevice describes a mapping 3881 of a raw block device within a container. 3882 properties: 3883 devicePath: 3884 description: devicePath is the path inside 3885 of the container that the device will 3886 be mapped to. 3887 type: string 3888 name: 3889 description: name must match the name of 3890 a persistentVolumeClaim in the pod 3891 type: string 3892 required: 3893 - devicePath 3894 - name 3895 type: object 3896 type: array 3897 volumeMounts: 3898 description: Pod volumes to mount into the container's 3899 filesystem. Subpath mounts are not allowed for 3900 ephemeral containers. Cannot be updated. 3901 items: 3902 description: VolumeMount describes a mounting 3903 of a Volume within a container. 3904 properties: 3905 mountPath: 3906 description: Path within the container at 3907 which the volume should be mounted. Must 3908 not contain ':'. 3909 type: string 3910 mountPropagation: 3911 description: mountPropagation determines 3912 how mounts are propagated from the host 3913 to container and the other way around. 3914 When not set, MountPropagationNone is 3915 used. This field is beta in 1.10. 3916 type: string 3917 name: 3918 description: This must match the Name of 3919 a Volume. 3920 type: string 3921 readOnly: 3922 description: Mounted read-only if true, 3923 read-write otherwise (false or unspecified). 3924 Defaults to false. 3925 type: boolean 3926 subPath: 3927 description: Path within the volume from 3928 which the container's volume should be 3929 mounted. Defaults to "" (volume's root). 3930 type: string 3931 subPathExpr: 3932 description: Expanded path within the volume 3933 from which the container's volume should 3934 be mounted. Behaves similarly to SubPath 3935 but environment variable references $(VAR_NAME) 3936 are expanded using the container's environment. 3937 Defaults to "" (volume's root). SubPathExpr 3938 and SubPath are mutually exclusive. 3939 type: string 3940 required: 3941 - mountPath 3942 - name 3943 type: object 3944 type: array 3945 workingDir: 3946 description: Container's working directory. If 3947 not specified, the container runtime's default 3948 will be used, which might be configured in the 3949 container image. Cannot be updated. 3950 type: string 3951 required: 3952 - name 3953 type: object 3954 type: array 3955 hostAliases: 3956 description: HostAliases is an optional list of hosts 3957 and IPs that will be injected into the pod's hosts 3958 file if specified. This is only valid for non-hostNetwork 3959 pods. 3960 items: 3961 description: HostAlias holds the mapping between IP 3962 and hostnames that will be injected as an entry 3963 in the pod's hosts file. 3964 properties: 3965 hostnames: 3966 description: Hostnames for the above IP address. 3967 items: 3968 type: string 3969 type: array 3970 ip: 3971 description: IP address of the host file entry. 3972 type: string 3973 type: object 3974 type: array 3975 hostIPC: 3976 description: 'Use the host''s ipc namespace. Optional: 3977 Default to false.' 3978 type: boolean 3979 hostNetwork: 3980 description: Host networking requested for this pod. 3981 Use the host's network namespace. If this option is 3982 set, the ports that will be used must be specified. 3983 Default to false. 3984 type: boolean 3985 hostPID: 3986 description: 'Use the host''s pid namespace. Optional: 3987 Default to false.' 3988 type: boolean 3989 hostUsers: 3990 description: 'Use the host''s user namespace. Optional: 3991 Default to true. If set to true or not present, the 3992 pod will be run in the host user namespace, useful 3993 for when the pod needs a feature only available to 3994 the host user namespace, such as loading a kernel 3995 module with CAP_SYS_MODULE. When set to false, a new 3996 userns is created for the pod.' 3997 type: boolean 3998 hostname: 3999 description: Specifies the hostname of the Pod If not 4000 specified, the pod's hostname will be set to a system-defined 4001 value. 4002 type: string 4003 imagePullSecrets: 4004 description: 'ImagePullSecrets is an optional list of 4005 references to secrets in the same namespace to use 4006 for pulling any of the images used by this PodSpec. 4007 If specified, these secrets will be passed to individual 4008 puller implementations for them to use. More info: 4009 https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 4010 items: 4011 description: LocalObjectReference contains enough 4012 information to let you locate the referenced object 4013 inside the same namespace. 4014 properties: 4015 name: 4016 description: 'Name of the referent. More info: 4017 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4018 TODO: Add other useful fields. apiVersion, kind, 4019 uid?' 4020 type: string 4021 type: object 4022 x-kubernetes-map-type: atomic 4023 type: array 4024 initContainers: 4025 description: List of initialization containers belonging 4026 to the pod. Init containers are executed in order 4027 prior to containers being started. If any init container 4028 fails, the pod is considered to have failed and is 4029 handled according to its restartPolicy. The name for 4030 an init container or normal container must be unique 4031 among all containers. 4032 items: 4033 description: A single application container that you 4034 want to run within a pod. 4035 properties: 4036 args: 4037 description: 'Arguments to the entrypoint. The 4038 container image''s CMD is used if this is not 4039 provided. Variable references $(VAR_NAME) are 4040 expanded using the container''s environment. 4041 If a variable cannot be resolved, the reference 4042 in the input string will be unchanged. Double 4043 $$ are reduced to a single $, which allows for 4044 escaping the $(VAR_NAME) syntax: i.e.' 4045 items: 4046 type: string 4047 type: array 4048 command: 4049 description: 'Entrypoint array. Not executed within 4050 a shell. The container image''s ENTRYPOINT is 4051 used if this is not provided. Variable references 4052 $(VAR_NAME) are expanded using the container''s 4053 environment. If a variable cannot be resolved, 4054 the reference in the input string will be unchanged. 4055 Double $$ are reduced to a single $, which allows 4056 for escaping the $(VAR_NAME) syntax: i.e.' 4057 items: 4058 type: string 4059 type: array 4060 env: 4061 description: List of environment variables to 4062 set in the container. Cannot be updated. 4063 items: 4064 description: EnvVar represents an environment 4065 variable present in a Container. 4066 properties: 4067 name: 4068 description: Name of the environment variable. 4069 Must be a C_IDENTIFIER. 4070 type: string 4071 value: 4072 description: 'Variable references $(VAR_NAME) 4073 are expanded using the previously defined 4074 environment variables in the container 4075 and any service environment variables. 4076 If a variable cannot be resolved, the 4077 reference in the input string will be 4078 unchanged. Double $$ are reduced to a 4079 single $, which allows for escaping the 4080 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 4081 will produce the string literal "$(VAR_NAME)".' 4082 type: string 4083 valueFrom: 4084 description: Source for the environment 4085 variable's value. Cannot be used if value 4086 is not empty. 4087 properties: 4088 configMapKeyRef: 4089 description: Selects a key of a ConfigMap. 4090 properties: 4091 key: 4092 description: The key to select. 4093 type: string 4094 name: 4095 description: 'Name of the referent. 4096 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4097 TODO: Add other useful fields. 4098 apiVersion, kind, uid?' 4099 type: string 4100 optional: 4101 description: Specify whether the 4102 ConfigMap or its key must be defined 4103 type: boolean 4104 required: 4105 - key 4106 type: object 4107 x-kubernetes-map-type: atomic 4108 fieldRef: 4109 description: 'Selects a field of the 4110 pod: supports metadata.name, metadata.namespace, 4111 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 4112 spec.nodeName, spec.serviceAccountName, 4113 status.hostIP, status.podIP, status.podIPs.' 4114 properties: 4115 apiVersion: 4116 description: Version of the schema 4117 the FieldPath is written in terms 4118 of, defaults to "v1". 4119 type: string 4120 fieldPath: 4121 description: Path of the field to 4122 select in the specified API version. 4123 type: string 4124 required: 4125 - fieldPath 4126 type: object 4127 x-kubernetes-map-type: atomic 4128 resourceFieldRef: 4129 description: 'Selects a resource of 4130 the container: only resources limits 4131 and requests (limits.cpu, limits.memory, 4132 limits.ephemeral-storage, requests.cpu, 4133 requests.memory and requests.ephemeral-storage) 4134 are currently supported.' 4135 properties: 4136 containerName: 4137 description: 'Container name: required 4138 for volumes, optional for env 4139 vars' 4140 type: string 4141 divisor: 4142 anyOf: 4143 - type: integer 4144 - type: string 4145 description: Specifies the output 4146 format of the exposed resources, 4147 defaults to "1" 4148 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4149 x-kubernetes-int-or-string: true 4150 resource: 4151 description: 'Required: resource 4152 to select' 4153 type: string 4154 required: 4155 - resource 4156 type: object 4157 x-kubernetes-map-type: atomic 4158 secretKeyRef: 4159 description: Selects a key of a secret 4160 in the pod's namespace 4161 properties: 4162 key: 4163 description: The key of the secret 4164 to select from. Must be a valid 4165 secret key. 4166 type: string 4167 name: 4168 description: 'Name of the referent. 4169 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4170 TODO: Add other useful fields. 4171 apiVersion, kind, uid?' 4172 type: string 4173 optional: 4174 description: Specify whether the 4175 Secret or its key must be defined 4176 type: boolean 4177 required: 4178 - key 4179 type: object 4180 x-kubernetes-map-type: atomic 4181 type: object 4182 required: 4183 - name 4184 type: object 4185 type: array 4186 envFrom: 4187 description: List of sources to populate environment 4188 variables in the container. The keys defined 4189 within a source must be a C_IDENTIFIER. All 4190 invalid keys will be reported as an event when 4191 the container is starting. When a key exists 4192 in multiple sources, the value associated with 4193 the last source will take precedence. Values 4194 defined by an Env with a duplicate key will 4195 take precedence. Cannot be updated. 4196 items: 4197 description: EnvFromSource represents the source 4198 of a set of ConfigMaps 4199 properties: 4200 configMapRef: 4201 description: The ConfigMap to select from 4202 properties: 4203 name: 4204 description: 'Name of the referent. 4205 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4206 TODO: Add other useful fields. apiVersion, 4207 kind, uid?' 4208 type: string 4209 optional: 4210 description: Specify whether the ConfigMap 4211 must be defined 4212 type: boolean 4213 type: object 4214 x-kubernetes-map-type: atomic 4215 prefix: 4216 description: An optional identifier to prepend 4217 to each key in the ConfigMap. Must be 4218 a C_IDENTIFIER. 4219 type: string 4220 secretRef: 4221 description: The Secret to select from 4222 properties: 4223 name: 4224 description: 'Name of the referent. 4225 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4226 TODO: Add other useful fields. apiVersion, 4227 kind, uid?' 4228 type: string 4229 optional: 4230 description: Specify whether the Secret 4231 must be defined 4232 type: boolean 4233 type: object 4234 x-kubernetes-map-type: atomic 4235 type: object 4236 type: array 4237 image: 4238 description: 'Container image name. More info: 4239 https://kubernetes.io/docs/concepts/containers/images 4240 This field is optional to allow higher level 4241 config management to default or override container 4242 images in workload controllers like Deployments 4243 and StatefulSets.' 4244 type: string 4245 imagePullPolicy: 4246 description: 'Image pull policy. One of Always, 4247 Never, IfNotPresent. Defaults to Always if :latest 4248 tag is specified, or IfNotPresent otherwise. 4249 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 4250 type: string 4251 lifecycle: 4252 description: Actions that the management system 4253 should take in response to container lifecycle 4254 events. Cannot be updated. 4255 properties: 4256 postStart: 4257 description: 'PostStart is called immediately 4258 after a container is created. If the handler 4259 fails, the container is terminated and restarted 4260 according to its restart policy. Other management 4261 of the container blocks until the hook completes. 4262 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4263 properties: 4264 exec: 4265 description: Exec specifies the action 4266 to take. 4267 properties: 4268 command: 4269 description: Command is the command 4270 line to execute inside the container, 4271 the working directory for the command is 4272 root ('/') in the container's filesystem. 4273 The command is simply exec'd, it 4274 is not run inside a shell, so traditional 4275 shell instructions ('|', etc) won't 4276 work. To use a shell, you need to 4277 explicitly call out to that shell. 4278 Exit status of 0 is treated as live/healthy 4279 and non-zero is unhealthy. 4280 items: 4281 type: string 4282 type: array 4283 type: object 4284 httpGet: 4285 description: HTTPGet specifies the http 4286 request to perform. 4287 properties: 4288 host: 4289 description: Host name to connect 4290 to, defaults to the pod IP. You 4291 probably want to set "Host" in httpHeaders 4292 instead. 4293 type: string 4294 httpHeaders: 4295 description: Custom headers to set 4296 in the request. HTTP allows repeated 4297 headers. 4298 items: 4299 description: HTTPHeader describes 4300 a custom header to be used in 4301 HTTP probes 4302 properties: 4303 name: 4304 description: The header field 4305 name. This will be canonicalized 4306 upon output, so case-variant 4307 names will be understood as 4308 the same header. 4309 type: string 4310 value: 4311 description: The header field 4312 value 4313 type: string 4314 required: 4315 - name 4316 - value 4317 type: object 4318 type: array 4319 path: 4320 description: Path to access on the 4321 HTTP server. 4322 type: string 4323 port: 4324 anyOf: 4325 - type: integer 4326 - type: string 4327 description: Name or number of the 4328 port to access on the container. 4329 Number must be in the range 1 to 4330 65535. Name must be an IANA_SVC_NAME. 4331 x-kubernetes-int-or-string: true 4332 scheme: 4333 description: Scheme to use for connecting 4334 to the host. Defaults to HTTP. 4335 type: string 4336 required: 4337 - port 4338 type: object 4339 tcpSocket: 4340 description: Deprecated. TCPSocket is 4341 NOT supported as a LifecycleHandler 4342 and kept for the backward compatibility. 4343 There are no validation of this field 4344 and lifecycle hooks will fail in runtime 4345 when tcp handler is specified. 4346 properties: 4347 host: 4348 description: 'Optional: Host name 4349 to connect to, defaults to the pod 4350 IP.' 4351 type: string 4352 port: 4353 anyOf: 4354 - type: integer 4355 - type: string 4356 description: Number or name of the 4357 port to access on the container. 4358 Number must be in the range 1 to 4359 65535. Name must be an IANA_SVC_NAME. 4360 x-kubernetes-int-or-string: true 4361 required: 4362 - port 4363 type: object 4364 type: object 4365 preStop: 4366 description: PreStop is called immediately 4367 before a container is terminated due to 4368 an API request or management event such 4369 as liveness/startup probe failure, preemption, 4370 resource contention, etc. The handler is 4371 not called if the container crashes or exits. 4372 The Pod's termination grace period countdown 4373 begins before the PreStop hook is executed. 4374 properties: 4375 exec: 4376 description: Exec specifies the action 4377 to take. 4378 properties: 4379 command: 4380 description: Command is the command 4381 line to execute inside the container, 4382 the working directory for the command is 4383 root ('/') in the container's filesystem. 4384 The command is simply exec'd, it 4385 is not run inside a shell, so traditional 4386 shell instructions ('|', etc) won't 4387 work. To use a shell, you need to 4388 explicitly call out to that shell. 4389 Exit status of 0 is treated as live/healthy 4390 and non-zero is unhealthy. 4391 items: 4392 type: string 4393 type: array 4394 type: object 4395 httpGet: 4396 description: HTTPGet specifies the http 4397 request to perform. 4398 properties: 4399 host: 4400 description: Host name to connect 4401 to, defaults to the pod IP. You 4402 probably want to set "Host" in httpHeaders 4403 instead. 4404 type: string 4405 httpHeaders: 4406 description: Custom headers to set 4407 in the request. HTTP allows repeated 4408 headers. 4409 items: 4410 description: HTTPHeader describes 4411 a custom header to be used in 4412 HTTP probes 4413 properties: 4414 name: 4415 description: The header field 4416 name. This will be canonicalized 4417 upon output, so case-variant 4418 names will be understood as 4419 the same header. 4420 type: string 4421 value: 4422 description: The header field 4423 value 4424 type: string 4425 required: 4426 - name 4427 - value 4428 type: object 4429 type: array 4430 path: 4431 description: Path to access on the 4432 HTTP server. 4433 type: string 4434 port: 4435 anyOf: 4436 - type: integer 4437 - type: string 4438 description: Name or number of the 4439 port to access on the container. 4440 Number must be in the range 1 to 4441 65535. Name must be an IANA_SVC_NAME. 4442 x-kubernetes-int-or-string: true 4443 scheme: 4444 description: Scheme to use for connecting 4445 to the host. Defaults to HTTP. 4446 type: string 4447 required: 4448 - port 4449 type: object 4450 tcpSocket: 4451 description: Deprecated. TCPSocket is 4452 NOT supported as a LifecycleHandler 4453 and kept for the backward compatibility. 4454 There are no validation of this field 4455 and lifecycle hooks will fail in runtime 4456 when tcp handler is specified. 4457 properties: 4458 host: 4459 description: 'Optional: Host name 4460 to connect to, defaults to the pod 4461 IP.' 4462 type: string 4463 port: 4464 anyOf: 4465 - type: integer 4466 - type: string 4467 description: Number or name of the 4468 port to access on the container. 4469 Number must be in the range 1 to 4470 65535. Name must be an IANA_SVC_NAME. 4471 x-kubernetes-int-or-string: true 4472 required: 4473 - port 4474 type: object 4475 type: object 4476 type: object 4477 livenessProbe: 4478 description: 'Periodic probe of container liveness. 4479 Container will be restarted if the probe fails. 4480 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4481 properties: 4482 exec: 4483 description: Exec specifies the action to 4484 take. 4485 properties: 4486 command: 4487 description: Command is the command line 4488 to execute inside the container, the 4489 working directory for the command is 4490 root ('/') in the container's filesystem. 4491 The command is simply exec'd, it is 4492 not run inside a shell, so traditional 4493 shell instructions ('|', etc) won't 4494 work. To use a shell, you need to explicitly 4495 call out to that shell. Exit status 4496 of 0 is treated as live/healthy and 4497 non-zero is unhealthy. 4498 items: 4499 type: string 4500 type: array 4501 type: object 4502 failureThreshold: 4503 description: Minimum consecutive failures 4504 for the probe to be considered failed after 4505 having succeeded. Defaults to 3. Minimum 4506 value is 1. 4507 format: int32 4508 type: integer 4509 grpc: 4510 description: GRPC specifies an action involving 4511 a GRPC port. 4512 properties: 4513 port: 4514 description: Port number of the gRPC service. 4515 Number must be in the range 1 to 65535. 4516 format: int32 4517 type: integer 4518 service: 4519 description: "Service is the name of the 4520 service to place in the gRPC HealthCheckRequest 4521 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4522 \n If this is not specified, the default 4523 behavior is defined by gRPC." 4524 type: string 4525 required: 4526 - port 4527 type: object 4528 httpGet: 4529 description: HTTPGet specifies the http request 4530 to perform. 4531 properties: 4532 host: 4533 description: Host name to connect to, 4534 defaults to the pod IP. You probably 4535 want to set "Host" in httpHeaders instead. 4536 type: string 4537 httpHeaders: 4538 description: Custom headers to set in 4539 the request. HTTP allows repeated headers. 4540 items: 4541 description: HTTPHeader describes a 4542 custom header to be used in HTTP probes 4543 properties: 4544 name: 4545 description: The header field name. 4546 This will be canonicalized upon 4547 output, so case-variant names 4548 will be understood as the same 4549 header. 4550 type: string 4551 value: 4552 description: The header field value 4553 type: string 4554 required: 4555 - name 4556 - value 4557 type: object 4558 type: array 4559 path: 4560 description: Path to access on the HTTP 4561 server. 4562 type: string 4563 port: 4564 anyOf: 4565 - type: integer 4566 - type: string 4567 description: Name or number of the port 4568 to access on the container. Number must 4569 be in the range 1 to 65535. Name must 4570 be an IANA_SVC_NAME. 4571 x-kubernetes-int-or-string: true 4572 scheme: 4573 description: Scheme to use for connecting 4574 to the host. Defaults to HTTP. 4575 type: string 4576 required: 4577 - port 4578 type: object 4579 initialDelaySeconds: 4580 description: 'Number of seconds after the 4581 container has started before liveness probes 4582 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4583 format: int32 4584 type: integer 4585 periodSeconds: 4586 description: How often (in seconds) to perform 4587 the probe. Default to 10 seconds. Minimum 4588 value is 1. 4589 format: int32 4590 type: integer 4591 successThreshold: 4592 description: Minimum consecutive successes 4593 for the probe to be considered successful 4594 after having failed. Defaults to 1. Must 4595 be 1 for liveness and startup. Minimum value 4596 is 1. 4597 format: int32 4598 type: integer 4599 tcpSocket: 4600 description: TCPSocket specifies an action 4601 involving a TCP port. 4602 properties: 4603 host: 4604 description: 'Optional: Host name to connect 4605 to, defaults to the pod IP.' 4606 type: string 4607 port: 4608 anyOf: 4609 - type: integer 4610 - type: string 4611 description: Number or name of the port 4612 to access on the container. Number must 4613 be in the range 1 to 65535. Name must 4614 be an IANA_SVC_NAME. 4615 x-kubernetes-int-or-string: true 4616 required: 4617 - port 4618 type: object 4619 terminationGracePeriodSeconds: 4620 description: Optional duration in seconds 4621 the pod needs to terminate gracefully upon 4622 probe failure. The grace period is the duration 4623 in seconds after the processes running in 4624 the pod are sent a termination signal and 4625 the time when the processes are forcibly 4626 halted with a kill signal. Set this value 4627 longer than the expected cleanup time for 4628 your process. 4629 format: int64 4630 type: integer 4631 timeoutSeconds: 4632 description: 'Number of seconds after which 4633 the probe times out. Defaults to 1 second. 4634 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4635 format: int32 4636 type: integer 4637 type: object 4638 name: 4639 description: Name of the container specified as 4640 a DNS_LABEL. Each container in a pod must have 4641 a unique name (DNS_LABEL). Cannot be updated. 4642 type: string 4643 ports: 4644 description: List of ports to expose from the 4645 container. Not specifying a port here DOES NOT 4646 prevent that port from being exposed. Any port 4647 which is listening on the default "0.0.0.0" 4648 address inside a container will be accessible 4649 from the network. Modifying this array with 4650 strategic merge patch may corrupt the data. 4651 For more information See https://github.com/kubernetes/kubernetes/issues/108255. 4652 items: 4653 description: ContainerPort represents a network 4654 port in a single container. 4655 properties: 4656 containerPort: 4657 description: Number of port to expose on 4658 the pod's IP address. This must be a valid 4659 port number, 0 < x < 65536. 4660 format: int32 4661 type: integer 4662 hostIP: 4663 description: What host IP to bind the external 4664 port to. 4665 type: string 4666 hostPort: 4667 description: Number of port to expose on 4668 the host. If specified, this must be a 4669 valid port number, 0 < x < 65536. If HostNetwork 4670 is specified, this must match ContainerPort. 4671 Most containers do not need this. 4672 format: int32 4673 type: integer 4674 name: 4675 description: If specified, this must be 4676 an IANA_SVC_NAME and unique within the 4677 pod. Each named port in a pod must have 4678 a unique name. Name for the port that 4679 can be referred to by services. 4680 type: string 4681 protocol: 4682 default: TCP 4683 description: Protocol for port. Must be 4684 UDP, TCP, or SCTP. Defaults to "TCP". 4685 type: string 4686 required: 4687 - containerPort 4688 type: object 4689 type: array 4690 x-kubernetes-list-map-keys: 4691 - containerPort 4692 - protocol 4693 x-kubernetes-list-type: map 4694 readinessProbe: 4695 description: 'Periodic probe of container service 4696 readiness. Container will be removed from service 4697 endpoints if the probe fails. Cannot be updated. 4698 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4699 properties: 4700 exec: 4701 description: Exec specifies the action to 4702 take. 4703 properties: 4704 command: 4705 description: Command is the command line 4706 to execute inside the container, the 4707 working directory for the command is 4708 root ('/') in the container's filesystem. 4709 The command is simply exec'd, it is 4710 not run inside a shell, so traditional 4711 shell instructions ('|', etc) won't 4712 work. To use a shell, you need to explicitly 4713 call out to that shell. Exit status 4714 of 0 is treated as live/healthy and 4715 non-zero is unhealthy. 4716 items: 4717 type: string 4718 type: array 4719 type: object 4720 failureThreshold: 4721 description: Minimum consecutive failures 4722 for the probe to be considered failed after 4723 having succeeded. Defaults to 3. Minimum 4724 value is 1. 4725 format: int32 4726 type: integer 4727 grpc: 4728 description: GRPC specifies an action involving 4729 a GRPC port. 4730 properties: 4731 port: 4732 description: Port number of the gRPC service. 4733 Number must be in the range 1 to 65535. 4734 format: int32 4735 type: integer 4736 service: 4737 description: "Service is the name of the 4738 service to place in the gRPC HealthCheckRequest 4739 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4740 \n If this is not specified, the default 4741 behavior is defined by gRPC." 4742 type: string 4743 required: 4744 - port 4745 type: object 4746 httpGet: 4747 description: HTTPGet specifies the http request 4748 to perform. 4749 properties: 4750 host: 4751 description: Host name to connect to, 4752 defaults to the pod IP. You probably 4753 want to set "Host" in httpHeaders instead. 4754 type: string 4755 httpHeaders: 4756 description: Custom headers to set in 4757 the request. HTTP allows repeated headers. 4758 items: 4759 description: HTTPHeader describes a 4760 custom header to be used in HTTP probes 4761 properties: 4762 name: 4763 description: The header field name. 4764 This will be canonicalized upon 4765 output, so case-variant names 4766 will be understood as the same 4767 header. 4768 type: string 4769 value: 4770 description: The header field value 4771 type: string 4772 required: 4773 - name 4774 - value 4775 type: object 4776 type: array 4777 path: 4778 description: Path to access on the HTTP 4779 server. 4780 type: string 4781 port: 4782 anyOf: 4783 - type: integer 4784 - type: string 4785 description: Name or number of the port 4786 to access on the container. Number must 4787 be in the range 1 to 65535. Name must 4788 be an IANA_SVC_NAME. 4789 x-kubernetes-int-or-string: true 4790 scheme: 4791 description: Scheme to use for connecting 4792 to the host. Defaults to HTTP. 4793 type: string 4794 required: 4795 - port 4796 type: object 4797 initialDelaySeconds: 4798 description: 'Number of seconds after the 4799 container has started before liveness probes 4800 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4801 format: int32 4802 type: integer 4803 periodSeconds: 4804 description: How often (in seconds) to perform 4805 the probe. Default to 10 seconds. Minimum 4806 value is 1. 4807 format: int32 4808 type: integer 4809 successThreshold: 4810 description: Minimum consecutive successes 4811 for the probe to be considered successful 4812 after having failed. Defaults to 1. Must 4813 be 1 for liveness and startup. Minimum value 4814 is 1. 4815 format: int32 4816 type: integer 4817 tcpSocket: 4818 description: TCPSocket specifies an action 4819 involving a TCP port. 4820 properties: 4821 host: 4822 description: 'Optional: Host name to connect 4823 to, defaults to the pod IP.' 4824 type: string 4825 port: 4826 anyOf: 4827 - type: integer 4828 - type: string 4829 description: Number or name of the port 4830 to access on the container. Number must 4831 be in the range 1 to 65535. Name must 4832 be an IANA_SVC_NAME. 4833 x-kubernetes-int-or-string: true 4834 required: 4835 - port 4836 type: object 4837 terminationGracePeriodSeconds: 4838 description: Optional duration in seconds 4839 the pod needs to terminate gracefully upon 4840 probe failure. The grace period is the duration 4841 in seconds after the processes running in 4842 the pod are sent a termination signal and 4843 the time when the processes are forcibly 4844 halted with a kill signal. Set this value 4845 longer than the expected cleanup time for 4846 your process. 4847 format: int64 4848 type: integer 4849 timeoutSeconds: 4850 description: 'Number of seconds after which 4851 the probe times out. Defaults to 1 second. 4852 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4853 format: int32 4854 type: integer 4855 type: object 4856 resizePolicy: 4857 description: Resources resize policy for the container. 4858 items: 4859 description: ContainerResizePolicy represents 4860 resource resize policy for the container. 4861 properties: 4862 resourceName: 4863 description: 'Name of the resource to which 4864 this resource resize policy applies. Supported 4865 values: cpu, memory.' 4866 type: string 4867 restartPolicy: 4868 description: Restart policy to apply when 4869 specified resource is resized. If not 4870 specified, it defaults to NotRequired. 4871 type: string 4872 required: 4873 - resourceName 4874 - restartPolicy 4875 type: object 4876 type: array 4877 x-kubernetes-list-type: atomic 4878 resources: 4879 description: 'Compute Resources required by this 4880 container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4881 properties: 4882 claims: 4883 description: "Claims lists the names of resources, 4884 defined in spec.resourceClaims, that are 4885 used by this container. \n This is an alpha 4886 field and requires enabling the DynamicResourceAllocation 4887 feature gate. \n This field is immutable. 4888 It can only be set for containers." 4889 items: 4890 description: ResourceClaim references one 4891 entry in PodSpec.ResourceClaims. 4892 properties: 4893 name: 4894 description: Name must match the name 4895 of one entry in pod.spec.resourceClaims 4896 of the Pod where this field is used. 4897 It makes that resource available inside 4898 a container. 4899 type: string 4900 required: 4901 - name 4902 type: object 4903 type: array 4904 x-kubernetes-list-map-keys: 4905 - name 4906 x-kubernetes-list-type: map 4907 limits: 4908 additionalProperties: 4909 anyOf: 4910 - type: integer 4911 - type: string 4912 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4913 x-kubernetes-int-or-string: true 4914 description: 'Limits describes the maximum 4915 amount of compute resources allowed. More 4916 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4917 type: object 4918 requests: 4919 additionalProperties: 4920 anyOf: 4921 - type: integer 4922 - type: string 4923 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4924 x-kubernetes-int-or-string: true 4925 description: 'Requests describes the minimum 4926 amount of compute resources required. If 4927 Requests is omitted for a container, it 4928 defaults to Limits if that is explicitly 4929 specified, otherwise to an implementation-defined 4930 value. Requests cannot exceed Limits. More 4931 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4932 type: object 4933 type: object 4934 securityContext: 4935 description: 'SecurityContext defines the security 4936 options the container should be run with. If 4937 set, the fields of SecurityContext override 4938 the equivalent fields of PodSecurityContext. 4939 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 4940 properties: 4941 allowPrivilegeEscalation: 4942 description: 'AllowPrivilegeEscalation controls 4943 whether a process can gain more privileges 4944 than its parent process. This bool directly 4945 controls if the no_new_privs flag will be 4946 set on the container process. AllowPrivilegeEscalation 4947 is true always when the container is: 1) 4948 run as Privileged 2) has CAP_SYS_ADMIN Note 4949 that this field cannot be set when spec.os.name 4950 is windows.' 4951 type: boolean 4952 capabilities: 4953 description: The capabilities to add/drop 4954 when running containers. Defaults to the 4955 default set of capabilities granted by the 4956 container runtime. Note that this field 4957 cannot be set when spec.os.name is windows. 4958 properties: 4959 add: 4960 description: Added capabilities 4961 items: 4962 description: Capability represent POSIX 4963 capabilities type 4964 type: string 4965 type: array 4966 drop: 4967 description: Removed capabilities 4968 items: 4969 description: Capability represent POSIX 4970 capabilities type 4971 type: string 4972 type: array 4973 type: object 4974 privileged: 4975 description: Run container in privileged mode. 4976 Processes in privileged containers are essentially 4977 equivalent to root on the host. Defaults 4978 to false. Note that this field cannot be 4979 set when spec.os.name is windows. 4980 type: boolean 4981 procMount: 4982 description: procMount denotes the type of 4983 proc mount to use for the containers. The 4984 default is DefaultProcMount which uses the 4985 container runtime defaults for readonly 4986 paths and masked paths. This requires the 4987 ProcMountType feature flag to be enabled. 4988 Note that this field cannot be set when 4989 spec.os.name is windows. 4990 type: string 4991 readOnlyRootFilesystem: 4992 description: Whether this container has a 4993 read-only root filesystem. Default is false. 4994 Note that this field cannot be set when 4995 spec.os.name is windows. 4996 type: boolean 4997 runAsGroup: 4998 description: The GID to run the entrypoint 4999 of the container process. Uses runtime default 5000 if unset. May also be set in PodSecurityContext. If 5001 set in both SecurityContext and PodSecurityContext, 5002 the value specified in SecurityContext takes 5003 precedence. Note that this field cannot 5004 be set when spec.os.name is windows. 5005 format: int64 5006 type: integer 5007 runAsNonRoot: 5008 description: Indicates that the container 5009 must run as a non-root user. If true, the 5010 Kubelet will validate the image at runtime 5011 to ensure that it does not run as UID 0 5012 (root) and fail to start the container if 5013 it does. If unset or false, no such validation 5014 will be performed. May also be set in PodSecurityContext. 5015 type: boolean 5016 runAsUser: 5017 description: The UID to run the entrypoint 5018 of the container process. Defaults to user 5019 specified in image metadata if unspecified. 5020 May also be set in PodSecurityContext. If 5021 set in both SecurityContext and PodSecurityContext, 5022 the value specified in SecurityContext takes 5023 precedence. Note that this field cannot 5024 be set when spec.os.name is windows. 5025 format: int64 5026 type: integer 5027 seLinuxOptions: 5028 description: The SELinux context to be applied 5029 to the container. If unspecified, the container 5030 runtime will allocate a random SELinux context 5031 for each container. May also be set in 5032 PodSecurityContext. If set in both SecurityContext 5033 and PodSecurityContext, the value specified 5034 in SecurityContext takes precedence. Note 5035 that this field cannot be set when spec.os.name 5036 is windows. 5037 properties: 5038 level: 5039 description: Level is SELinux level label 5040 that applies to the container. 5041 type: string 5042 role: 5043 description: Role is a SELinux role label 5044 that applies to the container. 5045 type: string 5046 type: 5047 description: Type is a SELinux type label 5048 that applies to the container. 5049 type: string 5050 user: 5051 description: User is a SELinux user label 5052 that applies to the container. 5053 type: string 5054 type: object 5055 seccompProfile: 5056 description: The seccomp options to use by 5057 this container. If seccomp options are provided 5058 at both the pod & container level, the container 5059 options override the pod options. Note that 5060 this field cannot be set when spec.os.name 5061 is windows. 5062 properties: 5063 localhostProfile: 5064 description: localhostProfile indicates 5065 a profile defined in a file on the node 5066 should be used. The profile must be 5067 preconfigured on the node to work. Must 5068 be a descending path, relative to the 5069 kubelet's configured seccomp profile 5070 location. Must only be set if type is 5071 "Localhost". 5072 type: string 5073 type: 5074 description: "type indicates which kind 5075 of seccomp profile will be applied. 5076 Valid options are: \n Localhost - a 5077 profile defined in a file on the node 5078 should be used. RuntimeDefault - the 5079 container runtime default profile should 5080 be used. Unconfined - no profile should 5081 be applied." 5082 type: string 5083 required: 5084 - type 5085 type: object 5086 windowsOptions: 5087 description: The Windows specific settings 5088 applied to all containers. If unspecified, 5089 the options from the PodSecurityContext 5090 will be used. If set in both SecurityContext 5091 and PodSecurityContext, the value specified 5092 in SecurityContext takes precedence. Note 5093 that this field cannot be set when spec.os.name 5094 is linux. 5095 properties: 5096 gmsaCredentialSpec: 5097 description: GMSACredentialSpec is where 5098 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5099 inlines the contents of the GMSA credential 5100 spec named by the GMSACredentialSpecName 5101 field. 5102 type: string 5103 gmsaCredentialSpecName: 5104 description: GMSACredentialSpecName is 5105 the name of the GMSA credential spec 5106 to use. 5107 type: string 5108 hostProcess: 5109 description: HostProcess determines if 5110 a container should be run as a 'Host 5111 Process' container. This field is alpha-level 5112 and will only be honored by components 5113 that enable the WindowsHostProcessContainers 5114 feature flag. Setting this field without 5115 the feature flag will result in errors 5116 when validating the Pod. 5117 type: boolean 5118 runAsUserName: 5119 description: The UserName in Windows to 5120 run the entrypoint of the container 5121 process. Defaults to the user specified 5122 in image metadata if unspecified. May 5123 also be set in PodSecurityContext. If 5124 set in both SecurityContext and PodSecurityContext, 5125 the value specified in SecurityContext 5126 takes precedence. 5127 type: string 5128 type: object 5129 type: object 5130 startupProbe: 5131 description: StartupProbe indicates that the Pod 5132 has successfully initialized. If specified, 5133 no other probes are executed until this completes 5134 successfully. If this probe fails, the Pod will 5135 be restarted, just as if the livenessProbe failed. 5136 properties: 5137 exec: 5138 description: Exec specifies the action to 5139 take. 5140 properties: 5141 command: 5142 description: Command is the command line 5143 to execute inside the container, the 5144 working directory for the command is 5145 root ('/') in the container's filesystem. 5146 The command is simply exec'd, it is 5147 not run inside a shell, so traditional 5148 shell instructions ('|', etc) won't 5149 work. To use a shell, you need to explicitly 5150 call out to that shell. Exit status 5151 of 0 is treated as live/healthy and 5152 non-zero is unhealthy. 5153 items: 5154 type: string 5155 type: array 5156 type: object 5157 failureThreshold: 5158 description: Minimum consecutive failures 5159 for the probe to be considered failed after 5160 having succeeded. Defaults to 3. Minimum 5161 value is 1. 5162 format: int32 5163 type: integer 5164 grpc: 5165 description: GRPC specifies an action involving 5166 a GRPC port. 5167 properties: 5168 port: 5169 description: Port number of the gRPC service. 5170 Number must be in the range 1 to 65535. 5171 format: int32 5172 type: integer 5173 service: 5174 description: "Service is the name of the 5175 service to place in the gRPC HealthCheckRequest 5176 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5177 \n If this is not specified, the default 5178 behavior is defined by gRPC." 5179 type: string 5180 required: 5181 - port 5182 type: object 5183 httpGet: 5184 description: HTTPGet specifies the http request 5185 to perform. 5186 properties: 5187 host: 5188 description: Host name to connect to, 5189 defaults to the pod IP. You probably 5190 want to set "Host" in httpHeaders instead. 5191 type: string 5192 httpHeaders: 5193 description: Custom headers to set in 5194 the request. HTTP allows repeated headers. 5195 items: 5196 description: HTTPHeader describes a 5197 custom header to be used in HTTP probes 5198 properties: 5199 name: 5200 description: The header field name. 5201 This will be canonicalized upon 5202 output, so case-variant names 5203 will be understood as the same 5204 header. 5205 type: string 5206 value: 5207 description: The header field value 5208 type: string 5209 required: 5210 - name 5211 - value 5212 type: object 5213 type: array 5214 path: 5215 description: Path to access on the HTTP 5216 server. 5217 type: string 5218 port: 5219 anyOf: 5220 - type: integer 5221 - type: string 5222 description: Name or number of the port 5223 to access on the container. Number must 5224 be in the range 1 to 65535. Name must 5225 be an IANA_SVC_NAME. 5226 x-kubernetes-int-or-string: true 5227 scheme: 5228 description: Scheme to use for connecting 5229 to the host. Defaults to HTTP. 5230 type: string 5231 required: 5232 - port 5233 type: object 5234 initialDelaySeconds: 5235 description: 'Number of seconds after the 5236 container has started before liveness probes 5237 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5238 format: int32 5239 type: integer 5240 periodSeconds: 5241 description: How often (in seconds) to perform 5242 the probe. Default to 10 seconds. Minimum 5243 value is 1. 5244 format: int32 5245 type: integer 5246 successThreshold: 5247 description: Minimum consecutive successes 5248 for the probe to be considered successful 5249 after having failed. Defaults to 1. Must 5250 be 1 for liveness and startup. Minimum value 5251 is 1. 5252 format: int32 5253 type: integer 5254 tcpSocket: 5255 description: TCPSocket specifies an action 5256 involving a TCP port. 5257 properties: 5258 host: 5259 description: 'Optional: Host name to connect 5260 to, defaults to the pod IP.' 5261 type: string 5262 port: 5263 anyOf: 5264 - type: integer 5265 - type: string 5266 description: Number or name of the port 5267 to access on the container. Number must 5268 be in the range 1 to 65535. Name must 5269 be an IANA_SVC_NAME. 5270 x-kubernetes-int-or-string: true 5271 required: 5272 - port 5273 type: object 5274 terminationGracePeriodSeconds: 5275 description: Optional duration in seconds 5276 the pod needs to terminate gracefully upon 5277 probe failure. The grace period is the duration 5278 in seconds after the processes running in 5279 the pod are sent a termination signal and 5280 the time when the processes are forcibly 5281 halted with a kill signal. Set this value 5282 longer than the expected cleanup time for 5283 your process. 5284 format: int64 5285 type: integer 5286 timeoutSeconds: 5287 description: 'Number of seconds after which 5288 the probe times out. Defaults to 1 second. 5289 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5290 format: int32 5291 type: integer 5292 type: object 5293 stdin: 5294 description: Whether this container should allocate 5295 a buffer for stdin in the container runtime. 5296 If this is not set, reads from stdin in the 5297 container will always result in EOF. Default 5298 is false. 5299 type: boolean 5300 stdinOnce: 5301 description: Whether the container runtime should 5302 close the stdin channel after it has been opened 5303 by a single attach. When stdin is true the stdin 5304 stream will remain open across multiple attach 5305 sessions. 5306 type: boolean 5307 terminationMessagePath: 5308 description: 'Optional: Path at which the file 5309 to which the container''s termination message 5310 will be written is mounted into the container''s 5311 filesystem. Message written is intended to be 5312 brief final status, such as an assertion failure 5313 message. Will be truncated by the node if greater 5314 than 4096 bytes. The total message length across 5315 all containers will be limited to 12kb. Defaults 5316 to /dev/termination-log.' 5317 type: string 5318 terminationMessagePolicy: 5319 description: Indicate how the termination message 5320 should be populated. File will use the contents 5321 of terminationMessagePath to populate the container 5322 status message on both success and failure. 5323 FallbackToLogsOnError will use the last chunk 5324 of container log output if the termination message 5325 file is empty and the container exited with 5326 an error. 5327 type: string 5328 tty: 5329 description: Whether this container should allocate 5330 a TTY for itself, also requires 'stdin' to be 5331 true. Default is false. 5332 type: boolean 5333 volumeDevices: 5334 description: volumeDevices is the list of block 5335 devices to be used by the container. 5336 items: 5337 description: volumeDevice describes a mapping 5338 of a raw block device within a container. 5339 properties: 5340 devicePath: 5341 description: devicePath is the path inside 5342 of the container that the device will 5343 be mapped to. 5344 type: string 5345 name: 5346 description: name must match the name of 5347 a persistentVolumeClaim in the pod 5348 type: string 5349 required: 5350 - devicePath 5351 - name 5352 type: object 5353 type: array 5354 volumeMounts: 5355 description: Pod volumes to mount into the container's 5356 filesystem. Cannot be updated. 5357 items: 5358 description: VolumeMount describes a mounting 5359 of a Volume within a container. 5360 properties: 5361 mountPath: 5362 description: Path within the container at 5363 which the volume should be mounted. Must 5364 not contain ':'. 5365 type: string 5366 mountPropagation: 5367 description: mountPropagation determines 5368 how mounts are propagated from the host 5369 to container and the other way around. 5370 When not set, MountPropagationNone is 5371 used. This field is beta in 1.10. 5372 type: string 5373 name: 5374 description: This must match the Name of 5375 a Volume. 5376 type: string 5377 readOnly: 5378 description: Mounted read-only if true, 5379 read-write otherwise (false or unspecified). 5380 Defaults to false. 5381 type: boolean 5382 subPath: 5383 description: Path within the volume from 5384 which the container's volume should be 5385 mounted. Defaults to "" (volume's root). 5386 type: string 5387 subPathExpr: 5388 description: Expanded path within the volume 5389 from which the container's volume should 5390 be mounted. Behaves similarly to SubPath 5391 but environment variable references $(VAR_NAME) 5392 are expanded using the container's environment. 5393 Defaults to "" (volume's root). SubPathExpr 5394 and SubPath are mutually exclusive. 5395 type: string 5396 required: 5397 - mountPath 5398 - name 5399 type: object 5400 type: array 5401 workingDir: 5402 description: Container's working directory. If 5403 not specified, the container runtime's default 5404 will be used, which might be configured in the 5405 container image. Cannot be updated. 5406 type: string 5407 required: 5408 - name 5409 type: object 5410 type: array 5411 nodeName: 5412 description: NodeName is a request to schedule this 5413 pod onto a specific node. If it is non-empty, the 5414 scheduler simply schedules this pod onto that node, 5415 assuming that it fits resource requirements. 5416 type: string 5417 nodeSelector: 5418 additionalProperties: 5419 type: string 5420 description: 'NodeSelector is a selector which must 5421 be true for the pod to fit on a node. Selector which 5422 must match a node''s labels for the pod to be scheduled 5423 on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 5424 type: object 5425 x-kubernetes-map-type: atomic 5426 os: 5427 description: "Specifies the OS of the containers in 5428 the pod. Some pod and container fields are restricted 5429 if this is set. \n If the OS field is set to linux, 5430 the following fields must be unset: -securityContext.windowsOptions 5431 \n If the OS field is set to windows, following fields 5432 must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers 5433 - spec.securityContext.seLinuxOptions - spec.securityContext." 5434 properties: 5435 name: 5436 description: 'Name is the name of the operating 5437 system. The currently supported values are linux 5438 and windows. Additional value may be defined in 5439 future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration 5440 Clients should expect to handle additional values 5441 and treat unrecognized values in this field as 5442 os: null' 5443 type: string 5444 required: 5445 - name 5446 type: object 5447 overhead: 5448 additionalProperties: 5449 anyOf: 5450 - type: integer 5451 - type: string 5452 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5453 x-kubernetes-int-or-string: true 5454 description: Overhead represents the resource overhead 5455 associated with running a pod for a given RuntimeClass. 5456 This field will be autopopulated at admission time 5457 by the RuntimeClass admission controller. If the RuntimeClass 5458 admission controller is enabled, overhead must not 5459 be set in Pod create requests. The RuntimeClass admission 5460 controller will reject Pod create requests which have 5461 the overhead already set. 5462 type: object 5463 preemptionPolicy: 5464 description: PreemptionPolicy is the Policy for preempting 5465 pods with lower priority. One of Never, PreemptLowerPriority. 5466 Defaults to PreemptLowerPriority if unset. 5467 type: string 5468 priority: 5469 description: The priority value. Various system components 5470 use this field to find the priority of the pod. When 5471 Priority Admission Controller is enabled, it prevents 5472 users from setting this field. The admission controller 5473 populates this field from PriorityClassName. The higher 5474 the value, the higher the priority. 5475 format: int32 5476 type: integer 5477 priorityClassName: 5478 description: If specified, indicates the pod's priority. 5479 "system-node-critical" and "system-cluster-critical" 5480 are two special keywords which indicate the highest 5481 priorities with the former being the highest priority. 5482 Any other name must be defined by creating a PriorityClass 5483 object with that name. If not specified, the pod priority 5484 will be default or zero if there is no default. 5485 type: string 5486 readinessGates: 5487 description: 'If specified, all readiness gates will 5488 be evaluated for pod readiness. A pod is ready when 5489 all its containers are ready AND all conditions specified 5490 in the readiness gates have status equal to "True" 5491 More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' 5492 items: 5493 description: PodReadinessGate contains the reference 5494 to a pod condition 5495 properties: 5496 conditionType: 5497 description: ConditionType refers to a condition 5498 in the pod's condition list with matching type. 5499 type: string 5500 required: 5501 - conditionType 5502 type: object 5503 type: array 5504 resourceClaims: 5505 description: "ResourceClaims defines which ResourceClaims 5506 must be allocated and reserved before the Pod is allowed 5507 to start. The resources will be made available to 5508 those containers which consume them by name. \n This 5509 is an alpha field and requires enabling the DynamicResourceAllocation 5510 feature gate. \n This field is immutable." 5511 items: 5512 description: PodResourceClaim references exactly one 5513 ResourceClaim through a ClaimSource. It adds a name 5514 to it that uniquely identifies the ResourceClaim 5515 inside the Pod. Containers that need access to the 5516 ResourceClaim reference it with this name. 5517 properties: 5518 name: 5519 description: Name uniquely identifies this resource 5520 claim inside the pod. This must be a DNS_LABEL. 5521 type: string 5522 source: 5523 description: Source describes where to find the 5524 ResourceClaim. 5525 properties: 5526 resourceClaimName: 5527 description: ResourceClaimName is the name 5528 of a ResourceClaim object in the same namespace 5529 as this pod. 5530 type: string 5531 resourceClaimTemplateName: 5532 description: "ResourceClaimTemplateName is 5533 the name of a ResourceClaimTemplate object 5534 in the same namespace as this pod. \n The 5535 template will be used to create a new ResourceClaim, 5536 which will be bound to this pod. When this 5537 pod is deleted, the ResourceClaim will also 5538 be deleted. The name of the ResourceClaim 5539 will be <pod name>-<resource name>, where 5540 <resource name> is the PodResourceClaim.Name." 5541 type: string 5542 type: object 5543 required: 5544 - name 5545 type: object 5546 type: array 5547 x-kubernetes-list-map-keys: 5548 - name 5549 x-kubernetes-list-type: map 5550 restartPolicy: 5551 description: 'Restart policy for all containers within 5552 the pod. One of Always, OnFailure, Never. In some 5553 contexts, only a subset of those values may be permitted. 5554 Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 5555 type: string 5556 runtimeClassName: 5557 description: 'RuntimeClassName refers to a RuntimeClass 5558 object in the node.k8s.io group, which should be used 5559 to run this pod. If no RuntimeClass resource matches 5560 the named class, the pod will not be run. If unset 5561 or empty, the "legacy" RuntimeClass will be used, 5562 which is an implicit class with an empty definition 5563 that uses the default runtime handler. More info: 5564 https://git.k8s.' 5565 type: string 5566 schedulerName: 5567 description: If specified, the pod will be dispatched 5568 by specified scheduler. If not specified, the pod 5569 will be dispatched by default scheduler. 5570 type: string 5571 schedulingGates: 5572 description: "SchedulingGates is an opaque list of values 5573 that if specified will block scheduling the pod. If 5574 schedulingGates is not empty, the pod will stay in 5575 the SchedulingGated state and the scheduler will not 5576 attempt to schedule the pod. \n SchedulingGates can 5577 only be set at pod creation time, and be removed only 5578 afterwards. \n This is a beta feature enabled by the 5579 PodSchedulingReadiness feature gate." 5580 items: 5581 description: PodSchedulingGate is associated to a 5582 Pod to guard its scheduling. 5583 properties: 5584 name: 5585 description: Name of the scheduling gate. Each 5586 scheduling gate must have a unique name field. 5587 type: string 5588 required: 5589 - name 5590 type: object 5591 type: array 5592 x-kubernetes-list-map-keys: 5593 - name 5594 x-kubernetes-list-type: map 5595 securityContext: 5596 description: 'SecurityContext holds pod-level security 5597 attributes and common container settings. Optional: 5598 Defaults to empty. See type description for default 5599 values of each field.' 5600 properties: 5601 fsGroup: 5602 description: "A special supplemental group that 5603 applies to all containers in a pod. Some volume 5604 types allow the Kubelet to change the ownership 5605 of that volume to be owned by the pod: \n 1. The 5606 owning GID will be the FSGroup 2. The setgid bit 5607 is set (new files created in the volume will be 5608 owned by FSGroup) 3." 5609 format: int64 5610 type: integer 5611 fsGroupChangePolicy: 5612 description: 'fsGroupChangePolicy defines behavior 5613 of changing ownership and permission of the volume 5614 before being exposed inside Pod. This field will 5615 only apply to volume types which support fsGroup 5616 based ownership(and permissions). It will have 5617 no effect on ephemeral volume types such as: secret, 5618 configmaps and emptydir. Valid values are "OnRootMismatch" 5619 and "Always". If not specified, "Always" is used.' 5620 type: string 5621 runAsGroup: 5622 description: The GID to run the entrypoint of the 5623 container process. Uses runtime default if unset. 5624 May also be set in SecurityContext. If set in 5625 both SecurityContext and PodSecurityContext, the 5626 value specified in SecurityContext takes precedence 5627 for that container. Note that this field cannot 5628 be set when spec.os.name is windows. 5629 format: int64 5630 type: integer 5631 runAsNonRoot: 5632 description: Indicates that the container must run 5633 as a non-root user. If true, the Kubelet will 5634 validate the image at runtime to ensure that it 5635 does not run as UID 0 (root) and fail to start 5636 the container if it does. If unset or false, no 5637 such validation will be performed. May also be 5638 set in SecurityContext. 5639 type: boolean 5640 runAsUser: 5641 description: The UID to run the entrypoint of the 5642 container process. Defaults to user specified 5643 in image metadata if unspecified. May also be 5644 set in SecurityContext. If set in both SecurityContext 5645 and PodSecurityContext, the value specified in 5646 SecurityContext takes precedence for that container. 5647 Note that this field cannot be set when spec.os.name 5648 is windows. 5649 format: int64 5650 type: integer 5651 seLinuxOptions: 5652 description: The SELinux context to be applied to 5653 all containers. If unspecified, the container 5654 runtime will allocate a random SELinux context 5655 for each container. May also be set in SecurityContext. If 5656 set in both SecurityContext and PodSecurityContext, 5657 the value specified in SecurityContext takes precedence 5658 for that container. Note that this field cannot 5659 be set when spec.os.name is windows. 5660 properties: 5661 level: 5662 description: Level is SELinux level label that 5663 applies to the container. 5664 type: string 5665 role: 5666 description: Role is a SELinux role label that 5667 applies to the container. 5668 type: string 5669 type: 5670 description: Type is a SELinux type label that 5671 applies to the container. 5672 type: string 5673 user: 5674 description: User is a SELinux user label that 5675 applies to the container. 5676 type: string 5677 type: object 5678 seccompProfile: 5679 description: The seccomp options to use by the containers 5680 in this pod. Note that this field cannot be set 5681 when spec.os.name is windows. 5682 properties: 5683 localhostProfile: 5684 description: localhostProfile indicates a profile 5685 defined in a file on the node should be used. 5686 The profile must be preconfigured on the node 5687 to work. Must be a descending path, relative 5688 to the kubelet's configured seccomp profile 5689 location. Must only be set if type is "Localhost". 5690 type: string 5691 type: 5692 description: "type indicates which kind of seccomp 5693 profile will be applied. Valid options are: 5694 \n Localhost - a profile defined in a file 5695 on the node should be used. RuntimeDefault 5696 - the container runtime default profile should 5697 be used. Unconfined - no profile should be 5698 applied." 5699 type: string 5700 required: 5701 - type 5702 type: object 5703 supplementalGroups: 5704 description: A list of groups applied to the first 5705 process run in each container, in addition to 5706 the container's primary GID, the fsGroup (if specified), 5707 and group memberships defined in the container 5708 image for the uid of the container process. If 5709 unspecified, no additional groups are added to 5710 any container. 5711 items: 5712 format: int64 5713 type: integer 5714 type: array 5715 sysctls: 5716 description: Sysctls hold a list of namespaced sysctls 5717 used for the pod. Pods with unsupported sysctls 5718 (by the container runtime) might fail to launch. 5719 Note that this field cannot be set when spec.os.name 5720 is windows. 5721 items: 5722 description: Sysctl defines a kernel parameter 5723 to be set 5724 properties: 5725 name: 5726 description: Name of a property to set 5727 type: string 5728 value: 5729 description: Value of a property to set 5730 type: string 5731 required: 5732 - name 5733 - value 5734 type: object 5735 type: array 5736 windowsOptions: 5737 description: The Windows specific settings applied 5738 to all containers. If unspecified, the options 5739 within a container's SecurityContext will be used. 5740 If set in both SecurityContext and PodSecurityContext, 5741 the value specified in SecurityContext takes precedence. 5742 Note that this field cannot be set when spec.os.name 5743 is linux. 5744 properties: 5745 gmsaCredentialSpec: 5746 description: GMSACredentialSpec is where the 5747 GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5748 inlines the contents of the GMSA credential 5749 spec named by the GMSACredentialSpecName field. 5750 type: string 5751 gmsaCredentialSpecName: 5752 description: GMSACredentialSpecName is the name 5753 of the GMSA credential spec to use. 5754 type: string 5755 hostProcess: 5756 description: HostProcess determines if a container 5757 should be run as a 'Host Process' container. 5758 This field is alpha-level and will only be 5759 honored by components that enable the WindowsHostProcessContainers 5760 feature flag. Setting this field without the 5761 feature flag will result in errors when validating 5762 the Pod. 5763 type: boolean 5764 runAsUserName: 5765 description: The UserName in Windows to run 5766 the entrypoint of the container process. Defaults 5767 to the user specified in image metadata if 5768 unspecified. May also be set in PodSecurityContext. 5769 If set in both SecurityContext and PodSecurityContext, 5770 the value specified in SecurityContext takes 5771 precedence. 5772 type: string 5773 type: object 5774 type: object 5775 serviceAccount: 5776 description: 'DeprecatedServiceAccount is a depreciated 5777 alias for ServiceAccountName. Deprecated: Use serviceAccountName 5778 instead.' 5779 type: string 5780 serviceAccountName: 5781 description: 'ServiceAccountName is the name of the 5782 ServiceAccount to use to run this pod. More info: 5783 https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 5784 type: string 5785 setHostnameAsFQDN: 5786 description: If true the pod's hostname will be configured 5787 as the pod's FQDN, rather than the leaf name (the 5788 default). In Linux containers, this means setting 5789 the FQDN in the hostname field of the kernel (the 5790 nodename field of struct utsname). 5791 type: boolean 5792 shareProcessNamespace: 5793 description: 'Share a single process namespace between 5794 all of the containers in a pod. When this is set containers 5795 will be able to view and signal processes from other 5796 containers in the same pod, and the first process 5797 in each container will not be assigned PID 1. HostPID 5798 and ShareProcessNamespace cannot both be set. Optional: 5799 Default to false.' 5800 type: boolean 5801 subdomain: 5802 description: If specified, the fully qualified Pod hostname 5803 will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster 5804 domain>". If not specified, the pod will not have 5805 a domainname at all. 5806 type: string 5807 terminationGracePeriodSeconds: 5808 description: Optional duration in seconds the pod needs 5809 to terminate gracefully. May be decreased in delete 5810 request. Value must be non-negative integer. The value 5811 zero indicates stop immediately via the kill signal 5812 (no opportunity to shut down). If this value is nil, 5813 the default grace period will be used instead. 5814 format: int64 5815 type: integer 5816 tolerations: 5817 description: If specified, the pod's tolerations. 5818 items: 5819 description: The pod this Toleration is attached to 5820 tolerates any taint that matches the triple <key,value,effect> 5821 using the matching operator <operator>. 5822 properties: 5823 effect: 5824 description: Effect indicates the taint effect 5825 to match. Empty means match all taint effects. 5826 When specified, allowed values are NoSchedule, 5827 PreferNoSchedule and NoExecute. 5828 type: string 5829 key: 5830 description: Key is the taint key that the toleration 5831 applies to. Empty means match all taint keys. 5832 If the key is empty, operator must be Exists; 5833 this combination means to match all values and 5834 all keys. 5835 type: string 5836 operator: 5837 description: Operator represents a key's relationship 5838 to the value. Valid operators are Exists and 5839 Equal. Defaults to Equal. Exists is equivalent 5840 to wildcard for value, so that a pod can tolerate 5841 all taints of a particular category. 5842 type: string 5843 tolerationSeconds: 5844 description: TolerationSeconds represents the 5845 period of time the toleration (which must be 5846 of effect NoExecute, otherwise this field is 5847 ignored) tolerates the taint. By default, it 5848 is not set, which means tolerate the taint forever 5849 (do not evict). Zero and negative values will 5850 be treated as 0 (evict immediately) by the system. 5851 format: int64 5852 type: integer 5853 value: 5854 description: Value is the taint value the toleration 5855 matches to. If the operator is Exists, the value 5856 should be empty, otherwise just a regular string. 5857 type: string 5858 type: object 5859 type: array 5860 topologySpreadConstraints: 5861 description: TopologySpreadConstraints describes how 5862 a group of pods ought to spread across topology domains. 5863 Scheduler will schedule pods in a way which abides 5864 by the constraints. All topologySpreadConstraints 5865 are ANDed. 5866 items: 5867 description: TopologySpreadConstraint specifies how 5868 to spread matching pods among the given topology. 5869 properties: 5870 labelSelector: 5871 description: LabelSelector is used to find matching 5872 pods. Pods that match this label selector are 5873 counted to determine the number of pods in their 5874 corresponding topology domain. 5875 properties: 5876 matchExpressions: 5877 description: matchExpressions is a list of 5878 label selector requirements. The requirements 5879 are ANDed. 5880 items: 5881 description: A label selector requirement 5882 is a selector that contains values, a 5883 key, and an operator that relates the 5884 key and values. 5885 properties: 5886 key: 5887 description: key is the label key that 5888 the selector applies to. 5889 type: string 5890 operator: 5891 description: operator represents a key's 5892 relationship to a set of values. Valid 5893 operators are In, NotIn, Exists and 5894 DoesNotExist. 5895 type: string 5896 values: 5897 description: values is an array of string 5898 values. If the operator is In or NotIn, 5899 the values array must be non-empty. 5900 If the operator is Exists or DoesNotExist, 5901 the values array must be empty. This 5902 array is replaced during a strategic 5903 merge patch. 5904 items: 5905 type: string 5906 type: array 5907 required: 5908 - key 5909 - operator 5910 type: object 5911 type: array 5912 matchLabels: 5913 additionalProperties: 5914 type: string 5915 description: matchLabels is a map of {key,value} 5916 pairs. A single {key,value} in the matchLabels 5917 map is equivalent to an element of matchExpressions, 5918 whose key field is "key", the operator is 5919 "In", and the values array contains only 5920 "value". The requirements are ANDed. 5921 type: object 5922 type: object 5923 x-kubernetes-map-type: atomic 5924 matchLabelKeys: 5925 description: MatchLabelKeys is a set of pod label 5926 keys to select the pods over which spreading 5927 will be calculated. The keys are used to lookup 5928 values from the incoming pod labels, those key-value 5929 labels are ANDed with labelSelector to select 5930 the group of existing pods over which spreading 5931 will be calculated for the incoming pod. The 5932 same key is forbidden to exist in both MatchLabelKeys 5933 and LabelSelector. 5934 items: 5935 type: string 5936 type: array 5937 x-kubernetes-list-type: atomic 5938 maxSkew: 5939 description: MaxSkew describes the degree to which 5940 pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 5941 it is the maximum permitted difference between 5942 the number of matching pods in the target topology 5943 and the global minimum. The global minimum is 5944 the minimum number of matching pods in an eligible 5945 domain or zero if the number of eligible domains 5946 is less than MinDomains. 5947 format: int32 5948 type: integer 5949 minDomains: 5950 description: MinDomains indicates a minimum number 5951 of eligible domains. When the number of eligible 5952 domains with matching topology keys is less 5953 than minDomains, Pod Topology Spread treats 5954 "global minimum" as 0, and then the calculation 5955 of Skew is performed. And when the number of 5956 eligible domains with matching topology keys 5957 equals or greater than minDomains, this value 5958 has no effect on scheduling. 5959 format: int32 5960 type: integer 5961 nodeAffinityPolicy: 5962 description: "NodeAffinityPolicy indicates how 5963 we will treat Pod's nodeAffinity/nodeSelector 5964 when calculating pod topology spread skew. Options 5965 are: - Honor: only nodes matching nodeAffinity/nodeSelector 5966 are included in the calculations. - Ignore: 5967 nodeAffinity/nodeSelector are ignored. All nodes 5968 are included in the calculations. \n If this 5969 value is nil, the behavior is equivalent to 5970 the Honor policy." 5971 type: string 5972 nodeTaintsPolicy: 5973 description: "NodeTaintsPolicy indicates how we 5974 will treat node taints when calculating pod 5975 topology spread skew. Options are: - Honor: 5976 nodes without taints, along with tainted nodes 5977 for which the incoming pod has a toleration, 5978 are included. - Ignore: node taints are ignored. 5979 All nodes are included. \n If this value is 5980 nil, the behavior is equivalent to the Ignore 5981 policy." 5982 type: string 5983 topologyKey: 5984 description: TopologyKey is the key of node labels. 5985 Nodes that have a label with this key and identical 5986 values are considered to be in the same topology. 5987 We consider each <key, value> as a "bucket", 5988 and try to put balanced number of pods into 5989 each bucket. We define a domain as a particular 5990 instance of a topology. 5991 type: string 5992 whenUnsatisfiable: 5993 description: WhenUnsatisfiable indicates how to 5994 deal with a pod if it doesn't satisfy the spread 5995 constraint. - DoNotSchedule (default) tells 5996 the scheduler not to schedule it. - ScheduleAnyway 5997 tells the scheduler to schedule the pod in any 5998 location, but giving higher precedence to topologies 5999 that would help reduce the skew. 6000 type: string 6001 required: 6002 - maxSkew 6003 - topologyKey 6004 - whenUnsatisfiable 6005 type: object 6006 type: array 6007 x-kubernetes-list-map-keys: 6008 - topologyKey 6009 - whenUnsatisfiable 6010 x-kubernetes-list-type: map 6011 volumes: 6012 description: 'List of volumes that can be mounted by 6013 containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 6014 items: 6015 description: Volume represents a named volume in a 6016 pod that may be accessed by any container in the 6017 pod. 6018 properties: 6019 awsElasticBlockStore: 6020 description: 'awsElasticBlockStore represents 6021 an AWS Disk resource that is attached to a kubelet''s 6022 host machine and then exposed to the pod. More 6023 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6024 properties: 6025 fsType: 6026 description: 'fsType is the filesystem type 6027 of the volume that you want to mount. Tip: 6028 Ensure that the filesystem type is supported 6029 by the host operating system. Examples: 6030 "ext4", "xfs", "ntfs". Implicitly inferred 6031 to be "ext4" if unspecified. More info: 6032 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6033 TODO: how do we prevent errors in the filesystem 6034 from compromising the machine' 6035 type: string 6036 partition: 6037 description: 'partition is the partition in 6038 the volume that you want to mount. If omitted, 6039 the default is to mount by volume name. 6040 Examples: For volume /dev/sda1, you specify 6041 the partition as "1". Similarly, the volume 6042 partition for /dev/sda is "0" (or you can 6043 leave the property empty).' 6044 format: int32 6045 type: integer 6046 readOnly: 6047 description: 'readOnly value true will force 6048 the readOnly setting in VolumeMounts. More 6049 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6050 type: boolean 6051 volumeID: 6052 description: 'volumeID is unique ID of the 6053 persistent disk resource in AWS (Amazon 6054 EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6055 type: string 6056 required: 6057 - volumeID 6058 type: object 6059 azureDisk: 6060 description: azureDisk represents an Azure Data 6061 Disk mount on the host and bind mount to the 6062 pod. 6063 properties: 6064 cachingMode: 6065 description: 'cachingMode is the Host Caching 6066 mode: None, Read Only, Read Write.' 6067 type: string 6068 diskName: 6069 description: diskName is the Name of the data 6070 disk in the blob storage 6071 type: string 6072 diskURI: 6073 description: diskURI is the URI of data disk 6074 in the blob storage 6075 type: string 6076 fsType: 6077 description: fsType is Filesystem type to 6078 mount. Must be a filesystem type supported 6079 by the host operating system. Ex. "ext4", 6080 "xfs", "ntfs". Implicitly inferred to be 6081 "ext4" if unspecified. 6082 type: string 6083 kind: 6084 description: 'kind expected values are Shared: 6085 multiple blob disks per storage account Dedicated: 6086 single blob disk per storage account Managed: 6087 azure managed data disk (only in managed 6088 availability set). defaults to shared' 6089 type: string 6090 readOnly: 6091 description: readOnly Defaults to false (read/write). 6092 ReadOnly here will force the ReadOnly setting 6093 in VolumeMounts. 6094 type: boolean 6095 required: 6096 - diskName 6097 - diskURI 6098 type: object 6099 azureFile: 6100 description: azureFile represents an Azure File 6101 Service mount on the host and bind mount to 6102 the pod. 6103 properties: 6104 readOnly: 6105 description: readOnly defaults to false (read/write). 6106 ReadOnly here will force the ReadOnly setting 6107 in VolumeMounts. 6108 type: boolean 6109 secretName: 6110 description: secretName is the name of secret 6111 that contains Azure Storage Account Name 6112 and Key 6113 type: string 6114 shareName: 6115 description: shareName is the azure share 6116 Name 6117 type: string 6118 required: 6119 - secretName 6120 - shareName 6121 type: object 6122 cephfs: 6123 description: cephFS represents a Ceph FS mount 6124 on the host that shares a pod's lifetime 6125 properties: 6126 monitors: 6127 description: 'monitors is Required: Monitors 6128 is a collection of Ceph monitors More info: 6129 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6130 items: 6131 type: string 6132 type: array 6133 path: 6134 description: 'path is Optional: Used as the 6135 mounted root, rather than the full Ceph 6136 tree, default is /' 6137 type: string 6138 readOnly: 6139 description: 'readOnly is Optional: Defaults 6140 to false (read/write). ReadOnly here will 6141 force the ReadOnly setting in VolumeMounts. 6142 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6143 type: boolean 6144 secretFile: 6145 description: 'secretFile is Optional: SecretFile 6146 is the path to key ring for User, default 6147 is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6148 type: string 6149 secretRef: 6150 description: 'secretRef is Optional: SecretRef 6151 is reference to the authentication secret 6152 for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6153 properties: 6154 name: 6155 description: 'Name of the referent. More 6156 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6157 TODO: Add other useful fields. apiVersion, 6158 kind, uid?' 6159 type: string 6160 type: object 6161 x-kubernetes-map-type: atomic 6162 user: 6163 description: 'user is optional: User is the 6164 rados user name, default is admin More info: 6165 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6166 type: string 6167 required: 6168 - monitors 6169 type: object 6170 cinder: 6171 description: 'cinder represents a cinder volume 6172 attached and mounted on kubelets host machine. 6173 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6174 properties: 6175 fsType: 6176 description: 'fsType is the filesystem type 6177 to mount. Must be a filesystem type supported 6178 by the host operating system. Examples: 6179 "ext4", "xfs", "ntfs". Implicitly inferred 6180 to be "ext4" if unspecified. More info: 6181 https://examples.k8s.io/mysql-cinder-pd/README.md' 6182 type: string 6183 readOnly: 6184 description: 'readOnly defaults to false (read/write). 6185 ReadOnly here will force the ReadOnly setting 6186 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6187 type: boolean 6188 secretRef: 6189 description: 'secretRef is optional: points 6190 to a secret object containing parameters 6191 used to connect to OpenStack.' 6192 properties: 6193 name: 6194 description: 'Name of the referent. More 6195 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6196 TODO: Add other useful fields. apiVersion, 6197 kind, uid?' 6198 type: string 6199 type: object 6200 x-kubernetes-map-type: atomic 6201 volumeID: 6202 description: 'volumeID used to identify the 6203 volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6204 type: string 6205 required: 6206 - volumeID 6207 type: object 6208 configMap: 6209 description: configMap represents a configMap 6210 that should populate this volume 6211 properties: 6212 defaultMode: 6213 description: 'defaultMode is optional: mode 6214 bits used to set permissions on created 6215 files by default. Must be an octal value 6216 between 0000 and 0777 or a decimal value 6217 between 0 and 511. YAML accepts both octal 6218 and decimal values, JSON requires decimal 6219 values for mode bits. Defaults to 0644. 6220 Directories within the path are not affected 6221 by this setting.' 6222 format: int32 6223 type: integer 6224 items: 6225 description: items if unspecified, each key-value 6226 pair in the Data field of the referenced 6227 ConfigMap will be projected into the volume 6228 as a file whose name is the key and content 6229 is the value. If specified, the listed keys 6230 will be projected into the specified paths, 6231 and unlisted keys will not be present. 6232 items: 6233 description: Maps a string key to a path 6234 within a volume. 6235 properties: 6236 key: 6237 description: key is the key to project. 6238 type: string 6239 mode: 6240 description: 'mode is Optional: mode 6241 bits used to set permissions on this 6242 file. Must be an octal value between 6243 0000 and 0777 or a decimal value between 6244 0 and 511. YAML accepts both octal 6245 and decimal values, JSON requires 6246 decimal values for mode bits. If not 6247 specified, the volume defaultMode 6248 will be used.' 6249 format: int32 6250 type: integer 6251 path: 6252 description: path is the relative path 6253 of the file to map the key to. May 6254 not be an absolute path. May not contain 6255 the path element '..'. May not start 6256 with the string '..'. 6257 type: string 6258 required: 6259 - key 6260 - path 6261 type: object 6262 type: array 6263 name: 6264 description: 'Name of the referent. More info: 6265 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6266 TODO: Add other useful fields. apiVersion, 6267 kind, uid?' 6268 type: string 6269 optional: 6270 description: optional specify whether the 6271 ConfigMap or its keys must be defined 6272 type: boolean 6273 type: object 6274 x-kubernetes-map-type: atomic 6275 csi: 6276 description: csi (Container Storage Interface) 6277 represents ephemeral storage that is handled 6278 by certain external CSI drivers (Beta feature). 6279 properties: 6280 driver: 6281 description: driver is the name of the CSI 6282 driver that handles this volume. Consult 6283 with your admin for the correct name as 6284 registered in the cluster. 6285 type: string 6286 fsType: 6287 description: fsType to mount. Ex. "ext4", 6288 "xfs", "ntfs". If not provided, the empty 6289 value is passed to the associated CSI driver 6290 which will determine the default filesystem 6291 to apply. 6292 type: string 6293 nodePublishSecretRef: 6294 description: nodePublishSecretRef is a reference 6295 to the secret object containing sensitive 6296 information to pass to the CSI driver to 6297 complete the CSI NodePublishVolume and NodeUnpublishVolume 6298 calls. This field is optional, and may 6299 be empty if no secret is required. If the 6300 secret object contains more than one secret, 6301 all secret references are passed. 6302 properties: 6303 name: 6304 description: 'Name of the referent. More 6305 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6306 TODO: Add other useful fields. apiVersion, 6307 kind, uid?' 6308 type: string 6309 type: object 6310 x-kubernetes-map-type: atomic 6311 readOnly: 6312 description: readOnly specifies a read-only 6313 configuration for the volume. Defaults to 6314 false (read/write). 6315 type: boolean 6316 volumeAttributes: 6317 additionalProperties: 6318 type: string 6319 description: volumeAttributes stores driver-specific 6320 properties that are passed to the CSI driver. 6321 Consult your driver's documentation for 6322 supported values. 6323 type: object 6324 required: 6325 - driver 6326 type: object 6327 downwardAPI: 6328 description: downwardAPI represents downward API 6329 about the pod that should populate this volume 6330 properties: 6331 defaultMode: 6332 description: 'Optional: mode bits to use on 6333 created files by default. Must be a Optional: 6334 mode bits used to set permissions on created 6335 files by default. Must be an octal value 6336 between 0000 and 0777 or a decimal value 6337 between 0 and 511. YAML accepts both octal 6338 and decimal values, JSON requires decimal 6339 values for mode bits. Defaults to 0644. 6340 Directories within the path are not affected 6341 by this setting.' 6342 format: int32 6343 type: integer 6344 items: 6345 description: Items is a list of downward API 6346 volume file 6347 items: 6348 description: DownwardAPIVolumeFile represents 6349 information to create the file containing 6350 the pod field 6351 properties: 6352 fieldRef: 6353 description: 'Required: Selects a field 6354 of the pod: only annotations, labels, 6355 name and namespace are supported.' 6356 properties: 6357 apiVersion: 6358 description: Version of the schema 6359 the FieldPath is written in terms 6360 of, defaults to "v1". 6361 type: string 6362 fieldPath: 6363 description: Path of the field to 6364 select in the specified API version. 6365 type: string 6366 required: 6367 - fieldPath 6368 type: object 6369 x-kubernetes-map-type: atomic 6370 mode: 6371 description: 'Optional: mode bits used 6372 to set permissions on this file, must 6373 be an octal value between 0000 and 6374 0777 or a decimal value between 0 6375 and 511. YAML accepts both octal and 6376 decimal values, JSON requires decimal 6377 values for mode bits. If not specified, 6378 the volume defaultMode will be used.' 6379 format: int32 6380 type: integer 6381 path: 6382 description: 'Required: Path is the 6383 relative path name of the file to 6384 be created. Must not be absolute or 6385 contain the ''..'' path. Must be utf-8 6386 encoded. The first item of the relative 6387 path must not start with ''..''' 6388 type: string 6389 resourceFieldRef: 6390 description: 'Selects a resource of 6391 the container: only resources limits 6392 and requests (limits.cpu, limits.memory, 6393 requests.cpu and requests.memory) 6394 are currently supported.' 6395 properties: 6396 containerName: 6397 description: 'Container name: required 6398 for volumes, optional for env 6399 vars' 6400 type: string 6401 divisor: 6402 anyOf: 6403 - type: integer 6404 - type: string 6405 description: Specifies the output 6406 format of the exposed resources, 6407 defaults to "1" 6408 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6409 x-kubernetes-int-or-string: true 6410 resource: 6411 description: 'Required: resource 6412 to select' 6413 type: string 6414 required: 6415 - resource 6416 type: object 6417 x-kubernetes-map-type: atomic 6418 required: 6419 - path 6420 type: object 6421 type: array 6422 type: object 6423 emptyDir: 6424 description: 'emptyDir represents a temporary 6425 directory that shares a pod''s lifetime. More 6426 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6427 properties: 6428 medium: 6429 description: 'medium represents what type 6430 of storage medium should back this directory. 6431 The default is "" which means to use the 6432 node''s default medium. Must be an empty 6433 string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6434 type: string 6435 sizeLimit: 6436 anyOf: 6437 - type: integer 6438 - type: string 6439 description: 'sizeLimit is the total amount 6440 of local storage required for this EmptyDir 6441 volume. The size limit is also applicable 6442 for memory medium. The maximum usage on 6443 memory medium EmptyDir would be the minimum 6444 value between the SizeLimit specified here 6445 and the sum of memory limits of all containers 6446 in a pod. The default is nil which means 6447 that the limit is undefined. More info: 6448 https://kubernetes.' 6449 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6450 x-kubernetes-int-or-string: true 6451 type: object 6452 ephemeral: 6453 description: ephemeral represents a volume that 6454 is handled by a cluster storage driver. The 6455 volume's lifecycle is tied to the pod that defines 6456 it - it will be created before the pod starts, 6457 and deleted when the pod is removed. 6458 properties: 6459 volumeClaimTemplate: 6460 description: Will be used to create a stand-alone 6461 PVC to provision the volume. The pod in 6462 which this EphemeralVolumeSource is embedded 6463 will be the owner of the PVC, i.e. the PVC 6464 will be deleted together with the pod. The 6465 name of the PVC will be `<pod name>-<volume 6466 name>` where `<volume name>` is the name 6467 from the `PodSpec.Volumes` array entry. 6468 properties: 6469 metadata: 6470 description: May contain labels and annotations 6471 that will be copied into the PVC when 6472 creating it. No other fields are allowed 6473 and will be rejected during validation. 6474 properties: 6475 annotations: 6476 additionalProperties: 6477 type: string 6478 type: object 6479 finalizers: 6480 items: 6481 type: string 6482 type: array 6483 labels: 6484 additionalProperties: 6485 type: string 6486 type: object 6487 name: 6488 type: string 6489 namespace: 6490 type: string 6491 type: object 6492 spec: 6493 description: The specification for the 6494 PersistentVolumeClaim. The entire content 6495 is copied unchanged into the PVC that 6496 gets created from this template. The 6497 same fields as in a PersistentVolumeClaim 6498 are also valid here. 6499 properties: 6500 accessModes: 6501 description: 'accessModes contains 6502 the desired access modes the volume 6503 should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 6504 items: 6505 type: string 6506 type: array 6507 dataSource: 6508 description: 'dataSource field can 6509 be used to specify either: * An 6510 existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 6511 * An existing PVC (PersistentVolumeClaim) 6512 If the provisioner or an external 6513 controller can support the specified 6514 data source, it will create a new 6515 volume based on the contents of 6516 the specified data source.' 6517 properties: 6518 apiGroup: 6519 description: APIGroup is the group 6520 for the resource being referenced. 6521 If APIGroup is not specified, 6522 the specified Kind must be in 6523 the core API group. For any 6524 other third-party types, APIGroup 6525 is required. 6526 type: string 6527 kind: 6528 description: Kind is the type 6529 of resource being referenced 6530 type: string 6531 name: 6532 description: Name is the name 6533 of resource being referenced 6534 type: string 6535 required: 6536 - kind 6537 - name 6538 type: object 6539 x-kubernetes-map-type: atomic 6540 dataSourceRef: 6541 description: dataSourceRef specifies 6542 the object from which to populate 6543 the volume with data, if a non-empty 6544 volume is desired. This may be any 6545 object from a non-empty API group 6546 (non core object) or a PersistentVolumeClaim 6547 object. When this field is specified, 6548 volume binding will only succeed 6549 if the type of the specified object 6550 matches some installed volume populator 6551 or dynamic provisioner. 6552 properties: 6553 apiGroup: 6554 description: APIGroup is the group 6555 for the resource being referenced. 6556 If APIGroup is not specified, 6557 the specified Kind must be in 6558 the core API group. For any 6559 other third-party types, APIGroup 6560 is required. 6561 type: string 6562 kind: 6563 description: Kind is the type 6564 of resource being referenced 6565 type: string 6566 name: 6567 description: Name is the name 6568 of resource being referenced 6569 type: string 6570 namespace: 6571 description: Namespace is the 6572 namespace of resource being 6573 referenced Note that when a 6574 namespace is specified, a gateway.networking.k8s.io/ReferenceGrant 6575 object is required in the referent 6576 namespace to allow that namespace's 6577 owner to accept the reference. 6578 See the ReferenceGrant documentation 6579 for details. (Alpha) This field 6580 requires the CrossNamespaceVolumeDataSource 6581 feature gate to be enabled. 6582 type: string 6583 required: 6584 - kind 6585 - name 6586 type: object 6587 resources: 6588 description: 'resources represents 6589 the minimum resources the volume 6590 should have. If RecoverVolumeExpansionFailure 6591 feature is enabled users are allowed 6592 to specify resource requirements 6593 that are lower than previous value 6594 but must still be higher than capacity 6595 recorded in the status field of 6596 the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 6597 properties: 6598 claims: 6599 description: "Claims lists the 6600 names of resources, defined 6601 in spec.resourceClaims, that 6602 are used by this container. 6603 \n This is an alpha field and 6604 requires enabling the DynamicResourceAllocation 6605 feature gate. \n This field 6606 is immutable. It can only be 6607 set for containers." 6608 items: 6609 description: ResourceClaim references 6610 one entry in PodSpec.ResourceClaims. 6611 properties: 6612 name: 6613 description: Name must match 6614 the name of one entry 6615 in pod.spec.resourceClaims 6616 of the Pod where this 6617 field is used. It makes 6618 that resource available 6619 inside a container. 6620 type: string 6621 required: 6622 - name 6623 type: object 6624 type: array 6625 x-kubernetes-list-map-keys: 6626 - name 6627 x-kubernetes-list-type: map 6628 limits: 6629 additionalProperties: 6630 anyOf: 6631 - type: integer 6632 - type: string 6633 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6634 x-kubernetes-int-or-string: true 6635 description: 'Limits describes 6636 the maximum amount of compute 6637 resources allowed. More info: 6638 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6639 type: object 6640 requests: 6641 additionalProperties: 6642 anyOf: 6643 - type: integer 6644 - type: string 6645 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6646 x-kubernetes-int-or-string: true 6647 description: 'Requests describes 6648 the minimum amount of compute 6649 resources required. If Requests 6650 is omitted for a container, 6651 it defaults to Limits if that 6652 is explicitly specified, otherwise 6653 to an implementation-defined 6654 value. Requests cannot exceed 6655 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6656 type: object 6657 type: object 6658 selector: 6659 description: selector is a label query 6660 over volumes to consider for binding. 6661 properties: 6662 matchExpressions: 6663 description: matchExpressions 6664 is a list of label selector 6665 requirements. The requirements 6666 are ANDed. 6667 items: 6668 description: A label selector 6669 requirement is a selector 6670 that contains values, a key, 6671 and an operator that relates 6672 the key and values. 6673 properties: 6674 key: 6675 description: key is the 6676 label key that the selector 6677 applies to. 6678 type: string 6679 operator: 6680 description: operator represents 6681 a key's relationship to 6682 a set of values. Valid 6683 operators are In, NotIn, 6684 Exists and DoesNotExist. 6685 type: string 6686 values: 6687 description: values is an 6688 array of string values. 6689 If the operator is In 6690 or NotIn, the values array 6691 must be non-empty. If 6692 the operator is Exists 6693 or DoesNotExist, the values 6694 array must be empty. This 6695 array is replaced during 6696 a strategic merge patch. 6697 items: 6698 type: string 6699 type: array 6700 required: 6701 - key 6702 - operator 6703 type: object 6704 type: array 6705 matchLabels: 6706 additionalProperties: 6707 type: string 6708 description: matchLabels is a 6709 map of {key,value} pairs. A 6710 single {key,value} in the matchLabels 6711 map is equivalent to an element 6712 of matchExpressions, whose key 6713 field is "key", the operator 6714 is "In", and the values array 6715 contains only "value". The requirements 6716 are ANDed. 6717 type: object 6718 type: object 6719 x-kubernetes-map-type: atomic 6720 storageClassName: 6721 description: 'storageClassName is 6722 the name of the StorageClass required 6723 by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 6724 type: string 6725 volumeMode: 6726 description: volumeMode defines what 6727 type of volume is required by the 6728 claim. Value of Filesystem is implied 6729 when not included in claim spec. 6730 type: string 6731 volumeName: 6732 description: volumeName is the binding 6733 reference to the PersistentVolume 6734 backing this claim. 6735 type: string 6736 type: object 6737 required: 6738 - spec 6739 type: object 6740 type: object 6741 fc: 6742 description: fc represents a Fibre Channel resource 6743 that is attached to a kubelet's host machine 6744 and then exposed to the pod. 6745 properties: 6746 fsType: 6747 description: 'fsType is the filesystem type 6748 to mount. Must be a filesystem type supported 6749 by the host operating system. Ex. "ext4", 6750 "xfs", "ntfs". Implicitly inferred to be 6751 "ext4" if unspecified. TODO: how do we prevent 6752 errors in the filesystem from compromising 6753 the machine' 6754 type: string 6755 lun: 6756 description: 'lun is Optional: FC target lun 6757 number' 6758 format: int32 6759 type: integer 6760 readOnly: 6761 description: 'readOnly is Optional: Defaults 6762 to false (read/write). ReadOnly here will 6763 force the ReadOnly setting in VolumeMounts.' 6764 type: boolean 6765 targetWWNs: 6766 description: 'targetWWNs is Optional: FC target 6767 worldwide names (WWNs)' 6768 items: 6769 type: string 6770 type: array 6771 wwids: 6772 description: 'wwids Optional: FC volume world 6773 wide identifiers (wwids) Either wwids or 6774 combination of targetWWNs and lun must be 6775 set, but not both simultaneously.' 6776 items: 6777 type: string 6778 type: array 6779 type: object 6780 flexVolume: 6781 description: flexVolume represents a generic volume 6782 resource that is provisioned/attached using 6783 an exec based plugin. 6784 properties: 6785 driver: 6786 description: driver is the name of the driver 6787 to use for this volume. 6788 type: string 6789 fsType: 6790 description: fsType is the filesystem type 6791 to mount. Must be a filesystem type supported 6792 by the host operating system. Ex. "ext4", 6793 "xfs", "ntfs". The default filesystem depends 6794 on FlexVolume script. 6795 type: string 6796 options: 6797 additionalProperties: 6798 type: string 6799 description: 'options is Optional: this field 6800 holds extra command options if any.' 6801 type: object 6802 readOnly: 6803 description: 'readOnly is Optional: defaults 6804 to false (read/write). ReadOnly here will 6805 force the ReadOnly setting in VolumeMounts.' 6806 type: boolean 6807 secretRef: 6808 description: 'secretRef is Optional: secretRef 6809 is reference to the secret object containing 6810 sensitive information to pass to the plugin 6811 scripts. This may be empty if no secret 6812 object is specified. If the secret object 6813 contains more than one secret, all secrets 6814 are passed to the plugin scripts.' 6815 properties: 6816 name: 6817 description: 'Name of the referent. More 6818 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6819 TODO: Add other useful fields. apiVersion, 6820 kind, uid?' 6821 type: string 6822 type: object 6823 x-kubernetes-map-type: atomic 6824 required: 6825 - driver 6826 type: object 6827 flocker: 6828 description: flocker represents a Flocker volume 6829 attached to a kubelet's host machine. This depends 6830 on the Flocker control service being running 6831 properties: 6832 datasetName: 6833 description: datasetName is Name of the dataset 6834 stored as metadata -> name on the dataset 6835 for Flocker should be considered as deprecated 6836 type: string 6837 datasetUUID: 6838 description: datasetUUID is the UUID of the 6839 dataset. This is unique identifier of a 6840 Flocker dataset 6841 type: string 6842 type: object 6843 gcePersistentDisk: 6844 description: 'gcePersistentDisk represents a GCE 6845 Disk resource that is attached to a kubelet''s 6846 host machine and then exposed to the pod. More 6847 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6848 properties: 6849 fsType: 6850 description: 'fsType is filesystem type of 6851 the volume that you want to mount. Tip: 6852 Ensure that the filesystem type is supported 6853 by the host operating system. Examples: 6854 "ext4", "xfs", "ntfs". Implicitly inferred 6855 to be "ext4" if unspecified. More info: 6856 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6857 TODO: how do we prevent errors in the filesystem 6858 from compromising the machine' 6859 type: string 6860 partition: 6861 description: 'partition is the partition in 6862 the volume that you want to mount. If omitted, 6863 the default is to mount by volume name. 6864 Examples: For volume /dev/sda1, you specify 6865 the partition as "1". Similarly, the volume 6866 partition for /dev/sda is "0" (or you can 6867 leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6868 format: int32 6869 type: integer 6870 pdName: 6871 description: 'pdName is unique name of the 6872 PD resource in GCE. Used to identify the 6873 disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6874 type: string 6875 readOnly: 6876 description: 'readOnly here will force the 6877 ReadOnly setting in VolumeMounts. Defaults 6878 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6879 type: boolean 6880 required: 6881 - pdName 6882 type: object 6883 gitRepo: 6884 description: 'gitRepo represents a git repository 6885 at a particular revision. DEPRECATED: GitRepo 6886 is deprecated. To provision a container with 6887 a git repo, mount an EmptyDir into an InitContainer 6888 that clones the repo using git, then mount the 6889 EmptyDir into the Pod''s container.' 6890 properties: 6891 directory: 6892 description: directory is the target directory 6893 name. Must not contain or start with '..'. If 6894 '.' is supplied, the volume directory will 6895 be the git repository. Otherwise, if specified, 6896 the volume will contain the git repository 6897 in the subdirectory with the given name. 6898 type: string 6899 repository: 6900 description: repository is the URL 6901 type: string 6902 revision: 6903 description: revision is the commit hash for 6904 the specified revision. 6905 type: string 6906 required: 6907 - repository 6908 type: object 6909 glusterfs: 6910 description: 'glusterfs represents a Glusterfs 6911 mount on the host that shares a pod''s lifetime. 6912 More info: https://examples.k8s.io/volumes/glusterfs/README.md' 6913 properties: 6914 endpoints: 6915 description: 'endpoints is the endpoint name 6916 that details Glusterfs topology. More info: 6917 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6918 type: string 6919 path: 6920 description: 'path is the Glusterfs volume 6921 path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6922 type: string 6923 readOnly: 6924 description: 'readOnly here will force the 6925 Glusterfs volume to be mounted with read-only 6926 permissions. Defaults to false. More info: 6927 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6928 type: boolean 6929 required: 6930 - endpoints 6931 - path 6932 type: object 6933 hostPath: 6934 description: 'hostPath represents a pre-existing 6935 file or directory on the host machine that is 6936 directly exposed to the container. This is generally 6937 used for system agents or other privileged things 6938 that are allowed to see the host machine. Most 6939 containers will NOT need this. More info: https://kubernetes.' 6940 properties: 6941 path: 6942 description: 'path of the directory on the 6943 host. If the path is a symlink, it will 6944 follow the link to the real path. More info: 6945 https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 6946 type: string 6947 type: 6948 description: 'type for HostPath Volume Defaults 6949 to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 6950 type: string 6951 required: 6952 - path 6953 type: object 6954 iscsi: 6955 description: 'iscsi represents an ISCSI Disk resource 6956 that is attached to a kubelet''s host machine 6957 and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 6958 properties: 6959 chapAuthDiscovery: 6960 description: chapAuthDiscovery defines whether 6961 support iSCSI Discovery CHAP authentication 6962 type: boolean 6963 chapAuthSession: 6964 description: chapAuthSession defines whether 6965 support iSCSI Session CHAP authentication 6966 type: boolean 6967 fsType: 6968 description: 'fsType is the filesystem type 6969 of the volume that you want to mount. Tip: 6970 Ensure that the filesystem type is supported 6971 by the host operating system. Examples: 6972 "ext4", "xfs", "ntfs". Implicitly inferred 6973 to be "ext4" if unspecified. More info: 6974 https://kubernetes.io/docs/concepts/storage/volumes#iscsi 6975 TODO: how do we prevent errors in the filesystem 6976 from compromising the machine' 6977 type: string 6978 initiatorName: 6979 description: initiatorName is the custom iSCSI 6980 Initiator Name. If initiatorName is specified 6981 with iscsiInterface simultaneously, new 6982 iSCSI interface <target portal>:<volume 6983 name> will be created for the connection. 6984 type: string 6985 iqn: 6986 description: iqn is the target iSCSI Qualified 6987 Name. 6988 type: string 6989 iscsiInterface: 6990 description: iscsiInterface is the interface 6991 Name that uses an iSCSI transport. Defaults 6992 to 'default' (tcp). 6993 type: string 6994 lun: 6995 description: lun represents iSCSI Target Lun 6996 number. 6997 format: int32 6998 type: integer 6999 portals: 7000 description: portals is the iSCSI Target Portal 7001 List. The portal is either an IP or ip_addr:port 7002 if the port is other than default (typically 7003 TCP ports 860 and 3260). 7004 items: 7005 type: string 7006 type: array 7007 readOnly: 7008 description: readOnly here will force the 7009 ReadOnly setting in VolumeMounts. Defaults 7010 to false. 7011 type: boolean 7012 secretRef: 7013 description: secretRef is the CHAP Secret 7014 for iSCSI target and initiator authentication 7015 properties: 7016 name: 7017 description: 'Name of the referent. More 7018 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7019 TODO: Add other useful fields. apiVersion, 7020 kind, uid?' 7021 type: string 7022 type: object 7023 x-kubernetes-map-type: atomic 7024 targetPortal: 7025 description: targetPortal is iSCSI Target 7026 Portal. The Portal is either an IP or ip_addr:port 7027 if the port is other than default (typically 7028 TCP ports 860 and 3260). 7029 type: string 7030 required: 7031 - iqn 7032 - lun 7033 - targetPortal 7034 type: object 7035 name: 7036 description: 'name of the volume. Must be a DNS_LABEL 7037 and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 7038 type: string 7039 nfs: 7040 description: 'nfs represents an NFS mount on the 7041 host that shares a pod''s lifetime More info: 7042 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7043 properties: 7044 path: 7045 description: 'path that is exported by the 7046 NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7047 type: string 7048 readOnly: 7049 description: 'readOnly here will force the 7050 NFS export to be mounted with read-only 7051 permissions. Defaults to false. More info: 7052 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7053 type: boolean 7054 server: 7055 description: 'server is the hostname or IP 7056 address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7057 type: string 7058 required: 7059 - path 7060 - server 7061 type: object 7062 persistentVolumeClaim: 7063 description: 'persistentVolumeClaimVolumeSource 7064 represents a reference to a PersistentVolumeClaim 7065 in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7066 properties: 7067 claimName: 7068 description: 'claimName is the name of a PersistentVolumeClaim 7069 in the same namespace as the pod using this 7070 volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7071 type: string 7072 readOnly: 7073 description: readOnly Will force the ReadOnly 7074 setting in VolumeMounts. Default false. 7075 type: boolean 7076 required: 7077 - claimName 7078 type: object 7079 photonPersistentDisk: 7080 description: photonPersistentDisk represents a 7081 PhotonController persistent disk attached and 7082 mounted on kubelets host machine 7083 properties: 7084 fsType: 7085 description: fsType is the filesystem type 7086 to mount. Must be a filesystem type supported 7087 by the host operating system. Ex. "ext4", 7088 "xfs", "ntfs". Implicitly inferred to be 7089 "ext4" if unspecified. 7090 type: string 7091 pdID: 7092 description: pdID is the ID that identifies 7093 Photon Controller persistent disk 7094 type: string 7095 required: 7096 - pdID 7097 type: object 7098 portworxVolume: 7099 description: portworxVolume represents a portworx 7100 volume attached and mounted on kubelets host 7101 machine 7102 properties: 7103 fsType: 7104 description: fSType represents the filesystem 7105 type to mount Must be a filesystem type 7106 supported by the host operating system. 7107 Ex. "ext4", "xfs". Implicitly inferred to 7108 be "ext4" if unspecified. 7109 type: string 7110 readOnly: 7111 description: readOnly defaults to false (read/write). 7112 ReadOnly here will force the ReadOnly setting 7113 in VolumeMounts. 7114 type: boolean 7115 volumeID: 7116 description: volumeID uniquely identifies 7117 a Portworx volume 7118 type: string 7119 required: 7120 - volumeID 7121 type: object 7122 projected: 7123 description: projected items for all in one resources 7124 secrets, configmaps, and downward API 7125 properties: 7126 defaultMode: 7127 description: defaultMode are the mode bits 7128 used to set permissions on created files 7129 by default. Must be an octal value between 7130 0000 and 0777 or a decimal value between 7131 0 and 511. YAML accepts both octal and decimal 7132 values, JSON requires decimal values for 7133 mode bits. Directories within the path are 7134 not affected by this setting. 7135 format: int32 7136 type: integer 7137 sources: 7138 description: sources is the list of volume 7139 projections 7140 items: 7141 description: Projection that may be projected 7142 along with other supported volume types 7143 properties: 7144 configMap: 7145 description: configMap information about 7146 the configMap data to project 7147 properties: 7148 items: 7149 description: items if unspecified, 7150 each key-value pair in the Data 7151 field of the referenced ConfigMap 7152 will be projected into the volume 7153 as a file whose name is the key 7154 and content is the value. If specified, 7155 the listed keys will be projected 7156 into the specified paths, and 7157 unlisted keys will not be present. 7158 items: 7159 description: Maps a string key 7160 to a path within a volume. 7161 properties: 7162 key: 7163 description: key is the key 7164 to project. 7165 type: string 7166 mode: 7167 description: 'mode is Optional: 7168 mode bits used to set permissions 7169 on this file. Must be an 7170 octal value between 0000 7171 and 0777 or a decimal value 7172 between 0 and 511. YAML 7173 accepts both octal and decimal 7174 values, JSON requires decimal 7175 values for mode bits. If 7176 not specified, the volume 7177 defaultMode will be used.' 7178 format: int32 7179 type: integer 7180 path: 7181 description: path is the relative 7182 path of the file to map 7183 the key to. May not be an 7184 absolute path. May not contain 7185 the path element '..'. May 7186 not start with the string 7187 '..'. 7188 type: string 7189 required: 7190 - key 7191 - path 7192 type: object 7193 type: array 7194 name: 7195 description: 'Name of the referent. 7196 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7197 TODO: Add other useful fields. 7198 apiVersion, kind, uid?' 7199 type: string 7200 optional: 7201 description: optional specify whether 7202 the ConfigMap or its keys must 7203 be defined 7204 type: boolean 7205 type: object 7206 x-kubernetes-map-type: atomic 7207 downwardAPI: 7208 description: downwardAPI information 7209 about the downwardAPI data to project 7210 properties: 7211 items: 7212 description: Items is a list of 7213 DownwardAPIVolume file 7214 items: 7215 description: DownwardAPIVolumeFile 7216 represents information to create 7217 the file containing the pod 7218 field 7219 properties: 7220 fieldRef: 7221 description: 'Required: Selects 7222 a field of the pod: only 7223 annotations, labels, name 7224 and namespace are supported.' 7225 properties: 7226 apiVersion: 7227 description: Version of 7228 the schema the FieldPath 7229 is written in terms 7230 of, defaults to "v1". 7231 type: string 7232 fieldPath: 7233 description: Path of the 7234 field to select in the 7235 specified API version. 7236 type: string 7237 required: 7238 - fieldPath 7239 type: object 7240 x-kubernetes-map-type: atomic 7241 mode: 7242 description: 'Optional: mode 7243 bits used to set permissions 7244 on this file, must be an 7245 octal value between 0000 7246 and 0777 or a decimal value 7247 between 0 and 511. YAML 7248 accepts both octal and decimal 7249 values, JSON requires decimal 7250 values for mode bits. If 7251 not specified, the volume 7252 defaultMode will be used.' 7253 format: int32 7254 type: integer 7255 path: 7256 description: 'Required: Path 7257 is the relative path name 7258 of the file to be created. 7259 Must not be absolute or 7260 contain the ''..'' path. 7261 Must be utf-8 encoded. The 7262 first item of the relative 7263 path must not start with 7264 ''..''' 7265 type: string 7266 resourceFieldRef: 7267 description: 'Selects a resource 7268 of the container: only resources 7269 limits and requests (limits.cpu, 7270 limits.memory, requests.cpu 7271 and requests.memory) are 7272 currently supported.' 7273 properties: 7274 containerName: 7275 description: 'Container 7276 name: required for volumes, 7277 optional for env vars' 7278 type: string 7279 divisor: 7280 anyOf: 7281 - type: integer 7282 - type: string 7283 description: Specifies 7284 the output format of 7285 the exposed resources, 7286 defaults to "1" 7287 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7288 x-kubernetes-int-or-string: true 7289 resource: 7290 description: 'Required: 7291 resource to select' 7292 type: string 7293 required: 7294 - resource 7295 type: object 7296 x-kubernetes-map-type: atomic 7297 required: 7298 - path 7299 type: object 7300 type: array 7301 type: object 7302 secret: 7303 description: secret information about 7304 the secret data to project 7305 properties: 7306 items: 7307 description: items if unspecified, 7308 each key-value pair in the Data 7309 field of the referenced Secret 7310 will be projected into the volume 7311 as a file whose name is the key 7312 and content is the value. If specified, 7313 the listed keys will be projected 7314 into the specified paths, and 7315 unlisted keys will not be present. 7316 items: 7317 description: Maps a string key 7318 to a path within a volume. 7319 properties: 7320 key: 7321 description: key is the key 7322 to project. 7323 type: string 7324 mode: 7325 description: 'mode is Optional: 7326 mode bits used to set permissions 7327 on this file. Must be an 7328 octal value between 0000 7329 and 0777 or a decimal value 7330 between 0 and 511. YAML 7331 accepts both octal and decimal 7332 values, JSON requires decimal 7333 values for mode bits. If 7334 not specified, the volume 7335 defaultMode will be used.' 7336 format: int32 7337 type: integer 7338 path: 7339 description: path is the relative 7340 path of the file to map 7341 the key to. May not be an 7342 absolute path. May not contain 7343 the path element '..'. May 7344 not start with the string 7345 '..'. 7346 type: string 7347 required: 7348 - key 7349 - path 7350 type: object 7351 type: array 7352 name: 7353 description: 'Name of the referent. 7354 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7355 TODO: Add other useful fields. 7356 apiVersion, kind, uid?' 7357 type: string 7358 optional: 7359 description: optional field specify 7360 whether the Secret or its key 7361 must be defined 7362 type: boolean 7363 type: object 7364 x-kubernetes-map-type: atomic 7365 serviceAccountToken: 7366 description: serviceAccountToken is 7367 information about the serviceAccountToken 7368 data to project 7369 properties: 7370 audience: 7371 description: audience is the intended 7372 audience of the token. A recipient 7373 of a token must identify itself 7374 with an identifier specified in 7375 the audience of the token, and 7376 otherwise should reject the token. 7377 The audience defaults to the identifier 7378 of the apiserver. 7379 type: string 7380 expirationSeconds: 7381 description: expirationSeconds is 7382 the requested duration of validity 7383 of the service account token. 7384 As the token approaches expiration, 7385 the kubelet volume plugin will 7386 proactively rotate the service 7387 account token. The kubelet will 7388 start trying to rotate the token 7389 if the token is older than 80 7390 percent of its time to live or 7391 if the token is older than 24 7392 hours.Defaults to 1 hour and must 7393 be at least 10 minutes. 7394 format: int64 7395 type: integer 7396 path: 7397 description: path is the path relative 7398 to the mount point of the file 7399 to project the token into. 7400 type: string 7401 required: 7402 - path 7403 type: object 7404 type: object 7405 type: array 7406 type: object 7407 quobyte: 7408 description: quobyte represents a Quobyte mount 7409 on the host that shares a pod's lifetime 7410 properties: 7411 group: 7412 description: group to map volume access to 7413 Default is no group 7414 type: string 7415 readOnly: 7416 description: readOnly here will force the 7417 Quobyte volume to be mounted with read-only 7418 permissions. Defaults to false. 7419 type: boolean 7420 registry: 7421 description: registry represents a single 7422 or multiple Quobyte Registry services specified 7423 as a string as host:port pair (multiple 7424 entries are separated with commas) which 7425 acts as the central registry for volumes 7426 type: string 7427 tenant: 7428 description: tenant owning the given Quobyte 7429 volume in the Backend Used with dynamically 7430 provisioned Quobyte volumes, value is set 7431 by the plugin 7432 type: string 7433 user: 7434 description: user to map volume access to 7435 Defaults to serivceaccount user 7436 type: string 7437 volume: 7438 description: volume is a string that references 7439 an already created Quobyte volume by name. 7440 type: string 7441 required: 7442 - registry 7443 - volume 7444 type: object 7445 rbd: 7446 description: 'rbd represents a Rados Block Device 7447 mount on the host that shares a pod''s lifetime. 7448 More info: https://examples.k8s.io/volumes/rbd/README.md' 7449 properties: 7450 fsType: 7451 description: 'fsType is the filesystem type 7452 of the volume that you want to mount. Tip: 7453 Ensure that the filesystem type is supported 7454 by the host operating system. Examples: 7455 "ext4", "xfs", "ntfs". Implicitly inferred 7456 to be "ext4" if unspecified. More info: 7457 https://kubernetes.io/docs/concepts/storage/volumes#rbd 7458 TODO: how do we prevent errors in the filesystem 7459 from compromising the machine' 7460 type: string 7461 image: 7462 description: 'image is the rados image name. 7463 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7464 type: string 7465 keyring: 7466 description: 'keyring is the path to key ring 7467 for RBDUser. Default is /etc/ceph/keyring. 7468 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7469 type: string 7470 monitors: 7471 description: 'monitors is a collection of 7472 Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7473 items: 7474 type: string 7475 type: array 7476 pool: 7477 description: 'pool is the rados pool name. 7478 Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7479 type: string 7480 readOnly: 7481 description: 'readOnly here will force the 7482 ReadOnly setting in VolumeMounts. Defaults 7483 to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7484 type: boolean 7485 secretRef: 7486 description: 'secretRef is name of the authentication 7487 secret for RBDUser. If provided overrides 7488 keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7489 properties: 7490 name: 7491 description: 'Name of the referent. More 7492 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7493 TODO: Add other useful fields. apiVersion, 7494 kind, uid?' 7495 type: string 7496 type: object 7497 x-kubernetes-map-type: atomic 7498 user: 7499 description: 'user is the rados user name. 7500 Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7501 type: string 7502 required: 7503 - image 7504 - monitors 7505 type: object 7506 scaleIO: 7507 description: scaleIO represents a ScaleIO persistent 7508 volume attached and mounted on Kubernetes nodes. 7509 properties: 7510 fsType: 7511 description: fsType is the filesystem type 7512 to mount. Must be a filesystem type supported 7513 by the host operating system. Ex. "ext4", 7514 "xfs", "ntfs". Default is "xfs". 7515 type: string 7516 gateway: 7517 description: gateway is the host address of 7518 the ScaleIO API Gateway. 7519 type: string 7520 protectionDomain: 7521 description: protectionDomain is the name 7522 of the ScaleIO Protection Domain for the 7523 configured storage. 7524 type: string 7525 readOnly: 7526 description: readOnly Defaults to false (read/write). 7527 ReadOnly here will force the ReadOnly setting 7528 in VolumeMounts. 7529 type: boolean 7530 secretRef: 7531 description: secretRef references to the secret 7532 for ScaleIO user and other sensitive information. 7533 If this is not provided, Login operation 7534 will fail. 7535 properties: 7536 name: 7537 description: 'Name of the referent. More 7538 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7539 TODO: Add other useful fields. apiVersion, 7540 kind, uid?' 7541 type: string 7542 type: object 7543 x-kubernetes-map-type: atomic 7544 sslEnabled: 7545 description: sslEnabled Flag enable/disable 7546 SSL communication with Gateway, default 7547 false 7548 type: boolean 7549 storageMode: 7550 description: storageMode indicates whether 7551 the storage for a volume should be ThickProvisioned 7552 or ThinProvisioned. Default is ThinProvisioned. 7553 type: string 7554 storagePool: 7555 description: storagePool is the ScaleIO Storage 7556 Pool associated with the protection domain. 7557 type: string 7558 system: 7559 description: system is the name of the storage 7560 system as configured in ScaleIO. 7561 type: string 7562 volumeName: 7563 description: volumeName is the name of a volume 7564 already created in the ScaleIO system that 7565 is associated with this volume source. 7566 type: string 7567 required: 7568 - gateway 7569 - secretRef 7570 - system 7571 type: object 7572 secret: 7573 description: 'secret represents a secret that 7574 should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 7575 properties: 7576 defaultMode: 7577 description: 'defaultMode is Optional: mode 7578 bits used to set permissions on created 7579 files by default. Must be an octal value 7580 between 0000 and 0777 or a decimal value 7581 between 0 and 511. YAML accepts both octal 7582 and decimal values, JSON requires decimal 7583 values for mode bits. Defaults to 0644. 7584 Directories within the path are not affected 7585 by this setting.' 7586 format: int32 7587 type: integer 7588 items: 7589 description: items If unspecified, each key-value 7590 pair in the Data field of the referenced 7591 Secret will be projected into the volume 7592 as a file whose name is the key and content 7593 is the value. If specified, the listed keys 7594 will be projected into the specified paths, 7595 and unlisted keys will not be present. 7596 items: 7597 description: Maps a string key to a path 7598 within a volume. 7599 properties: 7600 key: 7601 description: key is the key to project. 7602 type: string 7603 mode: 7604 description: 'mode is Optional: mode 7605 bits used to set permissions on this 7606 file. Must be an octal value between 7607 0000 and 0777 or a decimal value between 7608 0 and 511. YAML accepts both octal 7609 and decimal values, JSON requires 7610 decimal values for mode bits. If not 7611 specified, the volume defaultMode 7612 will be used.' 7613 format: int32 7614 type: integer 7615 path: 7616 description: path is the relative path 7617 of the file to map the key to. May 7618 not be an absolute path. May not contain 7619 the path element '..'. May not start 7620 with the string '..'. 7621 type: string 7622 required: 7623 - key 7624 - path 7625 type: object 7626 type: array 7627 optional: 7628 description: optional field specify whether 7629 the Secret or its keys must be defined 7630 type: boolean 7631 secretName: 7632 description: 'secretName is the name of the 7633 secret in the pod''s namespace to use. More 7634 info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 7635 type: string 7636 type: object 7637 storageos: 7638 description: storageOS represents a StorageOS 7639 volume attached and mounted on Kubernetes nodes. 7640 properties: 7641 fsType: 7642 description: fsType is the filesystem type 7643 to mount. Must be a filesystem type supported 7644 by the host operating system. Ex. "ext4", 7645 "xfs", "ntfs". Implicitly inferred to be 7646 "ext4" if unspecified. 7647 type: string 7648 readOnly: 7649 description: readOnly defaults to false (read/write). 7650 ReadOnly here will force the ReadOnly setting 7651 in VolumeMounts. 7652 type: boolean 7653 secretRef: 7654 description: secretRef specifies the secret 7655 to use for obtaining the StorageOS API credentials. If 7656 not specified, default values will be attempted. 7657 properties: 7658 name: 7659 description: 'Name of the referent. More 7660 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7661 TODO: Add other useful fields. apiVersion, 7662 kind, uid?' 7663 type: string 7664 type: object 7665 x-kubernetes-map-type: atomic 7666 volumeName: 7667 description: volumeName is the human-readable 7668 name of the StorageOS volume. Volume names 7669 are only unique within a namespace. 7670 type: string 7671 volumeNamespace: 7672 description: volumeNamespace specifies the 7673 scope of the volume within StorageOS. If 7674 no namespace is specified then the Pod's 7675 namespace will be used. This allows the 7676 Kubernetes name scoping to be mirrored within 7677 StorageOS for tighter integration. Set VolumeName 7678 to any name to override the default behaviour. 7679 Set to "default" if you are not using namespaces 7680 within StorageOS. 7681 type: string 7682 type: object 7683 vsphereVolume: 7684 description: vsphereVolume represents a vSphere 7685 volume attached and mounted on kubelets host 7686 machine 7687 properties: 7688 fsType: 7689 description: fsType is filesystem type to 7690 mount. Must be a filesystem type supported 7691 by the host operating system. Ex. "ext4", 7692 "xfs", "ntfs". Implicitly inferred to be 7693 "ext4" if unspecified. 7694 type: string 7695 storagePolicyID: 7696 description: storagePolicyID is the storage 7697 Policy Based Management (SPBM) profile ID 7698 associated with the StoragePolicyName. 7699 type: string 7700 storagePolicyName: 7701 description: storagePolicyName is the storage 7702 Policy Based Management (SPBM) profile name. 7703 type: string 7704 volumePath: 7705 description: volumePath is the path that identifies 7706 vSphere volume vmdk 7707 type: string 7708 required: 7709 - volumePath 7710 type: object 7711 required: 7712 - name 7713 type: object 7714 type: array 7715 required: 7716 - containers 7717 type: object 7718 type: object 7719 type: object 7720 description: 'A map of TFReplicaType (type) to ReplicaSpec (value). 7721 Specifies the TF cluster configuration. For example, { "PS": ReplicaSpec, 7722 "Worker": ReplicaSpec, }' 7723 type: object 7724 required: 7725 - tfReplicaSpecs 7726 type: object 7727 status: 7728 description: Most recently observed status of the TFJob. Populated by 7729 the system. Read-only. 7730 properties: 7731 completionTime: 7732 description: Represents time when the job was completed. It is not 7733 guaranteed to be set in happens-before order across separate operations. 7734 It is represented in RFC3339 form and is in UTC. 7735 format: date-time 7736 type: string 7737 conditions: 7738 description: Conditions is an array of current observed job conditions. 7739 items: 7740 description: JobCondition describes the state of the job at a certain 7741 point. 7742 properties: 7743 lastTransitionTime: 7744 description: Last time the condition transitioned from one status 7745 to another. 7746 format: date-time 7747 type: string 7748 lastUpdateTime: 7749 description: The last time this condition was updated. 7750 format: date-time 7751 type: string 7752 message: 7753 description: A human readable message indicating details about 7754 the transition. 7755 type: string 7756 reason: 7757 description: The reason for the condition's last transition. 7758 type: string 7759 status: 7760 description: Status of the condition, one of True, False, Unknown. 7761 type: string 7762 type: 7763 description: Type of job condition. 7764 type: string 7765 required: 7766 - status 7767 - type 7768 type: object 7769 type: array 7770 lastReconcileTime: 7771 description: Represents last time when the job was reconciled. It 7772 is not guaranteed to be set in happens-before order across separate 7773 operations. It is represented in RFC3339 form and is in UTC. 7774 format: date-time 7775 type: string 7776 replicaStatuses: 7777 additionalProperties: 7778 description: ReplicaStatus represents the current observed state 7779 of the replica. 7780 properties: 7781 active: 7782 description: The number of actively running pods. 7783 format: int32 7784 type: integer 7785 failed: 7786 description: The number of pods which reached phase Failed. 7787 format: int32 7788 type: integer 7789 labelSelector: 7790 description: 'Deprecated: Use Selector instead' 7791 properties: 7792 matchExpressions: 7793 description: matchExpressions is a list of label selector 7794 requirements. The requirements are ANDed. 7795 items: 7796 description: A label selector requirement is a selector 7797 that contains values, a key, and an operator that relates 7798 the key and values. 7799 properties: 7800 key: 7801 description: key is the label key that the selector 7802 applies to. 7803 type: string 7804 operator: 7805 description: operator represents a key's relationship 7806 to a set of values. Valid operators are In, NotIn, 7807 Exists and DoesNotExist. 7808 type: string 7809 values: 7810 description: values is an array of string values. 7811 If the operator is In or NotIn, the values array 7812 must be non-empty. If the operator is Exists or 7813 DoesNotExist, the values array must be empty. This 7814 array is replaced during a strategic merge patch. 7815 items: 7816 type: string 7817 type: array 7818 required: 7819 - key 7820 - operator 7821 type: object 7822 type: array 7823 matchLabels: 7824 additionalProperties: 7825 type: string 7826 description: matchLabels is a map of {key,value} pairs. 7827 A single {key,value} in the matchLabels map is equivalent 7828 to an element of matchExpressions, whose key field is 7829 "key", the operator is "In", and the values array contains 7830 only "value". The requirements are ANDed. 7831 type: object 7832 type: object 7833 x-kubernetes-map-type: atomic 7834 selector: 7835 description: A Selector is a label query over a set of resources. 7836 The result of matchLabels and matchExpressions are ANDed. 7837 An empty Selector matches all objects. A null Selector matches 7838 no objects. 7839 type: string 7840 succeeded: 7841 description: The number of pods which reached phase Succeeded. 7842 format: int32 7843 type: integer 7844 type: object 7845 description: ReplicaStatuses is map of ReplicaType and ReplicaStatus, 7846 specifies the status of each replica. 7847 type: object 7848 startTime: 7849 description: Represents time when the job was acknowledged by the 7850 job controller. It is not guaranteed to be set in happens-before 7851 order across separate operations. It is represented in RFC3339 form 7852 and is in UTC. 7853 format: date-time 7854 type: string 7855 type: object 7856 type: object 7857 served: true 7858 storage: true 7859 subresources: 7860 status: {}