github.com/kubeflow/training-operator@v1.7.0/manifests/base/crds/kubeflow.org_xgboostjobs.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.12.0 7 name: xgboostjobs.kubeflow.org 8 spec: 9 group: kubeflow.org 10 names: 11 kind: XGBoostJob 12 listKind: XGBoostJobList 13 plural: xgboostjobs 14 singular: xgboostjob 15 scope: Namespaced 16 versions: 17 - additionalPrinterColumns: 18 - jsonPath: .status.conditions[-1:].type 19 name: State 20 type: string 21 - jsonPath: .metadata.creationTimestamp 22 name: Age 23 type: date 24 name: v1 25 schema: 26 openAPIV3Schema: 27 description: XGBoostJob is the Schema for the xgboostjobs API 28 properties: 29 apiVersion: 30 description: 'APIVersion defines the versioned schema of this representation 31 of an object. Servers should convert recognized schemas to the latest 32 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 33 type: string 34 kind: 35 description: 'Kind is a string value representing the REST resource this 36 object represents. Servers may infer this from the endpoint the client 37 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 38 type: string 39 metadata: 40 type: object 41 spec: 42 description: XGBoostJobSpec defines the desired state of XGBoostJob 43 properties: 44 runPolicy: 45 description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster 46 Important: Run "make" to regenerate code after modifying this file' 47 properties: 48 activeDeadlineSeconds: 49 description: Specifies the duration in seconds relative to the 50 startTime that the job may be active before the system tries 51 to terminate it; value must be positive integer. 52 format: int64 53 type: integer 54 backoffLimit: 55 description: Optional number of retries before marking this job 56 failed. 57 format: int32 58 type: integer 59 cleanPodPolicy: 60 description: CleanPodPolicy defines the policy to kill pods after 61 the job completes. Default to None. 62 type: string 63 schedulingPolicy: 64 description: SchedulingPolicy defines the policy related to scheduling, 65 e.g. gang-scheduling 66 properties: 67 minAvailable: 68 format: int32 69 type: integer 70 minResources: 71 additionalProperties: 72 anyOf: 73 - type: integer 74 - type: string 75 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 76 x-kubernetes-int-or-string: true 77 type: object 78 priorityClass: 79 type: string 80 queue: 81 type: string 82 scheduleTimeoutSeconds: 83 format: int32 84 type: integer 85 type: object 86 suspend: 87 default: false 88 description: suspend specifies whether the Job controller should 89 create Pods or not. If a Job is created with suspend set to 90 true, no Pods are created by the Job controller. If a Job is 91 suspended after creation (i.e. the flag goes from false to true), 92 the Job controller will delete all active Pods and PodGroups 93 associated with this Job. Users must design their workload to 94 gracefully handle this. 95 type: boolean 96 ttlSecondsAfterFinished: 97 description: TTLSecondsAfterFinished is the TTL to clean up jobs. 98 It may take extra ReconcilePeriod seconds for the cleanup, since 99 reconcile gets called periodically. Default to infinite. 100 format: int32 101 type: integer 102 type: object 103 xgbReplicaSpecs: 104 additionalProperties: 105 description: ReplicaSpec is a description of the replica 106 properties: 107 replicas: 108 description: Replicas is the desired number of replicas of the 109 given template. If unspecified, defaults to 1. 110 format: int32 111 type: integer 112 restartPolicy: 113 description: Restart policy for all replicas within the job. 114 One of Always, OnFailure, Never and ExitCode. Default to Never. 115 type: string 116 template: 117 description: Template is the object that describes the pod that 118 will be created for this replica. RestartPolicy in PodTemplateSpec 119 will be overide by RestartPolicy in ReplicaSpec 120 properties: 121 metadata: 122 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 123 properties: 124 annotations: 125 additionalProperties: 126 type: string 127 type: object 128 finalizers: 129 items: 130 type: string 131 type: array 132 labels: 133 additionalProperties: 134 type: string 135 type: object 136 name: 137 type: string 138 namespace: 139 type: string 140 type: object 141 spec: 142 description: 'Specification of the desired behavior of the 143 pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 144 properties: 145 activeDeadlineSeconds: 146 description: Optional duration in seconds the pod may 147 be active on the node relative to StartTime before 148 the system will actively try to mark it failed and 149 kill associated containers. Value must be a positive 150 integer. 151 format: int64 152 type: integer 153 affinity: 154 description: If specified, the pod's scheduling constraints 155 properties: 156 nodeAffinity: 157 description: Describes node affinity scheduling 158 rules for the pod. 159 properties: 160 preferredDuringSchedulingIgnoredDuringExecution: 161 description: The scheduler will prefer to schedule 162 pods to nodes that satisfy the affinity expressions 163 specified by this field, but it may choose 164 a node that violates one or more of the expressions. 165 The node that is most preferred is the one 166 with the greatest sum of weights, i.e. for 167 each node that meets all of the scheduling 168 requirements (resource request, requiredDuringScheduling 169 affinity expressions, etc. 170 items: 171 description: An empty preferred scheduling 172 term matches all objects with implicit weight 173 0 (i.e. it's a no-op). A null preferred 174 scheduling term matches no objects (i.e. 175 is also a no-op). 176 properties: 177 preference: 178 description: A node selector term, associated 179 with the corresponding weight. 180 properties: 181 matchExpressions: 182 description: A list of node selector 183 requirements by node's labels. 184 items: 185 description: A node selector requirement 186 is a selector that contains values, 187 a key, and an operator that relates 188 the key and values. 189 properties: 190 key: 191 description: The label key that 192 the selector applies to. 193 type: string 194 operator: 195 description: Represents a key's 196 relationship to a set of values. 197 Valid operators are In, NotIn, 198 Exists, DoesNotExist. Gt, 199 and Lt. 200 type: string 201 values: 202 description: An array of string 203 values. If the operator is 204 In or NotIn, the values array 205 must be non-empty. If the 206 operator is Exists or DoesNotExist, 207 the values array must be empty. 208 If the operator is Gt or Lt, 209 the values array must have 210 a single element, which will 211 be interpreted as an integer. 212 This array is replaced during 213 a strategic merge patch. 214 items: 215 type: string 216 type: array 217 required: 218 - key 219 - operator 220 type: object 221 type: array 222 matchFields: 223 description: A list of node selector 224 requirements by node's fields. 225 items: 226 description: A node selector requirement 227 is a selector that contains values, 228 a key, and an operator that relates 229 the key and values. 230 properties: 231 key: 232 description: The label key that 233 the selector applies to. 234 type: string 235 operator: 236 description: Represents a key's 237 relationship to a set of values. 238 Valid operators are In, NotIn, 239 Exists, DoesNotExist. Gt, 240 and Lt. 241 type: string 242 values: 243 description: An array of string 244 values. If the operator is 245 In or NotIn, the values array 246 must be non-empty. If the 247 operator is Exists or DoesNotExist, 248 the values array must be empty. 249 If the operator is Gt or Lt, 250 the values array must have 251 a single element, which will 252 be interpreted as an integer. 253 This array is replaced during 254 a strategic merge patch. 255 items: 256 type: string 257 type: array 258 required: 259 - key 260 - operator 261 type: object 262 type: array 263 type: object 264 x-kubernetes-map-type: atomic 265 weight: 266 description: Weight associated with matching 267 the corresponding nodeSelectorTerm, 268 in the range 1-100. 269 format: int32 270 type: integer 271 required: 272 - preference 273 - weight 274 type: object 275 type: array 276 requiredDuringSchedulingIgnoredDuringExecution: 277 description: If the affinity requirements specified 278 by this field are not met at scheduling time, 279 the pod will not be scheduled onto the node. 280 If the affinity requirements specified by 281 this field cease to be met at some point during 282 pod execution (e.g. due to an update), the 283 system may or may not try to eventually evict 284 the pod from its node. 285 properties: 286 nodeSelectorTerms: 287 description: Required. A list of node selector 288 terms. The terms are ORed. 289 items: 290 description: A null or empty node selector 291 term matches no objects. The requirements 292 of them are ANDed. The TopologySelectorTerm 293 type implements a subset of the NodeSelectorTerm. 294 properties: 295 matchExpressions: 296 description: A list of node selector 297 requirements by node's labels. 298 items: 299 description: A node selector requirement 300 is a selector that contains values, 301 a key, and an operator that relates 302 the key and values. 303 properties: 304 key: 305 description: The label key that 306 the selector applies to. 307 type: string 308 operator: 309 description: Represents a key's 310 relationship to a set of values. 311 Valid operators are In, NotIn, 312 Exists, DoesNotExist. Gt, 313 and Lt. 314 type: string 315 values: 316 description: An array of string 317 values. If the operator is 318 In or NotIn, the values array 319 must be non-empty. If the 320 operator is Exists or DoesNotExist, 321 the values array must be empty. 322 If the operator is Gt or Lt, 323 the values array must have 324 a single element, which will 325 be interpreted as an integer. 326 This array is replaced during 327 a strategic merge patch. 328 items: 329 type: string 330 type: array 331 required: 332 - key 333 - operator 334 type: object 335 type: array 336 matchFields: 337 description: A list of node selector 338 requirements by node's fields. 339 items: 340 description: A node selector requirement 341 is a selector that contains values, 342 a key, and an operator that relates 343 the key and values. 344 properties: 345 key: 346 description: The label key that 347 the selector applies to. 348 type: string 349 operator: 350 description: Represents a key's 351 relationship to a set of values. 352 Valid operators are In, NotIn, 353 Exists, DoesNotExist. Gt, 354 and Lt. 355 type: string 356 values: 357 description: An array of string 358 values. If the operator is 359 In or NotIn, the values array 360 must be non-empty. If the 361 operator is Exists or DoesNotExist, 362 the values array must be empty. 363 If the operator is Gt or Lt, 364 the values array must have 365 a single element, which will 366 be interpreted as an integer. 367 This array is replaced during 368 a strategic merge patch. 369 items: 370 type: string 371 type: array 372 required: 373 - key 374 - operator 375 type: object 376 type: array 377 type: object 378 x-kubernetes-map-type: atomic 379 type: array 380 required: 381 - nodeSelectorTerms 382 type: object 383 x-kubernetes-map-type: atomic 384 type: object 385 podAffinity: 386 description: Describes pod affinity scheduling rules 387 (e.g. co-locate this pod in the same node, zone, 388 etc. as some other pod(s)). 389 properties: 390 preferredDuringSchedulingIgnoredDuringExecution: 391 description: The scheduler will prefer to schedule 392 pods to nodes that satisfy the affinity expressions 393 specified by this field, but it may choose 394 a node that violates one or more of the expressions. 395 The node that is most preferred is the one 396 with the greatest sum of weights, i.e. for 397 each node that meets all of the scheduling 398 requirements (resource request, requiredDuringScheduling 399 affinity expressions, etc. 400 items: 401 description: The weights of all of the matched 402 WeightedPodAffinityTerm fields are added 403 per-node to find the most preferred node(s) 404 properties: 405 podAffinityTerm: 406 description: Required. A pod affinity 407 term, associated with the corresponding 408 weight. 409 properties: 410 labelSelector: 411 description: A label query over a 412 set of resources, in this case pods. 413 properties: 414 matchExpressions: 415 description: matchExpressions 416 is a list of label selector 417 requirements. The requirements 418 are ANDed. 419 items: 420 description: A label selector 421 requirement is a selector 422 that contains values, a key, 423 and an operator that relates 424 the key and values. 425 properties: 426 key: 427 description: key is the 428 label key that the selector 429 applies to. 430 type: string 431 operator: 432 description: operator represents 433 a key's relationship to 434 a set of values. Valid 435 operators are In, NotIn, 436 Exists and DoesNotExist. 437 type: string 438 values: 439 description: values is an 440 array of string values. 441 If the operator is In 442 or NotIn, the values array 443 must be non-empty. If 444 the operator is Exists 445 or DoesNotExist, the values 446 array must be empty. This 447 array is replaced during 448 a strategic merge patch. 449 items: 450 type: string 451 type: array 452 required: 453 - key 454 - operator 455 type: object 456 type: array 457 matchLabels: 458 additionalProperties: 459 type: string 460 description: matchLabels is a 461 map of {key,value} pairs. A 462 single {key,value} in the matchLabels 463 map is equivalent to an element 464 of matchExpressions, whose key 465 field is "key", the operator 466 is "In", and the values array 467 contains only "value". The requirements 468 are ANDed. 469 type: object 470 type: object 471 x-kubernetes-map-type: atomic 472 namespaceSelector: 473 description: A label query over the 474 set of namespaces that the term 475 applies to. The term is applied 476 to the union of the namespaces selected 477 by this field and the ones listed 478 in the namespaces field. null selector 479 and null or empty namespaces list 480 means "this pod's namespace". An 481 empty selector ({}) matches all 482 namespaces. 483 properties: 484 matchExpressions: 485 description: matchExpressions 486 is a list of label selector 487 requirements. The requirements 488 are ANDed. 489 items: 490 description: A label selector 491 requirement is a selector 492 that contains values, a key, 493 and an operator that relates 494 the key and values. 495 properties: 496 key: 497 description: key is the 498 label key that the selector 499 applies to. 500 type: string 501 operator: 502 description: operator represents 503 a key's relationship to 504 a set of values. Valid 505 operators are In, NotIn, 506 Exists and DoesNotExist. 507 type: string 508 values: 509 description: values is an 510 array of string values. 511 If the operator is In 512 or NotIn, the values array 513 must be non-empty. If 514 the operator is Exists 515 or DoesNotExist, the values 516 array must be empty. This 517 array is replaced during 518 a strategic merge patch. 519 items: 520 type: string 521 type: array 522 required: 523 - key 524 - operator 525 type: object 526 type: array 527 matchLabels: 528 additionalProperties: 529 type: string 530 description: matchLabels is a 531 map of {key,value} pairs. A 532 single {key,value} in the matchLabels 533 map is equivalent to an element 534 of matchExpressions, whose key 535 field is "key", the operator 536 is "In", and the values array 537 contains only "value". The requirements 538 are ANDed. 539 type: object 540 type: object 541 x-kubernetes-map-type: atomic 542 namespaces: 543 description: namespaces specifies 544 a static list of namespace names 545 that the term applies to. The term 546 is applied to the union of the namespaces 547 listed in this field and the ones 548 selected by namespaceSelector. null 549 or empty namespaces list and null 550 namespaceSelector means "this pod's 551 namespace". 552 items: 553 type: string 554 type: array 555 topologyKey: 556 description: This pod should be co-located 557 (affinity) or not co-located (anti-affinity) 558 with the pods matching the labelSelector 559 in the specified namespaces, where 560 co-located is defined as running 561 on a node whose value of the label 562 with key topologyKey matches that 563 of any node on which any of the 564 selected pods is running. Empty 565 topologyKey is not allowed. 566 type: string 567 required: 568 - topologyKey 569 type: object 570 weight: 571 description: weight associated with matching 572 the corresponding podAffinityTerm, in 573 the range 1-100. 574 format: int32 575 type: integer 576 required: 577 - podAffinityTerm 578 - weight 579 type: object 580 type: array 581 requiredDuringSchedulingIgnoredDuringExecution: 582 description: If the affinity requirements specified 583 by this field are not met at scheduling time, 584 the pod will not be scheduled onto the node. 585 If the affinity requirements specified by 586 this field cease to be met at some point during 587 pod execution (e.g. due to a pod label update), 588 the system may or may not try to eventually 589 evict the pod from its node. 590 items: 591 description: Defines a set of pods (namely 592 those matching the labelSelector relative 593 to the given namespace(s)) that this pod 594 should be co-located (affinity) or not co-located 595 (anti-affinity) with, where co-located is 596 defined as running on a node whose value 597 of the label with key <topologyKey> matches 598 that of any node on which a pod of the set 599 of pods is running 600 properties: 601 labelSelector: 602 description: A label query over a set 603 of resources, in this case pods. 604 properties: 605 matchExpressions: 606 description: matchExpressions is a 607 list of label selector requirements. 608 The requirements are ANDed. 609 items: 610 description: A label selector requirement 611 is a selector that contains values, 612 a key, and an operator that relates 613 the key and values. 614 properties: 615 key: 616 description: key is the label 617 key that the selector applies 618 to. 619 type: string 620 operator: 621 description: operator represents 622 a key's relationship to a 623 set of values. Valid operators 624 are In, NotIn, Exists and 625 DoesNotExist. 626 type: string 627 values: 628 description: values is an array 629 of string values. If the operator 630 is In or NotIn, the values 631 array must be non-empty. If 632 the operator is Exists or 633 DoesNotExist, the values array 634 must be empty. This array 635 is replaced during a strategic 636 merge patch. 637 items: 638 type: string 639 type: array 640 required: 641 - key 642 - operator 643 type: object 644 type: array 645 matchLabels: 646 additionalProperties: 647 type: string 648 description: matchLabels is a map 649 of {key,value} pairs. A single {key,value} 650 in the matchLabels map is equivalent 651 to an element of matchExpressions, 652 whose key field is "key", the operator 653 is "In", and the values array contains 654 only "value". The requirements are 655 ANDed. 656 type: object 657 type: object 658 x-kubernetes-map-type: atomic 659 namespaceSelector: 660 description: A label query over the set 661 of namespaces that the term applies 662 to. The term is applied to the union 663 of the namespaces selected by this field 664 and the ones listed in the namespaces 665 field. null selector and null or empty 666 namespaces list means "this pod's namespace". 667 An empty selector ({}) matches all namespaces. 668 properties: 669 matchExpressions: 670 description: matchExpressions is a 671 list of label selector requirements. 672 The requirements are ANDed. 673 items: 674 description: A label selector requirement 675 is a selector that contains values, 676 a key, and an operator that relates 677 the key and values. 678 properties: 679 key: 680 description: key is the label 681 key that the selector applies 682 to. 683 type: string 684 operator: 685 description: operator represents 686 a key's relationship to a 687 set of values. Valid operators 688 are In, NotIn, Exists and 689 DoesNotExist. 690 type: string 691 values: 692 description: values is an array 693 of string values. If the operator 694 is In or NotIn, the values 695 array must be non-empty. If 696 the operator is Exists or 697 DoesNotExist, the values array 698 must be empty. This array 699 is replaced during a strategic 700 merge patch. 701 items: 702 type: string 703 type: array 704 required: 705 - key 706 - operator 707 type: object 708 type: array 709 matchLabels: 710 additionalProperties: 711 type: string 712 description: matchLabels is a map 713 of {key,value} pairs. A single {key,value} 714 in the matchLabels map is equivalent 715 to an element of matchExpressions, 716 whose key field is "key", the operator 717 is "In", and the values array contains 718 only "value". The requirements are 719 ANDed. 720 type: object 721 type: object 722 x-kubernetes-map-type: atomic 723 namespaces: 724 description: namespaces specifies a static 725 list of namespace names that the term 726 applies to. The term is applied to the 727 union of the namespaces listed in this 728 field and the ones selected by namespaceSelector. 729 null or empty namespaces list and null 730 namespaceSelector means "this pod's 731 namespace". 732 items: 733 type: string 734 type: array 735 topologyKey: 736 description: This pod should be co-located 737 (affinity) or not co-located (anti-affinity) 738 with the pods matching the labelSelector 739 in the specified namespaces, where co-located 740 is defined as running on a node whose 741 value of the label with key topologyKey 742 matches that of any node on which any 743 of the selected pods is running. Empty 744 topologyKey is not allowed. 745 type: string 746 required: 747 - topologyKey 748 type: object 749 type: array 750 type: object 751 podAntiAffinity: 752 description: Describes pod anti-affinity scheduling 753 rules (e.g. avoid putting this pod in the same 754 node, zone, etc. as some other pod(s)). 755 properties: 756 preferredDuringSchedulingIgnoredDuringExecution: 757 description: The scheduler will prefer to schedule 758 pods to nodes that satisfy the anti-affinity 759 expressions specified by this field, but it 760 may choose a node that violates one or more 761 of the expressions. The node that is most 762 preferred is the one with the greatest sum 763 of weights, i.e. 764 items: 765 description: The weights of all of the matched 766 WeightedPodAffinityTerm fields are added 767 per-node to find the most preferred node(s) 768 properties: 769 podAffinityTerm: 770 description: Required. A pod affinity 771 term, associated with the corresponding 772 weight. 773 properties: 774 labelSelector: 775 description: A label query over a 776 set of resources, in this case pods. 777 properties: 778 matchExpressions: 779 description: matchExpressions 780 is a list of label selector 781 requirements. The requirements 782 are ANDed. 783 items: 784 description: A label selector 785 requirement is a selector 786 that contains values, a key, 787 and an operator that relates 788 the key and values. 789 properties: 790 key: 791 description: key is the 792 label key that the selector 793 applies to. 794 type: string 795 operator: 796 description: operator represents 797 a key's relationship to 798 a set of values. Valid 799 operators are In, NotIn, 800 Exists and DoesNotExist. 801 type: string 802 values: 803 description: values is an 804 array of string values. 805 If the operator is In 806 or NotIn, the values array 807 must be non-empty. If 808 the operator is Exists 809 or DoesNotExist, the values 810 array must be empty. This 811 array is replaced during 812 a strategic merge patch. 813 items: 814 type: string 815 type: array 816 required: 817 - key 818 - operator 819 type: object 820 type: array 821 matchLabels: 822 additionalProperties: 823 type: string 824 description: matchLabels is a 825 map of {key,value} pairs. A 826 single {key,value} in the matchLabels 827 map is equivalent to an element 828 of matchExpressions, whose key 829 field is "key", the operator 830 is "In", and the values array 831 contains only "value". The requirements 832 are ANDed. 833 type: object 834 type: object 835 x-kubernetes-map-type: atomic 836 namespaceSelector: 837 description: A label query over the 838 set of namespaces that the term 839 applies to. The term is applied 840 to the union of the namespaces selected 841 by this field and the ones listed 842 in the namespaces field. null selector 843 and null or empty namespaces list 844 means "this pod's namespace". An 845 empty selector ({}) matches all 846 namespaces. 847 properties: 848 matchExpressions: 849 description: matchExpressions 850 is a list of label selector 851 requirements. The requirements 852 are ANDed. 853 items: 854 description: A label selector 855 requirement is a selector 856 that contains values, a key, 857 and an operator that relates 858 the key and values. 859 properties: 860 key: 861 description: key is the 862 label key that the selector 863 applies to. 864 type: string 865 operator: 866 description: operator represents 867 a key's relationship to 868 a set of values. Valid 869 operators are In, NotIn, 870 Exists and DoesNotExist. 871 type: string 872 values: 873 description: values is an 874 array of string values. 875 If the operator is In 876 or NotIn, the values array 877 must be non-empty. If 878 the operator is Exists 879 or DoesNotExist, the values 880 array must be empty. This 881 array is replaced during 882 a strategic merge patch. 883 items: 884 type: string 885 type: array 886 required: 887 - key 888 - operator 889 type: object 890 type: array 891 matchLabels: 892 additionalProperties: 893 type: string 894 description: matchLabels is a 895 map of {key,value} pairs. A 896 single {key,value} in the matchLabels 897 map is equivalent to an element 898 of matchExpressions, whose key 899 field is "key", the operator 900 is "In", and the values array 901 contains only "value". The requirements 902 are ANDed. 903 type: object 904 type: object 905 x-kubernetes-map-type: atomic 906 namespaces: 907 description: namespaces specifies 908 a static list of namespace names 909 that the term applies to. The term 910 is applied to the union of the namespaces 911 listed in this field and the ones 912 selected by namespaceSelector. null 913 or empty namespaces list and null 914 namespaceSelector means "this pod's 915 namespace". 916 items: 917 type: string 918 type: array 919 topologyKey: 920 description: This pod should be co-located 921 (affinity) or not co-located (anti-affinity) 922 with the pods matching the labelSelector 923 in the specified namespaces, where 924 co-located is defined as running 925 on a node whose value of the label 926 with key topologyKey matches that 927 of any node on which any of the 928 selected pods is running. Empty 929 topologyKey is not allowed. 930 type: string 931 required: 932 - topologyKey 933 type: object 934 weight: 935 description: weight associated with matching 936 the corresponding podAffinityTerm, in 937 the range 1-100. 938 format: int32 939 type: integer 940 required: 941 - podAffinityTerm 942 - weight 943 type: object 944 type: array 945 requiredDuringSchedulingIgnoredDuringExecution: 946 description: If the anti-affinity requirements 947 specified by this field are not met at scheduling 948 time, the pod will not be scheduled onto the 949 node. If the anti-affinity requirements specified 950 by this field cease to be met at some point 951 during pod execution (e.g. due to a pod label 952 update), the system may or may not try to 953 eventually evict the pod from its node. 954 items: 955 description: Defines a set of pods (namely 956 those matching the labelSelector relative 957 to the given namespace(s)) that this pod 958 should be co-located (affinity) or not co-located 959 (anti-affinity) with, where co-located is 960 defined as running on a node whose value 961 of the label with key <topologyKey> matches 962 that of any node on which a pod of the set 963 of pods is running 964 properties: 965 labelSelector: 966 description: A label query over a set 967 of resources, in this case pods. 968 properties: 969 matchExpressions: 970 description: matchExpressions is a 971 list of label selector requirements. 972 The requirements are ANDed. 973 items: 974 description: A label selector requirement 975 is a selector that contains values, 976 a key, and an operator that relates 977 the key and values. 978 properties: 979 key: 980 description: key is the label 981 key that the selector applies 982 to. 983 type: string 984 operator: 985 description: operator represents 986 a key's relationship to a 987 set of values. Valid operators 988 are In, NotIn, Exists and 989 DoesNotExist. 990 type: string 991 values: 992 description: values is an array 993 of string values. If the operator 994 is In or NotIn, the values 995 array must be non-empty. If 996 the operator is Exists or 997 DoesNotExist, the values array 998 must be empty. This array 999 is replaced during a strategic 1000 merge patch. 1001 items: 1002 type: string 1003 type: array 1004 required: 1005 - key 1006 - operator 1007 type: object 1008 type: array 1009 matchLabels: 1010 additionalProperties: 1011 type: string 1012 description: matchLabels is a map 1013 of {key,value} pairs. A single {key,value} 1014 in the matchLabels map is equivalent 1015 to an element of matchExpressions, 1016 whose key field is "key", the operator 1017 is "In", and the values array contains 1018 only "value". The requirements are 1019 ANDed. 1020 type: object 1021 type: object 1022 x-kubernetes-map-type: atomic 1023 namespaceSelector: 1024 description: A label query over the set 1025 of namespaces that the term applies 1026 to. The term is applied to the union 1027 of the namespaces selected by this field 1028 and the ones listed in the namespaces 1029 field. null selector and null or empty 1030 namespaces list means "this pod's namespace". 1031 An empty selector ({}) matches all namespaces. 1032 properties: 1033 matchExpressions: 1034 description: matchExpressions is a 1035 list of label selector requirements. 1036 The requirements are ANDed. 1037 items: 1038 description: A label selector requirement 1039 is a selector that contains values, 1040 a key, and an operator that relates 1041 the key and values. 1042 properties: 1043 key: 1044 description: key is the label 1045 key that the selector applies 1046 to. 1047 type: string 1048 operator: 1049 description: operator represents 1050 a key's relationship to a 1051 set of values. Valid operators 1052 are In, NotIn, Exists and 1053 DoesNotExist. 1054 type: string 1055 values: 1056 description: values is an array 1057 of string values. If the operator 1058 is In or NotIn, the values 1059 array must be non-empty. If 1060 the operator is Exists or 1061 DoesNotExist, the values array 1062 must be empty. This array 1063 is replaced during a strategic 1064 merge patch. 1065 items: 1066 type: string 1067 type: array 1068 required: 1069 - key 1070 - operator 1071 type: object 1072 type: array 1073 matchLabels: 1074 additionalProperties: 1075 type: string 1076 description: matchLabels is a map 1077 of {key,value} pairs. A single {key,value} 1078 in the matchLabels map is equivalent 1079 to an element of matchExpressions, 1080 whose key field is "key", the operator 1081 is "In", and the values array contains 1082 only "value". The requirements are 1083 ANDed. 1084 type: object 1085 type: object 1086 x-kubernetes-map-type: atomic 1087 namespaces: 1088 description: namespaces specifies a static 1089 list of namespace names that the term 1090 applies to. The term is applied to the 1091 union of the namespaces listed in this 1092 field and the ones selected by namespaceSelector. 1093 null or empty namespaces list and null 1094 namespaceSelector means "this pod's 1095 namespace". 1096 items: 1097 type: string 1098 type: array 1099 topologyKey: 1100 description: This pod should be co-located 1101 (affinity) or not co-located (anti-affinity) 1102 with the pods matching the labelSelector 1103 in the specified namespaces, where co-located 1104 is defined as running on a node whose 1105 value of the label with key topologyKey 1106 matches that of any node on which any 1107 of the selected pods is running. Empty 1108 topologyKey is not allowed. 1109 type: string 1110 required: 1111 - topologyKey 1112 type: object 1113 type: array 1114 type: object 1115 type: object 1116 automountServiceAccountToken: 1117 description: AutomountServiceAccountToken indicates 1118 whether a service account token should be automatically 1119 mounted. 1120 type: boolean 1121 containers: 1122 description: List of containers belonging to the pod. 1123 Containers cannot currently be added or removed. There 1124 must be at least one container in a Pod. Cannot be 1125 updated. 1126 items: 1127 description: A single application container that you 1128 want to run within a pod. 1129 properties: 1130 args: 1131 description: 'Arguments to the entrypoint. The 1132 container image''s CMD is used if this is not 1133 provided. Variable references $(VAR_NAME) are 1134 expanded using the container''s environment. 1135 If a variable cannot be resolved, the reference 1136 in the input string will be unchanged. Double 1137 $$ are reduced to a single $, which allows for 1138 escaping the $(VAR_NAME) syntax: i.e.' 1139 items: 1140 type: string 1141 type: array 1142 command: 1143 description: 'Entrypoint array. Not executed within 1144 a shell. The container image''s ENTRYPOINT is 1145 used if this is not provided. Variable references 1146 $(VAR_NAME) are expanded using the container''s 1147 environment. If a variable cannot be resolved, 1148 the reference in the input string will be unchanged. 1149 Double $$ are reduced to a single $, which allows 1150 for escaping the $(VAR_NAME) syntax: i.e.' 1151 items: 1152 type: string 1153 type: array 1154 env: 1155 description: List of environment variables to 1156 set in the container. Cannot be updated. 1157 items: 1158 description: EnvVar represents an environment 1159 variable present in a Container. 1160 properties: 1161 name: 1162 description: Name of the environment variable. 1163 Must be a C_IDENTIFIER. 1164 type: string 1165 value: 1166 description: 'Variable references $(VAR_NAME) 1167 are expanded using the previously defined 1168 environment variables in the container 1169 and any service environment variables. 1170 If a variable cannot be resolved, the 1171 reference in the input string will be 1172 unchanged. Double $$ are reduced to a 1173 single $, which allows for escaping the 1174 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1175 will produce the string literal "$(VAR_NAME)".' 1176 type: string 1177 valueFrom: 1178 description: Source for the environment 1179 variable's value. Cannot be used if value 1180 is not empty. 1181 properties: 1182 configMapKeyRef: 1183 description: Selects a key of a ConfigMap. 1184 properties: 1185 key: 1186 description: The key to select. 1187 type: string 1188 name: 1189 description: 'Name of the referent. 1190 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1191 TODO: Add other useful fields. 1192 apiVersion, kind, uid?' 1193 type: string 1194 optional: 1195 description: Specify whether the 1196 ConfigMap or its key must be defined 1197 type: boolean 1198 required: 1199 - key 1200 type: object 1201 x-kubernetes-map-type: atomic 1202 fieldRef: 1203 description: 'Selects a field of the 1204 pod: supports metadata.name, metadata.namespace, 1205 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 1206 spec.nodeName, spec.serviceAccountName, 1207 status.hostIP, status.podIP, status.podIPs.' 1208 properties: 1209 apiVersion: 1210 description: Version of the schema 1211 the FieldPath is written in terms 1212 of, defaults to "v1". 1213 type: string 1214 fieldPath: 1215 description: Path of the field to 1216 select in the specified API version. 1217 type: string 1218 required: 1219 - fieldPath 1220 type: object 1221 x-kubernetes-map-type: atomic 1222 resourceFieldRef: 1223 description: 'Selects a resource of 1224 the container: only resources limits 1225 and requests (limits.cpu, limits.memory, 1226 limits.ephemeral-storage, requests.cpu, 1227 requests.memory and requests.ephemeral-storage) 1228 are currently supported.' 1229 properties: 1230 containerName: 1231 description: 'Container name: required 1232 for volumes, optional for env 1233 vars' 1234 type: string 1235 divisor: 1236 anyOf: 1237 - type: integer 1238 - type: string 1239 description: Specifies the output 1240 format of the exposed resources, 1241 defaults to "1" 1242 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1243 x-kubernetes-int-or-string: true 1244 resource: 1245 description: 'Required: resource 1246 to select' 1247 type: string 1248 required: 1249 - resource 1250 type: object 1251 x-kubernetes-map-type: atomic 1252 secretKeyRef: 1253 description: Selects a key of a secret 1254 in the pod's namespace 1255 properties: 1256 key: 1257 description: The key of the secret 1258 to select from. Must be a valid 1259 secret key. 1260 type: string 1261 name: 1262 description: 'Name of the referent. 1263 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1264 TODO: Add other useful fields. 1265 apiVersion, kind, uid?' 1266 type: string 1267 optional: 1268 description: Specify whether the 1269 Secret or its key must be defined 1270 type: boolean 1271 required: 1272 - key 1273 type: object 1274 x-kubernetes-map-type: atomic 1275 type: object 1276 required: 1277 - name 1278 type: object 1279 type: array 1280 envFrom: 1281 description: List of sources to populate environment 1282 variables in the container. The keys defined 1283 within a source must be a C_IDENTIFIER. All 1284 invalid keys will be reported as an event when 1285 the container is starting. When a key exists 1286 in multiple sources, the value associated with 1287 the last source will take precedence. Values 1288 defined by an Env with a duplicate key will 1289 take precedence. Cannot be updated. 1290 items: 1291 description: EnvFromSource represents the source 1292 of a set of ConfigMaps 1293 properties: 1294 configMapRef: 1295 description: The ConfigMap to select from 1296 properties: 1297 name: 1298 description: 'Name of the referent. 1299 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1300 TODO: Add other useful fields. apiVersion, 1301 kind, uid?' 1302 type: string 1303 optional: 1304 description: Specify whether the ConfigMap 1305 must be defined 1306 type: boolean 1307 type: object 1308 x-kubernetes-map-type: atomic 1309 prefix: 1310 description: An optional identifier to prepend 1311 to each key in the ConfigMap. Must be 1312 a C_IDENTIFIER. 1313 type: string 1314 secretRef: 1315 description: The Secret to select from 1316 properties: 1317 name: 1318 description: 'Name of the referent. 1319 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1320 TODO: Add other useful fields. apiVersion, 1321 kind, uid?' 1322 type: string 1323 optional: 1324 description: Specify whether the Secret 1325 must be defined 1326 type: boolean 1327 type: object 1328 x-kubernetes-map-type: atomic 1329 type: object 1330 type: array 1331 image: 1332 description: 'Container image name. More info: 1333 https://kubernetes.io/docs/concepts/containers/images 1334 This field is optional to allow higher level 1335 config management to default or override container 1336 images in workload controllers like Deployments 1337 and StatefulSets.' 1338 type: string 1339 imagePullPolicy: 1340 description: 'Image pull policy. One of Always, 1341 Never, IfNotPresent. Defaults to Always if :latest 1342 tag is specified, or IfNotPresent otherwise. 1343 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1344 type: string 1345 lifecycle: 1346 description: Actions that the management system 1347 should take in response to container lifecycle 1348 events. Cannot be updated. 1349 properties: 1350 postStart: 1351 description: 'PostStart is called immediately 1352 after a container is created. If the handler 1353 fails, the container is terminated and restarted 1354 according to its restart policy. Other management 1355 of the container blocks until the hook completes. 1356 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1357 properties: 1358 exec: 1359 description: Exec specifies the action 1360 to take. 1361 properties: 1362 command: 1363 description: Command is the command 1364 line to execute inside the container, 1365 the working directory for the command is 1366 root ('/') in the container's filesystem. 1367 The command is simply exec'd, it 1368 is not run inside a shell, so traditional 1369 shell instructions ('|', etc) won't 1370 work. To use a shell, you need to 1371 explicitly call out to that shell. 1372 Exit status of 0 is treated as live/healthy 1373 and non-zero is unhealthy. 1374 items: 1375 type: string 1376 type: array 1377 type: object 1378 httpGet: 1379 description: HTTPGet specifies the http 1380 request to perform. 1381 properties: 1382 host: 1383 description: Host name to connect 1384 to, defaults to the pod IP. You 1385 probably want to set "Host" in httpHeaders 1386 instead. 1387 type: string 1388 httpHeaders: 1389 description: Custom headers to set 1390 in the request. HTTP allows repeated 1391 headers. 1392 items: 1393 description: HTTPHeader describes 1394 a custom header to be used in 1395 HTTP probes 1396 properties: 1397 name: 1398 description: The header field 1399 name. This will be canonicalized 1400 upon output, so case-variant 1401 names will be understood as 1402 the same header. 1403 type: string 1404 value: 1405 description: The header field 1406 value 1407 type: string 1408 required: 1409 - name 1410 - value 1411 type: object 1412 type: array 1413 path: 1414 description: Path to access on the 1415 HTTP server. 1416 type: string 1417 port: 1418 anyOf: 1419 - type: integer 1420 - type: string 1421 description: Name or number of the 1422 port to access on the container. 1423 Number must be in the range 1 to 1424 65535. Name must be an IANA_SVC_NAME. 1425 x-kubernetes-int-or-string: true 1426 scheme: 1427 description: Scheme to use for connecting 1428 to the host. Defaults to HTTP. 1429 type: string 1430 required: 1431 - port 1432 type: object 1433 tcpSocket: 1434 description: Deprecated. TCPSocket is 1435 NOT supported as a LifecycleHandler 1436 and kept for the backward compatibility. 1437 There are no validation of this field 1438 and lifecycle hooks will fail in runtime 1439 when tcp handler is specified. 1440 properties: 1441 host: 1442 description: 'Optional: Host name 1443 to connect to, defaults to the pod 1444 IP.' 1445 type: string 1446 port: 1447 anyOf: 1448 - type: integer 1449 - type: string 1450 description: Number or name of the 1451 port to access on the container. 1452 Number must be in the range 1 to 1453 65535. Name must be an IANA_SVC_NAME. 1454 x-kubernetes-int-or-string: true 1455 required: 1456 - port 1457 type: object 1458 type: object 1459 preStop: 1460 description: PreStop is called immediately 1461 before a container is terminated due to 1462 an API request or management event such 1463 as liveness/startup probe failure, preemption, 1464 resource contention, etc. The handler is 1465 not called if the container crashes or exits. 1466 The Pod's termination grace period countdown 1467 begins before the PreStop hook is executed. 1468 properties: 1469 exec: 1470 description: Exec specifies the action 1471 to take. 1472 properties: 1473 command: 1474 description: Command is the command 1475 line to execute inside the container, 1476 the working directory for the command is 1477 root ('/') in the container's filesystem. 1478 The command is simply exec'd, it 1479 is not run inside a shell, so traditional 1480 shell instructions ('|', etc) won't 1481 work. To use a shell, you need to 1482 explicitly call out to that shell. 1483 Exit status of 0 is treated as live/healthy 1484 and non-zero is unhealthy. 1485 items: 1486 type: string 1487 type: array 1488 type: object 1489 httpGet: 1490 description: HTTPGet specifies the http 1491 request to perform. 1492 properties: 1493 host: 1494 description: Host name to connect 1495 to, defaults to the pod IP. You 1496 probably want to set "Host" in httpHeaders 1497 instead. 1498 type: string 1499 httpHeaders: 1500 description: Custom headers to set 1501 in the request. HTTP allows repeated 1502 headers. 1503 items: 1504 description: HTTPHeader describes 1505 a custom header to be used in 1506 HTTP probes 1507 properties: 1508 name: 1509 description: The header field 1510 name. This will be canonicalized 1511 upon output, so case-variant 1512 names will be understood as 1513 the same header. 1514 type: string 1515 value: 1516 description: The header field 1517 value 1518 type: string 1519 required: 1520 - name 1521 - value 1522 type: object 1523 type: array 1524 path: 1525 description: Path to access on the 1526 HTTP server. 1527 type: string 1528 port: 1529 anyOf: 1530 - type: integer 1531 - type: string 1532 description: Name or number of the 1533 port to access on the container. 1534 Number must be in the range 1 to 1535 65535. Name must be an IANA_SVC_NAME. 1536 x-kubernetes-int-or-string: true 1537 scheme: 1538 description: Scheme to use for connecting 1539 to the host. Defaults to HTTP. 1540 type: string 1541 required: 1542 - port 1543 type: object 1544 tcpSocket: 1545 description: Deprecated. TCPSocket is 1546 NOT supported as a LifecycleHandler 1547 and kept for the backward compatibility. 1548 There are no validation of this field 1549 and lifecycle hooks will fail in runtime 1550 when tcp handler is specified. 1551 properties: 1552 host: 1553 description: 'Optional: Host name 1554 to connect to, defaults to the pod 1555 IP.' 1556 type: string 1557 port: 1558 anyOf: 1559 - type: integer 1560 - type: string 1561 description: Number or name of the 1562 port to access on the container. 1563 Number must be in the range 1 to 1564 65535. Name must be an IANA_SVC_NAME. 1565 x-kubernetes-int-or-string: true 1566 required: 1567 - port 1568 type: object 1569 type: object 1570 type: object 1571 livenessProbe: 1572 description: 'Periodic probe of container liveness. 1573 Container will be restarted if the probe fails. 1574 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1575 properties: 1576 exec: 1577 description: Exec specifies the action to 1578 take. 1579 properties: 1580 command: 1581 description: Command is the command line 1582 to execute inside the container, the 1583 working directory for the command is 1584 root ('/') in the container's filesystem. 1585 The command is simply exec'd, it is 1586 not run inside a shell, so traditional 1587 shell instructions ('|', etc) won't 1588 work. To use a shell, you need to explicitly 1589 call out to that shell. Exit status 1590 of 0 is treated as live/healthy and 1591 non-zero is unhealthy. 1592 items: 1593 type: string 1594 type: array 1595 type: object 1596 failureThreshold: 1597 description: Minimum consecutive failures 1598 for the probe to be considered failed after 1599 having succeeded. Defaults to 3. Minimum 1600 value is 1. 1601 format: int32 1602 type: integer 1603 grpc: 1604 description: GRPC specifies an action involving 1605 a GRPC port. 1606 properties: 1607 port: 1608 description: Port number of the gRPC service. 1609 Number must be in the range 1 to 65535. 1610 format: int32 1611 type: integer 1612 service: 1613 description: "Service is the name of the 1614 service to place in the gRPC HealthCheckRequest 1615 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1616 \n If this is not specified, the default 1617 behavior is defined by gRPC." 1618 type: string 1619 required: 1620 - port 1621 type: object 1622 httpGet: 1623 description: HTTPGet specifies the http request 1624 to perform. 1625 properties: 1626 host: 1627 description: Host name to connect to, 1628 defaults to the pod IP. You probably 1629 want to set "Host" in httpHeaders instead. 1630 type: string 1631 httpHeaders: 1632 description: Custom headers to set in 1633 the request. HTTP allows repeated headers. 1634 items: 1635 description: HTTPHeader describes a 1636 custom header to be used in HTTP probes 1637 properties: 1638 name: 1639 description: The header field name. 1640 This will be canonicalized upon 1641 output, so case-variant names 1642 will be understood as the same 1643 header. 1644 type: string 1645 value: 1646 description: The header field value 1647 type: string 1648 required: 1649 - name 1650 - value 1651 type: object 1652 type: array 1653 path: 1654 description: Path to access on the HTTP 1655 server. 1656 type: string 1657 port: 1658 anyOf: 1659 - type: integer 1660 - type: string 1661 description: Name or number of the port 1662 to access on the container. Number must 1663 be in the range 1 to 65535. Name must 1664 be an IANA_SVC_NAME. 1665 x-kubernetes-int-or-string: true 1666 scheme: 1667 description: Scheme to use for connecting 1668 to the host. Defaults to HTTP. 1669 type: string 1670 required: 1671 - port 1672 type: object 1673 initialDelaySeconds: 1674 description: 'Number of seconds after the 1675 container has started before liveness probes 1676 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1677 format: int32 1678 type: integer 1679 periodSeconds: 1680 description: How often (in seconds) to perform 1681 the probe. Default to 10 seconds. Minimum 1682 value is 1. 1683 format: int32 1684 type: integer 1685 successThreshold: 1686 description: Minimum consecutive successes 1687 for the probe to be considered successful 1688 after having failed. Defaults to 1. Must 1689 be 1 for liveness and startup. Minimum value 1690 is 1. 1691 format: int32 1692 type: integer 1693 tcpSocket: 1694 description: TCPSocket specifies an action 1695 involving a TCP port. 1696 properties: 1697 host: 1698 description: 'Optional: Host name to connect 1699 to, defaults to the pod IP.' 1700 type: string 1701 port: 1702 anyOf: 1703 - type: integer 1704 - type: string 1705 description: Number or name of the port 1706 to access on the container. Number must 1707 be in the range 1 to 65535. Name must 1708 be an IANA_SVC_NAME. 1709 x-kubernetes-int-or-string: true 1710 required: 1711 - port 1712 type: object 1713 terminationGracePeriodSeconds: 1714 description: Optional duration in seconds 1715 the pod needs to terminate gracefully upon 1716 probe failure. The grace period is the duration 1717 in seconds after the processes running in 1718 the pod are sent a termination signal and 1719 the time when the processes are forcibly 1720 halted with a kill signal. Set this value 1721 longer than the expected cleanup time for 1722 your process. 1723 format: int64 1724 type: integer 1725 timeoutSeconds: 1726 description: 'Number of seconds after which 1727 the probe times out. Defaults to 1 second. 1728 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1729 format: int32 1730 type: integer 1731 type: object 1732 name: 1733 description: Name of the container specified as 1734 a DNS_LABEL. Each container in a pod must have 1735 a unique name (DNS_LABEL). Cannot be updated. 1736 type: string 1737 ports: 1738 description: List of ports to expose from the 1739 container. Not specifying a port here DOES NOT 1740 prevent that port from being exposed. Any port 1741 which is listening on the default "0.0.0.0" 1742 address inside a container will be accessible 1743 from the network. Modifying this array with 1744 strategic merge patch may corrupt the data. 1745 For more information See https://github.com/kubernetes/kubernetes/issues/108255. 1746 items: 1747 description: ContainerPort represents a network 1748 port in a single container. 1749 properties: 1750 containerPort: 1751 description: Number of port to expose on 1752 the pod's IP address. This must be a valid 1753 port number, 0 < x < 65536. 1754 format: int32 1755 type: integer 1756 hostIP: 1757 description: What host IP to bind the external 1758 port to. 1759 type: string 1760 hostPort: 1761 description: Number of port to expose on 1762 the host. If specified, this must be a 1763 valid port number, 0 < x < 65536. If HostNetwork 1764 is specified, this must match ContainerPort. 1765 Most containers do not need this. 1766 format: int32 1767 type: integer 1768 name: 1769 description: If specified, this must be 1770 an IANA_SVC_NAME and unique within the 1771 pod. Each named port in a pod must have 1772 a unique name. Name for the port that 1773 can be referred to by services. 1774 type: string 1775 protocol: 1776 default: TCP 1777 description: Protocol for port. Must be 1778 UDP, TCP, or SCTP. Defaults to "TCP". 1779 type: string 1780 required: 1781 - containerPort 1782 type: object 1783 type: array 1784 x-kubernetes-list-map-keys: 1785 - containerPort 1786 - protocol 1787 x-kubernetes-list-type: map 1788 readinessProbe: 1789 description: 'Periodic probe of container service 1790 readiness. Container will be removed from service 1791 endpoints if the probe fails. Cannot be updated. 1792 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1793 properties: 1794 exec: 1795 description: Exec specifies the action to 1796 take. 1797 properties: 1798 command: 1799 description: Command is the command line 1800 to execute inside the container, the 1801 working directory for the command is 1802 root ('/') in the container's filesystem. 1803 The command is simply exec'd, it is 1804 not run inside a shell, so traditional 1805 shell instructions ('|', etc) won't 1806 work. To use a shell, you need to explicitly 1807 call out to that shell. Exit status 1808 of 0 is treated as live/healthy and 1809 non-zero is unhealthy. 1810 items: 1811 type: string 1812 type: array 1813 type: object 1814 failureThreshold: 1815 description: Minimum consecutive failures 1816 for the probe to be considered failed after 1817 having succeeded. Defaults to 3. Minimum 1818 value is 1. 1819 format: int32 1820 type: integer 1821 grpc: 1822 description: GRPC specifies an action involving 1823 a GRPC port. 1824 properties: 1825 port: 1826 description: Port number of the gRPC service. 1827 Number must be in the range 1 to 65535. 1828 format: int32 1829 type: integer 1830 service: 1831 description: "Service is the name of the 1832 service to place in the gRPC HealthCheckRequest 1833 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1834 \n If this is not specified, the default 1835 behavior is defined by gRPC." 1836 type: string 1837 required: 1838 - port 1839 type: object 1840 httpGet: 1841 description: HTTPGet specifies the http request 1842 to perform. 1843 properties: 1844 host: 1845 description: Host name to connect to, 1846 defaults to the pod IP. You probably 1847 want to set "Host" in httpHeaders instead. 1848 type: string 1849 httpHeaders: 1850 description: Custom headers to set in 1851 the request. HTTP allows repeated headers. 1852 items: 1853 description: HTTPHeader describes a 1854 custom header to be used in HTTP probes 1855 properties: 1856 name: 1857 description: The header field name. 1858 This will be canonicalized upon 1859 output, so case-variant names 1860 will be understood as the same 1861 header. 1862 type: string 1863 value: 1864 description: The header field value 1865 type: string 1866 required: 1867 - name 1868 - value 1869 type: object 1870 type: array 1871 path: 1872 description: Path to access on the HTTP 1873 server. 1874 type: string 1875 port: 1876 anyOf: 1877 - type: integer 1878 - type: string 1879 description: Name or number of the port 1880 to access on the container. Number must 1881 be in the range 1 to 65535. Name must 1882 be an IANA_SVC_NAME. 1883 x-kubernetes-int-or-string: true 1884 scheme: 1885 description: Scheme to use for connecting 1886 to the host. Defaults to HTTP. 1887 type: string 1888 required: 1889 - port 1890 type: object 1891 initialDelaySeconds: 1892 description: 'Number of seconds after the 1893 container has started before liveness probes 1894 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1895 format: int32 1896 type: integer 1897 periodSeconds: 1898 description: How often (in seconds) to perform 1899 the probe. Default to 10 seconds. Minimum 1900 value is 1. 1901 format: int32 1902 type: integer 1903 successThreshold: 1904 description: Minimum consecutive successes 1905 for the probe to be considered successful 1906 after having failed. Defaults to 1. Must 1907 be 1 for liveness and startup. Minimum value 1908 is 1. 1909 format: int32 1910 type: integer 1911 tcpSocket: 1912 description: TCPSocket specifies an action 1913 involving a TCP port. 1914 properties: 1915 host: 1916 description: 'Optional: Host name to connect 1917 to, defaults to the pod IP.' 1918 type: string 1919 port: 1920 anyOf: 1921 - type: integer 1922 - type: string 1923 description: Number or name of the port 1924 to access on the container. Number must 1925 be in the range 1 to 65535. Name must 1926 be an IANA_SVC_NAME. 1927 x-kubernetes-int-or-string: true 1928 required: 1929 - port 1930 type: object 1931 terminationGracePeriodSeconds: 1932 description: Optional duration in seconds 1933 the pod needs to terminate gracefully upon 1934 probe failure. The grace period is the duration 1935 in seconds after the processes running in 1936 the pod are sent a termination signal and 1937 the time when the processes are forcibly 1938 halted with a kill signal. Set this value 1939 longer than the expected cleanup time for 1940 your process. 1941 format: int64 1942 type: integer 1943 timeoutSeconds: 1944 description: 'Number of seconds after which 1945 the probe times out. Defaults to 1 second. 1946 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1947 format: int32 1948 type: integer 1949 type: object 1950 resizePolicy: 1951 description: Resources resize policy for the container. 1952 items: 1953 description: ContainerResizePolicy represents 1954 resource resize policy for the container. 1955 properties: 1956 resourceName: 1957 description: 'Name of the resource to which 1958 this resource resize policy applies. Supported 1959 values: cpu, memory.' 1960 type: string 1961 restartPolicy: 1962 description: Restart policy to apply when 1963 specified resource is resized. If not 1964 specified, it defaults to NotRequired. 1965 type: string 1966 required: 1967 - resourceName 1968 - restartPolicy 1969 type: object 1970 type: array 1971 x-kubernetes-list-type: atomic 1972 resources: 1973 description: 'Compute Resources required by this 1974 container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1975 properties: 1976 claims: 1977 description: "Claims lists the names of resources, 1978 defined in spec.resourceClaims, that are 1979 used by this container. \n This is an alpha 1980 field and requires enabling the DynamicResourceAllocation 1981 feature gate. \n This field is immutable. 1982 It can only be set for containers." 1983 items: 1984 description: ResourceClaim references one 1985 entry in PodSpec.ResourceClaims. 1986 properties: 1987 name: 1988 description: Name must match the name 1989 of one entry in pod.spec.resourceClaims 1990 of the Pod where this field is used. 1991 It makes that resource available inside 1992 a container. 1993 type: string 1994 required: 1995 - name 1996 type: object 1997 type: array 1998 x-kubernetes-list-map-keys: 1999 - name 2000 x-kubernetes-list-type: map 2001 limits: 2002 additionalProperties: 2003 anyOf: 2004 - type: integer 2005 - type: string 2006 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2007 x-kubernetes-int-or-string: true 2008 description: 'Limits describes the maximum 2009 amount of compute resources allowed. More 2010 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2011 type: object 2012 requests: 2013 additionalProperties: 2014 anyOf: 2015 - type: integer 2016 - type: string 2017 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2018 x-kubernetes-int-or-string: true 2019 description: 'Requests describes the minimum 2020 amount of compute resources required. If 2021 Requests is omitted for a container, it 2022 defaults to Limits if that is explicitly 2023 specified, otherwise to an implementation-defined 2024 value. Requests cannot exceed Limits. More 2025 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2026 type: object 2027 type: object 2028 securityContext: 2029 description: 'SecurityContext defines the security 2030 options the container should be run with. If 2031 set, the fields of SecurityContext override 2032 the equivalent fields of PodSecurityContext. 2033 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2034 properties: 2035 allowPrivilegeEscalation: 2036 description: 'AllowPrivilegeEscalation controls 2037 whether a process can gain more privileges 2038 than its parent process. This bool directly 2039 controls if the no_new_privs flag will be 2040 set on the container process. AllowPrivilegeEscalation 2041 is true always when the container is: 1) 2042 run as Privileged 2) has CAP_SYS_ADMIN Note 2043 that this field cannot be set when spec.os.name 2044 is windows.' 2045 type: boolean 2046 capabilities: 2047 description: The capabilities to add/drop 2048 when running containers. Defaults to the 2049 default set of capabilities granted by the 2050 container runtime. Note that this field 2051 cannot be set when spec.os.name is windows. 2052 properties: 2053 add: 2054 description: Added capabilities 2055 items: 2056 description: Capability represent POSIX 2057 capabilities type 2058 type: string 2059 type: array 2060 drop: 2061 description: Removed capabilities 2062 items: 2063 description: Capability represent POSIX 2064 capabilities type 2065 type: string 2066 type: array 2067 type: object 2068 privileged: 2069 description: Run container in privileged mode. 2070 Processes in privileged containers are essentially 2071 equivalent to root on the host. Defaults 2072 to false. Note that this field cannot be 2073 set when spec.os.name is windows. 2074 type: boolean 2075 procMount: 2076 description: procMount denotes the type of 2077 proc mount to use for the containers. The 2078 default is DefaultProcMount which uses the 2079 container runtime defaults for readonly 2080 paths and masked paths. This requires the 2081 ProcMountType feature flag to be enabled. 2082 Note that this field cannot be set when 2083 spec.os.name is windows. 2084 type: string 2085 readOnlyRootFilesystem: 2086 description: Whether this container has a 2087 read-only root filesystem. Default is false. 2088 Note that this field cannot be set when 2089 spec.os.name is windows. 2090 type: boolean 2091 runAsGroup: 2092 description: The GID to run the entrypoint 2093 of the container process. Uses runtime default 2094 if unset. May also be set in PodSecurityContext. If 2095 set in both SecurityContext and PodSecurityContext, 2096 the value specified in SecurityContext takes 2097 precedence. Note that this field cannot 2098 be set when spec.os.name is windows. 2099 format: int64 2100 type: integer 2101 runAsNonRoot: 2102 description: Indicates that the container 2103 must run as a non-root user. If true, the 2104 Kubelet will validate the image at runtime 2105 to ensure that it does not run as UID 0 2106 (root) and fail to start the container if 2107 it does. If unset or false, no such validation 2108 will be performed. May also be set in PodSecurityContext. 2109 type: boolean 2110 runAsUser: 2111 description: The UID to run the entrypoint 2112 of the container process. Defaults to user 2113 specified in image metadata if unspecified. 2114 May also be set in PodSecurityContext. If 2115 set in both SecurityContext and PodSecurityContext, 2116 the value specified in SecurityContext takes 2117 precedence. Note that this field cannot 2118 be set when spec.os.name is windows. 2119 format: int64 2120 type: integer 2121 seLinuxOptions: 2122 description: The SELinux context to be applied 2123 to the container. If unspecified, the container 2124 runtime will allocate a random SELinux context 2125 for each container. May also be set in 2126 PodSecurityContext. If set in both SecurityContext 2127 and PodSecurityContext, the value specified 2128 in SecurityContext takes precedence. Note 2129 that this field cannot be set when spec.os.name 2130 is windows. 2131 properties: 2132 level: 2133 description: Level is SELinux level label 2134 that applies to the container. 2135 type: string 2136 role: 2137 description: Role is a SELinux role label 2138 that applies to the container. 2139 type: string 2140 type: 2141 description: Type is a SELinux type label 2142 that applies to the container. 2143 type: string 2144 user: 2145 description: User is a SELinux user label 2146 that applies to the container. 2147 type: string 2148 type: object 2149 seccompProfile: 2150 description: The seccomp options to use by 2151 this container. If seccomp options are provided 2152 at both the pod & container level, the container 2153 options override the pod options. Note that 2154 this field cannot be set when spec.os.name 2155 is windows. 2156 properties: 2157 localhostProfile: 2158 description: localhostProfile indicates 2159 a profile defined in a file on the node 2160 should be used. The profile must be 2161 preconfigured on the node to work. Must 2162 be a descending path, relative to the 2163 kubelet's configured seccomp profile 2164 location. Must only be set if type is 2165 "Localhost". 2166 type: string 2167 type: 2168 description: "type indicates which kind 2169 of seccomp profile will be applied. 2170 Valid options are: \n Localhost - a 2171 profile defined in a file on the node 2172 should be used. RuntimeDefault - the 2173 container runtime default profile should 2174 be used. Unconfined - no profile should 2175 be applied." 2176 type: string 2177 required: 2178 - type 2179 type: object 2180 windowsOptions: 2181 description: The Windows specific settings 2182 applied to all containers. If unspecified, 2183 the options from the PodSecurityContext 2184 will be used. If set in both SecurityContext 2185 and PodSecurityContext, the value specified 2186 in SecurityContext takes precedence. Note 2187 that this field cannot be set when spec.os.name 2188 is linux. 2189 properties: 2190 gmsaCredentialSpec: 2191 description: GMSACredentialSpec is where 2192 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2193 inlines the contents of the GMSA credential 2194 spec named by the GMSACredentialSpecName 2195 field. 2196 type: string 2197 gmsaCredentialSpecName: 2198 description: GMSACredentialSpecName is 2199 the name of the GMSA credential spec 2200 to use. 2201 type: string 2202 hostProcess: 2203 description: HostProcess determines if 2204 a container should be run as a 'Host 2205 Process' container. This field is alpha-level 2206 and will only be honored by components 2207 that enable the WindowsHostProcessContainers 2208 feature flag. Setting this field without 2209 the feature flag will result in errors 2210 when validating the Pod. 2211 type: boolean 2212 runAsUserName: 2213 description: The UserName in Windows to 2214 run the entrypoint of the container 2215 process. Defaults to the user specified 2216 in image metadata if unspecified. May 2217 also be set in PodSecurityContext. If 2218 set in both SecurityContext and PodSecurityContext, 2219 the value specified in SecurityContext 2220 takes precedence. 2221 type: string 2222 type: object 2223 type: object 2224 startupProbe: 2225 description: StartupProbe indicates that the Pod 2226 has successfully initialized. If specified, 2227 no other probes are executed until this completes 2228 successfully. If this probe fails, the Pod will 2229 be restarted, just as if the livenessProbe failed. 2230 properties: 2231 exec: 2232 description: Exec specifies the action to 2233 take. 2234 properties: 2235 command: 2236 description: Command is the command line 2237 to execute inside the container, the 2238 working directory for the command is 2239 root ('/') in the container's filesystem. 2240 The command is simply exec'd, it is 2241 not run inside a shell, so traditional 2242 shell instructions ('|', etc) won't 2243 work. To use a shell, you need to explicitly 2244 call out to that shell. Exit status 2245 of 0 is treated as live/healthy and 2246 non-zero is unhealthy. 2247 items: 2248 type: string 2249 type: array 2250 type: object 2251 failureThreshold: 2252 description: Minimum consecutive failures 2253 for the probe to be considered failed after 2254 having succeeded. Defaults to 3. Minimum 2255 value is 1. 2256 format: int32 2257 type: integer 2258 grpc: 2259 description: GRPC specifies an action involving 2260 a GRPC port. 2261 properties: 2262 port: 2263 description: Port number of the gRPC service. 2264 Number must be in the range 1 to 65535. 2265 format: int32 2266 type: integer 2267 service: 2268 description: "Service is the name of the 2269 service to place in the gRPC HealthCheckRequest 2270 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2271 \n If this is not specified, the default 2272 behavior is defined by gRPC." 2273 type: string 2274 required: 2275 - port 2276 type: object 2277 httpGet: 2278 description: HTTPGet specifies the http request 2279 to perform. 2280 properties: 2281 host: 2282 description: Host name to connect to, 2283 defaults to the pod IP. You probably 2284 want to set "Host" in httpHeaders instead. 2285 type: string 2286 httpHeaders: 2287 description: Custom headers to set in 2288 the request. HTTP allows repeated headers. 2289 items: 2290 description: HTTPHeader describes a 2291 custom header to be used in HTTP probes 2292 properties: 2293 name: 2294 description: The header field name. 2295 This will be canonicalized upon 2296 output, so case-variant names 2297 will be understood as the same 2298 header. 2299 type: string 2300 value: 2301 description: The header field value 2302 type: string 2303 required: 2304 - name 2305 - value 2306 type: object 2307 type: array 2308 path: 2309 description: Path to access on the HTTP 2310 server. 2311 type: string 2312 port: 2313 anyOf: 2314 - type: integer 2315 - type: string 2316 description: Name or number of the port 2317 to access on the container. Number must 2318 be in the range 1 to 65535. Name must 2319 be an IANA_SVC_NAME. 2320 x-kubernetes-int-or-string: true 2321 scheme: 2322 description: Scheme to use for connecting 2323 to the host. Defaults to HTTP. 2324 type: string 2325 required: 2326 - port 2327 type: object 2328 initialDelaySeconds: 2329 description: 'Number of seconds after the 2330 container has started before liveness probes 2331 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2332 format: int32 2333 type: integer 2334 periodSeconds: 2335 description: How often (in seconds) to perform 2336 the probe. Default to 10 seconds. Minimum 2337 value is 1. 2338 format: int32 2339 type: integer 2340 successThreshold: 2341 description: Minimum consecutive successes 2342 for the probe to be considered successful 2343 after having failed. Defaults to 1. Must 2344 be 1 for liveness and startup. Minimum value 2345 is 1. 2346 format: int32 2347 type: integer 2348 tcpSocket: 2349 description: TCPSocket specifies an action 2350 involving a TCP port. 2351 properties: 2352 host: 2353 description: 'Optional: Host name to connect 2354 to, defaults to the pod IP.' 2355 type: string 2356 port: 2357 anyOf: 2358 - type: integer 2359 - type: string 2360 description: Number or name of the port 2361 to access on the container. Number must 2362 be in the range 1 to 65535. Name must 2363 be an IANA_SVC_NAME. 2364 x-kubernetes-int-or-string: true 2365 required: 2366 - port 2367 type: object 2368 terminationGracePeriodSeconds: 2369 description: Optional duration in seconds 2370 the pod needs to terminate gracefully upon 2371 probe failure. The grace period is the duration 2372 in seconds after the processes running in 2373 the pod are sent a termination signal and 2374 the time when the processes are forcibly 2375 halted with a kill signal. Set this value 2376 longer than the expected cleanup time for 2377 your process. 2378 format: int64 2379 type: integer 2380 timeoutSeconds: 2381 description: 'Number of seconds after which 2382 the probe times out. Defaults to 1 second. 2383 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2384 format: int32 2385 type: integer 2386 type: object 2387 stdin: 2388 description: Whether this container should allocate 2389 a buffer for stdin in the container runtime. 2390 If this is not set, reads from stdin in the 2391 container will always result in EOF. Default 2392 is false. 2393 type: boolean 2394 stdinOnce: 2395 description: Whether the container runtime should 2396 close the stdin channel after it has been opened 2397 by a single attach. When stdin is true the stdin 2398 stream will remain open across multiple attach 2399 sessions. 2400 type: boolean 2401 terminationMessagePath: 2402 description: 'Optional: Path at which the file 2403 to which the container''s termination message 2404 will be written is mounted into the container''s 2405 filesystem. Message written is intended to be 2406 brief final status, such as an assertion failure 2407 message. Will be truncated by the node if greater 2408 than 4096 bytes. The total message length across 2409 all containers will be limited to 12kb. Defaults 2410 to /dev/termination-log.' 2411 type: string 2412 terminationMessagePolicy: 2413 description: Indicate how the termination message 2414 should be populated. File will use the contents 2415 of terminationMessagePath to populate the container 2416 status message on both success and failure. 2417 FallbackToLogsOnError will use the last chunk 2418 of container log output if the termination message 2419 file is empty and the container exited with 2420 an error. 2421 type: string 2422 tty: 2423 description: Whether this container should allocate 2424 a TTY for itself, also requires 'stdin' to be 2425 true. Default is false. 2426 type: boolean 2427 volumeDevices: 2428 description: volumeDevices is the list of block 2429 devices to be used by the container. 2430 items: 2431 description: volumeDevice describes a mapping 2432 of a raw block device within a container. 2433 properties: 2434 devicePath: 2435 description: devicePath is the path inside 2436 of the container that the device will 2437 be mapped to. 2438 type: string 2439 name: 2440 description: name must match the name of 2441 a persistentVolumeClaim in the pod 2442 type: string 2443 required: 2444 - devicePath 2445 - name 2446 type: object 2447 type: array 2448 volumeMounts: 2449 description: Pod volumes to mount into the container's 2450 filesystem. Cannot be updated. 2451 items: 2452 description: VolumeMount describes a mounting 2453 of a Volume within a container. 2454 properties: 2455 mountPath: 2456 description: Path within the container at 2457 which the volume should be mounted. Must 2458 not contain ':'. 2459 type: string 2460 mountPropagation: 2461 description: mountPropagation determines 2462 how mounts are propagated from the host 2463 to container and the other way around. 2464 When not set, MountPropagationNone is 2465 used. This field is beta in 1.10. 2466 type: string 2467 name: 2468 description: This must match the Name of 2469 a Volume. 2470 type: string 2471 readOnly: 2472 description: Mounted read-only if true, 2473 read-write otherwise (false or unspecified). 2474 Defaults to false. 2475 type: boolean 2476 subPath: 2477 description: Path within the volume from 2478 which the container's volume should be 2479 mounted. Defaults to "" (volume's root). 2480 type: string 2481 subPathExpr: 2482 description: Expanded path within the volume 2483 from which the container's volume should 2484 be mounted. Behaves similarly to SubPath 2485 but environment variable references $(VAR_NAME) 2486 are expanded using the container's environment. 2487 Defaults to "" (volume's root). SubPathExpr 2488 and SubPath are mutually exclusive. 2489 type: string 2490 required: 2491 - mountPath 2492 - name 2493 type: object 2494 type: array 2495 workingDir: 2496 description: Container's working directory. If 2497 not specified, the container runtime's default 2498 will be used, which might be configured in the 2499 container image. Cannot be updated. 2500 type: string 2501 required: 2502 - name 2503 type: object 2504 type: array 2505 dnsConfig: 2506 description: Specifies the DNS parameters of a pod. 2507 Parameters specified here will be merged to the generated 2508 DNS configuration based on DNSPolicy. 2509 properties: 2510 nameservers: 2511 description: A list of DNS name server IP addresses. 2512 This will be appended to the base nameservers 2513 generated from DNSPolicy. Duplicated nameservers 2514 will be removed. 2515 items: 2516 type: string 2517 type: array 2518 options: 2519 description: A list of DNS resolver options. This 2520 will be merged with the base options generated 2521 from DNSPolicy. Duplicated entries will be removed. 2522 Resolution options given in Options will override 2523 those that appear in the base DNSPolicy. 2524 items: 2525 description: PodDNSConfigOption defines DNS resolver 2526 options of a pod. 2527 properties: 2528 name: 2529 description: Required. 2530 type: string 2531 value: 2532 type: string 2533 type: object 2534 type: array 2535 searches: 2536 description: A list of DNS search domains for host-name 2537 lookup. This will be appended to the base search 2538 paths generated from DNSPolicy. Duplicated search 2539 paths will be removed. 2540 items: 2541 type: string 2542 type: array 2543 type: object 2544 dnsPolicy: 2545 description: Set DNS policy for the pod. Defaults to 2546 "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 2547 'ClusterFirst', 'Default' or 'None'. DNS parameters 2548 given in DNSConfig will be merged with the policy 2549 selected with DNSPolicy. To have DNS options set along 2550 with hostNetwork, you have to specify DNS policy explicitly 2551 to 'ClusterFirstWithHostNet'. 2552 type: string 2553 enableServiceLinks: 2554 description: 'EnableServiceLinks indicates whether information 2555 about services should be injected into pod''s environment 2556 variables, matching the syntax of Docker links. Optional: 2557 Defaults to true.' 2558 type: boolean 2559 ephemeralContainers: 2560 description: List of ephemeral containers run in this 2561 pod. Ephemeral containers may be run in an existing 2562 pod to perform user-initiated actions such as debugging. 2563 This list cannot be specified when creating a pod, 2564 and it cannot be modified by updating the pod spec. 2565 In order to add an ephemeral container to an existing 2566 pod, use the pod's ephemeralcontainers subresource. 2567 items: 2568 description: An EphemeralContainer is a temporary 2569 container that you may add to an existing Pod for 2570 user-initiated activities such as debugging. Ephemeral 2571 containers have no resource or scheduling guarantees, 2572 and they will not be restarted when they exit or 2573 when a Pod is removed or restarted. The kubelet 2574 may evict a Pod if an ephemeral container causes 2575 the Pod to exceed its resource allocation. 2576 properties: 2577 args: 2578 description: 'Arguments to the entrypoint. The 2579 image''s CMD is used if this is not provided. 2580 Variable references $(VAR_NAME) are expanded 2581 using the container''s environment. If a variable 2582 cannot be resolved, the reference in the input 2583 string will be unchanged. Double $$ are reduced 2584 to a single $, which allows for escaping the 2585 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 2586 produce the string literal "$(VAR_NAME)".' 2587 items: 2588 type: string 2589 type: array 2590 command: 2591 description: 'Entrypoint array. Not executed within 2592 a shell. The image''s ENTRYPOINT is used if 2593 this is not provided. Variable references $(VAR_NAME) 2594 are expanded using the container''s environment. 2595 If a variable cannot be resolved, the reference 2596 in the input string will be unchanged. Double 2597 $$ are reduced to a single $, which allows for 2598 escaping the $(VAR_NAME) syntax: i.e.' 2599 items: 2600 type: string 2601 type: array 2602 env: 2603 description: List of environment variables to 2604 set in the container. Cannot be updated. 2605 items: 2606 description: EnvVar represents an environment 2607 variable present in a Container. 2608 properties: 2609 name: 2610 description: Name of the environment variable. 2611 Must be a C_IDENTIFIER. 2612 type: string 2613 value: 2614 description: 'Variable references $(VAR_NAME) 2615 are expanded using the previously defined 2616 environment variables in the container 2617 and any service environment variables. 2618 If a variable cannot be resolved, the 2619 reference in the input string will be 2620 unchanged. Double $$ are reduced to a 2621 single $, which allows for escaping the 2622 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 2623 will produce the string literal "$(VAR_NAME)".' 2624 type: string 2625 valueFrom: 2626 description: Source for the environment 2627 variable's value. Cannot be used if value 2628 is not empty. 2629 properties: 2630 configMapKeyRef: 2631 description: Selects a key of a ConfigMap. 2632 properties: 2633 key: 2634 description: The key to select. 2635 type: string 2636 name: 2637 description: 'Name of the referent. 2638 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2639 TODO: Add other useful fields. 2640 apiVersion, kind, uid?' 2641 type: string 2642 optional: 2643 description: Specify whether the 2644 ConfigMap or its key must be defined 2645 type: boolean 2646 required: 2647 - key 2648 type: object 2649 x-kubernetes-map-type: atomic 2650 fieldRef: 2651 description: 'Selects a field of the 2652 pod: supports metadata.name, metadata.namespace, 2653 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 2654 spec.nodeName, spec.serviceAccountName, 2655 status.hostIP, status.podIP, status.podIPs.' 2656 properties: 2657 apiVersion: 2658 description: Version of the schema 2659 the FieldPath is written in terms 2660 of, defaults to "v1". 2661 type: string 2662 fieldPath: 2663 description: Path of the field to 2664 select in the specified API version. 2665 type: string 2666 required: 2667 - fieldPath 2668 type: object 2669 x-kubernetes-map-type: atomic 2670 resourceFieldRef: 2671 description: 'Selects a resource of 2672 the container: only resources limits 2673 and requests (limits.cpu, limits.memory, 2674 limits.ephemeral-storage, requests.cpu, 2675 requests.memory and requests.ephemeral-storage) 2676 are currently supported.' 2677 properties: 2678 containerName: 2679 description: 'Container name: required 2680 for volumes, optional for env 2681 vars' 2682 type: string 2683 divisor: 2684 anyOf: 2685 - type: integer 2686 - type: string 2687 description: Specifies the output 2688 format of the exposed resources, 2689 defaults to "1" 2690 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2691 x-kubernetes-int-or-string: true 2692 resource: 2693 description: 'Required: resource 2694 to select' 2695 type: string 2696 required: 2697 - resource 2698 type: object 2699 x-kubernetes-map-type: atomic 2700 secretKeyRef: 2701 description: Selects a key of a secret 2702 in the pod's namespace 2703 properties: 2704 key: 2705 description: The key of the secret 2706 to select from. Must be a valid 2707 secret key. 2708 type: string 2709 name: 2710 description: 'Name of the referent. 2711 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2712 TODO: Add other useful fields. 2713 apiVersion, kind, uid?' 2714 type: string 2715 optional: 2716 description: Specify whether the 2717 Secret or its key must be defined 2718 type: boolean 2719 required: 2720 - key 2721 type: object 2722 x-kubernetes-map-type: atomic 2723 type: object 2724 required: 2725 - name 2726 type: object 2727 type: array 2728 envFrom: 2729 description: List of sources to populate environment 2730 variables in the container. The keys defined 2731 within a source must be a C_IDENTIFIER. All 2732 invalid keys will be reported as an event when 2733 the container is starting. When a key exists 2734 in multiple sources, the value associated with 2735 the last source will take precedence. Values 2736 defined by an Env with a duplicate key will 2737 take precedence. Cannot be updated. 2738 items: 2739 description: EnvFromSource represents the source 2740 of a set of ConfigMaps 2741 properties: 2742 configMapRef: 2743 description: The ConfigMap to select from 2744 properties: 2745 name: 2746 description: 'Name of the referent. 2747 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2748 TODO: Add other useful fields. apiVersion, 2749 kind, uid?' 2750 type: string 2751 optional: 2752 description: Specify whether the ConfigMap 2753 must be defined 2754 type: boolean 2755 type: object 2756 x-kubernetes-map-type: atomic 2757 prefix: 2758 description: An optional identifier to prepend 2759 to each key in the ConfigMap. Must be 2760 a C_IDENTIFIER. 2761 type: string 2762 secretRef: 2763 description: The Secret to select from 2764 properties: 2765 name: 2766 description: 'Name of the referent. 2767 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2768 TODO: Add other useful fields. apiVersion, 2769 kind, uid?' 2770 type: string 2771 optional: 2772 description: Specify whether the Secret 2773 must be defined 2774 type: boolean 2775 type: object 2776 x-kubernetes-map-type: atomic 2777 type: object 2778 type: array 2779 image: 2780 description: 'Container image name. More info: 2781 https://kubernetes.io/docs/concepts/containers/images' 2782 type: string 2783 imagePullPolicy: 2784 description: 'Image pull policy. One of Always, 2785 Never, IfNotPresent. Defaults to Always if :latest 2786 tag is specified, or IfNotPresent otherwise. 2787 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2788 type: string 2789 lifecycle: 2790 description: Lifecycle is not allowed for ephemeral 2791 containers. 2792 properties: 2793 postStart: 2794 description: 'PostStart is called immediately 2795 after a container is created. If the handler 2796 fails, the container is terminated and restarted 2797 according to its restart policy. Other management 2798 of the container blocks until the hook completes. 2799 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2800 properties: 2801 exec: 2802 description: Exec specifies the action 2803 to take. 2804 properties: 2805 command: 2806 description: Command is the command 2807 line to execute inside the container, 2808 the working directory for the command is 2809 root ('/') in the container's filesystem. 2810 The command is simply exec'd, it 2811 is not run inside a shell, so traditional 2812 shell instructions ('|', etc) won't 2813 work. To use a shell, you need to 2814 explicitly call out to that shell. 2815 Exit status of 0 is treated as live/healthy 2816 and non-zero is unhealthy. 2817 items: 2818 type: string 2819 type: array 2820 type: object 2821 httpGet: 2822 description: HTTPGet specifies the http 2823 request to perform. 2824 properties: 2825 host: 2826 description: Host name to connect 2827 to, defaults to the pod IP. You 2828 probably want to set "Host" in httpHeaders 2829 instead. 2830 type: string 2831 httpHeaders: 2832 description: Custom headers to set 2833 in the request. HTTP allows repeated 2834 headers. 2835 items: 2836 description: HTTPHeader describes 2837 a custom header to be used in 2838 HTTP probes 2839 properties: 2840 name: 2841 description: The header field 2842 name. This will be canonicalized 2843 upon output, so case-variant 2844 names will be understood as 2845 the same header. 2846 type: string 2847 value: 2848 description: The header field 2849 value 2850 type: string 2851 required: 2852 - name 2853 - value 2854 type: object 2855 type: array 2856 path: 2857 description: Path to access on the 2858 HTTP server. 2859 type: string 2860 port: 2861 anyOf: 2862 - type: integer 2863 - type: string 2864 description: Name or number of the 2865 port to access on the container. 2866 Number must be in the range 1 to 2867 65535. Name must be an IANA_SVC_NAME. 2868 x-kubernetes-int-or-string: true 2869 scheme: 2870 description: Scheme to use for connecting 2871 to the host. Defaults to HTTP. 2872 type: string 2873 required: 2874 - port 2875 type: object 2876 tcpSocket: 2877 description: Deprecated. TCPSocket is 2878 NOT supported as a LifecycleHandler 2879 and kept for the backward compatibility. 2880 There are no validation of this field 2881 and lifecycle hooks will fail in runtime 2882 when tcp handler is specified. 2883 properties: 2884 host: 2885 description: 'Optional: Host name 2886 to connect to, defaults to the pod 2887 IP.' 2888 type: string 2889 port: 2890 anyOf: 2891 - type: integer 2892 - type: string 2893 description: Number or name of the 2894 port to access on the container. 2895 Number must be in the range 1 to 2896 65535. Name must be an IANA_SVC_NAME. 2897 x-kubernetes-int-or-string: true 2898 required: 2899 - port 2900 type: object 2901 type: object 2902 preStop: 2903 description: PreStop is called immediately 2904 before a container is terminated due to 2905 an API request or management event such 2906 as liveness/startup probe failure, preemption, 2907 resource contention, etc. The handler is 2908 not called if the container crashes or exits. 2909 The Pod's termination grace period countdown 2910 begins before the PreStop hook is executed. 2911 properties: 2912 exec: 2913 description: Exec specifies the action 2914 to take. 2915 properties: 2916 command: 2917 description: Command is the command 2918 line to execute inside the container, 2919 the working directory for the command is 2920 root ('/') in the container's filesystem. 2921 The command is simply exec'd, it 2922 is not run inside a shell, so traditional 2923 shell instructions ('|', etc) won't 2924 work. To use a shell, you need to 2925 explicitly call out to that shell. 2926 Exit status of 0 is treated as live/healthy 2927 and non-zero is unhealthy. 2928 items: 2929 type: string 2930 type: array 2931 type: object 2932 httpGet: 2933 description: HTTPGet specifies the http 2934 request to perform. 2935 properties: 2936 host: 2937 description: Host name to connect 2938 to, defaults to the pod IP. You 2939 probably want to set "Host" in httpHeaders 2940 instead. 2941 type: string 2942 httpHeaders: 2943 description: Custom headers to set 2944 in the request. HTTP allows repeated 2945 headers. 2946 items: 2947 description: HTTPHeader describes 2948 a custom header to be used in 2949 HTTP probes 2950 properties: 2951 name: 2952 description: The header field 2953 name. This will be canonicalized 2954 upon output, so case-variant 2955 names will be understood as 2956 the same header. 2957 type: string 2958 value: 2959 description: The header field 2960 value 2961 type: string 2962 required: 2963 - name 2964 - value 2965 type: object 2966 type: array 2967 path: 2968 description: Path to access on the 2969 HTTP server. 2970 type: string 2971 port: 2972 anyOf: 2973 - type: integer 2974 - type: string 2975 description: Name or number of the 2976 port to access on the container. 2977 Number must be in the range 1 to 2978 65535. Name must be an IANA_SVC_NAME. 2979 x-kubernetes-int-or-string: true 2980 scheme: 2981 description: Scheme to use for connecting 2982 to the host. Defaults to HTTP. 2983 type: string 2984 required: 2985 - port 2986 type: object 2987 tcpSocket: 2988 description: Deprecated. TCPSocket is 2989 NOT supported as a LifecycleHandler 2990 and kept for the backward compatibility. 2991 There are no validation of this field 2992 and lifecycle hooks will fail in runtime 2993 when tcp handler is specified. 2994 properties: 2995 host: 2996 description: 'Optional: Host name 2997 to connect to, defaults to the pod 2998 IP.' 2999 type: string 3000 port: 3001 anyOf: 3002 - type: integer 3003 - type: string 3004 description: Number or name of the 3005 port to access on the container. 3006 Number must be in the range 1 to 3007 65535. Name must be an IANA_SVC_NAME. 3008 x-kubernetes-int-or-string: true 3009 required: 3010 - port 3011 type: object 3012 type: object 3013 type: object 3014 livenessProbe: 3015 description: Probes are not allowed for ephemeral 3016 containers. 3017 properties: 3018 exec: 3019 description: Exec specifies the action to 3020 take. 3021 properties: 3022 command: 3023 description: Command is the command line 3024 to execute inside the container, the 3025 working directory for the command is 3026 root ('/') in the container's filesystem. 3027 The command is simply exec'd, it is 3028 not run inside a shell, so traditional 3029 shell instructions ('|', etc) won't 3030 work. To use a shell, you need to explicitly 3031 call out to that shell. Exit status 3032 of 0 is treated as live/healthy and 3033 non-zero is unhealthy. 3034 items: 3035 type: string 3036 type: array 3037 type: object 3038 failureThreshold: 3039 description: Minimum consecutive failures 3040 for the probe to be considered failed after 3041 having succeeded. Defaults to 3. Minimum 3042 value is 1. 3043 format: int32 3044 type: integer 3045 grpc: 3046 description: GRPC specifies an action involving 3047 a GRPC port. 3048 properties: 3049 port: 3050 description: Port number of the gRPC service. 3051 Number must be in the range 1 to 65535. 3052 format: int32 3053 type: integer 3054 service: 3055 description: "Service is the name of the 3056 service to place in the gRPC HealthCheckRequest 3057 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3058 \n If this is not specified, the default 3059 behavior is defined by gRPC." 3060 type: string 3061 required: 3062 - port 3063 type: object 3064 httpGet: 3065 description: HTTPGet specifies the http request 3066 to perform. 3067 properties: 3068 host: 3069 description: Host name to connect to, 3070 defaults to the pod IP. You probably 3071 want to set "Host" in httpHeaders instead. 3072 type: string 3073 httpHeaders: 3074 description: Custom headers to set in 3075 the request. HTTP allows repeated headers. 3076 items: 3077 description: HTTPHeader describes a 3078 custom header to be used in HTTP probes 3079 properties: 3080 name: 3081 description: The header field name. 3082 This will be canonicalized upon 3083 output, so case-variant names 3084 will be understood as the same 3085 header. 3086 type: string 3087 value: 3088 description: The header field value 3089 type: string 3090 required: 3091 - name 3092 - value 3093 type: object 3094 type: array 3095 path: 3096 description: Path to access on the HTTP 3097 server. 3098 type: string 3099 port: 3100 anyOf: 3101 - type: integer 3102 - type: string 3103 description: Name or number of the port 3104 to access on the container. Number must 3105 be in the range 1 to 65535. Name must 3106 be an IANA_SVC_NAME. 3107 x-kubernetes-int-or-string: true 3108 scheme: 3109 description: Scheme to use for connecting 3110 to the host. Defaults to HTTP. 3111 type: string 3112 required: 3113 - port 3114 type: object 3115 initialDelaySeconds: 3116 description: 'Number of seconds after the 3117 container has started before liveness probes 3118 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3119 format: int32 3120 type: integer 3121 periodSeconds: 3122 description: How often (in seconds) to perform 3123 the probe. Default to 10 seconds. Minimum 3124 value is 1. 3125 format: int32 3126 type: integer 3127 successThreshold: 3128 description: Minimum consecutive successes 3129 for the probe to be considered successful 3130 after having failed. Defaults to 1. Must 3131 be 1 for liveness and startup. Minimum value 3132 is 1. 3133 format: int32 3134 type: integer 3135 tcpSocket: 3136 description: TCPSocket specifies an action 3137 involving a TCP port. 3138 properties: 3139 host: 3140 description: 'Optional: Host name to connect 3141 to, defaults to the pod IP.' 3142 type: string 3143 port: 3144 anyOf: 3145 - type: integer 3146 - type: string 3147 description: Number or name of the port 3148 to access on the container. Number must 3149 be in the range 1 to 65535. Name must 3150 be an IANA_SVC_NAME. 3151 x-kubernetes-int-or-string: true 3152 required: 3153 - port 3154 type: object 3155 terminationGracePeriodSeconds: 3156 description: Optional duration in seconds 3157 the pod needs to terminate gracefully upon 3158 probe failure. The grace period is the duration 3159 in seconds after the processes running in 3160 the pod are sent a termination signal and 3161 the time when the processes are forcibly 3162 halted with a kill signal. Set this value 3163 longer than the expected cleanup time for 3164 your process. 3165 format: int64 3166 type: integer 3167 timeoutSeconds: 3168 description: 'Number of seconds after which 3169 the probe times out. Defaults to 1 second. 3170 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3171 format: int32 3172 type: integer 3173 type: object 3174 name: 3175 description: Name of the ephemeral container specified 3176 as a DNS_LABEL. This name must be unique among 3177 all containers, init containers and ephemeral 3178 containers. 3179 type: string 3180 ports: 3181 description: Ports are not allowed for ephemeral 3182 containers. 3183 items: 3184 description: ContainerPort represents a network 3185 port in a single container. 3186 properties: 3187 containerPort: 3188 description: Number of port to expose on 3189 the pod's IP address. This must be a valid 3190 port number, 0 < x < 65536. 3191 format: int32 3192 type: integer 3193 hostIP: 3194 description: What host IP to bind the external 3195 port to. 3196 type: string 3197 hostPort: 3198 description: Number of port to expose on 3199 the host. If specified, this must be a 3200 valid port number, 0 < x < 65536. If HostNetwork 3201 is specified, this must match ContainerPort. 3202 Most containers do not need this. 3203 format: int32 3204 type: integer 3205 name: 3206 description: If specified, this must be 3207 an IANA_SVC_NAME and unique within the 3208 pod. Each named port in a pod must have 3209 a unique name. Name for the port that 3210 can be referred to by services. 3211 type: string 3212 protocol: 3213 default: TCP 3214 description: Protocol for port. Must be 3215 UDP, TCP, or SCTP. Defaults to "TCP". 3216 type: string 3217 required: 3218 - containerPort 3219 type: object 3220 type: array 3221 x-kubernetes-list-map-keys: 3222 - containerPort 3223 - protocol 3224 x-kubernetes-list-type: map 3225 readinessProbe: 3226 description: Probes are not allowed for ephemeral 3227 containers. 3228 properties: 3229 exec: 3230 description: Exec specifies the action to 3231 take. 3232 properties: 3233 command: 3234 description: Command is the command line 3235 to execute inside the container, the 3236 working directory for the command is 3237 root ('/') in the container's filesystem. 3238 The command is simply exec'd, it is 3239 not run inside a shell, so traditional 3240 shell instructions ('|', etc) won't 3241 work. To use a shell, you need to explicitly 3242 call out to that shell. Exit status 3243 of 0 is treated as live/healthy and 3244 non-zero is unhealthy. 3245 items: 3246 type: string 3247 type: array 3248 type: object 3249 failureThreshold: 3250 description: Minimum consecutive failures 3251 for the probe to be considered failed after 3252 having succeeded. Defaults to 3. Minimum 3253 value is 1. 3254 format: int32 3255 type: integer 3256 grpc: 3257 description: GRPC specifies an action involving 3258 a GRPC port. 3259 properties: 3260 port: 3261 description: Port number of the gRPC service. 3262 Number must be in the range 1 to 65535. 3263 format: int32 3264 type: integer 3265 service: 3266 description: "Service is the name of the 3267 service to place in the gRPC HealthCheckRequest 3268 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3269 \n If this is not specified, the default 3270 behavior is defined by gRPC." 3271 type: string 3272 required: 3273 - port 3274 type: object 3275 httpGet: 3276 description: HTTPGet specifies the http request 3277 to perform. 3278 properties: 3279 host: 3280 description: Host name to connect to, 3281 defaults to the pod IP. You probably 3282 want to set "Host" in httpHeaders instead. 3283 type: string 3284 httpHeaders: 3285 description: Custom headers to set in 3286 the request. HTTP allows repeated headers. 3287 items: 3288 description: HTTPHeader describes a 3289 custom header to be used in HTTP probes 3290 properties: 3291 name: 3292 description: The header field name. 3293 This will be canonicalized upon 3294 output, so case-variant names 3295 will be understood as the same 3296 header. 3297 type: string 3298 value: 3299 description: The header field value 3300 type: string 3301 required: 3302 - name 3303 - value 3304 type: object 3305 type: array 3306 path: 3307 description: Path to access on the HTTP 3308 server. 3309 type: string 3310 port: 3311 anyOf: 3312 - type: integer 3313 - type: string 3314 description: Name or number of the port 3315 to access on the container. Number must 3316 be in the range 1 to 65535. Name must 3317 be an IANA_SVC_NAME. 3318 x-kubernetes-int-or-string: true 3319 scheme: 3320 description: Scheme to use for connecting 3321 to the host. Defaults to HTTP. 3322 type: string 3323 required: 3324 - port 3325 type: object 3326 initialDelaySeconds: 3327 description: 'Number of seconds after the 3328 container has started before liveness probes 3329 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3330 format: int32 3331 type: integer 3332 periodSeconds: 3333 description: How often (in seconds) to perform 3334 the probe. Default to 10 seconds. Minimum 3335 value is 1. 3336 format: int32 3337 type: integer 3338 successThreshold: 3339 description: Minimum consecutive successes 3340 for the probe to be considered successful 3341 after having failed. Defaults to 1. Must 3342 be 1 for liveness and startup. Minimum value 3343 is 1. 3344 format: int32 3345 type: integer 3346 tcpSocket: 3347 description: TCPSocket specifies an action 3348 involving a TCP port. 3349 properties: 3350 host: 3351 description: 'Optional: Host name to connect 3352 to, defaults to the pod IP.' 3353 type: string 3354 port: 3355 anyOf: 3356 - type: integer 3357 - type: string 3358 description: Number or name of the port 3359 to access on the container. Number must 3360 be in the range 1 to 65535. Name must 3361 be an IANA_SVC_NAME. 3362 x-kubernetes-int-or-string: true 3363 required: 3364 - port 3365 type: object 3366 terminationGracePeriodSeconds: 3367 description: Optional duration in seconds 3368 the pod needs to terminate gracefully upon 3369 probe failure. The grace period is the duration 3370 in seconds after the processes running in 3371 the pod are sent a termination signal and 3372 the time when the processes are forcibly 3373 halted with a kill signal. Set this value 3374 longer than the expected cleanup time for 3375 your process. 3376 format: int64 3377 type: integer 3378 timeoutSeconds: 3379 description: 'Number of seconds after which 3380 the probe times out. Defaults to 1 second. 3381 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3382 format: int32 3383 type: integer 3384 type: object 3385 resizePolicy: 3386 description: Resources resize policy for the container. 3387 items: 3388 description: ContainerResizePolicy represents 3389 resource resize policy for the container. 3390 properties: 3391 resourceName: 3392 description: 'Name of the resource to which 3393 this resource resize policy applies. Supported 3394 values: cpu, memory.' 3395 type: string 3396 restartPolicy: 3397 description: Restart policy to apply when 3398 specified resource is resized. If not 3399 specified, it defaults to NotRequired. 3400 type: string 3401 required: 3402 - resourceName 3403 - restartPolicy 3404 type: object 3405 type: array 3406 x-kubernetes-list-type: atomic 3407 resources: 3408 description: Resources are not allowed for ephemeral 3409 containers. Ephemeral containers use spare resources 3410 already allocated to the pod. 3411 properties: 3412 claims: 3413 description: "Claims lists the names of resources, 3414 defined in spec.resourceClaims, that are 3415 used by this container. \n This is an alpha 3416 field and requires enabling the DynamicResourceAllocation 3417 feature gate. \n This field is immutable. 3418 It can only be set for containers." 3419 items: 3420 description: ResourceClaim references one 3421 entry in PodSpec.ResourceClaims. 3422 properties: 3423 name: 3424 description: Name must match the name 3425 of one entry in pod.spec.resourceClaims 3426 of the Pod where this field is used. 3427 It makes that resource available inside 3428 a container. 3429 type: string 3430 required: 3431 - name 3432 type: object 3433 type: array 3434 x-kubernetes-list-map-keys: 3435 - name 3436 x-kubernetes-list-type: map 3437 limits: 3438 additionalProperties: 3439 anyOf: 3440 - type: integer 3441 - type: string 3442 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3443 x-kubernetes-int-or-string: true 3444 description: 'Limits describes the maximum 3445 amount of compute resources allowed. More 3446 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3447 type: object 3448 requests: 3449 additionalProperties: 3450 anyOf: 3451 - type: integer 3452 - type: string 3453 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3454 x-kubernetes-int-or-string: true 3455 description: 'Requests describes the minimum 3456 amount of compute resources required. If 3457 Requests is omitted for a container, it 3458 defaults to Limits if that is explicitly 3459 specified, otherwise to an implementation-defined 3460 value. Requests cannot exceed Limits. More 3461 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3462 type: object 3463 type: object 3464 securityContext: 3465 description: 'Optional: SecurityContext defines 3466 the security options the ephemeral container 3467 should be run with. If set, the fields of SecurityContext 3468 override the equivalent fields of PodSecurityContext.' 3469 properties: 3470 allowPrivilegeEscalation: 3471 description: 'AllowPrivilegeEscalation controls 3472 whether a process can gain more privileges 3473 than its parent process. This bool directly 3474 controls if the no_new_privs flag will be 3475 set on the container process. AllowPrivilegeEscalation 3476 is true always when the container is: 1) 3477 run as Privileged 2) has CAP_SYS_ADMIN Note 3478 that this field cannot be set when spec.os.name 3479 is windows.' 3480 type: boolean 3481 capabilities: 3482 description: The capabilities to add/drop 3483 when running containers. Defaults to the 3484 default set of capabilities granted by the 3485 container runtime. Note that this field 3486 cannot be set when spec.os.name is windows. 3487 properties: 3488 add: 3489 description: Added capabilities 3490 items: 3491 description: Capability represent POSIX 3492 capabilities type 3493 type: string 3494 type: array 3495 drop: 3496 description: Removed capabilities 3497 items: 3498 description: Capability represent POSIX 3499 capabilities type 3500 type: string 3501 type: array 3502 type: object 3503 privileged: 3504 description: Run container in privileged mode. 3505 Processes in privileged containers are essentially 3506 equivalent to root on the host. Defaults 3507 to false. Note that this field cannot be 3508 set when spec.os.name is windows. 3509 type: boolean 3510 procMount: 3511 description: procMount denotes the type of 3512 proc mount to use for the containers. The 3513 default is DefaultProcMount which uses the 3514 container runtime defaults for readonly 3515 paths and masked paths. This requires the 3516 ProcMountType feature flag to be enabled. 3517 Note that this field cannot be set when 3518 spec.os.name is windows. 3519 type: string 3520 readOnlyRootFilesystem: 3521 description: Whether this container has a 3522 read-only root filesystem. Default is false. 3523 Note that this field cannot be set when 3524 spec.os.name is windows. 3525 type: boolean 3526 runAsGroup: 3527 description: The GID to run the entrypoint 3528 of the container process. Uses runtime default 3529 if unset. May also be set in PodSecurityContext. If 3530 set in both SecurityContext and PodSecurityContext, 3531 the value specified in SecurityContext takes 3532 precedence. Note that this field cannot 3533 be set when spec.os.name is windows. 3534 format: int64 3535 type: integer 3536 runAsNonRoot: 3537 description: Indicates that the container 3538 must run as a non-root user. If true, the 3539 Kubelet will validate the image at runtime 3540 to ensure that it does not run as UID 0 3541 (root) and fail to start the container if 3542 it does. If unset or false, no such validation 3543 will be performed. May also be set in PodSecurityContext. 3544 type: boolean 3545 runAsUser: 3546 description: The UID to run the entrypoint 3547 of the container process. Defaults to user 3548 specified in image metadata if unspecified. 3549 May also be set in PodSecurityContext. If 3550 set in both SecurityContext and PodSecurityContext, 3551 the value specified in SecurityContext takes 3552 precedence. Note that this field cannot 3553 be set when spec.os.name is windows. 3554 format: int64 3555 type: integer 3556 seLinuxOptions: 3557 description: The SELinux context to be applied 3558 to the container. If unspecified, the container 3559 runtime will allocate a random SELinux context 3560 for each container. May also be set in 3561 PodSecurityContext. If set in both SecurityContext 3562 and PodSecurityContext, the value specified 3563 in SecurityContext takes precedence. Note 3564 that this field cannot be set when spec.os.name 3565 is windows. 3566 properties: 3567 level: 3568 description: Level is SELinux level label 3569 that applies to the container. 3570 type: string 3571 role: 3572 description: Role is a SELinux role label 3573 that applies to the container. 3574 type: string 3575 type: 3576 description: Type is a SELinux type label 3577 that applies to the container. 3578 type: string 3579 user: 3580 description: User is a SELinux user label 3581 that applies to the container. 3582 type: string 3583 type: object 3584 seccompProfile: 3585 description: The seccomp options to use by 3586 this container. If seccomp options are provided 3587 at both the pod & container level, the container 3588 options override the pod options. Note that 3589 this field cannot be set when spec.os.name 3590 is windows. 3591 properties: 3592 localhostProfile: 3593 description: localhostProfile indicates 3594 a profile defined in a file on the node 3595 should be used. The profile must be 3596 preconfigured on the node to work. Must 3597 be a descending path, relative to the 3598 kubelet's configured seccomp profile 3599 location. Must only be set if type is 3600 "Localhost". 3601 type: string 3602 type: 3603 description: "type indicates which kind 3604 of seccomp profile will be applied. 3605 Valid options are: \n Localhost - a 3606 profile defined in a file on the node 3607 should be used. RuntimeDefault - the 3608 container runtime default profile should 3609 be used. Unconfined - no profile should 3610 be applied." 3611 type: string 3612 required: 3613 - type 3614 type: object 3615 windowsOptions: 3616 description: The Windows specific settings 3617 applied to all containers. If unspecified, 3618 the options from the PodSecurityContext 3619 will be used. If set in both SecurityContext 3620 and PodSecurityContext, the value specified 3621 in SecurityContext takes precedence. Note 3622 that this field cannot be set when spec.os.name 3623 is linux. 3624 properties: 3625 gmsaCredentialSpec: 3626 description: GMSACredentialSpec is where 3627 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 3628 inlines the contents of the GMSA credential 3629 spec named by the GMSACredentialSpecName 3630 field. 3631 type: string 3632 gmsaCredentialSpecName: 3633 description: GMSACredentialSpecName is 3634 the name of the GMSA credential spec 3635 to use. 3636 type: string 3637 hostProcess: 3638 description: HostProcess determines if 3639 a container should be run as a 'Host 3640 Process' container. This field is alpha-level 3641 and will only be honored by components 3642 that enable the WindowsHostProcessContainers 3643 feature flag. Setting this field without 3644 the feature flag will result in errors 3645 when validating the Pod. 3646 type: boolean 3647 runAsUserName: 3648 description: The UserName in Windows to 3649 run the entrypoint of the container 3650 process. Defaults to the user specified 3651 in image metadata if unspecified. May 3652 also be set in PodSecurityContext. If 3653 set in both SecurityContext and PodSecurityContext, 3654 the value specified in SecurityContext 3655 takes precedence. 3656 type: string 3657 type: object 3658 type: object 3659 startupProbe: 3660 description: Probes are not allowed for ephemeral 3661 containers. 3662 properties: 3663 exec: 3664 description: Exec specifies the action to 3665 take. 3666 properties: 3667 command: 3668 description: Command is the command line 3669 to execute inside the container, the 3670 working directory for the command is 3671 root ('/') in the container's filesystem. 3672 The command is simply exec'd, it is 3673 not run inside a shell, so traditional 3674 shell instructions ('|', etc) won't 3675 work. To use a shell, you need to explicitly 3676 call out to that shell. Exit status 3677 of 0 is treated as live/healthy and 3678 non-zero is unhealthy. 3679 items: 3680 type: string 3681 type: array 3682 type: object 3683 failureThreshold: 3684 description: Minimum consecutive failures 3685 for the probe to be considered failed after 3686 having succeeded. Defaults to 3. Minimum 3687 value is 1. 3688 format: int32 3689 type: integer 3690 grpc: 3691 description: GRPC specifies an action involving 3692 a GRPC port. 3693 properties: 3694 port: 3695 description: Port number of the gRPC service. 3696 Number must be in the range 1 to 65535. 3697 format: int32 3698 type: integer 3699 service: 3700 description: "Service is the name of the 3701 service to place in the gRPC HealthCheckRequest 3702 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3703 \n If this is not specified, the default 3704 behavior is defined by gRPC." 3705 type: string 3706 required: 3707 - port 3708 type: object 3709 httpGet: 3710 description: HTTPGet specifies the http request 3711 to perform. 3712 properties: 3713 host: 3714 description: Host name to connect to, 3715 defaults to the pod IP. You probably 3716 want to set "Host" in httpHeaders instead. 3717 type: string 3718 httpHeaders: 3719 description: Custom headers to set in 3720 the request. HTTP allows repeated headers. 3721 items: 3722 description: HTTPHeader describes a 3723 custom header to be used in HTTP probes 3724 properties: 3725 name: 3726 description: The header field name. 3727 This will be canonicalized upon 3728 output, so case-variant names 3729 will be understood as the same 3730 header. 3731 type: string 3732 value: 3733 description: The header field value 3734 type: string 3735 required: 3736 - name 3737 - value 3738 type: object 3739 type: array 3740 path: 3741 description: Path to access on the HTTP 3742 server. 3743 type: string 3744 port: 3745 anyOf: 3746 - type: integer 3747 - type: string 3748 description: Name or number of the port 3749 to access on the container. Number must 3750 be in the range 1 to 65535. Name must 3751 be an IANA_SVC_NAME. 3752 x-kubernetes-int-or-string: true 3753 scheme: 3754 description: Scheme to use for connecting 3755 to the host. Defaults to HTTP. 3756 type: string 3757 required: 3758 - port 3759 type: object 3760 initialDelaySeconds: 3761 description: 'Number of seconds after the 3762 container has started before liveness probes 3763 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3764 format: int32 3765 type: integer 3766 periodSeconds: 3767 description: How often (in seconds) to perform 3768 the probe. Default to 10 seconds. Minimum 3769 value is 1. 3770 format: int32 3771 type: integer 3772 successThreshold: 3773 description: Minimum consecutive successes 3774 for the probe to be considered successful 3775 after having failed. Defaults to 1. Must 3776 be 1 for liveness and startup. Minimum value 3777 is 1. 3778 format: int32 3779 type: integer 3780 tcpSocket: 3781 description: TCPSocket specifies an action 3782 involving a TCP port. 3783 properties: 3784 host: 3785 description: 'Optional: Host name to connect 3786 to, defaults to the pod IP.' 3787 type: string 3788 port: 3789 anyOf: 3790 - type: integer 3791 - type: string 3792 description: Number or name of the port 3793 to access on the container. Number must 3794 be in the range 1 to 65535. Name must 3795 be an IANA_SVC_NAME. 3796 x-kubernetes-int-or-string: true 3797 required: 3798 - port 3799 type: object 3800 terminationGracePeriodSeconds: 3801 description: Optional duration in seconds 3802 the pod needs to terminate gracefully upon 3803 probe failure. The grace period is the duration 3804 in seconds after the processes running in 3805 the pod are sent a termination signal and 3806 the time when the processes are forcibly 3807 halted with a kill signal. Set this value 3808 longer than the expected cleanup time for 3809 your process. 3810 format: int64 3811 type: integer 3812 timeoutSeconds: 3813 description: 'Number of seconds after which 3814 the probe times out. Defaults to 1 second. 3815 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3816 format: int32 3817 type: integer 3818 type: object 3819 stdin: 3820 description: Whether this container should allocate 3821 a buffer for stdin in the container runtime. 3822 If this is not set, reads from stdin in the 3823 container will always result in EOF. Default 3824 is false. 3825 type: boolean 3826 stdinOnce: 3827 description: Whether the container runtime should 3828 close the stdin channel after it has been opened 3829 by a single attach. When stdin is true the stdin 3830 stream will remain open across multiple attach 3831 sessions. 3832 type: boolean 3833 targetContainerName: 3834 description: "If set, the name of the container 3835 from PodSpec that this ephemeral container targets. 3836 The ephemeral container will be run in the namespaces 3837 (IPC, PID, etc) of this container. If not set 3838 then the ephemeral container uses the namespaces 3839 configured in the Pod spec. \n The container 3840 runtime must implement support for this feature." 3841 type: string 3842 terminationMessagePath: 3843 description: 'Optional: Path at which the file 3844 to which the container''s termination message 3845 will be written is mounted into the container''s 3846 filesystem. Message written is intended to be 3847 brief final status, such as an assertion failure 3848 message. Will be truncated by the node if greater 3849 than 4096 bytes. The total message length across 3850 all containers will be limited to 12kb. Defaults 3851 to /dev/termination-log.' 3852 type: string 3853 terminationMessagePolicy: 3854 description: Indicate how the termination message 3855 should be populated. File will use the contents 3856 of terminationMessagePath to populate the container 3857 status message on both success and failure. 3858 FallbackToLogsOnError will use the last chunk 3859 of container log output if the termination message 3860 file is empty and the container exited with 3861 an error. 3862 type: string 3863 tty: 3864 description: Whether this container should allocate 3865 a TTY for itself, also requires 'stdin' to be 3866 true. Default is false. 3867 type: boolean 3868 volumeDevices: 3869 description: volumeDevices is the list of block 3870 devices to be used by the container. 3871 items: 3872 description: volumeDevice describes a mapping 3873 of a raw block device within a container. 3874 properties: 3875 devicePath: 3876 description: devicePath is the path inside 3877 of the container that the device will 3878 be mapped to. 3879 type: string 3880 name: 3881 description: name must match the name of 3882 a persistentVolumeClaim in the pod 3883 type: string 3884 required: 3885 - devicePath 3886 - name 3887 type: object 3888 type: array 3889 volumeMounts: 3890 description: Pod volumes to mount into the container's 3891 filesystem. Subpath mounts are not allowed for 3892 ephemeral containers. Cannot be updated. 3893 items: 3894 description: VolumeMount describes a mounting 3895 of a Volume within a container. 3896 properties: 3897 mountPath: 3898 description: Path within the container at 3899 which the volume should be mounted. Must 3900 not contain ':'. 3901 type: string 3902 mountPropagation: 3903 description: mountPropagation determines 3904 how mounts are propagated from the host 3905 to container and the other way around. 3906 When not set, MountPropagationNone is 3907 used. This field is beta in 1.10. 3908 type: string 3909 name: 3910 description: This must match the Name of 3911 a Volume. 3912 type: string 3913 readOnly: 3914 description: Mounted read-only if true, 3915 read-write otherwise (false or unspecified). 3916 Defaults to false. 3917 type: boolean 3918 subPath: 3919 description: Path within the volume from 3920 which the container's volume should be 3921 mounted. Defaults to "" (volume's root). 3922 type: string 3923 subPathExpr: 3924 description: Expanded path within the volume 3925 from which the container's volume should 3926 be mounted. Behaves similarly to SubPath 3927 but environment variable references $(VAR_NAME) 3928 are expanded using the container's environment. 3929 Defaults to "" (volume's root). SubPathExpr 3930 and SubPath are mutually exclusive. 3931 type: string 3932 required: 3933 - mountPath 3934 - name 3935 type: object 3936 type: array 3937 workingDir: 3938 description: Container's working directory. If 3939 not specified, the container runtime's default 3940 will be used, which might be configured in the 3941 container image. Cannot be updated. 3942 type: string 3943 required: 3944 - name 3945 type: object 3946 type: array 3947 hostAliases: 3948 description: HostAliases is an optional list of hosts 3949 and IPs that will be injected into the pod's hosts 3950 file if specified. This is only valid for non-hostNetwork 3951 pods. 3952 items: 3953 description: HostAlias holds the mapping between IP 3954 and hostnames that will be injected as an entry 3955 in the pod's hosts file. 3956 properties: 3957 hostnames: 3958 description: Hostnames for the above IP address. 3959 items: 3960 type: string 3961 type: array 3962 ip: 3963 description: IP address of the host file entry. 3964 type: string 3965 type: object 3966 type: array 3967 hostIPC: 3968 description: 'Use the host''s ipc namespace. Optional: 3969 Default to false.' 3970 type: boolean 3971 hostNetwork: 3972 description: Host networking requested for this pod. 3973 Use the host's network namespace. If this option is 3974 set, the ports that will be used must be specified. 3975 Default to false. 3976 type: boolean 3977 hostPID: 3978 description: 'Use the host''s pid namespace. Optional: 3979 Default to false.' 3980 type: boolean 3981 hostUsers: 3982 description: 'Use the host''s user namespace. Optional: 3983 Default to true. If set to true or not present, the 3984 pod will be run in the host user namespace, useful 3985 for when the pod needs a feature only available to 3986 the host user namespace, such as loading a kernel 3987 module with CAP_SYS_MODULE. When set to false, a new 3988 userns is created for the pod.' 3989 type: boolean 3990 hostname: 3991 description: Specifies the hostname of the Pod If not 3992 specified, the pod's hostname will be set to a system-defined 3993 value. 3994 type: string 3995 imagePullSecrets: 3996 description: 'ImagePullSecrets is an optional list of 3997 references to secrets in the same namespace to use 3998 for pulling any of the images used by this PodSpec. 3999 If specified, these secrets will be passed to individual 4000 puller implementations for them to use. More info: 4001 https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 4002 items: 4003 description: LocalObjectReference contains enough 4004 information to let you locate the referenced object 4005 inside the same namespace. 4006 properties: 4007 name: 4008 description: 'Name of the referent. More info: 4009 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4010 TODO: Add other useful fields. apiVersion, kind, 4011 uid?' 4012 type: string 4013 type: object 4014 x-kubernetes-map-type: atomic 4015 type: array 4016 initContainers: 4017 description: List of initialization containers belonging 4018 to the pod. Init containers are executed in order 4019 prior to containers being started. If any init container 4020 fails, the pod is considered to have failed and is 4021 handled according to its restartPolicy. The name for 4022 an init container or normal container must be unique 4023 among all containers. 4024 items: 4025 description: A single application container that you 4026 want to run within a pod. 4027 properties: 4028 args: 4029 description: 'Arguments to the entrypoint. The 4030 container image''s CMD is used if this is not 4031 provided. Variable references $(VAR_NAME) are 4032 expanded using the container''s environment. 4033 If a variable cannot be resolved, the reference 4034 in the input string will be unchanged. Double 4035 $$ are reduced to a single $, which allows for 4036 escaping the $(VAR_NAME) syntax: i.e.' 4037 items: 4038 type: string 4039 type: array 4040 command: 4041 description: 'Entrypoint array. Not executed within 4042 a shell. The container image''s ENTRYPOINT is 4043 used if this is not provided. Variable references 4044 $(VAR_NAME) are expanded using the container''s 4045 environment. If a variable cannot be resolved, 4046 the reference in the input string will be unchanged. 4047 Double $$ are reduced to a single $, which allows 4048 for escaping the $(VAR_NAME) syntax: i.e.' 4049 items: 4050 type: string 4051 type: array 4052 env: 4053 description: List of environment variables to 4054 set in the container. Cannot be updated. 4055 items: 4056 description: EnvVar represents an environment 4057 variable present in a Container. 4058 properties: 4059 name: 4060 description: Name of the environment variable. 4061 Must be a C_IDENTIFIER. 4062 type: string 4063 value: 4064 description: 'Variable references $(VAR_NAME) 4065 are expanded using the previously defined 4066 environment variables in the container 4067 and any service environment variables. 4068 If a variable cannot be resolved, the 4069 reference in the input string will be 4070 unchanged. Double $$ are reduced to a 4071 single $, which allows for escaping the 4072 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 4073 will produce the string literal "$(VAR_NAME)".' 4074 type: string 4075 valueFrom: 4076 description: Source for the environment 4077 variable's value. Cannot be used if value 4078 is not empty. 4079 properties: 4080 configMapKeyRef: 4081 description: Selects a key of a ConfigMap. 4082 properties: 4083 key: 4084 description: The key to select. 4085 type: string 4086 name: 4087 description: 'Name of the referent. 4088 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4089 TODO: Add other useful fields. 4090 apiVersion, kind, uid?' 4091 type: string 4092 optional: 4093 description: Specify whether the 4094 ConfigMap or its key must be defined 4095 type: boolean 4096 required: 4097 - key 4098 type: object 4099 x-kubernetes-map-type: atomic 4100 fieldRef: 4101 description: 'Selects a field of the 4102 pod: supports metadata.name, metadata.namespace, 4103 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 4104 spec.nodeName, spec.serviceAccountName, 4105 status.hostIP, status.podIP, status.podIPs.' 4106 properties: 4107 apiVersion: 4108 description: Version of the schema 4109 the FieldPath is written in terms 4110 of, defaults to "v1". 4111 type: string 4112 fieldPath: 4113 description: Path of the field to 4114 select in the specified API version. 4115 type: string 4116 required: 4117 - fieldPath 4118 type: object 4119 x-kubernetes-map-type: atomic 4120 resourceFieldRef: 4121 description: 'Selects a resource of 4122 the container: only resources limits 4123 and requests (limits.cpu, limits.memory, 4124 limits.ephemeral-storage, requests.cpu, 4125 requests.memory and requests.ephemeral-storage) 4126 are currently supported.' 4127 properties: 4128 containerName: 4129 description: 'Container name: required 4130 for volumes, optional for env 4131 vars' 4132 type: string 4133 divisor: 4134 anyOf: 4135 - type: integer 4136 - type: string 4137 description: Specifies the output 4138 format of the exposed resources, 4139 defaults to "1" 4140 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4141 x-kubernetes-int-or-string: true 4142 resource: 4143 description: 'Required: resource 4144 to select' 4145 type: string 4146 required: 4147 - resource 4148 type: object 4149 x-kubernetes-map-type: atomic 4150 secretKeyRef: 4151 description: Selects a key of a secret 4152 in the pod's namespace 4153 properties: 4154 key: 4155 description: The key of the secret 4156 to select from. Must be a valid 4157 secret key. 4158 type: string 4159 name: 4160 description: 'Name of the referent. 4161 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4162 TODO: Add other useful fields. 4163 apiVersion, kind, uid?' 4164 type: string 4165 optional: 4166 description: Specify whether the 4167 Secret or its key must be defined 4168 type: boolean 4169 required: 4170 - key 4171 type: object 4172 x-kubernetes-map-type: atomic 4173 type: object 4174 required: 4175 - name 4176 type: object 4177 type: array 4178 envFrom: 4179 description: List of sources to populate environment 4180 variables in the container. The keys defined 4181 within a source must be a C_IDENTIFIER. All 4182 invalid keys will be reported as an event when 4183 the container is starting. When a key exists 4184 in multiple sources, the value associated with 4185 the last source will take precedence. Values 4186 defined by an Env with a duplicate key will 4187 take precedence. Cannot be updated. 4188 items: 4189 description: EnvFromSource represents the source 4190 of a set of ConfigMaps 4191 properties: 4192 configMapRef: 4193 description: The ConfigMap to select from 4194 properties: 4195 name: 4196 description: 'Name of the referent. 4197 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4198 TODO: Add other useful fields. apiVersion, 4199 kind, uid?' 4200 type: string 4201 optional: 4202 description: Specify whether the ConfigMap 4203 must be defined 4204 type: boolean 4205 type: object 4206 x-kubernetes-map-type: atomic 4207 prefix: 4208 description: An optional identifier to prepend 4209 to each key in the ConfigMap. Must be 4210 a C_IDENTIFIER. 4211 type: string 4212 secretRef: 4213 description: The Secret to select from 4214 properties: 4215 name: 4216 description: 'Name of the referent. 4217 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4218 TODO: Add other useful fields. apiVersion, 4219 kind, uid?' 4220 type: string 4221 optional: 4222 description: Specify whether the Secret 4223 must be defined 4224 type: boolean 4225 type: object 4226 x-kubernetes-map-type: atomic 4227 type: object 4228 type: array 4229 image: 4230 description: 'Container image name. More info: 4231 https://kubernetes.io/docs/concepts/containers/images 4232 This field is optional to allow higher level 4233 config management to default or override container 4234 images in workload controllers like Deployments 4235 and StatefulSets.' 4236 type: string 4237 imagePullPolicy: 4238 description: 'Image pull policy. One of Always, 4239 Never, IfNotPresent. Defaults to Always if :latest 4240 tag is specified, or IfNotPresent otherwise. 4241 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 4242 type: string 4243 lifecycle: 4244 description: Actions that the management system 4245 should take in response to container lifecycle 4246 events. Cannot be updated. 4247 properties: 4248 postStart: 4249 description: 'PostStart is called immediately 4250 after a container is created. If the handler 4251 fails, the container is terminated and restarted 4252 according to its restart policy. Other management 4253 of the container blocks until the hook completes. 4254 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4255 properties: 4256 exec: 4257 description: Exec specifies the action 4258 to take. 4259 properties: 4260 command: 4261 description: Command is the command 4262 line to execute inside the container, 4263 the working directory for the command is 4264 root ('/') in the container's filesystem. 4265 The command is simply exec'd, it 4266 is not run inside a shell, so traditional 4267 shell instructions ('|', etc) won't 4268 work. To use a shell, you need to 4269 explicitly call out to that shell. 4270 Exit status of 0 is treated as live/healthy 4271 and non-zero is unhealthy. 4272 items: 4273 type: string 4274 type: array 4275 type: object 4276 httpGet: 4277 description: HTTPGet specifies the http 4278 request to perform. 4279 properties: 4280 host: 4281 description: Host name to connect 4282 to, defaults to the pod IP. You 4283 probably want to set "Host" in httpHeaders 4284 instead. 4285 type: string 4286 httpHeaders: 4287 description: Custom headers to set 4288 in the request. HTTP allows repeated 4289 headers. 4290 items: 4291 description: HTTPHeader describes 4292 a custom header to be used in 4293 HTTP probes 4294 properties: 4295 name: 4296 description: The header field 4297 name. This will be canonicalized 4298 upon output, so case-variant 4299 names will be understood as 4300 the same header. 4301 type: string 4302 value: 4303 description: The header field 4304 value 4305 type: string 4306 required: 4307 - name 4308 - value 4309 type: object 4310 type: array 4311 path: 4312 description: Path to access on the 4313 HTTP server. 4314 type: string 4315 port: 4316 anyOf: 4317 - type: integer 4318 - type: string 4319 description: Name or number of the 4320 port to access on the container. 4321 Number must be in the range 1 to 4322 65535. Name must be an IANA_SVC_NAME. 4323 x-kubernetes-int-or-string: true 4324 scheme: 4325 description: Scheme to use for connecting 4326 to the host. Defaults to HTTP. 4327 type: string 4328 required: 4329 - port 4330 type: object 4331 tcpSocket: 4332 description: Deprecated. TCPSocket is 4333 NOT supported as a LifecycleHandler 4334 and kept for the backward compatibility. 4335 There are no validation of this field 4336 and lifecycle hooks will fail in runtime 4337 when tcp handler is specified. 4338 properties: 4339 host: 4340 description: 'Optional: Host name 4341 to connect to, defaults to the pod 4342 IP.' 4343 type: string 4344 port: 4345 anyOf: 4346 - type: integer 4347 - type: string 4348 description: Number or name of the 4349 port to access on the container. 4350 Number must be in the range 1 to 4351 65535. Name must be an IANA_SVC_NAME. 4352 x-kubernetes-int-or-string: true 4353 required: 4354 - port 4355 type: object 4356 type: object 4357 preStop: 4358 description: PreStop is called immediately 4359 before a container is terminated due to 4360 an API request or management event such 4361 as liveness/startup probe failure, preemption, 4362 resource contention, etc. The handler is 4363 not called if the container crashes or exits. 4364 The Pod's termination grace period countdown 4365 begins before the PreStop hook is executed. 4366 properties: 4367 exec: 4368 description: Exec specifies the action 4369 to take. 4370 properties: 4371 command: 4372 description: Command is the command 4373 line to execute inside the container, 4374 the working directory for the command is 4375 root ('/') in the container's filesystem. 4376 The command is simply exec'd, it 4377 is not run inside a shell, so traditional 4378 shell instructions ('|', etc) won't 4379 work. To use a shell, you need to 4380 explicitly call out to that shell. 4381 Exit status of 0 is treated as live/healthy 4382 and non-zero is unhealthy. 4383 items: 4384 type: string 4385 type: array 4386 type: object 4387 httpGet: 4388 description: HTTPGet specifies the http 4389 request to perform. 4390 properties: 4391 host: 4392 description: Host name to connect 4393 to, defaults to the pod IP. You 4394 probably want to set "Host" in httpHeaders 4395 instead. 4396 type: string 4397 httpHeaders: 4398 description: Custom headers to set 4399 in the request. HTTP allows repeated 4400 headers. 4401 items: 4402 description: HTTPHeader describes 4403 a custom header to be used in 4404 HTTP probes 4405 properties: 4406 name: 4407 description: The header field 4408 name. This will be canonicalized 4409 upon output, so case-variant 4410 names will be understood as 4411 the same header. 4412 type: string 4413 value: 4414 description: The header field 4415 value 4416 type: string 4417 required: 4418 - name 4419 - value 4420 type: object 4421 type: array 4422 path: 4423 description: Path to access on the 4424 HTTP server. 4425 type: string 4426 port: 4427 anyOf: 4428 - type: integer 4429 - type: string 4430 description: Name or number of the 4431 port to access on the container. 4432 Number must be in the range 1 to 4433 65535. Name must be an IANA_SVC_NAME. 4434 x-kubernetes-int-or-string: true 4435 scheme: 4436 description: Scheme to use for connecting 4437 to the host. Defaults to HTTP. 4438 type: string 4439 required: 4440 - port 4441 type: object 4442 tcpSocket: 4443 description: Deprecated. TCPSocket is 4444 NOT supported as a LifecycleHandler 4445 and kept for the backward compatibility. 4446 There are no validation of this field 4447 and lifecycle hooks will fail in runtime 4448 when tcp handler is specified. 4449 properties: 4450 host: 4451 description: 'Optional: Host name 4452 to connect to, defaults to the pod 4453 IP.' 4454 type: string 4455 port: 4456 anyOf: 4457 - type: integer 4458 - type: string 4459 description: Number or name of the 4460 port to access on the container. 4461 Number must be in the range 1 to 4462 65535. Name must be an IANA_SVC_NAME. 4463 x-kubernetes-int-or-string: true 4464 required: 4465 - port 4466 type: object 4467 type: object 4468 type: object 4469 livenessProbe: 4470 description: 'Periodic probe of container liveness. 4471 Container will be restarted if the probe fails. 4472 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4473 properties: 4474 exec: 4475 description: Exec specifies the action to 4476 take. 4477 properties: 4478 command: 4479 description: Command is the command line 4480 to execute inside the container, the 4481 working directory for the command is 4482 root ('/') in the container's filesystem. 4483 The command is simply exec'd, it is 4484 not run inside a shell, so traditional 4485 shell instructions ('|', etc) won't 4486 work. To use a shell, you need to explicitly 4487 call out to that shell. Exit status 4488 of 0 is treated as live/healthy and 4489 non-zero is unhealthy. 4490 items: 4491 type: string 4492 type: array 4493 type: object 4494 failureThreshold: 4495 description: Minimum consecutive failures 4496 for the probe to be considered failed after 4497 having succeeded. Defaults to 3. Minimum 4498 value is 1. 4499 format: int32 4500 type: integer 4501 grpc: 4502 description: GRPC specifies an action involving 4503 a GRPC port. 4504 properties: 4505 port: 4506 description: Port number of the gRPC service. 4507 Number must be in the range 1 to 65535. 4508 format: int32 4509 type: integer 4510 service: 4511 description: "Service is the name of the 4512 service to place in the gRPC HealthCheckRequest 4513 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4514 \n If this is not specified, the default 4515 behavior is defined by gRPC." 4516 type: string 4517 required: 4518 - port 4519 type: object 4520 httpGet: 4521 description: HTTPGet specifies the http request 4522 to perform. 4523 properties: 4524 host: 4525 description: Host name to connect to, 4526 defaults to the pod IP. You probably 4527 want to set "Host" in httpHeaders instead. 4528 type: string 4529 httpHeaders: 4530 description: Custom headers to set in 4531 the request. HTTP allows repeated headers. 4532 items: 4533 description: HTTPHeader describes a 4534 custom header to be used in HTTP probes 4535 properties: 4536 name: 4537 description: The header field name. 4538 This will be canonicalized upon 4539 output, so case-variant names 4540 will be understood as the same 4541 header. 4542 type: string 4543 value: 4544 description: The header field value 4545 type: string 4546 required: 4547 - name 4548 - value 4549 type: object 4550 type: array 4551 path: 4552 description: Path to access on the HTTP 4553 server. 4554 type: string 4555 port: 4556 anyOf: 4557 - type: integer 4558 - type: string 4559 description: Name or number of the port 4560 to access on the container. Number must 4561 be in the range 1 to 65535. Name must 4562 be an IANA_SVC_NAME. 4563 x-kubernetes-int-or-string: true 4564 scheme: 4565 description: Scheme to use for connecting 4566 to the host. Defaults to HTTP. 4567 type: string 4568 required: 4569 - port 4570 type: object 4571 initialDelaySeconds: 4572 description: 'Number of seconds after the 4573 container has started before liveness probes 4574 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4575 format: int32 4576 type: integer 4577 periodSeconds: 4578 description: How often (in seconds) to perform 4579 the probe. Default to 10 seconds. Minimum 4580 value is 1. 4581 format: int32 4582 type: integer 4583 successThreshold: 4584 description: Minimum consecutive successes 4585 for the probe to be considered successful 4586 after having failed. Defaults to 1. Must 4587 be 1 for liveness and startup. Minimum value 4588 is 1. 4589 format: int32 4590 type: integer 4591 tcpSocket: 4592 description: TCPSocket specifies an action 4593 involving a TCP port. 4594 properties: 4595 host: 4596 description: 'Optional: Host name to connect 4597 to, defaults to the pod IP.' 4598 type: string 4599 port: 4600 anyOf: 4601 - type: integer 4602 - type: string 4603 description: Number or name of the port 4604 to access on the container. Number must 4605 be in the range 1 to 65535. Name must 4606 be an IANA_SVC_NAME. 4607 x-kubernetes-int-or-string: true 4608 required: 4609 - port 4610 type: object 4611 terminationGracePeriodSeconds: 4612 description: Optional duration in seconds 4613 the pod needs to terminate gracefully upon 4614 probe failure. The grace period is the duration 4615 in seconds after the processes running in 4616 the pod are sent a termination signal and 4617 the time when the processes are forcibly 4618 halted with a kill signal. Set this value 4619 longer than the expected cleanup time for 4620 your process. 4621 format: int64 4622 type: integer 4623 timeoutSeconds: 4624 description: 'Number of seconds after which 4625 the probe times out. Defaults to 1 second. 4626 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4627 format: int32 4628 type: integer 4629 type: object 4630 name: 4631 description: Name of the container specified as 4632 a DNS_LABEL. Each container in a pod must have 4633 a unique name (DNS_LABEL). Cannot be updated. 4634 type: string 4635 ports: 4636 description: List of ports to expose from the 4637 container. Not specifying a port here DOES NOT 4638 prevent that port from being exposed. Any port 4639 which is listening on the default "0.0.0.0" 4640 address inside a container will be accessible 4641 from the network. Modifying this array with 4642 strategic merge patch may corrupt the data. 4643 For more information See https://github.com/kubernetes/kubernetes/issues/108255. 4644 items: 4645 description: ContainerPort represents a network 4646 port in a single container. 4647 properties: 4648 containerPort: 4649 description: Number of port to expose on 4650 the pod's IP address. This must be a valid 4651 port number, 0 < x < 65536. 4652 format: int32 4653 type: integer 4654 hostIP: 4655 description: What host IP to bind the external 4656 port to. 4657 type: string 4658 hostPort: 4659 description: Number of port to expose on 4660 the host. If specified, this must be a 4661 valid port number, 0 < x < 65536. If HostNetwork 4662 is specified, this must match ContainerPort. 4663 Most containers do not need this. 4664 format: int32 4665 type: integer 4666 name: 4667 description: If specified, this must be 4668 an IANA_SVC_NAME and unique within the 4669 pod. Each named port in a pod must have 4670 a unique name. Name for the port that 4671 can be referred to by services. 4672 type: string 4673 protocol: 4674 default: TCP 4675 description: Protocol for port. Must be 4676 UDP, TCP, or SCTP. Defaults to "TCP". 4677 type: string 4678 required: 4679 - containerPort 4680 type: object 4681 type: array 4682 x-kubernetes-list-map-keys: 4683 - containerPort 4684 - protocol 4685 x-kubernetes-list-type: map 4686 readinessProbe: 4687 description: 'Periodic probe of container service 4688 readiness. Container will be removed from service 4689 endpoints if the probe fails. Cannot be updated. 4690 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4691 properties: 4692 exec: 4693 description: Exec specifies the action to 4694 take. 4695 properties: 4696 command: 4697 description: Command is the command line 4698 to execute inside the container, the 4699 working directory for the command is 4700 root ('/') in the container's filesystem. 4701 The command is simply exec'd, it is 4702 not run inside a shell, so traditional 4703 shell instructions ('|', etc) won't 4704 work. To use a shell, you need to explicitly 4705 call out to that shell. Exit status 4706 of 0 is treated as live/healthy and 4707 non-zero is unhealthy. 4708 items: 4709 type: string 4710 type: array 4711 type: object 4712 failureThreshold: 4713 description: Minimum consecutive failures 4714 for the probe to be considered failed after 4715 having succeeded. Defaults to 3. Minimum 4716 value is 1. 4717 format: int32 4718 type: integer 4719 grpc: 4720 description: GRPC specifies an action involving 4721 a GRPC port. 4722 properties: 4723 port: 4724 description: Port number of the gRPC service. 4725 Number must be in the range 1 to 65535. 4726 format: int32 4727 type: integer 4728 service: 4729 description: "Service is the name of the 4730 service to place in the gRPC HealthCheckRequest 4731 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4732 \n If this is not specified, the default 4733 behavior is defined by gRPC." 4734 type: string 4735 required: 4736 - port 4737 type: object 4738 httpGet: 4739 description: HTTPGet specifies the http request 4740 to perform. 4741 properties: 4742 host: 4743 description: Host name to connect to, 4744 defaults to the pod IP. You probably 4745 want to set "Host" in httpHeaders instead. 4746 type: string 4747 httpHeaders: 4748 description: Custom headers to set in 4749 the request. HTTP allows repeated headers. 4750 items: 4751 description: HTTPHeader describes a 4752 custom header to be used in HTTP probes 4753 properties: 4754 name: 4755 description: The header field name. 4756 This will be canonicalized upon 4757 output, so case-variant names 4758 will be understood as the same 4759 header. 4760 type: string 4761 value: 4762 description: The header field value 4763 type: string 4764 required: 4765 - name 4766 - value 4767 type: object 4768 type: array 4769 path: 4770 description: Path to access on the HTTP 4771 server. 4772 type: string 4773 port: 4774 anyOf: 4775 - type: integer 4776 - type: string 4777 description: Name or number of the port 4778 to access on the container. Number must 4779 be in the range 1 to 65535. Name must 4780 be an IANA_SVC_NAME. 4781 x-kubernetes-int-or-string: true 4782 scheme: 4783 description: Scheme to use for connecting 4784 to the host. Defaults to HTTP. 4785 type: string 4786 required: 4787 - port 4788 type: object 4789 initialDelaySeconds: 4790 description: 'Number of seconds after the 4791 container has started before liveness probes 4792 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4793 format: int32 4794 type: integer 4795 periodSeconds: 4796 description: How often (in seconds) to perform 4797 the probe. Default to 10 seconds. Minimum 4798 value is 1. 4799 format: int32 4800 type: integer 4801 successThreshold: 4802 description: Minimum consecutive successes 4803 for the probe to be considered successful 4804 after having failed. Defaults to 1. Must 4805 be 1 for liveness and startup. Minimum value 4806 is 1. 4807 format: int32 4808 type: integer 4809 tcpSocket: 4810 description: TCPSocket specifies an action 4811 involving a TCP port. 4812 properties: 4813 host: 4814 description: 'Optional: Host name to connect 4815 to, defaults to the pod IP.' 4816 type: string 4817 port: 4818 anyOf: 4819 - type: integer 4820 - type: string 4821 description: Number or name of the port 4822 to access on the container. Number must 4823 be in the range 1 to 65535. Name must 4824 be an IANA_SVC_NAME. 4825 x-kubernetes-int-or-string: true 4826 required: 4827 - port 4828 type: object 4829 terminationGracePeriodSeconds: 4830 description: Optional duration in seconds 4831 the pod needs to terminate gracefully upon 4832 probe failure. The grace period is the duration 4833 in seconds after the processes running in 4834 the pod are sent a termination signal and 4835 the time when the processes are forcibly 4836 halted with a kill signal. Set this value 4837 longer than the expected cleanup time for 4838 your process. 4839 format: int64 4840 type: integer 4841 timeoutSeconds: 4842 description: 'Number of seconds after which 4843 the probe times out. Defaults to 1 second. 4844 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4845 format: int32 4846 type: integer 4847 type: object 4848 resizePolicy: 4849 description: Resources resize policy for the container. 4850 items: 4851 description: ContainerResizePolicy represents 4852 resource resize policy for the container. 4853 properties: 4854 resourceName: 4855 description: 'Name of the resource to which 4856 this resource resize policy applies. Supported 4857 values: cpu, memory.' 4858 type: string 4859 restartPolicy: 4860 description: Restart policy to apply when 4861 specified resource is resized. If not 4862 specified, it defaults to NotRequired. 4863 type: string 4864 required: 4865 - resourceName 4866 - restartPolicy 4867 type: object 4868 type: array 4869 x-kubernetes-list-type: atomic 4870 resources: 4871 description: 'Compute Resources required by this 4872 container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4873 properties: 4874 claims: 4875 description: "Claims lists the names of resources, 4876 defined in spec.resourceClaims, that are 4877 used by this container. \n This is an alpha 4878 field and requires enabling the DynamicResourceAllocation 4879 feature gate. \n This field is immutable. 4880 It can only be set for containers." 4881 items: 4882 description: ResourceClaim references one 4883 entry in PodSpec.ResourceClaims. 4884 properties: 4885 name: 4886 description: Name must match the name 4887 of one entry in pod.spec.resourceClaims 4888 of the Pod where this field is used. 4889 It makes that resource available inside 4890 a container. 4891 type: string 4892 required: 4893 - name 4894 type: object 4895 type: array 4896 x-kubernetes-list-map-keys: 4897 - name 4898 x-kubernetes-list-type: map 4899 limits: 4900 additionalProperties: 4901 anyOf: 4902 - type: integer 4903 - type: string 4904 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4905 x-kubernetes-int-or-string: true 4906 description: 'Limits describes the maximum 4907 amount of compute resources allowed. More 4908 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4909 type: object 4910 requests: 4911 additionalProperties: 4912 anyOf: 4913 - type: integer 4914 - type: string 4915 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4916 x-kubernetes-int-or-string: true 4917 description: 'Requests describes the minimum 4918 amount of compute resources required. If 4919 Requests is omitted for a container, it 4920 defaults to Limits if that is explicitly 4921 specified, otherwise to an implementation-defined 4922 value. Requests cannot exceed Limits. More 4923 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4924 type: object 4925 type: object 4926 securityContext: 4927 description: 'SecurityContext defines the security 4928 options the container should be run with. If 4929 set, the fields of SecurityContext override 4930 the equivalent fields of PodSecurityContext. 4931 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 4932 properties: 4933 allowPrivilegeEscalation: 4934 description: 'AllowPrivilegeEscalation controls 4935 whether a process can gain more privileges 4936 than its parent process. This bool directly 4937 controls if the no_new_privs flag will be 4938 set on the container process. AllowPrivilegeEscalation 4939 is true always when the container is: 1) 4940 run as Privileged 2) has CAP_SYS_ADMIN Note 4941 that this field cannot be set when spec.os.name 4942 is windows.' 4943 type: boolean 4944 capabilities: 4945 description: The capabilities to add/drop 4946 when running containers. Defaults to the 4947 default set of capabilities granted by the 4948 container runtime. Note that this field 4949 cannot be set when spec.os.name is windows. 4950 properties: 4951 add: 4952 description: Added capabilities 4953 items: 4954 description: Capability represent POSIX 4955 capabilities type 4956 type: string 4957 type: array 4958 drop: 4959 description: Removed capabilities 4960 items: 4961 description: Capability represent POSIX 4962 capabilities type 4963 type: string 4964 type: array 4965 type: object 4966 privileged: 4967 description: Run container in privileged mode. 4968 Processes in privileged containers are essentially 4969 equivalent to root on the host. Defaults 4970 to false. Note that this field cannot be 4971 set when spec.os.name is windows. 4972 type: boolean 4973 procMount: 4974 description: procMount denotes the type of 4975 proc mount to use for the containers. The 4976 default is DefaultProcMount which uses the 4977 container runtime defaults for readonly 4978 paths and masked paths. This requires the 4979 ProcMountType feature flag to be enabled. 4980 Note that this field cannot be set when 4981 spec.os.name is windows. 4982 type: string 4983 readOnlyRootFilesystem: 4984 description: Whether this container has a 4985 read-only root filesystem. Default is false. 4986 Note that this field cannot be set when 4987 spec.os.name is windows. 4988 type: boolean 4989 runAsGroup: 4990 description: The GID to run the entrypoint 4991 of the container process. Uses runtime default 4992 if unset. May also be set in PodSecurityContext. If 4993 set in both SecurityContext and PodSecurityContext, 4994 the value specified in SecurityContext takes 4995 precedence. Note that this field cannot 4996 be set when spec.os.name is windows. 4997 format: int64 4998 type: integer 4999 runAsNonRoot: 5000 description: Indicates that the container 5001 must run as a non-root user. If true, the 5002 Kubelet will validate the image at runtime 5003 to ensure that it does not run as UID 0 5004 (root) and fail to start the container if 5005 it does. If unset or false, no such validation 5006 will be performed. May also be set in PodSecurityContext. 5007 type: boolean 5008 runAsUser: 5009 description: The UID to run the entrypoint 5010 of the container process. Defaults to user 5011 specified in image metadata if unspecified. 5012 May also be set in PodSecurityContext. If 5013 set in both SecurityContext and PodSecurityContext, 5014 the value specified in SecurityContext takes 5015 precedence. Note that this field cannot 5016 be set when spec.os.name is windows. 5017 format: int64 5018 type: integer 5019 seLinuxOptions: 5020 description: The SELinux context to be applied 5021 to the container. If unspecified, the container 5022 runtime will allocate a random SELinux context 5023 for each container. May also be set in 5024 PodSecurityContext. If set in both SecurityContext 5025 and PodSecurityContext, the value specified 5026 in SecurityContext takes precedence. Note 5027 that this field cannot be set when spec.os.name 5028 is windows. 5029 properties: 5030 level: 5031 description: Level is SELinux level label 5032 that applies to the container. 5033 type: string 5034 role: 5035 description: Role is a SELinux role label 5036 that applies to the container. 5037 type: string 5038 type: 5039 description: Type is a SELinux type label 5040 that applies to the container. 5041 type: string 5042 user: 5043 description: User is a SELinux user label 5044 that applies to the container. 5045 type: string 5046 type: object 5047 seccompProfile: 5048 description: The seccomp options to use by 5049 this container. If seccomp options are provided 5050 at both the pod & container level, the container 5051 options override the pod options. Note that 5052 this field cannot be set when spec.os.name 5053 is windows. 5054 properties: 5055 localhostProfile: 5056 description: localhostProfile indicates 5057 a profile defined in a file on the node 5058 should be used. The profile must be 5059 preconfigured on the node to work. Must 5060 be a descending path, relative to the 5061 kubelet's configured seccomp profile 5062 location. Must only be set if type is 5063 "Localhost". 5064 type: string 5065 type: 5066 description: "type indicates which kind 5067 of seccomp profile will be applied. 5068 Valid options are: \n Localhost - a 5069 profile defined in a file on the node 5070 should be used. RuntimeDefault - the 5071 container runtime default profile should 5072 be used. Unconfined - no profile should 5073 be applied." 5074 type: string 5075 required: 5076 - type 5077 type: object 5078 windowsOptions: 5079 description: The Windows specific settings 5080 applied to all containers. If unspecified, 5081 the options from the PodSecurityContext 5082 will be used. If set in both SecurityContext 5083 and PodSecurityContext, the value specified 5084 in SecurityContext takes precedence. Note 5085 that this field cannot be set when spec.os.name 5086 is linux. 5087 properties: 5088 gmsaCredentialSpec: 5089 description: GMSACredentialSpec is where 5090 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5091 inlines the contents of the GMSA credential 5092 spec named by the GMSACredentialSpecName 5093 field. 5094 type: string 5095 gmsaCredentialSpecName: 5096 description: GMSACredentialSpecName is 5097 the name of the GMSA credential spec 5098 to use. 5099 type: string 5100 hostProcess: 5101 description: HostProcess determines if 5102 a container should be run as a 'Host 5103 Process' container. This field is alpha-level 5104 and will only be honored by components 5105 that enable the WindowsHostProcessContainers 5106 feature flag. Setting this field without 5107 the feature flag will result in errors 5108 when validating the Pod. 5109 type: boolean 5110 runAsUserName: 5111 description: The UserName in Windows to 5112 run the entrypoint of the container 5113 process. Defaults to the user specified 5114 in image metadata if unspecified. May 5115 also be set in PodSecurityContext. If 5116 set in both SecurityContext and PodSecurityContext, 5117 the value specified in SecurityContext 5118 takes precedence. 5119 type: string 5120 type: object 5121 type: object 5122 startupProbe: 5123 description: StartupProbe indicates that the Pod 5124 has successfully initialized. If specified, 5125 no other probes are executed until this completes 5126 successfully. If this probe fails, the Pod will 5127 be restarted, just as if the livenessProbe failed. 5128 properties: 5129 exec: 5130 description: Exec specifies the action to 5131 take. 5132 properties: 5133 command: 5134 description: Command is the command line 5135 to execute inside the container, the 5136 working directory for the command is 5137 root ('/') in the container's filesystem. 5138 The command is simply exec'd, it is 5139 not run inside a shell, so traditional 5140 shell instructions ('|', etc) won't 5141 work. To use a shell, you need to explicitly 5142 call out to that shell. Exit status 5143 of 0 is treated as live/healthy and 5144 non-zero is unhealthy. 5145 items: 5146 type: string 5147 type: array 5148 type: object 5149 failureThreshold: 5150 description: Minimum consecutive failures 5151 for the probe to be considered failed after 5152 having succeeded. Defaults to 3. Minimum 5153 value is 1. 5154 format: int32 5155 type: integer 5156 grpc: 5157 description: GRPC specifies an action involving 5158 a GRPC port. 5159 properties: 5160 port: 5161 description: Port number of the gRPC service. 5162 Number must be in the range 1 to 65535. 5163 format: int32 5164 type: integer 5165 service: 5166 description: "Service is the name of the 5167 service to place in the gRPC HealthCheckRequest 5168 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5169 \n If this is not specified, the default 5170 behavior is defined by gRPC." 5171 type: string 5172 required: 5173 - port 5174 type: object 5175 httpGet: 5176 description: HTTPGet specifies the http request 5177 to perform. 5178 properties: 5179 host: 5180 description: Host name to connect to, 5181 defaults to the pod IP. You probably 5182 want to set "Host" in httpHeaders instead. 5183 type: string 5184 httpHeaders: 5185 description: Custom headers to set in 5186 the request. HTTP allows repeated headers. 5187 items: 5188 description: HTTPHeader describes a 5189 custom header to be used in HTTP probes 5190 properties: 5191 name: 5192 description: The header field name. 5193 This will be canonicalized upon 5194 output, so case-variant names 5195 will be understood as the same 5196 header. 5197 type: string 5198 value: 5199 description: The header field value 5200 type: string 5201 required: 5202 - name 5203 - value 5204 type: object 5205 type: array 5206 path: 5207 description: Path to access on the HTTP 5208 server. 5209 type: string 5210 port: 5211 anyOf: 5212 - type: integer 5213 - type: string 5214 description: Name or number of the port 5215 to access on the container. Number must 5216 be in the range 1 to 65535. Name must 5217 be an IANA_SVC_NAME. 5218 x-kubernetes-int-or-string: true 5219 scheme: 5220 description: Scheme to use for connecting 5221 to the host. Defaults to HTTP. 5222 type: string 5223 required: 5224 - port 5225 type: object 5226 initialDelaySeconds: 5227 description: 'Number of seconds after the 5228 container has started before liveness probes 5229 are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5230 format: int32 5231 type: integer 5232 periodSeconds: 5233 description: How often (in seconds) to perform 5234 the probe. Default to 10 seconds. Minimum 5235 value is 1. 5236 format: int32 5237 type: integer 5238 successThreshold: 5239 description: Minimum consecutive successes 5240 for the probe to be considered successful 5241 after having failed. Defaults to 1. Must 5242 be 1 for liveness and startup. Minimum value 5243 is 1. 5244 format: int32 5245 type: integer 5246 tcpSocket: 5247 description: TCPSocket specifies an action 5248 involving a TCP port. 5249 properties: 5250 host: 5251 description: 'Optional: Host name to connect 5252 to, defaults to the pod IP.' 5253 type: string 5254 port: 5255 anyOf: 5256 - type: integer 5257 - type: string 5258 description: Number or name of the port 5259 to access on the container. Number must 5260 be in the range 1 to 65535. Name must 5261 be an IANA_SVC_NAME. 5262 x-kubernetes-int-or-string: true 5263 required: 5264 - port 5265 type: object 5266 terminationGracePeriodSeconds: 5267 description: Optional duration in seconds 5268 the pod needs to terminate gracefully upon 5269 probe failure. The grace period is the duration 5270 in seconds after the processes running in 5271 the pod are sent a termination signal and 5272 the time when the processes are forcibly 5273 halted with a kill signal. Set this value 5274 longer than the expected cleanup time for 5275 your process. 5276 format: int64 5277 type: integer 5278 timeoutSeconds: 5279 description: 'Number of seconds after which 5280 the probe times out. Defaults to 1 second. 5281 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5282 format: int32 5283 type: integer 5284 type: object 5285 stdin: 5286 description: Whether this container should allocate 5287 a buffer for stdin in the container runtime. 5288 If this is not set, reads from stdin in the 5289 container will always result in EOF. Default 5290 is false. 5291 type: boolean 5292 stdinOnce: 5293 description: Whether the container runtime should 5294 close the stdin channel after it has been opened 5295 by a single attach. When stdin is true the stdin 5296 stream will remain open across multiple attach 5297 sessions. 5298 type: boolean 5299 terminationMessagePath: 5300 description: 'Optional: Path at which the file 5301 to which the container''s termination message 5302 will be written is mounted into the container''s 5303 filesystem. Message written is intended to be 5304 brief final status, such as an assertion failure 5305 message. Will be truncated by the node if greater 5306 than 4096 bytes. The total message length across 5307 all containers will be limited to 12kb. Defaults 5308 to /dev/termination-log.' 5309 type: string 5310 terminationMessagePolicy: 5311 description: Indicate how the termination message 5312 should be populated. File will use the contents 5313 of terminationMessagePath to populate the container 5314 status message on both success and failure. 5315 FallbackToLogsOnError will use the last chunk 5316 of container log output if the termination message 5317 file is empty and the container exited with 5318 an error. 5319 type: string 5320 tty: 5321 description: Whether this container should allocate 5322 a TTY for itself, also requires 'stdin' to be 5323 true. Default is false. 5324 type: boolean 5325 volumeDevices: 5326 description: volumeDevices is the list of block 5327 devices to be used by the container. 5328 items: 5329 description: volumeDevice describes a mapping 5330 of a raw block device within a container. 5331 properties: 5332 devicePath: 5333 description: devicePath is the path inside 5334 of the container that the device will 5335 be mapped to. 5336 type: string 5337 name: 5338 description: name must match the name of 5339 a persistentVolumeClaim in the pod 5340 type: string 5341 required: 5342 - devicePath 5343 - name 5344 type: object 5345 type: array 5346 volumeMounts: 5347 description: Pod volumes to mount into the container's 5348 filesystem. Cannot be updated. 5349 items: 5350 description: VolumeMount describes a mounting 5351 of a Volume within a container. 5352 properties: 5353 mountPath: 5354 description: Path within the container at 5355 which the volume should be mounted. Must 5356 not contain ':'. 5357 type: string 5358 mountPropagation: 5359 description: mountPropagation determines 5360 how mounts are propagated from the host 5361 to container and the other way around. 5362 When not set, MountPropagationNone is 5363 used. This field is beta in 1.10. 5364 type: string 5365 name: 5366 description: This must match the Name of 5367 a Volume. 5368 type: string 5369 readOnly: 5370 description: Mounted read-only if true, 5371 read-write otherwise (false or unspecified). 5372 Defaults to false. 5373 type: boolean 5374 subPath: 5375 description: Path within the volume from 5376 which the container's volume should be 5377 mounted. Defaults to "" (volume's root). 5378 type: string 5379 subPathExpr: 5380 description: Expanded path within the volume 5381 from which the container's volume should 5382 be mounted. Behaves similarly to SubPath 5383 but environment variable references $(VAR_NAME) 5384 are expanded using the container's environment. 5385 Defaults to "" (volume's root). SubPathExpr 5386 and SubPath are mutually exclusive. 5387 type: string 5388 required: 5389 - mountPath 5390 - name 5391 type: object 5392 type: array 5393 workingDir: 5394 description: Container's working directory. If 5395 not specified, the container runtime's default 5396 will be used, which might be configured in the 5397 container image. Cannot be updated. 5398 type: string 5399 required: 5400 - name 5401 type: object 5402 type: array 5403 nodeName: 5404 description: NodeName is a request to schedule this 5405 pod onto a specific node. If it is non-empty, the 5406 scheduler simply schedules this pod onto that node, 5407 assuming that it fits resource requirements. 5408 type: string 5409 nodeSelector: 5410 additionalProperties: 5411 type: string 5412 description: 'NodeSelector is a selector which must 5413 be true for the pod to fit on a node. Selector which 5414 must match a node''s labels for the pod to be scheduled 5415 on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 5416 type: object 5417 x-kubernetes-map-type: atomic 5418 os: 5419 description: "Specifies the OS of the containers in 5420 the pod. Some pod and container fields are restricted 5421 if this is set. \n If the OS field is set to linux, 5422 the following fields must be unset: -securityContext.windowsOptions 5423 \n If the OS field is set to windows, following fields 5424 must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers 5425 - spec.securityContext.seLinuxOptions - spec.securityContext." 5426 properties: 5427 name: 5428 description: 'Name is the name of the operating 5429 system. The currently supported values are linux 5430 and windows. Additional value may be defined in 5431 future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration 5432 Clients should expect to handle additional values 5433 and treat unrecognized values in this field as 5434 os: null' 5435 type: string 5436 required: 5437 - name 5438 type: object 5439 overhead: 5440 additionalProperties: 5441 anyOf: 5442 - type: integer 5443 - type: string 5444 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5445 x-kubernetes-int-or-string: true 5446 description: Overhead represents the resource overhead 5447 associated with running a pod for a given RuntimeClass. 5448 This field will be autopopulated at admission time 5449 by the RuntimeClass admission controller. If the RuntimeClass 5450 admission controller is enabled, overhead must not 5451 be set in Pod create requests. The RuntimeClass admission 5452 controller will reject Pod create requests which have 5453 the overhead already set. 5454 type: object 5455 preemptionPolicy: 5456 description: PreemptionPolicy is the Policy for preempting 5457 pods with lower priority. One of Never, PreemptLowerPriority. 5458 Defaults to PreemptLowerPriority if unset. 5459 type: string 5460 priority: 5461 description: The priority value. Various system components 5462 use this field to find the priority of the pod. When 5463 Priority Admission Controller is enabled, it prevents 5464 users from setting this field. The admission controller 5465 populates this field from PriorityClassName. The higher 5466 the value, the higher the priority. 5467 format: int32 5468 type: integer 5469 priorityClassName: 5470 description: If specified, indicates the pod's priority. 5471 "system-node-critical" and "system-cluster-critical" 5472 are two special keywords which indicate the highest 5473 priorities with the former being the highest priority. 5474 Any other name must be defined by creating a PriorityClass 5475 object with that name. If not specified, the pod priority 5476 will be default or zero if there is no default. 5477 type: string 5478 readinessGates: 5479 description: 'If specified, all readiness gates will 5480 be evaluated for pod readiness. A pod is ready when 5481 all its containers are ready AND all conditions specified 5482 in the readiness gates have status equal to "True" 5483 More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' 5484 items: 5485 description: PodReadinessGate contains the reference 5486 to a pod condition 5487 properties: 5488 conditionType: 5489 description: ConditionType refers to a condition 5490 in the pod's condition list with matching type. 5491 type: string 5492 required: 5493 - conditionType 5494 type: object 5495 type: array 5496 resourceClaims: 5497 description: "ResourceClaims defines which ResourceClaims 5498 must be allocated and reserved before the Pod is allowed 5499 to start. The resources will be made available to 5500 those containers which consume them by name. \n This 5501 is an alpha field and requires enabling the DynamicResourceAllocation 5502 feature gate. \n This field is immutable." 5503 items: 5504 description: PodResourceClaim references exactly one 5505 ResourceClaim through a ClaimSource. It adds a name 5506 to it that uniquely identifies the ResourceClaim 5507 inside the Pod. Containers that need access to the 5508 ResourceClaim reference it with this name. 5509 properties: 5510 name: 5511 description: Name uniquely identifies this resource 5512 claim inside the pod. This must be a DNS_LABEL. 5513 type: string 5514 source: 5515 description: Source describes where to find the 5516 ResourceClaim. 5517 properties: 5518 resourceClaimName: 5519 description: ResourceClaimName is the name 5520 of a ResourceClaim object in the same namespace 5521 as this pod. 5522 type: string 5523 resourceClaimTemplateName: 5524 description: "ResourceClaimTemplateName is 5525 the name of a ResourceClaimTemplate object 5526 in the same namespace as this pod. \n The 5527 template will be used to create a new ResourceClaim, 5528 which will be bound to this pod. When this 5529 pod is deleted, the ResourceClaim will also 5530 be deleted. The name of the ResourceClaim 5531 will be <pod name>-<resource name>, where 5532 <resource name> is the PodResourceClaim.Name." 5533 type: string 5534 type: object 5535 required: 5536 - name 5537 type: object 5538 type: array 5539 x-kubernetes-list-map-keys: 5540 - name 5541 x-kubernetes-list-type: map 5542 restartPolicy: 5543 description: 'Restart policy for all containers within 5544 the pod. One of Always, OnFailure, Never. In some 5545 contexts, only a subset of those values may be permitted. 5546 Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 5547 type: string 5548 runtimeClassName: 5549 description: 'RuntimeClassName refers to a RuntimeClass 5550 object in the node.k8s.io group, which should be used 5551 to run this pod. If no RuntimeClass resource matches 5552 the named class, the pod will not be run. If unset 5553 or empty, the "legacy" RuntimeClass will be used, 5554 which is an implicit class with an empty definition 5555 that uses the default runtime handler. More info: 5556 https://git.k8s.' 5557 type: string 5558 schedulerName: 5559 description: If specified, the pod will be dispatched 5560 by specified scheduler. If not specified, the pod 5561 will be dispatched by default scheduler. 5562 type: string 5563 schedulingGates: 5564 description: "SchedulingGates is an opaque list of values 5565 that if specified will block scheduling the pod. If 5566 schedulingGates is not empty, the pod will stay in 5567 the SchedulingGated state and the scheduler will not 5568 attempt to schedule the pod. \n SchedulingGates can 5569 only be set at pod creation time, and be removed only 5570 afterwards. \n This is a beta feature enabled by the 5571 PodSchedulingReadiness feature gate." 5572 items: 5573 description: PodSchedulingGate is associated to a 5574 Pod to guard its scheduling. 5575 properties: 5576 name: 5577 description: Name of the scheduling gate. Each 5578 scheduling gate must have a unique name field. 5579 type: string 5580 required: 5581 - name 5582 type: object 5583 type: array 5584 x-kubernetes-list-map-keys: 5585 - name 5586 x-kubernetes-list-type: map 5587 securityContext: 5588 description: 'SecurityContext holds pod-level security 5589 attributes and common container settings. Optional: 5590 Defaults to empty. See type description for default 5591 values of each field.' 5592 properties: 5593 fsGroup: 5594 description: "A special supplemental group that 5595 applies to all containers in a pod. Some volume 5596 types allow the Kubelet to change the ownership 5597 of that volume to be owned by the pod: \n 1. The 5598 owning GID will be the FSGroup 2. The setgid bit 5599 is set (new files created in the volume will be 5600 owned by FSGroup) 3." 5601 format: int64 5602 type: integer 5603 fsGroupChangePolicy: 5604 description: 'fsGroupChangePolicy defines behavior 5605 of changing ownership and permission of the volume 5606 before being exposed inside Pod. This field will 5607 only apply to volume types which support fsGroup 5608 based ownership(and permissions). It will have 5609 no effect on ephemeral volume types such as: secret, 5610 configmaps and emptydir. Valid values are "OnRootMismatch" 5611 and "Always". If not specified, "Always" is used.' 5612 type: string 5613 runAsGroup: 5614 description: The GID to run the entrypoint of the 5615 container process. Uses runtime default if unset. 5616 May also be set in SecurityContext. If set in 5617 both SecurityContext and PodSecurityContext, the 5618 value specified in SecurityContext takes precedence 5619 for that container. Note that this field cannot 5620 be set when spec.os.name is windows. 5621 format: int64 5622 type: integer 5623 runAsNonRoot: 5624 description: Indicates that the container must run 5625 as a non-root user. If true, the Kubelet will 5626 validate the image at runtime to ensure that it 5627 does not run as UID 0 (root) and fail to start 5628 the container if it does. If unset or false, no 5629 such validation will be performed. May also be 5630 set in SecurityContext. 5631 type: boolean 5632 runAsUser: 5633 description: The UID to run the entrypoint of the 5634 container process. Defaults to user specified 5635 in image metadata if unspecified. May also be 5636 set in SecurityContext. If set in both SecurityContext 5637 and PodSecurityContext, the value specified in 5638 SecurityContext takes precedence for that container. 5639 Note that this field cannot be set when spec.os.name 5640 is windows. 5641 format: int64 5642 type: integer 5643 seLinuxOptions: 5644 description: The SELinux context to be applied to 5645 all containers. If unspecified, the container 5646 runtime will allocate a random SELinux context 5647 for each container. May also be set in SecurityContext. If 5648 set in both SecurityContext and PodSecurityContext, 5649 the value specified in SecurityContext takes precedence 5650 for that container. Note that this field cannot 5651 be set when spec.os.name is windows. 5652 properties: 5653 level: 5654 description: Level is SELinux level label that 5655 applies to the container. 5656 type: string 5657 role: 5658 description: Role is a SELinux role label that 5659 applies to the container. 5660 type: string 5661 type: 5662 description: Type is a SELinux type label that 5663 applies to the container. 5664 type: string 5665 user: 5666 description: User is a SELinux user label that 5667 applies to the container. 5668 type: string 5669 type: object 5670 seccompProfile: 5671 description: The seccomp options to use by the containers 5672 in this pod. Note that this field cannot be set 5673 when spec.os.name is windows. 5674 properties: 5675 localhostProfile: 5676 description: localhostProfile indicates a profile 5677 defined in a file on the node should be used. 5678 The profile must be preconfigured on the node 5679 to work. Must be a descending path, relative 5680 to the kubelet's configured seccomp profile 5681 location. Must only be set if type is "Localhost". 5682 type: string 5683 type: 5684 description: "type indicates which kind of seccomp 5685 profile will be applied. Valid options are: 5686 \n Localhost - a profile defined in a file 5687 on the node should be used. RuntimeDefault 5688 - the container runtime default profile should 5689 be used. Unconfined - no profile should be 5690 applied." 5691 type: string 5692 required: 5693 - type 5694 type: object 5695 supplementalGroups: 5696 description: A list of groups applied to the first 5697 process run in each container, in addition to 5698 the container's primary GID, the fsGroup (if specified), 5699 and group memberships defined in the container 5700 image for the uid of the container process. If 5701 unspecified, no additional groups are added to 5702 any container. 5703 items: 5704 format: int64 5705 type: integer 5706 type: array 5707 sysctls: 5708 description: Sysctls hold a list of namespaced sysctls 5709 used for the pod. Pods with unsupported sysctls 5710 (by the container runtime) might fail to launch. 5711 Note that this field cannot be set when spec.os.name 5712 is windows. 5713 items: 5714 description: Sysctl defines a kernel parameter 5715 to be set 5716 properties: 5717 name: 5718 description: Name of a property to set 5719 type: string 5720 value: 5721 description: Value of a property to set 5722 type: string 5723 required: 5724 - name 5725 - value 5726 type: object 5727 type: array 5728 windowsOptions: 5729 description: The Windows specific settings applied 5730 to all containers. If unspecified, the options 5731 within a container's SecurityContext will be used. 5732 If set in both SecurityContext and PodSecurityContext, 5733 the value specified in SecurityContext takes precedence. 5734 Note that this field cannot be set when spec.os.name 5735 is linux. 5736 properties: 5737 gmsaCredentialSpec: 5738 description: GMSACredentialSpec is where the 5739 GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5740 inlines the contents of the GMSA credential 5741 spec named by the GMSACredentialSpecName field. 5742 type: string 5743 gmsaCredentialSpecName: 5744 description: GMSACredentialSpecName is the name 5745 of the GMSA credential spec to use. 5746 type: string 5747 hostProcess: 5748 description: HostProcess determines if a container 5749 should be run as a 'Host Process' container. 5750 This field is alpha-level and will only be 5751 honored by components that enable the WindowsHostProcessContainers 5752 feature flag. Setting this field without the 5753 feature flag will result in errors when validating 5754 the Pod. 5755 type: boolean 5756 runAsUserName: 5757 description: The UserName in Windows to run 5758 the entrypoint of the container process. Defaults 5759 to the user specified in image metadata if 5760 unspecified. May also be set in PodSecurityContext. 5761 If set in both SecurityContext and PodSecurityContext, 5762 the value specified in SecurityContext takes 5763 precedence. 5764 type: string 5765 type: object 5766 type: object 5767 serviceAccount: 5768 description: 'DeprecatedServiceAccount is a depreciated 5769 alias for ServiceAccountName. Deprecated: Use serviceAccountName 5770 instead.' 5771 type: string 5772 serviceAccountName: 5773 description: 'ServiceAccountName is the name of the 5774 ServiceAccount to use to run this pod. More info: 5775 https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 5776 type: string 5777 setHostnameAsFQDN: 5778 description: If true the pod's hostname will be configured 5779 as the pod's FQDN, rather than the leaf name (the 5780 default). In Linux containers, this means setting 5781 the FQDN in the hostname field of the kernel (the 5782 nodename field of struct utsname). 5783 type: boolean 5784 shareProcessNamespace: 5785 description: 'Share a single process namespace between 5786 all of the containers in a pod. When this is set containers 5787 will be able to view and signal processes from other 5788 containers in the same pod, and the first process 5789 in each container will not be assigned PID 1. HostPID 5790 and ShareProcessNamespace cannot both be set. Optional: 5791 Default to false.' 5792 type: boolean 5793 subdomain: 5794 description: If specified, the fully qualified Pod hostname 5795 will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster 5796 domain>". If not specified, the pod will not have 5797 a domainname at all. 5798 type: string 5799 terminationGracePeriodSeconds: 5800 description: Optional duration in seconds the pod needs 5801 to terminate gracefully. May be decreased in delete 5802 request. Value must be non-negative integer. The value 5803 zero indicates stop immediately via the kill signal 5804 (no opportunity to shut down). If this value is nil, 5805 the default grace period will be used instead. 5806 format: int64 5807 type: integer 5808 tolerations: 5809 description: If specified, the pod's tolerations. 5810 items: 5811 description: The pod this Toleration is attached to 5812 tolerates any taint that matches the triple <key,value,effect> 5813 using the matching operator <operator>. 5814 properties: 5815 effect: 5816 description: Effect indicates the taint effect 5817 to match. Empty means match all taint effects. 5818 When specified, allowed values are NoSchedule, 5819 PreferNoSchedule and NoExecute. 5820 type: string 5821 key: 5822 description: Key is the taint key that the toleration 5823 applies to. Empty means match all taint keys. 5824 If the key is empty, operator must be Exists; 5825 this combination means to match all values and 5826 all keys. 5827 type: string 5828 operator: 5829 description: Operator represents a key's relationship 5830 to the value. Valid operators are Exists and 5831 Equal. Defaults to Equal. Exists is equivalent 5832 to wildcard for value, so that a pod can tolerate 5833 all taints of a particular category. 5834 type: string 5835 tolerationSeconds: 5836 description: TolerationSeconds represents the 5837 period of time the toleration (which must be 5838 of effect NoExecute, otherwise this field is 5839 ignored) tolerates the taint. By default, it 5840 is not set, which means tolerate the taint forever 5841 (do not evict). Zero and negative values will 5842 be treated as 0 (evict immediately) by the system. 5843 format: int64 5844 type: integer 5845 value: 5846 description: Value is the taint value the toleration 5847 matches to. If the operator is Exists, the value 5848 should be empty, otherwise just a regular string. 5849 type: string 5850 type: object 5851 type: array 5852 topologySpreadConstraints: 5853 description: TopologySpreadConstraints describes how 5854 a group of pods ought to spread across topology domains. 5855 Scheduler will schedule pods in a way which abides 5856 by the constraints. All topologySpreadConstraints 5857 are ANDed. 5858 items: 5859 description: TopologySpreadConstraint specifies how 5860 to spread matching pods among the given topology. 5861 properties: 5862 labelSelector: 5863 description: LabelSelector is used to find matching 5864 pods. Pods that match this label selector are 5865 counted to determine the number of pods in their 5866 corresponding topology domain. 5867 properties: 5868 matchExpressions: 5869 description: matchExpressions is a list of 5870 label selector requirements. The requirements 5871 are ANDed. 5872 items: 5873 description: A label selector requirement 5874 is a selector that contains values, a 5875 key, and an operator that relates the 5876 key and values. 5877 properties: 5878 key: 5879 description: key is the label key that 5880 the selector applies to. 5881 type: string 5882 operator: 5883 description: operator represents a key's 5884 relationship to a set of values. Valid 5885 operators are In, NotIn, Exists and 5886 DoesNotExist. 5887 type: string 5888 values: 5889 description: values is an array of string 5890 values. If the operator is In or NotIn, 5891 the values array must be non-empty. 5892 If the operator is Exists or DoesNotExist, 5893 the values array must be empty. This 5894 array is replaced during a strategic 5895 merge patch. 5896 items: 5897 type: string 5898 type: array 5899 required: 5900 - key 5901 - operator 5902 type: object 5903 type: array 5904 matchLabels: 5905 additionalProperties: 5906 type: string 5907 description: matchLabels is a map of {key,value} 5908 pairs. A single {key,value} in the matchLabels 5909 map is equivalent to an element of matchExpressions, 5910 whose key field is "key", the operator is 5911 "In", and the values array contains only 5912 "value". The requirements are ANDed. 5913 type: object 5914 type: object 5915 x-kubernetes-map-type: atomic 5916 matchLabelKeys: 5917 description: MatchLabelKeys is a set of pod label 5918 keys to select the pods over which spreading 5919 will be calculated. The keys are used to lookup 5920 values from the incoming pod labels, those key-value 5921 labels are ANDed with labelSelector to select 5922 the group of existing pods over which spreading 5923 will be calculated for the incoming pod. The 5924 same key is forbidden to exist in both MatchLabelKeys 5925 and LabelSelector. 5926 items: 5927 type: string 5928 type: array 5929 x-kubernetes-list-type: atomic 5930 maxSkew: 5931 description: MaxSkew describes the degree to which 5932 pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 5933 it is the maximum permitted difference between 5934 the number of matching pods in the target topology 5935 and the global minimum. The global minimum is 5936 the minimum number of matching pods in an eligible 5937 domain or zero if the number of eligible domains 5938 is less than MinDomains. 5939 format: int32 5940 type: integer 5941 minDomains: 5942 description: MinDomains indicates a minimum number 5943 of eligible domains. When the number of eligible 5944 domains with matching topology keys is less 5945 than minDomains, Pod Topology Spread treats 5946 "global minimum" as 0, and then the calculation 5947 of Skew is performed. And when the number of 5948 eligible domains with matching topology keys 5949 equals or greater than minDomains, this value 5950 has no effect on scheduling. 5951 format: int32 5952 type: integer 5953 nodeAffinityPolicy: 5954 description: "NodeAffinityPolicy indicates how 5955 we will treat Pod's nodeAffinity/nodeSelector 5956 when calculating pod topology spread skew. Options 5957 are: - Honor: only nodes matching nodeAffinity/nodeSelector 5958 are included in the calculations. - Ignore: 5959 nodeAffinity/nodeSelector are ignored. All nodes 5960 are included in the calculations. \n If this 5961 value is nil, the behavior is equivalent to 5962 the Honor policy." 5963 type: string 5964 nodeTaintsPolicy: 5965 description: "NodeTaintsPolicy indicates how we 5966 will treat node taints when calculating pod 5967 topology spread skew. Options are: - Honor: 5968 nodes without taints, along with tainted nodes 5969 for which the incoming pod has a toleration, 5970 are included. - Ignore: node taints are ignored. 5971 All nodes are included. \n If this value is 5972 nil, the behavior is equivalent to the Ignore 5973 policy." 5974 type: string 5975 topologyKey: 5976 description: TopologyKey is the key of node labels. 5977 Nodes that have a label with this key and identical 5978 values are considered to be in the same topology. 5979 We consider each <key, value> as a "bucket", 5980 and try to put balanced number of pods into 5981 each bucket. We define a domain as a particular 5982 instance of a topology. 5983 type: string 5984 whenUnsatisfiable: 5985 description: WhenUnsatisfiable indicates how to 5986 deal with a pod if it doesn't satisfy the spread 5987 constraint. - DoNotSchedule (default) tells 5988 the scheduler not to schedule it. - ScheduleAnyway 5989 tells the scheduler to schedule the pod in any 5990 location, but giving higher precedence to topologies 5991 that would help reduce the skew. 5992 type: string 5993 required: 5994 - maxSkew 5995 - topologyKey 5996 - whenUnsatisfiable 5997 type: object 5998 type: array 5999 x-kubernetes-list-map-keys: 6000 - topologyKey 6001 - whenUnsatisfiable 6002 x-kubernetes-list-type: map 6003 volumes: 6004 description: 'List of volumes that can be mounted by 6005 containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 6006 items: 6007 description: Volume represents a named volume in a 6008 pod that may be accessed by any container in the 6009 pod. 6010 properties: 6011 awsElasticBlockStore: 6012 description: 'awsElasticBlockStore represents 6013 an AWS Disk resource that is attached to a kubelet''s 6014 host machine and then exposed to the pod. More 6015 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6016 properties: 6017 fsType: 6018 description: 'fsType is the filesystem type 6019 of the volume that you want to mount. Tip: 6020 Ensure that the filesystem type is supported 6021 by the host operating system. Examples: 6022 "ext4", "xfs", "ntfs". Implicitly inferred 6023 to be "ext4" if unspecified. More info: 6024 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6025 TODO: how do we prevent errors in the filesystem 6026 from compromising the machine' 6027 type: string 6028 partition: 6029 description: 'partition is the partition in 6030 the volume that you want to mount. If omitted, 6031 the default is to mount by volume name. 6032 Examples: For volume /dev/sda1, you specify 6033 the partition as "1". Similarly, the volume 6034 partition for /dev/sda is "0" (or you can 6035 leave the property empty).' 6036 format: int32 6037 type: integer 6038 readOnly: 6039 description: 'readOnly value true will force 6040 the readOnly setting in VolumeMounts. More 6041 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6042 type: boolean 6043 volumeID: 6044 description: 'volumeID is unique ID of the 6045 persistent disk resource in AWS (Amazon 6046 EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6047 type: string 6048 required: 6049 - volumeID 6050 type: object 6051 azureDisk: 6052 description: azureDisk represents an Azure Data 6053 Disk mount on the host and bind mount to the 6054 pod. 6055 properties: 6056 cachingMode: 6057 description: 'cachingMode is the Host Caching 6058 mode: None, Read Only, Read Write.' 6059 type: string 6060 diskName: 6061 description: diskName is the Name of the data 6062 disk in the blob storage 6063 type: string 6064 diskURI: 6065 description: diskURI is the URI of data disk 6066 in the blob storage 6067 type: string 6068 fsType: 6069 description: fsType is Filesystem type to 6070 mount. Must be a filesystem type supported 6071 by the host operating system. Ex. "ext4", 6072 "xfs", "ntfs". Implicitly inferred to be 6073 "ext4" if unspecified. 6074 type: string 6075 kind: 6076 description: 'kind expected values are Shared: 6077 multiple blob disks per storage account Dedicated: 6078 single blob disk per storage account Managed: 6079 azure managed data disk (only in managed 6080 availability set). defaults to shared' 6081 type: string 6082 readOnly: 6083 description: readOnly Defaults to false (read/write). 6084 ReadOnly here will force the ReadOnly setting 6085 in VolumeMounts. 6086 type: boolean 6087 required: 6088 - diskName 6089 - diskURI 6090 type: object 6091 azureFile: 6092 description: azureFile represents an Azure File 6093 Service mount on the host and bind mount to 6094 the pod. 6095 properties: 6096 readOnly: 6097 description: readOnly defaults to false (read/write). 6098 ReadOnly here will force the ReadOnly setting 6099 in VolumeMounts. 6100 type: boolean 6101 secretName: 6102 description: secretName is the name of secret 6103 that contains Azure Storage Account Name 6104 and Key 6105 type: string 6106 shareName: 6107 description: shareName is the azure share 6108 Name 6109 type: string 6110 required: 6111 - secretName 6112 - shareName 6113 type: object 6114 cephfs: 6115 description: cephFS represents a Ceph FS mount 6116 on the host that shares a pod's lifetime 6117 properties: 6118 monitors: 6119 description: 'monitors is Required: Monitors 6120 is a collection of Ceph monitors More info: 6121 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6122 items: 6123 type: string 6124 type: array 6125 path: 6126 description: 'path is Optional: Used as the 6127 mounted root, rather than the full Ceph 6128 tree, default is /' 6129 type: string 6130 readOnly: 6131 description: 'readOnly is Optional: Defaults 6132 to false (read/write). ReadOnly here will 6133 force the ReadOnly setting in VolumeMounts. 6134 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6135 type: boolean 6136 secretFile: 6137 description: 'secretFile is Optional: SecretFile 6138 is the path to key ring for User, default 6139 is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6140 type: string 6141 secretRef: 6142 description: 'secretRef is Optional: SecretRef 6143 is reference to the authentication secret 6144 for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6145 properties: 6146 name: 6147 description: 'Name of the referent. More 6148 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6149 TODO: Add other useful fields. apiVersion, 6150 kind, uid?' 6151 type: string 6152 type: object 6153 x-kubernetes-map-type: atomic 6154 user: 6155 description: 'user is optional: User is the 6156 rados user name, default is admin More info: 6157 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6158 type: string 6159 required: 6160 - monitors 6161 type: object 6162 cinder: 6163 description: 'cinder represents a cinder volume 6164 attached and mounted on kubelets host machine. 6165 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6166 properties: 6167 fsType: 6168 description: 'fsType is the filesystem type 6169 to mount. Must be a filesystem type supported 6170 by the host operating system. Examples: 6171 "ext4", "xfs", "ntfs". Implicitly inferred 6172 to be "ext4" if unspecified. More info: 6173 https://examples.k8s.io/mysql-cinder-pd/README.md' 6174 type: string 6175 readOnly: 6176 description: 'readOnly defaults to false (read/write). 6177 ReadOnly here will force the ReadOnly setting 6178 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6179 type: boolean 6180 secretRef: 6181 description: 'secretRef is optional: points 6182 to a secret object containing parameters 6183 used to connect to OpenStack.' 6184 properties: 6185 name: 6186 description: 'Name of the referent. More 6187 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6188 TODO: Add other useful fields. apiVersion, 6189 kind, uid?' 6190 type: string 6191 type: object 6192 x-kubernetes-map-type: atomic 6193 volumeID: 6194 description: 'volumeID used to identify the 6195 volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6196 type: string 6197 required: 6198 - volumeID 6199 type: object 6200 configMap: 6201 description: configMap represents a configMap 6202 that should populate this volume 6203 properties: 6204 defaultMode: 6205 description: 'defaultMode is optional: mode 6206 bits used to set permissions on created 6207 files by default. Must be an octal value 6208 between 0000 and 0777 or a decimal value 6209 between 0 and 511. YAML accepts both octal 6210 and decimal values, JSON requires decimal 6211 values for mode bits. Defaults to 0644. 6212 Directories within the path are not affected 6213 by this setting.' 6214 format: int32 6215 type: integer 6216 items: 6217 description: items if unspecified, each key-value 6218 pair in the Data field of the referenced 6219 ConfigMap will be projected into the volume 6220 as a file whose name is the key and content 6221 is the value. If specified, the listed keys 6222 will be projected into the specified paths, 6223 and unlisted keys will not be present. 6224 items: 6225 description: Maps a string key to a path 6226 within a volume. 6227 properties: 6228 key: 6229 description: key is the key to project. 6230 type: string 6231 mode: 6232 description: 'mode is Optional: mode 6233 bits used to set permissions on this 6234 file. Must be an octal value between 6235 0000 and 0777 or a decimal value between 6236 0 and 511. YAML accepts both octal 6237 and decimal values, JSON requires 6238 decimal values for mode bits. If not 6239 specified, the volume defaultMode 6240 will be used.' 6241 format: int32 6242 type: integer 6243 path: 6244 description: path is the relative path 6245 of the file to map the key to. May 6246 not be an absolute path. May not contain 6247 the path element '..'. May not start 6248 with the string '..'. 6249 type: string 6250 required: 6251 - key 6252 - path 6253 type: object 6254 type: array 6255 name: 6256 description: 'Name of the referent. More info: 6257 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6258 TODO: Add other useful fields. apiVersion, 6259 kind, uid?' 6260 type: string 6261 optional: 6262 description: optional specify whether the 6263 ConfigMap or its keys must be defined 6264 type: boolean 6265 type: object 6266 x-kubernetes-map-type: atomic 6267 csi: 6268 description: csi (Container Storage Interface) 6269 represents ephemeral storage that is handled 6270 by certain external CSI drivers (Beta feature). 6271 properties: 6272 driver: 6273 description: driver is the name of the CSI 6274 driver that handles this volume. Consult 6275 with your admin for the correct name as 6276 registered in the cluster. 6277 type: string 6278 fsType: 6279 description: fsType to mount. Ex. "ext4", 6280 "xfs", "ntfs". If not provided, the empty 6281 value is passed to the associated CSI driver 6282 which will determine the default filesystem 6283 to apply. 6284 type: string 6285 nodePublishSecretRef: 6286 description: nodePublishSecretRef is a reference 6287 to the secret object containing sensitive 6288 information to pass to the CSI driver to 6289 complete the CSI NodePublishVolume and NodeUnpublishVolume 6290 calls. This field is optional, and may 6291 be empty if no secret is required. If the 6292 secret object contains more than one secret, 6293 all secret references are passed. 6294 properties: 6295 name: 6296 description: 'Name of the referent. More 6297 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6298 TODO: Add other useful fields. apiVersion, 6299 kind, uid?' 6300 type: string 6301 type: object 6302 x-kubernetes-map-type: atomic 6303 readOnly: 6304 description: readOnly specifies a read-only 6305 configuration for the volume. Defaults to 6306 false (read/write). 6307 type: boolean 6308 volumeAttributes: 6309 additionalProperties: 6310 type: string 6311 description: volumeAttributes stores driver-specific 6312 properties that are passed to the CSI driver. 6313 Consult your driver's documentation for 6314 supported values. 6315 type: object 6316 required: 6317 - driver 6318 type: object 6319 downwardAPI: 6320 description: downwardAPI represents downward API 6321 about the pod that should populate this volume 6322 properties: 6323 defaultMode: 6324 description: 'Optional: mode bits to use on 6325 created files by default. Must be a Optional: 6326 mode bits used to set permissions on created 6327 files by default. Must be an octal value 6328 between 0000 and 0777 or a decimal value 6329 between 0 and 511. YAML accepts both octal 6330 and decimal values, JSON requires decimal 6331 values for mode bits. Defaults to 0644. 6332 Directories within the path are not affected 6333 by this setting.' 6334 format: int32 6335 type: integer 6336 items: 6337 description: Items is a list of downward API 6338 volume file 6339 items: 6340 description: DownwardAPIVolumeFile represents 6341 information to create the file containing 6342 the pod field 6343 properties: 6344 fieldRef: 6345 description: 'Required: Selects a field 6346 of the pod: only annotations, labels, 6347 name and namespace are supported.' 6348 properties: 6349 apiVersion: 6350 description: Version of the schema 6351 the FieldPath is written in terms 6352 of, defaults to "v1". 6353 type: string 6354 fieldPath: 6355 description: Path of the field to 6356 select in the specified API version. 6357 type: string 6358 required: 6359 - fieldPath 6360 type: object 6361 x-kubernetes-map-type: atomic 6362 mode: 6363 description: 'Optional: mode bits used 6364 to set permissions on this file, must 6365 be an octal value between 0000 and 6366 0777 or a decimal value between 0 6367 and 511. YAML accepts both octal and 6368 decimal values, JSON requires decimal 6369 values for mode bits. If not specified, 6370 the volume defaultMode will be used.' 6371 format: int32 6372 type: integer 6373 path: 6374 description: 'Required: Path is the 6375 relative path name of the file to 6376 be created. Must not be absolute or 6377 contain the ''..'' path. Must be utf-8 6378 encoded. The first item of the relative 6379 path must not start with ''..''' 6380 type: string 6381 resourceFieldRef: 6382 description: 'Selects a resource of 6383 the container: only resources limits 6384 and requests (limits.cpu, limits.memory, 6385 requests.cpu and requests.memory) 6386 are currently supported.' 6387 properties: 6388 containerName: 6389 description: 'Container name: required 6390 for volumes, optional for env 6391 vars' 6392 type: string 6393 divisor: 6394 anyOf: 6395 - type: integer 6396 - type: string 6397 description: Specifies the output 6398 format of the exposed resources, 6399 defaults to "1" 6400 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6401 x-kubernetes-int-or-string: true 6402 resource: 6403 description: 'Required: resource 6404 to select' 6405 type: string 6406 required: 6407 - resource 6408 type: object 6409 x-kubernetes-map-type: atomic 6410 required: 6411 - path 6412 type: object 6413 type: array 6414 type: object 6415 emptyDir: 6416 description: 'emptyDir represents a temporary 6417 directory that shares a pod''s lifetime. More 6418 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6419 properties: 6420 medium: 6421 description: 'medium represents what type 6422 of storage medium should back this directory. 6423 The default is "" which means to use the 6424 node''s default medium. Must be an empty 6425 string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6426 type: string 6427 sizeLimit: 6428 anyOf: 6429 - type: integer 6430 - type: string 6431 description: 'sizeLimit is the total amount 6432 of local storage required for this EmptyDir 6433 volume. The size limit is also applicable 6434 for memory medium. The maximum usage on 6435 memory medium EmptyDir would be the minimum 6436 value between the SizeLimit specified here 6437 and the sum of memory limits of all containers 6438 in a pod. The default is nil which means 6439 that the limit is undefined. More info: 6440 https://kubernetes.' 6441 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6442 x-kubernetes-int-or-string: true 6443 type: object 6444 ephemeral: 6445 description: ephemeral represents a volume that 6446 is handled by a cluster storage driver. The 6447 volume's lifecycle is tied to the pod that defines 6448 it - it will be created before the pod starts, 6449 and deleted when the pod is removed. 6450 properties: 6451 volumeClaimTemplate: 6452 description: Will be used to create a stand-alone 6453 PVC to provision the volume. The pod in 6454 which this EphemeralVolumeSource is embedded 6455 will be the owner of the PVC, i.e. the PVC 6456 will be deleted together with the pod. The 6457 name of the PVC will be `<pod name>-<volume 6458 name>` where `<volume name>` is the name 6459 from the `PodSpec.Volumes` array entry. 6460 properties: 6461 metadata: 6462 description: May contain labels and annotations 6463 that will be copied into the PVC when 6464 creating it. No other fields are allowed 6465 and will be rejected during validation. 6466 properties: 6467 annotations: 6468 additionalProperties: 6469 type: string 6470 type: object 6471 finalizers: 6472 items: 6473 type: string 6474 type: array 6475 labels: 6476 additionalProperties: 6477 type: string 6478 type: object 6479 name: 6480 type: string 6481 namespace: 6482 type: string 6483 type: object 6484 spec: 6485 description: The specification for the 6486 PersistentVolumeClaim. The entire content 6487 is copied unchanged into the PVC that 6488 gets created from this template. The 6489 same fields as in a PersistentVolumeClaim 6490 are also valid here. 6491 properties: 6492 accessModes: 6493 description: 'accessModes contains 6494 the desired access modes the volume 6495 should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 6496 items: 6497 type: string 6498 type: array 6499 dataSource: 6500 description: 'dataSource field can 6501 be used to specify either: * An 6502 existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 6503 * An existing PVC (PersistentVolumeClaim) 6504 If the provisioner or an external 6505 controller can support the specified 6506 data source, it will create a new 6507 volume based on the contents of 6508 the specified data source.' 6509 properties: 6510 apiGroup: 6511 description: APIGroup is the group 6512 for the resource being referenced. 6513 If APIGroup is not specified, 6514 the specified Kind must be in 6515 the core API group. For any 6516 other third-party types, APIGroup 6517 is required. 6518 type: string 6519 kind: 6520 description: Kind is the type 6521 of resource being referenced 6522 type: string 6523 name: 6524 description: Name is the name 6525 of resource being referenced 6526 type: string 6527 required: 6528 - kind 6529 - name 6530 type: object 6531 x-kubernetes-map-type: atomic 6532 dataSourceRef: 6533 description: dataSourceRef specifies 6534 the object from which to populate 6535 the volume with data, if a non-empty 6536 volume is desired. This may be any 6537 object from a non-empty API group 6538 (non core object) or a PersistentVolumeClaim 6539 object. When this field is specified, 6540 volume binding will only succeed 6541 if the type of the specified object 6542 matches some installed volume populator 6543 or dynamic provisioner. 6544 properties: 6545 apiGroup: 6546 description: APIGroup is the group 6547 for the resource being referenced. 6548 If APIGroup is not specified, 6549 the specified Kind must be in 6550 the core API group. For any 6551 other third-party types, APIGroup 6552 is required. 6553 type: string 6554 kind: 6555 description: Kind is the type 6556 of resource being referenced 6557 type: string 6558 name: 6559 description: Name is the name 6560 of resource being referenced 6561 type: string 6562 namespace: 6563 description: Namespace is the 6564 namespace of resource being 6565 referenced Note that when a 6566 namespace is specified, a gateway.networking.k8s.io/ReferenceGrant 6567 object is required in the referent 6568 namespace to allow that namespace's 6569 owner to accept the reference. 6570 See the ReferenceGrant documentation 6571 for details. (Alpha) This field 6572 requires the CrossNamespaceVolumeDataSource 6573 feature gate to be enabled. 6574 type: string 6575 required: 6576 - kind 6577 - name 6578 type: object 6579 resources: 6580 description: 'resources represents 6581 the minimum resources the volume 6582 should have. If RecoverVolumeExpansionFailure 6583 feature is enabled users are allowed 6584 to specify resource requirements 6585 that are lower than previous value 6586 but must still be higher than capacity 6587 recorded in the status field of 6588 the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 6589 properties: 6590 claims: 6591 description: "Claims lists the 6592 names of resources, defined 6593 in spec.resourceClaims, that 6594 are used by this container. 6595 \n This is an alpha field and 6596 requires enabling the DynamicResourceAllocation 6597 feature gate. \n This field 6598 is immutable. It can only be 6599 set for containers." 6600 items: 6601 description: ResourceClaim references 6602 one entry in PodSpec.ResourceClaims. 6603 properties: 6604 name: 6605 description: Name must match 6606 the name of one entry 6607 in pod.spec.resourceClaims 6608 of the Pod where this 6609 field is used. It makes 6610 that resource available 6611 inside a container. 6612 type: string 6613 required: 6614 - name 6615 type: object 6616 type: array 6617 x-kubernetes-list-map-keys: 6618 - name 6619 x-kubernetes-list-type: map 6620 limits: 6621 additionalProperties: 6622 anyOf: 6623 - type: integer 6624 - type: string 6625 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6626 x-kubernetes-int-or-string: true 6627 description: 'Limits describes 6628 the maximum amount of compute 6629 resources allowed. More info: 6630 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6631 type: object 6632 requests: 6633 additionalProperties: 6634 anyOf: 6635 - type: integer 6636 - type: string 6637 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6638 x-kubernetes-int-or-string: true 6639 description: 'Requests describes 6640 the minimum amount of compute 6641 resources required. If Requests 6642 is omitted for a container, 6643 it defaults to Limits if that 6644 is explicitly specified, otherwise 6645 to an implementation-defined 6646 value. Requests cannot exceed 6647 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6648 type: object 6649 type: object 6650 selector: 6651 description: selector is a label query 6652 over volumes to consider for binding. 6653 properties: 6654 matchExpressions: 6655 description: matchExpressions 6656 is a list of label selector 6657 requirements. The requirements 6658 are ANDed. 6659 items: 6660 description: A label selector 6661 requirement is a selector 6662 that contains values, a key, 6663 and an operator that relates 6664 the key and values. 6665 properties: 6666 key: 6667 description: key is the 6668 label key that the selector 6669 applies to. 6670 type: string 6671 operator: 6672 description: operator represents 6673 a key's relationship to 6674 a set of values. Valid 6675 operators are In, NotIn, 6676 Exists and DoesNotExist. 6677 type: string 6678 values: 6679 description: values is an 6680 array of string values. 6681 If the operator is In 6682 or NotIn, the values array 6683 must be non-empty. If 6684 the operator is Exists 6685 or DoesNotExist, the values 6686 array must be empty. This 6687 array is replaced during 6688 a strategic merge patch. 6689 items: 6690 type: string 6691 type: array 6692 required: 6693 - key 6694 - operator 6695 type: object 6696 type: array 6697 matchLabels: 6698 additionalProperties: 6699 type: string 6700 description: matchLabels is a 6701 map of {key,value} pairs. A 6702 single {key,value} in the matchLabels 6703 map is equivalent to an element 6704 of matchExpressions, whose key 6705 field is "key", the operator 6706 is "In", and the values array 6707 contains only "value". The requirements 6708 are ANDed. 6709 type: object 6710 type: object 6711 x-kubernetes-map-type: atomic 6712 storageClassName: 6713 description: 'storageClassName is 6714 the name of the StorageClass required 6715 by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 6716 type: string 6717 volumeMode: 6718 description: volumeMode defines what 6719 type of volume is required by the 6720 claim. Value of Filesystem is implied 6721 when not included in claim spec. 6722 type: string 6723 volumeName: 6724 description: volumeName is the binding 6725 reference to the PersistentVolume 6726 backing this claim. 6727 type: string 6728 type: object 6729 required: 6730 - spec 6731 type: object 6732 type: object 6733 fc: 6734 description: fc represents a Fibre Channel resource 6735 that is attached to a kubelet's host machine 6736 and then exposed to the pod. 6737 properties: 6738 fsType: 6739 description: 'fsType is the filesystem type 6740 to mount. Must be a filesystem type supported 6741 by the host operating system. Ex. "ext4", 6742 "xfs", "ntfs". Implicitly inferred to be 6743 "ext4" if unspecified. TODO: how do we prevent 6744 errors in the filesystem from compromising 6745 the machine' 6746 type: string 6747 lun: 6748 description: 'lun is Optional: FC target lun 6749 number' 6750 format: int32 6751 type: integer 6752 readOnly: 6753 description: 'readOnly is Optional: Defaults 6754 to false (read/write). ReadOnly here will 6755 force the ReadOnly setting in VolumeMounts.' 6756 type: boolean 6757 targetWWNs: 6758 description: 'targetWWNs is Optional: FC target 6759 worldwide names (WWNs)' 6760 items: 6761 type: string 6762 type: array 6763 wwids: 6764 description: 'wwids Optional: FC volume world 6765 wide identifiers (wwids) Either wwids or 6766 combination of targetWWNs and lun must be 6767 set, but not both simultaneously.' 6768 items: 6769 type: string 6770 type: array 6771 type: object 6772 flexVolume: 6773 description: flexVolume represents a generic volume 6774 resource that is provisioned/attached using 6775 an exec based plugin. 6776 properties: 6777 driver: 6778 description: driver is the name of the driver 6779 to use for this volume. 6780 type: string 6781 fsType: 6782 description: fsType is the filesystem type 6783 to mount. Must be a filesystem type supported 6784 by the host operating system. Ex. "ext4", 6785 "xfs", "ntfs". The default filesystem depends 6786 on FlexVolume script. 6787 type: string 6788 options: 6789 additionalProperties: 6790 type: string 6791 description: 'options is Optional: this field 6792 holds extra command options if any.' 6793 type: object 6794 readOnly: 6795 description: 'readOnly is Optional: defaults 6796 to false (read/write). ReadOnly here will 6797 force the ReadOnly setting in VolumeMounts.' 6798 type: boolean 6799 secretRef: 6800 description: 'secretRef is Optional: secretRef 6801 is reference to the secret object containing 6802 sensitive information to pass to the plugin 6803 scripts. This may be empty if no secret 6804 object is specified. If the secret object 6805 contains more than one secret, all secrets 6806 are passed to the plugin scripts.' 6807 properties: 6808 name: 6809 description: 'Name of the referent. More 6810 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6811 TODO: Add other useful fields. apiVersion, 6812 kind, uid?' 6813 type: string 6814 type: object 6815 x-kubernetes-map-type: atomic 6816 required: 6817 - driver 6818 type: object 6819 flocker: 6820 description: flocker represents a Flocker volume 6821 attached to a kubelet's host machine. This depends 6822 on the Flocker control service being running 6823 properties: 6824 datasetName: 6825 description: datasetName is Name of the dataset 6826 stored as metadata -> name on the dataset 6827 for Flocker should be considered as deprecated 6828 type: string 6829 datasetUUID: 6830 description: datasetUUID is the UUID of the 6831 dataset. This is unique identifier of a 6832 Flocker dataset 6833 type: string 6834 type: object 6835 gcePersistentDisk: 6836 description: 'gcePersistentDisk represents a GCE 6837 Disk resource that is attached to a kubelet''s 6838 host machine and then exposed to the pod. More 6839 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6840 properties: 6841 fsType: 6842 description: 'fsType is filesystem type of 6843 the volume that you want to mount. Tip: 6844 Ensure that the filesystem type is supported 6845 by the host operating system. Examples: 6846 "ext4", "xfs", "ntfs". Implicitly inferred 6847 to be "ext4" if unspecified. More info: 6848 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6849 TODO: how do we prevent errors in the filesystem 6850 from compromising the machine' 6851 type: string 6852 partition: 6853 description: 'partition is the partition in 6854 the volume that you want to mount. If omitted, 6855 the default is to mount by volume name. 6856 Examples: For volume /dev/sda1, you specify 6857 the partition as "1". Similarly, the volume 6858 partition for /dev/sda is "0" (or you can 6859 leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6860 format: int32 6861 type: integer 6862 pdName: 6863 description: 'pdName is unique name of the 6864 PD resource in GCE. Used to identify the 6865 disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6866 type: string 6867 readOnly: 6868 description: 'readOnly here will force the 6869 ReadOnly setting in VolumeMounts. Defaults 6870 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6871 type: boolean 6872 required: 6873 - pdName 6874 type: object 6875 gitRepo: 6876 description: 'gitRepo represents a git repository 6877 at a particular revision. DEPRECATED: GitRepo 6878 is deprecated. To provision a container with 6879 a git repo, mount an EmptyDir into an InitContainer 6880 that clones the repo using git, then mount the 6881 EmptyDir into the Pod''s container.' 6882 properties: 6883 directory: 6884 description: directory is the target directory 6885 name. Must not contain or start with '..'. If 6886 '.' is supplied, the volume directory will 6887 be the git repository. Otherwise, if specified, 6888 the volume will contain the git repository 6889 in the subdirectory with the given name. 6890 type: string 6891 repository: 6892 description: repository is the URL 6893 type: string 6894 revision: 6895 description: revision is the commit hash for 6896 the specified revision. 6897 type: string 6898 required: 6899 - repository 6900 type: object 6901 glusterfs: 6902 description: 'glusterfs represents a Glusterfs 6903 mount on the host that shares a pod''s lifetime. 6904 More info: https://examples.k8s.io/volumes/glusterfs/README.md' 6905 properties: 6906 endpoints: 6907 description: 'endpoints is the endpoint name 6908 that details Glusterfs topology. More info: 6909 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6910 type: string 6911 path: 6912 description: 'path is the Glusterfs volume 6913 path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6914 type: string 6915 readOnly: 6916 description: 'readOnly here will force the 6917 Glusterfs volume to be mounted with read-only 6918 permissions. Defaults to false. More info: 6919 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6920 type: boolean 6921 required: 6922 - endpoints 6923 - path 6924 type: object 6925 hostPath: 6926 description: 'hostPath represents a pre-existing 6927 file or directory on the host machine that is 6928 directly exposed to the container. This is generally 6929 used for system agents or other privileged things 6930 that are allowed to see the host machine. Most 6931 containers will NOT need this. More info: https://kubernetes.' 6932 properties: 6933 path: 6934 description: 'path of the directory on the 6935 host. If the path is a symlink, it will 6936 follow the link to the real path. More info: 6937 https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 6938 type: string 6939 type: 6940 description: 'type for HostPath Volume Defaults 6941 to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 6942 type: string 6943 required: 6944 - path 6945 type: object 6946 iscsi: 6947 description: 'iscsi represents an ISCSI Disk resource 6948 that is attached to a kubelet''s host machine 6949 and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 6950 properties: 6951 chapAuthDiscovery: 6952 description: chapAuthDiscovery defines whether 6953 support iSCSI Discovery CHAP authentication 6954 type: boolean 6955 chapAuthSession: 6956 description: chapAuthSession defines whether 6957 support iSCSI Session CHAP authentication 6958 type: boolean 6959 fsType: 6960 description: 'fsType is the filesystem type 6961 of the volume that you want to mount. Tip: 6962 Ensure that the filesystem type is supported 6963 by the host operating system. Examples: 6964 "ext4", "xfs", "ntfs". Implicitly inferred 6965 to be "ext4" if unspecified. More info: 6966 https://kubernetes.io/docs/concepts/storage/volumes#iscsi 6967 TODO: how do we prevent errors in the filesystem 6968 from compromising the machine' 6969 type: string 6970 initiatorName: 6971 description: initiatorName is the custom iSCSI 6972 Initiator Name. If initiatorName is specified 6973 with iscsiInterface simultaneously, new 6974 iSCSI interface <target portal>:<volume 6975 name> will be created for the connection. 6976 type: string 6977 iqn: 6978 description: iqn is the target iSCSI Qualified 6979 Name. 6980 type: string 6981 iscsiInterface: 6982 description: iscsiInterface is the interface 6983 Name that uses an iSCSI transport. Defaults 6984 to 'default' (tcp). 6985 type: string 6986 lun: 6987 description: lun represents iSCSI Target Lun 6988 number. 6989 format: int32 6990 type: integer 6991 portals: 6992 description: portals is the iSCSI Target Portal 6993 List. The portal is either an IP or ip_addr:port 6994 if the port is other than default (typically 6995 TCP ports 860 and 3260). 6996 items: 6997 type: string 6998 type: array 6999 readOnly: 7000 description: readOnly here will force the 7001 ReadOnly setting in VolumeMounts. Defaults 7002 to false. 7003 type: boolean 7004 secretRef: 7005 description: secretRef is the CHAP Secret 7006 for iSCSI target and initiator authentication 7007 properties: 7008 name: 7009 description: 'Name of the referent. More 7010 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7011 TODO: Add other useful fields. apiVersion, 7012 kind, uid?' 7013 type: string 7014 type: object 7015 x-kubernetes-map-type: atomic 7016 targetPortal: 7017 description: targetPortal is iSCSI Target 7018 Portal. The Portal is either an IP or ip_addr:port 7019 if the port is other than default (typically 7020 TCP ports 860 and 3260). 7021 type: string 7022 required: 7023 - iqn 7024 - lun 7025 - targetPortal 7026 type: object 7027 name: 7028 description: 'name of the volume. Must be a DNS_LABEL 7029 and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 7030 type: string 7031 nfs: 7032 description: 'nfs represents an NFS mount on the 7033 host that shares a pod''s lifetime More info: 7034 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7035 properties: 7036 path: 7037 description: 'path that is exported by the 7038 NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7039 type: string 7040 readOnly: 7041 description: 'readOnly here will force the 7042 NFS export to be mounted with read-only 7043 permissions. Defaults to false. More info: 7044 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7045 type: boolean 7046 server: 7047 description: 'server is the hostname or IP 7048 address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7049 type: string 7050 required: 7051 - path 7052 - server 7053 type: object 7054 persistentVolumeClaim: 7055 description: 'persistentVolumeClaimVolumeSource 7056 represents a reference to a PersistentVolumeClaim 7057 in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7058 properties: 7059 claimName: 7060 description: 'claimName is the name of a PersistentVolumeClaim 7061 in the same namespace as the pod using this 7062 volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7063 type: string 7064 readOnly: 7065 description: readOnly Will force the ReadOnly 7066 setting in VolumeMounts. Default false. 7067 type: boolean 7068 required: 7069 - claimName 7070 type: object 7071 photonPersistentDisk: 7072 description: photonPersistentDisk represents a 7073 PhotonController persistent disk attached and 7074 mounted on kubelets host machine 7075 properties: 7076 fsType: 7077 description: fsType is the filesystem type 7078 to mount. Must be a filesystem type supported 7079 by the host operating system. Ex. "ext4", 7080 "xfs", "ntfs". Implicitly inferred to be 7081 "ext4" if unspecified. 7082 type: string 7083 pdID: 7084 description: pdID is the ID that identifies 7085 Photon Controller persistent disk 7086 type: string 7087 required: 7088 - pdID 7089 type: object 7090 portworxVolume: 7091 description: portworxVolume represents a portworx 7092 volume attached and mounted on kubelets host 7093 machine 7094 properties: 7095 fsType: 7096 description: fSType represents the filesystem 7097 type to mount Must be a filesystem type 7098 supported by the host operating system. 7099 Ex. "ext4", "xfs". Implicitly inferred to 7100 be "ext4" if unspecified. 7101 type: string 7102 readOnly: 7103 description: readOnly defaults to false (read/write). 7104 ReadOnly here will force the ReadOnly setting 7105 in VolumeMounts. 7106 type: boolean 7107 volumeID: 7108 description: volumeID uniquely identifies 7109 a Portworx volume 7110 type: string 7111 required: 7112 - volumeID 7113 type: object 7114 projected: 7115 description: projected items for all in one resources 7116 secrets, configmaps, and downward API 7117 properties: 7118 defaultMode: 7119 description: defaultMode are the mode bits 7120 used to set permissions on created files 7121 by default. Must be an octal value between 7122 0000 and 0777 or a decimal value between 7123 0 and 511. YAML accepts both octal and decimal 7124 values, JSON requires decimal values for 7125 mode bits. Directories within the path are 7126 not affected by this setting. 7127 format: int32 7128 type: integer 7129 sources: 7130 description: sources is the list of volume 7131 projections 7132 items: 7133 description: Projection that may be projected 7134 along with other supported volume types 7135 properties: 7136 configMap: 7137 description: configMap information about 7138 the configMap data to project 7139 properties: 7140 items: 7141 description: items if unspecified, 7142 each key-value pair in the Data 7143 field of the referenced ConfigMap 7144 will be projected into the volume 7145 as a file whose name is the key 7146 and content is the value. If specified, 7147 the listed keys will be projected 7148 into the specified paths, and 7149 unlisted keys will not be present. 7150 items: 7151 description: Maps a string key 7152 to a path within a volume. 7153 properties: 7154 key: 7155 description: key is the key 7156 to project. 7157 type: string 7158 mode: 7159 description: 'mode is Optional: 7160 mode bits used to set permissions 7161 on this file. Must be an 7162 octal value between 0000 7163 and 0777 or a decimal value 7164 between 0 and 511. YAML 7165 accepts both octal and decimal 7166 values, JSON requires decimal 7167 values for mode bits. If 7168 not specified, the volume 7169 defaultMode will be used.' 7170 format: int32 7171 type: integer 7172 path: 7173 description: path is the relative 7174 path of the file to map 7175 the key to. May not be an 7176 absolute path. May not contain 7177 the path element '..'. May 7178 not start with the string 7179 '..'. 7180 type: string 7181 required: 7182 - key 7183 - path 7184 type: object 7185 type: array 7186 name: 7187 description: 'Name of the referent. 7188 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7189 TODO: Add other useful fields. 7190 apiVersion, kind, uid?' 7191 type: string 7192 optional: 7193 description: optional specify whether 7194 the ConfigMap or its keys must 7195 be defined 7196 type: boolean 7197 type: object 7198 x-kubernetes-map-type: atomic 7199 downwardAPI: 7200 description: downwardAPI information 7201 about the downwardAPI data to project 7202 properties: 7203 items: 7204 description: Items is a list of 7205 DownwardAPIVolume file 7206 items: 7207 description: DownwardAPIVolumeFile 7208 represents information to create 7209 the file containing the pod 7210 field 7211 properties: 7212 fieldRef: 7213 description: 'Required: Selects 7214 a field of the pod: only 7215 annotations, labels, name 7216 and namespace are supported.' 7217 properties: 7218 apiVersion: 7219 description: Version of 7220 the schema the FieldPath 7221 is written in terms 7222 of, defaults to "v1". 7223 type: string 7224 fieldPath: 7225 description: Path of the 7226 field to select in the 7227 specified API version. 7228 type: string 7229 required: 7230 - fieldPath 7231 type: object 7232 x-kubernetes-map-type: atomic 7233 mode: 7234 description: 'Optional: mode 7235 bits used to set permissions 7236 on this file, must be an 7237 octal value between 0000 7238 and 0777 or a decimal value 7239 between 0 and 511. YAML 7240 accepts both octal and decimal 7241 values, JSON requires decimal 7242 values for mode bits. If 7243 not specified, the volume 7244 defaultMode will be used.' 7245 format: int32 7246 type: integer 7247 path: 7248 description: 'Required: Path 7249 is the relative path name 7250 of the file to be created. 7251 Must not be absolute or 7252 contain the ''..'' path. 7253 Must be utf-8 encoded. The 7254 first item of the relative 7255 path must not start with 7256 ''..''' 7257 type: string 7258 resourceFieldRef: 7259 description: 'Selects a resource 7260 of the container: only resources 7261 limits and requests (limits.cpu, 7262 limits.memory, requests.cpu 7263 and requests.memory) are 7264 currently supported.' 7265 properties: 7266 containerName: 7267 description: 'Container 7268 name: required for volumes, 7269 optional for env vars' 7270 type: string 7271 divisor: 7272 anyOf: 7273 - type: integer 7274 - type: string 7275 description: Specifies 7276 the output format of 7277 the exposed resources, 7278 defaults to "1" 7279 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7280 x-kubernetes-int-or-string: true 7281 resource: 7282 description: 'Required: 7283 resource to select' 7284 type: string 7285 required: 7286 - resource 7287 type: object 7288 x-kubernetes-map-type: atomic 7289 required: 7290 - path 7291 type: object 7292 type: array 7293 type: object 7294 secret: 7295 description: secret information about 7296 the secret data to project 7297 properties: 7298 items: 7299 description: items if unspecified, 7300 each key-value pair in the Data 7301 field of the referenced Secret 7302 will be projected into the volume 7303 as a file whose name is the key 7304 and content is the value. If specified, 7305 the listed keys will be projected 7306 into the specified paths, and 7307 unlisted keys will not be present. 7308 items: 7309 description: Maps a string key 7310 to a path within a volume. 7311 properties: 7312 key: 7313 description: key is the key 7314 to project. 7315 type: string 7316 mode: 7317 description: 'mode is Optional: 7318 mode bits used to set permissions 7319 on this file. Must be an 7320 octal value between 0000 7321 and 0777 or a decimal value 7322 between 0 and 511. YAML 7323 accepts both octal and decimal 7324 values, JSON requires decimal 7325 values for mode bits. If 7326 not specified, the volume 7327 defaultMode will be used.' 7328 format: int32 7329 type: integer 7330 path: 7331 description: path is the relative 7332 path of the file to map 7333 the key to. May not be an 7334 absolute path. May not contain 7335 the path element '..'. May 7336 not start with the string 7337 '..'. 7338 type: string 7339 required: 7340 - key 7341 - path 7342 type: object 7343 type: array 7344 name: 7345 description: 'Name of the referent. 7346 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7347 TODO: Add other useful fields. 7348 apiVersion, kind, uid?' 7349 type: string 7350 optional: 7351 description: optional field specify 7352 whether the Secret or its key 7353 must be defined 7354 type: boolean 7355 type: object 7356 x-kubernetes-map-type: atomic 7357 serviceAccountToken: 7358 description: serviceAccountToken is 7359 information about the serviceAccountToken 7360 data to project 7361 properties: 7362 audience: 7363 description: audience is the intended 7364 audience of the token. A recipient 7365 of a token must identify itself 7366 with an identifier specified in 7367 the audience of the token, and 7368 otherwise should reject the token. 7369 The audience defaults to the identifier 7370 of the apiserver. 7371 type: string 7372 expirationSeconds: 7373 description: expirationSeconds is 7374 the requested duration of validity 7375 of the service account token. 7376 As the token approaches expiration, 7377 the kubelet volume plugin will 7378 proactively rotate the service 7379 account token. The kubelet will 7380 start trying to rotate the token 7381 if the token is older than 80 7382 percent of its time to live or 7383 if the token is older than 24 7384 hours.Defaults to 1 hour and must 7385 be at least 10 minutes. 7386 format: int64 7387 type: integer 7388 path: 7389 description: path is the path relative 7390 to the mount point of the file 7391 to project the token into. 7392 type: string 7393 required: 7394 - path 7395 type: object 7396 type: object 7397 type: array 7398 type: object 7399 quobyte: 7400 description: quobyte represents a Quobyte mount 7401 on the host that shares a pod's lifetime 7402 properties: 7403 group: 7404 description: group to map volume access to 7405 Default is no group 7406 type: string 7407 readOnly: 7408 description: readOnly here will force the 7409 Quobyte volume to be mounted with read-only 7410 permissions. Defaults to false. 7411 type: boolean 7412 registry: 7413 description: registry represents a single 7414 or multiple Quobyte Registry services specified 7415 as a string as host:port pair (multiple 7416 entries are separated with commas) which 7417 acts as the central registry for volumes 7418 type: string 7419 tenant: 7420 description: tenant owning the given Quobyte 7421 volume in the Backend Used with dynamically 7422 provisioned Quobyte volumes, value is set 7423 by the plugin 7424 type: string 7425 user: 7426 description: user to map volume access to 7427 Defaults to serivceaccount user 7428 type: string 7429 volume: 7430 description: volume is a string that references 7431 an already created Quobyte volume by name. 7432 type: string 7433 required: 7434 - registry 7435 - volume 7436 type: object 7437 rbd: 7438 description: 'rbd represents a Rados Block Device 7439 mount on the host that shares a pod''s lifetime. 7440 More info: https://examples.k8s.io/volumes/rbd/README.md' 7441 properties: 7442 fsType: 7443 description: 'fsType is the filesystem type 7444 of the volume that you want to mount. Tip: 7445 Ensure that the filesystem type is supported 7446 by the host operating system. Examples: 7447 "ext4", "xfs", "ntfs". Implicitly inferred 7448 to be "ext4" if unspecified. More info: 7449 https://kubernetes.io/docs/concepts/storage/volumes#rbd 7450 TODO: how do we prevent errors in the filesystem 7451 from compromising the machine' 7452 type: string 7453 image: 7454 description: 'image is the rados image name. 7455 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7456 type: string 7457 keyring: 7458 description: 'keyring is the path to key ring 7459 for RBDUser. Default is /etc/ceph/keyring. 7460 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7461 type: string 7462 monitors: 7463 description: 'monitors is a collection of 7464 Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7465 items: 7466 type: string 7467 type: array 7468 pool: 7469 description: 'pool is the rados pool name. 7470 Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7471 type: string 7472 readOnly: 7473 description: 'readOnly here will force the 7474 ReadOnly setting in VolumeMounts. Defaults 7475 to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7476 type: boolean 7477 secretRef: 7478 description: 'secretRef is name of the authentication 7479 secret for RBDUser. If provided overrides 7480 keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7481 properties: 7482 name: 7483 description: 'Name of the referent. More 7484 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7485 TODO: Add other useful fields. apiVersion, 7486 kind, uid?' 7487 type: string 7488 type: object 7489 x-kubernetes-map-type: atomic 7490 user: 7491 description: 'user is the rados user name. 7492 Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7493 type: string 7494 required: 7495 - image 7496 - monitors 7497 type: object 7498 scaleIO: 7499 description: scaleIO represents a ScaleIO persistent 7500 volume attached and mounted on Kubernetes nodes. 7501 properties: 7502 fsType: 7503 description: fsType is the filesystem type 7504 to mount. Must be a filesystem type supported 7505 by the host operating system. Ex. "ext4", 7506 "xfs", "ntfs". Default is "xfs". 7507 type: string 7508 gateway: 7509 description: gateway is the host address of 7510 the ScaleIO API Gateway. 7511 type: string 7512 protectionDomain: 7513 description: protectionDomain is the name 7514 of the ScaleIO Protection Domain for the 7515 configured storage. 7516 type: string 7517 readOnly: 7518 description: readOnly Defaults to false (read/write). 7519 ReadOnly here will force the ReadOnly setting 7520 in VolumeMounts. 7521 type: boolean 7522 secretRef: 7523 description: secretRef references to the secret 7524 for ScaleIO user and other sensitive information. 7525 If this is not provided, Login operation 7526 will fail. 7527 properties: 7528 name: 7529 description: 'Name of the referent. More 7530 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7531 TODO: Add other useful fields. apiVersion, 7532 kind, uid?' 7533 type: string 7534 type: object 7535 x-kubernetes-map-type: atomic 7536 sslEnabled: 7537 description: sslEnabled Flag enable/disable 7538 SSL communication with Gateway, default 7539 false 7540 type: boolean 7541 storageMode: 7542 description: storageMode indicates whether 7543 the storage for a volume should be ThickProvisioned 7544 or ThinProvisioned. Default is ThinProvisioned. 7545 type: string 7546 storagePool: 7547 description: storagePool is the ScaleIO Storage 7548 Pool associated with the protection domain. 7549 type: string 7550 system: 7551 description: system is the name of the storage 7552 system as configured in ScaleIO. 7553 type: string 7554 volumeName: 7555 description: volumeName is the name of a volume 7556 already created in the ScaleIO system that 7557 is associated with this volume source. 7558 type: string 7559 required: 7560 - gateway 7561 - secretRef 7562 - system 7563 type: object 7564 secret: 7565 description: 'secret represents a secret that 7566 should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 7567 properties: 7568 defaultMode: 7569 description: 'defaultMode is Optional: mode 7570 bits used to set permissions on created 7571 files by default. Must be an octal value 7572 between 0000 and 0777 or a decimal value 7573 between 0 and 511. YAML accepts both octal 7574 and decimal values, JSON requires decimal 7575 values for mode bits. Defaults to 0644. 7576 Directories within the path are not affected 7577 by this setting.' 7578 format: int32 7579 type: integer 7580 items: 7581 description: items If unspecified, each key-value 7582 pair in the Data field of the referenced 7583 Secret will be projected into the volume 7584 as a file whose name is the key and content 7585 is the value. If specified, the listed keys 7586 will be projected into the specified paths, 7587 and unlisted keys will not be present. 7588 items: 7589 description: Maps a string key to a path 7590 within a volume. 7591 properties: 7592 key: 7593 description: key is the key to project. 7594 type: string 7595 mode: 7596 description: 'mode is Optional: mode 7597 bits used to set permissions on this 7598 file. Must be an octal value between 7599 0000 and 0777 or a decimal value between 7600 0 and 511. YAML accepts both octal 7601 and decimal values, JSON requires 7602 decimal values for mode bits. If not 7603 specified, the volume defaultMode 7604 will be used.' 7605 format: int32 7606 type: integer 7607 path: 7608 description: path is the relative path 7609 of the file to map the key to. May 7610 not be an absolute path. May not contain 7611 the path element '..'. May not start 7612 with the string '..'. 7613 type: string 7614 required: 7615 - key 7616 - path 7617 type: object 7618 type: array 7619 optional: 7620 description: optional field specify whether 7621 the Secret or its keys must be defined 7622 type: boolean 7623 secretName: 7624 description: 'secretName is the name of the 7625 secret in the pod''s namespace to use. More 7626 info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 7627 type: string 7628 type: object 7629 storageos: 7630 description: storageOS represents a StorageOS 7631 volume attached and mounted on Kubernetes nodes. 7632 properties: 7633 fsType: 7634 description: fsType is the filesystem type 7635 to mount. Must be a filesystem type supported 7636 by the host operating system. Ex. "ext4", 7637 "xfs", "ntfs". Implicitly inferred to be 7638 "ext4" if unspecified. 7639 type: string 7640 readOnly: 7641 description: readOnly defaults to false (read/write). 7642 ReadOnly here will force the ReadOnly setting 7643 in VolumeMounts. 7644 type: boolean 7645 secretRef: 7646 description: secretRef specifies the secret 7647 to use for obtaining the StorageOS API credentials. If 7648 not specified, default values will be attempted. 7649 properties: 7650 name: 7651 description: 'Name of the referent. More 7652 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7653 TODO: Add other useful fields. apiVersion, 7654 kind, uid?' 7655 type: string 7656 type: object 7657 x-kubernetes-map-type: atomic 7658 volumeName: 7659 description: volumeName is the human-readable 7660 name of the StorageOS volume. Volume names 7661 are only unique within a namespace. 7662 type: string 7663 volumeNamespace: 7664 description: volumeNamespace specifies the 7665 scope of the volume within StorageOS. If 7666 no namespace is specified then the Pod's 7667 namespace will be used. This allows the 7668 Kubernetes name scoping to be mirrored within 7669 StorageOS for tighter integration. Set VolumeName 7670 to any name to override the default behaviour. 7671 Set to "default" if you are not using namespaces 7672 within StorageOS. 7673 type: string 7674 type: object 7675 vsphereVolume: 7676 description: vsphereVolume represents a vSphere 7677 volume attached and mounted on kubelets host 7678 machine 7679 properties: 7680 fsType: 7681 description: fsType is filesystem type to 7682 mount. Must be a filesystem type supported 7683 by the host operating system. Ex. "ext4", 7684 "xfs", "ntfs". Implicitly inferred to be 7685 "ext4" if unspecified. 7686 type: string 7687 storagePolicyID: 7688 description: storagePolicyID is the storage 7689 Policy Based Management (SPBM) profile ID 7690 associated with the StoragePolicyName. 7691 type: string 7692 storagePolicyName: 7693 description: storagePolicyName is the storage 7694 Policy Based Management (SPBM) profile name. 7695 type: string 7696 volumePath: 7697 description: volumePath is the path that identifies 7698 vSphere volume vmdk 7699 type: string 7700 required: 7701 - volumePath 7702 type: object 7703 required: 7704 - name 7705 type: object 7706 type: array 7707 required: 7708 - containers 7709 type: object 7710 type: object 7711 type: object 7712 type: object 7713 required: 7714 - xgbReplicaSpecs 7715 type: object 7716 status: 7717 description: JobStatus represents the current observed state of the training 7718 Job. 7719 properties: 7720 completionTime: 7721 description: Represents time when the job was completed. It is not 7722 guaranteed to be set in happens-before order across separate operations. 7723 It is represented in RFC3339 form and is in UTC. 7724 format: date-time 7725 type: string 7726 conditions: 7727 description: Conditions is an array of current observed job conditions. 7728 items: 7729 description: JobCondition describes the state of the job at a certain 7730 point. 7731 properties: 7732 lastTransitionTime: 7733 description: Last time the condition transitioned from one status 7734 to another. 7735 format: date-time 7736 type: string 7737 lastUpdateTime: 7738 description: The last time this condition was updated. 7739 format: date-time 7740 type: string 7741 message: 7742 description: A human readable message indicating details about 7743 the transition. 7744 type: string 7745 reason: 7746 description: The reason for the condition's last transition. 7747 type: string 7748 status: 7749 description: Status of the condition, one of True, False, Unknown. 7750 type: string 7751 type: 7752 description: Type of job condition. 7753 type: string 7754 required: 7755 - status 7756 - type 7757 type: object 7758 type: array 7759 lastReconcileTime: 7760 description: Represents last time when the job was reconciled. It 7761 is not guaranteed to be set in happens-before order across separate 7762 operations. It is represented in RFC3339 form and is in UTC. 7763 format: date-time 7764 type: string 7765 replicaStatuses: 7766 additionalProperties: 7767 description: ReplicaStatus represents the current observed state 7768 of the replica. 7769 properties: 7770 active: 7771 description: The number of actively running pods. 7772 format: int32 7773 type: integer 7774 failed: 7775 description: The number of pods which reached phase Failed. 7776 format: int32 7777 type: integer 7778 labelSelector: 7779 description: 'Deprecated: Use Selector instead' 7780 properties: 7781 matchExpressions: 7782 description: matchExpressions is a list of label selector 7783 requirements. The requirements are ANDed. 7784 items: 7785 description: A label selector requirement is a selector 7786 that contains values, a key, and an operator that relates 7787 the key and values. 7788 properties: 7789 key: 7790 description: key is the label key that the selector 7791 applies to. 7792 type: string 7793 operator: 7794 description: operator represents a key's relationship 7795 to a set of values. Valid operators are In, NotIn, 7796 Exists and DoesNotExist. 7797 type: string 7798 values: 7799 description: values is an array of string values. 7800 If the operator is In or NotIn, the values array 7801 must be non-empty. If the operator is Exists or 7802 DoesNotExist, the values array must be empty. This 7803 array is replaced during a strategic merge patch. 7804 items: 7805 type: string 7806 type: array 7807 required: 7808 - key 7809 - operator 7810 type: object 7811 type: array 7812 matchLabels: 7813 additionalProperties: 7814 type: string 7815 description: matchLabels is a map of {key,value} pairs. 7816 A single {key,value} in the matchLabels map is equivalent 7817 to an element of matchExpressions, whose key field is 7818 "key", the operator is "In", and the values array contains 7819 only "value". The requirements are ANDed. 7820 type: object 7821 type: object 7822 x-kubernetes-map-type: atomic 7823 selector: 7824 description: A Selector is a label query over a set of resources. 7825 The result of matchLabels and matchExpressions are ANDed. 7826 An empty Selector matches all objects. A null Selector matches 7827 no objects. 7828 type: string 7829 succeeded: 7830 description: The number of pods which reached phase Succeeded. 7831 format: int32 7832 type: integer 7833 type: object 7834 description: ReplicaStatuses is map of ReplicaType and ReplicaStatus, 7835 specifies the status of each replica. 7836 type: object 7837 startTime: 7838 description: Represents time when the job was acknowledged by the 7839 job controller. It is not guaranteed to be set in happens-before 7840 order across separate operations. It is represented in RFC3339 form 7841 and is in UTC. 7842 format: date-time 7843 type: string 7844 type: object 7845 type: object 7846 served: true 7847 storage: true 7848 subresources: 7849 status: {}