github.com/metaprov/modela-operator@v0.0.0-20240118193048-f378be8b74d2/bundle/manifests/management.modela.ai_modelas.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 controller-gen.kubebuilder.io/version: v0.9.0 6 creationTimestamp: null 7 name: modelas.management.modela.ai 8 spec: 9 group: management.modela.ai 10 names: 11 categories: 12 - data 13 - modela 14 - all 15 kind: Modela 16 listKind: ModelaList 17 plural: modelas 18 shortNames: 19 - md 20 singular: modela 21 scope: Namespaced 22 versions: 23 - name: v1alpha1 24 schema: 25 openAPIV3Schema: 26 description: Modela is the Schema for the modelas API 27 properties: 28 apiVersion: 29 description: 'APIVersion defines the versioned schema of this representation 30 of an object. Servers should convert recognized schemas to the latest 31 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 32 type: string 33 kind: 34 description: 'Kind is a string value representing the REST resource this 35 object represents. Servers may infer this from the endpoint the client 36 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 37 type: string 38 metadata: 39 type: object 40 spec: 41 description: ModelaSpec defines the desired state of Modela 42 properties: 43 UseCertManager: 44 description: If true, install cert manager if not exist 45 type: boolean 46 UseLocalDatabase: 47 description: If True the system will install a database By default 48 install postgress 49 type: boolean 50 access: 51 description: Define how to access modela cluster 52 properties: 53 nodeport: 54 format: int32 55 type: integer 56 port: 57 type: integer 58 type: object 59 apiGateway: 60 description: Setting of the api gateway 61 properties: 62 pvcTemplate: 63 description: Template to be used to generate the Persistent Volume 64 Claim for the api gateway 65 properties: 66 accessModes: 67 description: 'accessModes contains the desired access modes 68 the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 69 items: 70 type: string 71 type: array 72 dataSource: 73 description: 'dataSource field can be used to specify either: 74 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 75 * An existing PVC (PersistentVolumeClaim) If the provisioner 76 or an external controller can support the specified data 77 source, it will create a new volume based on the contents 78 of the specified data source. If the AnyVolumeDataSource 79 feature gate is enabled, this field will always have the 80 same contents as the DataSourceRef field.' 81 properties: 82 apiGroup: 83 description: APIGroup is the group for the resource being 84 referenced. If APIGroup is not specified, the specified 85 Kind must be in the core API group. For any other third-party 86 types, APIGroup is required. 87 type: string 88 kind: 89 description: Kind is the type of resource being referenced 90 type: string 91 name: 92 description: Name is the name of resource being referenced 93 type: string 94 required: 95 - kind 96 - name 97 type: object 98 dataSourceRef: 99 description: 'dataSourceRef specifies the object from which 100 to populate the volume with data, if a non-empty volume 101 is desired. This may be any local object from a non-empty 102 API group (non core object) or a PersistentVolumeClaim object. 103 When this field is specified, volume binding will only succeed 104 if the type of the specified object matches some installed 105 volume populator or dynamic provisioner. This field will 106 replace the functionality of the DataSource field and as 107 such if both fields are non-empty, they must have the same 108 value. For backwards compatibility, both fields (DataSource 109 and DataSourceRef) will be set to the same value automatically 110 if one of them is empty and the other is non-empty. There 111 are two important differences between DataSource and DataSourceRef: 112 * While DataSource only allows two specific types of objects, 113 DataSourceRef allows any non-core object, as well as PersistentVolumeClaim 114 objects. * While DataSource ignores disallowed values (dropping 115 them), DataSourceRef preserves all values, and generates 116 an error if a disallowed value is specified. (Beta) Using 117 this field requires the AnyVolumeDataSource feature gate 118 to be enabled.' 119 properties: 120 apiGroup: 121 description: APIGroup is the group for the resource being 122 referenced. If APIGroup is not specified, the specified 123 Kind must be in the core API group. For any other third-party 124 types, APIGroup is required. 125 type: string 126 kind: 127 description: Kind is the type of resource being referenced 128 type: string 129 name: 130 description: Name is the name of resource being referenced 131 type: string 132 required: 133 - kind 134 - name 135 type: object 136 resources: 137 description: 'resources represents the minimum resources the 138 volume should have. If RecoverVolumeExpansionFailure feature 139 is enabled users are allowed to specify resource requirements 140 that are lower than previous value but must still be higher 141 than capacity recorded in the status field of the claim. 142 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 143 properties: 144 limits: 145 additionalProperties: 146 anyOf: 147 - type: integer 148 - type: string 149 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 150 x-kubernetes-int-or-string: true 151 description: 'Limits describes the maximum amount of compute 152 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 153 type: object 154 requests: 155 additionalProperties: 156 anyOf: 157 - type: integer 158 - type: string 159 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 160 x-kubernetes-int-or-string: true 161 description: 'Requests describes the minimum amount of 162 compute resources required. If Requests is omitted for 163 a container, it defaults to Limits if that is explicitly 164 specified, otherwise to an implementation-defined value. 165 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 166 type: object 167 type: object 168 selector: 169 description: selector is a label query over volumes to consider 170 for binding. 171 properties: 172 matchExpressions: 173 description: matchExpressions is a list of label selector 174 requirements. The requirements are ANDed. 175 items: 176 description: A label selector requirement is a selector 177 that contains values, a key, and an operator that 178 relates the key and values. 179 properties: 180 key: 181 description: key is the label key that the selector 182 applies to. 183 type: string 184 operator: 185 description: operator represents a key's relationship 186 to a set of values. Valid operators are In, NotIn, 187 Exists and DoesNotExist. 188 type: string 189 values: 190 description: values is an array of string values. 191 If the operator is In or NotIn, the values array 192 must be non-empty. If the operator is Exists or 193 DoesNotExist, the values array must be empty. 194 This array is replaced during a strategic merge 195 patch. 196 items: 197 type: string 198 type: array 199 required: 200 - key 201 - operator 202 type: object 203 type: array 204 matchLabels: 205 additionalProperties: 206 type: string 207 description: matchLabels is a map of {key,value} pairs. 208 A single {key,value} in the matchLabels map is equivalent 209 to an element of matchExpressions, whose key field is 210 "key", the operator is "In", and the values array contains 211 only "value". The requirements are ANDed. 212 type: object 213 type: object 214 storageClassName: 215 description: 'storageClassName is the name of the StorageClass 216 required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 217 type: string 218 volumeMode: 219 description: volumeMode defines what type of volume is required 220 by the claim. Value of Filesystem is implied when not included 221 in claim spec. 222 type: string 223 volumeName: 224 description: volumeName is the binding reference to the PersistentVolume 225 backing this claim. 226 type: string 227 type: object 228 replicas: 229 description: Define the number of api gateway replicas 230 type: integer 231 type: object 232 controlPlaneSpec: 233 description: Setting of the control plane 234 properties: 235 replicas: 236 description: Define the control plane replicas 237 type: integer 238 type: object 239 dataPlane: 240 description: Setting of the data plane 241 properties: 242 pvcTemplate: 243 description: Template to be used to generate the Persistent Volume 244 Claim for the api gateway 245 properties: 246 accessModes: 247 description: 'accessModes contains the desired access modes 248 the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 249 items: 250 type: string 251 type: array 252 dataSource: 253 description: 'dataSource field can be used to specify either: 254 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 255 * An existing PVC (PersistentVolumeClaim) If the provisioner 256 or an external controller can support the specified data 257 source, it will create a new volume based on the contents 258 of the specified data source. If the AnyVolumeDataSource 259 feature gate is enabled, this field will always have the 260 same contents as the DataSourceRef field.' 261 properties: 262 apiGroup: 263 description: APIGroup is the group for the resource being 264 referenced. If APIGroup is not specified, the specified 265 Kind must be in the core API group. For any other third-party 266 types, APIGroup is required. 267 type: string 268 kind: 269 description: Kind is the type of resource being referenced 270 type: string 271 name: 272 description: Name is the name of resource being referenced 273 type: string 274 required: 275 - kind 276 - name 277 type: object 278 dataSourceRef: 279 description: 'dataSourceRef specifies the object from which 280 to populate the volume with data, if a non-empty volume 281 is desired. This may be any local object from a non-empty 282 API group (non core object) or a PersistentVolumeClaim object. 283 When this field is specified, volume binding will only succeed 284 if the type of the specified object matches some installed 285 volume populator or dynamic provisioner. This field will 286 replace the functionality of the DataSource field and as 287 such if both fields are non-empty, they must have the same 288 value. For backwards compatibility, both fields (DataSource 289 and DataSourceRef) will be set to the same value automatically 290 if one of them is empty and the other is non-empty. There 291 are two important differences between DataSource and DataSourceRef: 292 * While DataSource only allows two specific types of objects, 293 DataSourceRef allows any non-core object, as well as PersistentVolumeClaim 294 objects. * While DataSource ignores disallowed values (dropping 295 them), DataSourceRef preserves all values, and generates 296 an error if a disallowed value is specified. (Beta) Using 297 this field requires the AnyVolumeDataSource feature gate 298 to be enabled.' 299 properties: 300 apiGroup: 301 description: APIGroup is the group for the resource being 302 referenced. If APIGroup is not specified, the specified 303 Kind must be in the core API group. For any other third-party 304 types, APIGroup is required. 305 type: string 306 kind: 307 description: Kind is the type of resource being referenced 308 type: string 309 name: 310 description: Name is the name of resource being referenced 311 type: string 312 required: 313 - kind 314 - name 315 type: object 316 resources: 317 description: 'resources represents the minimum resources the 318 volume should have. If RecoverVolumeExpansionFailure feature 319 is enabled users are allowed to specify resource requirements 320 that are lower than previous value but must still be higher 321 than capacity recorded in the status field of the claim. 322 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 323 properties: 324 limits: 325 additionalProperties: 326 anyOf: 327 - type: integer 328 - type: string 329 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 330 x-kubernetes-int-or-string: true 331 description: 'Limits describes the maximum amount of compute 332 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 333 type: object 334 requests: 335 additionalProperties: 336 anyOf: 337 - type: integer 338 - type: string 339 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 340 x-kubernetes-int-or-string: true 341 description: 'Requests describes the minimum amount of 342 compute resources required. If Requests is omitted for 343 a container, it defaults to Limits if that is explicitly 344 specified, otherwise to an implementation-defined value. 345 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 346 type: object 347 type: object 348 selector: 349 description: selector is a label query over volumes to consider 350 for binding. 351 properties: 352 matchExpressions: 353 description: matchExpressions is a list of label selector 354 requirements. The requirements are ANDed. 355 items: 356 description: A label selector requirement is a selector 357 that contains values, a key, and an operator that 358 relates the key and values. 359 properties: 360 key: 361 description: key is the label key that the selector 362 applies to. 363 type: string 364 operator: 365 description: operator represents a key's relationship 366 to a set of values. Valid operators are In, NotIn, 367 Exists and DoesNotExist. 368 type: string 369 values: 370 description: values is an array of string values. 371 If the operator is In or NotIn, the values array 372 must be non-empty. If the operator is Exists or 373 DoesNotExist, the values array must be empty. 374 This array is replaced during a strategic merge 375 patch. 376 items: 377 type: string 378 type: array 379 required: 380 - key 381 - operator 382 type: object 383 type: array 384 matchLabels: 385 additionalProperties: 386 type: string 387 description: matchLabels is a map of {key,value} pairs. 388 A single {key,value} in the matchLabels map is equivalent 389 to an element of matchExpressions, whose key field is 390 "key", the operator is "In", and the values array contains 391 only "value". The requirements are ANDed. 392 type: object 393 type: object 394 storageClassName: 395 description: 'storageClassName is the name of the StorageClass 396 required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 397 type: string 398 volumeMode: 399 description: volumeMode defines what type of volume is required 400 by the claim. Value of Filesystem is implied when not included 401 in claim spec. 402 type: string 403 volumeName: 404 description: volumeName is the binding reference to the PersistentVolume 405 backing this claim. 406 type: string 407 type: object 408 replicas: 409 type: integer 410 storageClass: 411 description: StorageClass to use for data plane data 412 type: string 413 type: object 414 databaseConnectionRef: 415 description: Connection reference to the db connection 416 properties: 417 apiVersion: 418 description: API version of the referent. 419 type: string 420 fieldPath: 421 description: 'If referring to a piece of an object instead of 422 an entire object, this string should contain a valid JSON/Go 423 field access statement, such as desiredState.manifest.containers[2]. 424 For example, if the object reference is to a container within 425 a pod, this would take on a value like: "spec.containers{name}" 426 (where "name" refers to the name of the container that triggered 427 the event) or if no container name is specified "spec.containers[2]" 428 (container with index 2 in this pod). This syntax is chosen 429 only to have some well-defined way of referencing a part of 430 an object. TODO: this design is not final and this field is 431 subject to change in the future.' 432 type: string 433 kind: 434 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 435 type: string 436 name: 437 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 438 type: string 439 namespace: 440 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 441 type: string 442 resourceVersion: 443 description: 'Specific resourceVersion to which this reference 444 is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 445 type: string 446 uid: 447 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 448 type: string 449 type: object 450 defaultTenant: 451 description: If true install the default tenant. 452 type: boolean 453 installed: 454 description: If true, install the modela cluster is not installed 455 type: boolean 456 license: 457 description: Define the desired state for modela license desired state 458 type: object 459 localObjectStoreConnectionRef: 460 description: Minio Connection Reference 461 properties: 462 apiVersion: 463 description: API version of the referent. 464 type: string 465 fieldPath: 466 description: 'If referring to a piece of an object instead of 467 an entire object, this string should contain a valid JSON/Go 468 field access statement, such as desiredState.manifest.containers[2]. 469 For example, if the object reference is to a container within 470 a pod, this would take on a value like: "spec.containers{name}" 471 (where "name" refers to the name of the container that triggered 472 the event) or if no container name is specified "spec.containers[2]" 473 (container with index 2 in this pod). This syntax is chosen 474 only to have some well-defined way of referencing a part of 475 an object. TODO: this design is not final and this field is 476 subject to change in the future.' 477 type: string 478 kind: 479 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 480 type: string 481 name: 482 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 483 type: string 484 namespace: 485 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 486 type: string 487 resourceVersion: 488 description: 'Specific resourceVersion to which this reference 489 is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 490 type: string 491 uid: 492 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 493 type: string 494 type: object 495 monitored: 496 description: If true, configure monitoring. 497 type: boolean 498 podTemplate: 499 description: PodTemplate describes a template for creating copies 500 of a predefined pod. 501 properties: 502 apiVersion: 503 description: 'APIVersion defines the versioned schema of this 504 representation of an object. Servers should convert recognized 505 schemas to the latest internal value, and may reject unrecognized 506 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 507 type: string 508 kind: 509 description: 'Kind is a string value representing the REST resource 510 this object represents. Servers may infer this from the endpoint 511 the client submits requests to. Cannot be updated. In CamelCase. 512 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 513 type: string 514 metadata: 515 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 516 type: object 517 template: 518 description: Template defines the pods that will be created from 519 this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 520 properties: 521 metadata: 522 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 523 type: object 524 spec: 525 description: 'Specification of the desired behavior of the 526 pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 527 properties: 528 activeDeadlineSeconds: 529 description: Optional duration in seconds the pod may 530 be active on the node relative to StartTime before the 531 system will actively try to mark it failed and kill 532 associated containers. Value must be a positive integer. 533 format: int64 534 type: integer 535 affinity: 536 description: If specified, the pod's scheduling constraints 537 properties: 538 nodeAffinity: 539 description: Describes node affinity scheduling rules 540 for the pod. 541 properties: 542 preferredDuringSchedulingIgnoredDuringExecution: 543 description: The scheduler will prefer to schedule 544 pods to nodes that satisfy the affinity expressions 545 specified by this field, but it may choose a 546 node that violates one or more of the expressions. 547 The node that is most preferred is the one with 548 the greatest sum of weights, i.e. for each node 549 that meets all of the scheduling requirements 550 (resource request, requiredDuringScheduling 551 affinity expressions, etc.), compute a sum by 552 iterating through the elements of this field 553 and adding "weight" to the sum if the node matches 554 the corresponding matchExpressions; the node(s) 555 with the highest sum are the most preferred. 556 items: 557 description: An empty preferred scheduling term 558 matches all objects with implicit weight 0 559 (i.e. it's a no-op). A null preferred scheduling 560 term matches no objects (i.e. is also a no-op). 561 properties: 562 preference: 563 description: A node selector term, associated 564 with the corresponding weight. 565 properties: 566 matchExpressions: 567 description: A list of node selector 568 requirements by node's labels. 569 items: 570 description: A node selector requirement 571 is a selector that contains values, 572 a key, and an operator that relates 573 the key and values. 574 properties: 575 key: 576 description: The label key that 577 the selector applies to. 578 type: string 579 operator: 580 description: Represents a key's 581 relationship to a set of values. 582 Valid operators are In, NotIn, 583 Exists, DoesNotExist. Gt, and 584 Lt. 585 type: string 586 values: 587 description: An array of string 588 values. If the operator is In 589 or NotIn, the values array must 590 be non-empty. If the operator 591 is Exists or DoesNotExist, the 592 values array must be empty. 593 If the operator is Gt or Lt, 594 the values array must have a 595 single element, which will be 596 interpreted as an integer. This 597 array is replaced during a strategic 598 merge patch. 599 items: 600 type: string 601 type: array 602 required: 603 - key 604 - operator 605 type: object 606 type: array 607 matchFields: 608 description: A list of node selector 609 requirements by node's fields. 610 items: 611 description: A node selector requirement 612 is a selector that contains values, 613 a key, and an operator that relates 614 the key and values. 615 properties: 616 key: 617 description: The label key that 618 the selector applies to. 619 type: string 620 operator: 621 description: Represents a key's 622 relationship to a set of values. 623 Valid operators are In, NotIn, 624 Exists, DoesNotExist. Gt, and 625 Lt. 626 type: string 627 values: 628 description: An array of string 629 values. If the operator is In 630 or NotIn, the values array must 631 be non-empty. If the operator 632 is Exists or DoesNotExist, the 633 values array must be empty. 634 If the operator is Gt or Lt, 635 the values array must have a 636 single element, which will be 637 interpreted as an integer. This 638 array is replaced during a strategic 639 merge patch. 640 items: 641 type: string 642 type: array 643 required: 644 - key 645 - operator 646 type: object 647 type: array 648 type: object 649 weight: 650 description: Weight associated with matching 651 the corresponding nodeSelectorTerm, in 652 the range 1-100. 653 format: int32 654 type: integer 655 required: 656 - preference 657 - weight 658 type: object 659 type: array 660 requiredDuringSchedulingIgnoredDuringExecution: 661 description: If the affinity requirements specified 662 by this field are not met at scheduling time, 663 the pod will not be scheduled onto the node. 664 If the affinity requirements specified by this 665 field cease to be met at some point during pod 666 execution (e.g. due to an update), the system 667 may or may not try to eventually evict the pod 668 from its node. 669 properties: 670 nodeSelectorTerms: 671 description: Required. A list of node selector 672 terms. The terms are ORed. 673 items: 674 description: A null or empty node selector 675 term matches no objects. The requirements 676 of them are ANDed. The TopologySelectorTerm 677 type implements a subset of the NodeSelectorTerm. 678 properties: 679 matchExpressions: 680 description: A list of node selector 681 requirements by node's labels. 682 items: 683 description: A node selector requirement 684 is a selector that contains values, 685 a key, and an operator that relates 686 the key and values. 687 properties: 688 key: 689 description: The label key that 690 the selector applies to. 691 type: string 692 operator: 693 description: Represents a key's 694 relationship to a set of values. 695 Valid operators are In, NotIn, 696 Exists, DoesNotExist. Gt, and 697 Lt. 698 type: string 699 values: 700 description: An array of string 701 values. If the operator is In 702 or NotIn, the values array must 703 be non-empty. If the operator 704 is Exists or DoesNotExist, the 705 values array must be empty. 706 If the operator is Gt or Lt, 707 the values array must have a 708 single element, which will be 709 interpreted as an integer. This 710 array is replaced during a strategic 711 merge patch. 712 items: 713 type: string 714 type: array 715 required: 716 - key 717 - operator 718 type: object 719 type: array 720 matchFields: 721 description: A list of node selector 722 requirements by node's fields. 723 items: 724 description: A node selector requirement 725 is a selector that contains values, 726 a key, and an operator that relates 727 the key and values. 728 properties: 729 key: 730 description: The label key that 731 the selector applies to. 732 type: string 733 operator: 734 description: Represents a key's 735 relationship to a set of values. 736 Valid operators are In, NotIn, 737 Exists, DoesNotExist. Gt, and 738 Lt. 739 type: string 740 values: 741 description: An array of string 742 values. If the operator is In 743 or NotIn, the values array must 744 be non-empty. If the operator 745 is Exists or DoesNotExist, the 746 values array must be empty. 747 If the operator is Gt or Lt, 748 the values array must have a 749 single element, which will be 750 interpreted as an integer. This 751 array is replaced during a strategic 752 merge patch. 753 items: 754 type: string 755 type: array 756 required: 757 - key 758 - operator 759 type: object 760 type: array 761 type: object 762 type: array 763 required: 764 - nodeSelectorTerms 765 type: object 766 type: object 767 podAffinity: 768 description: Describes pod affinity scheduling rules 769 (e.g. co-locate this pod in the same node, zone, 770 etc. as some other pod(s)). 771 properties: 772 preferredDuringSchedulingIgnoredDuringExecution: 773 description: The scheduler will prefer to schedule 774 pods to nodes that satisfy the affinity expressions 775 specified by this field, but it may choose a 776 node that violates one or more of the expressions. 777 The node that is most preferred is the one with 778 the greatest sum of weights, i.e. for each node 779 that meets all of the scheduling requirements 780 (resource request, requiredDuringScheduling 781 affinity expressions, etc.), compute a sum by 782 iterating through the elements of this field 783 and adding "weight" to the sum if the node has 784 pods which matches the corresponding podAffinityTerm; 785 the node(s) with the highest sum are the most 786 preferred. 787 items: 788 description: The weights of all of the matched 789 WeightedPodAffinityTerm fields are added per-node 790 to find the most preferred node(s) 791 properties: 792 podAffinityTerm: 793 description: Required. A pod affinity term, 794 associated with the corresponding weight. 795 properties: 796 labelSelector: 797 description: A label query over a set 798 of resources, in this case pods. 799 properties: 800 matchExpressions: 801 description: matchExpressions is 802 a list of label selector requirements. 803 The requirements are ANDed. 804 items: 805 description: A label selector 806 requirement is a selector that 807 contains values, a key, and 808 an operator that relates the 809 key and values. 810 properties: 811 key: 812 description: key is the label 813 key that the selector applies 814 to. 815 type: string 816 operator: 817 description: operator represents 818 a key's relationship to 819 a set of values. Valid operators 820 are In, NotIn, Exists and 821 DoesNotExist. 822 type: string 823 values: 824 description: values is an 825 array of string values. 826 If the operator is In or 827 NotIn, the values array 828 must be non-empty. If the 829 operator is Exists or DoesNotExist, 830 the values array must be 831 empty. This array is replaced 832 during a strategic merge 833 patch. 834 items: 835 type: string 836 type: array 837 required: 838 - key 839 - operator 840 type: object 841 type: array 842 matchLabels: 843 additionalProperties: 844 type: string 845 description: matchLabels is a map 846 of {key,value} pairs. A single 847 {key,value} in the matchLabels 848 map is equivalent to an element 849 of matchExpressions, whose key 850 field is "key", the operator is 851 "In", and the values array contains 852 only "value". The requirements 853 are ANDed. 854 type: object 855 type: object 856 namespaceSelector: 857 description: A label query over the 858 set of namespaces that the term applies 859 to. The term is applied to the union 860 of the namespaces selected by this 861 field and the ones listed in the namespaces 862 field. null selector and null or empty 863 namespaces list means "this pod's 864 namespace". An empty selector ({}) 865 matches all namespaces. 866 properties: 867 matchExpressions: 868 description: matchExpressions is 869 a list of label selector requirements. 870 The requirements are ANDed. 871 items: 872 description: A label selector 873 requirement is a selector that 874 contains values, a key, and 875 an operator that relates the 876 key and values. 877 properties: 878 key: 879 description: key is the label 880 key that the selector applies 881 to. 882 type: string 883 operator: 884 description: operator represents 885 a key's relationship to 886 a set of values. Valid operators 887 are In, NotIn, Exists and 888 DoesNotExist. 889 type: string 890 values: 891 description: values is an 892 array of string values. 893 If the operator is In or 894 NotIn, the values array 895 must be non-empty. If the 896 operator is Exists or DoesNotExist, 897 the values array must be 898 empty. This array is replaced 899 during a strategic merge 900 patch. 901 items: 902 type: string 903 type: array 904 required: 905 - key 906 - operator 907 type: object 908 type: array 909 matchLabels: 910 additionalProperties: 911 type: string 912 description: matchLabels is a map 913 of {key,value} pairs. A single 914 {key,value} in the matchLabels 915 map is equivalent to an element 916 of matchExpressions, whose key 917 field is "key", the operator is 918 "In", and the values array contains 919 only "value". The requirements 920 are ANDed. 921 type: object 922 type: object 923 namespaces: 924 description: namespaces specifies a 925 static list of namespace names that 926 the term applies to. The term is applied 927 to the union of the namespaces listed 928 in this field and the ones selected 929 by namespaceSelector. null or empty 930 namespaces list and null namespaceSelector 931 means "this pod's namespace". 932 items: 933 type: string 934 type: array 935 topologyKey: 936 description: This pod should be co-located 937 (affinity) or not co-located (anti-affinity) 938 with the pods matching the labelSelector 939 in the specified namespaces, where 940 co-located is defined as running on 941 a node whose value of the label with 942 key topologyKey matches that of any 943 node on which any of the selected 944 pods is running. Empty topologyKey 945 is not allowed. 946 type: string 947 required: 948 - topologyKey 949 type: object 950 weight: 951 description: weight associated with matching 952 the corresponding podAffinityTerm, in 953 the range 1-100. 954 format: int32 955 type: integer 956 required: 957 - podAffinityTerm 958 - weight 959 type: object 960 type: array 961 requiredDuringSchedulingIgnoredDuringExecution: 962 description: If the affinity requirements specified 963 by this field are not met at scheduling time, 964 the pod will not be scheduled onto the node. 965 If the affinity requirements specified by this 966 field cease to be met at some point during pod 967 execution (e.g. due to a pod label update), 968 the system may or may not try to eventually 969 evict the pod from its node. When there are 970 multiple elements, the lists of nodes corresponding 971 to each podAffinityTerm are intersected, i.e. 972 all terms must be satisfied. 973 items: 974 description: Defines a set of pods (namely those 975 matching the labelSelector relative to the 976 given namespace(s)) that this pod should be 977 co-located (affinity) or not co-located (anti-affinity) 978 with, where co-located is defined as running 979 on a node whose value of the label with key 980 <topologyKey> matches that of any node on 981 which a pod of the set of pods is running 982 properties: 983 labelSelector: 984 description: A label query over a set of 985 resources, in this case pods. 986 properties: 987 matchExpressions: 988 description: matchExpressions is a list 989 of label selector requirements. The 990 requirements are ANDed. 991 items: 992 description: A label selector requirement 993 is a selector that contains values, 994 a key, and an operator that relates 995 the key and values. 996 properties: 997 key: 998 description: key is the label 999 key that the selector applies 1000 to. 1001 type: string 1002 operator: 1003 description: operator represents 1004 a key's relationship to a set 1005 of values. Valid operators are 1006 In, NotIn, Exists and DoesNotExist. 1007 type: string 1008 values: 1009 description: values is an array 1010 of string values. If the operator 1011 is In or NotIn, the values array 1012 must be non-empty. If the operator 1013 is Exists or DoesNotExist, the 1014 values array must be empty. 1015 This array is replaced during 1016 a strategic merge patch. 1017 items: 1018 type: string 1019 type: array 1020 required: 1021 - key 1022 - operator 1023 type: object 1024 type: array 1025 matchLabels: 1026 additionalProperties: 1027 type: string 1028 description: matchLabels is a map of 1029 {key,value} pairs. A single {key,value} 1030 in the matchLabels map is equivalent 1031 to an element of matchExpressions, 1032 whose key field is "key", the operator 1033 is "In", and the values array contains 1034 only "value". The requirements are 1035 ANDed. 1036 type: object 1037 type: object 1038 namespaceSelector: 1039 description: A label query over the set 1040 of namespaces that the term applies to. 1041 The term is applied to the union of the 1042 namespaces selected by this field and 1043 the ones listed in the namespaces field. 1044 null selector and null or empty namespaces 1045 list means "this pod's namespace". An 1046 empty selector ({}) matches all namespaces. 1047 properties: 1048 matchExpressions: 1049 description: matchExpressions is a list 1050 of label selector requirements. The 1051 requirements are ANDed. 1052 items: 1053 description: A label selector requirement 1054 is a selector that contains values, 1055 a key, and an operator that relates 1056 the key and values. 1057 properties: 1058 key: 1059 description: key is the label 1060 key that the selector applies 1061 to. 1062 type: string 1063 operator: 1064 description: operator represents 1065 a key's relationship to a set 1066 of values. Valid operators are 1067 In, NotIn, Exists and DoesNotExist. 1068 type: string 1069 values: 1070 description: values is an array 1071 of string values. If the operator 1072 is In or NotIn, the values array 1073 must be non-empty. If the operator 1074 is Exists or DoesNotExist, the 1075 values array must be empty. 1076 This array is replaced during 1077 a strategic merge patch. 1078 items: 1079 type: string 1080 type: array 1081 required: 1082 - key 1083 - operator 1084 type: object 1085 type: array 1086 matchLabels: 1087 additionalProperties: 1088 type: string 1089 description: matchLabels is a map of 1090 {key,value} pairs. A single {key,value} 1091 in the matchLabels map is equivalent 1092 to an element of matchExpressions, 1093 whose key field is "key", the operator 1094 is "In", and the values array contains 1095 only "value". The requirements are 1096 ANDed. 1097 type: object 1098 type: object 1099 namespaces: 1100 description: namespaces specifies a static 1101 list of namespace names that the term 1102 applies to. The term is applied to the 1103 union of the namespaces listed in this 1104 field and the ones selected by namespaceSelector. 1105 null or empty namespaces list and null 1106 namespaceSelector means "this pod's namespace". 1107 items: 1108 type: string 1109 type: array 1110 topologyKey: 1111 description: This pod should be co-located 1112 (affinity) or not co-located (anti-affinity) 1113 with the pods matching the labelSelector 1114 in the specified namespaces, where co-located 1115 is defined as running on a node whose 1116 value of the label with key topologyKey 1117 matches that of any node on which any 1118 of the selected pods is running. Empty 1119 topologyKey is not allowed. 1120 type: string 1121 required: 1122 - topologyKey 1123 type: object 1124 type: array 1125 type: object 1126 podAntiAffinity: 1127 description: Describes pod anti-affinity scheduling 1128 rules (e.g. avoid putting this pod in the same node, 1129 zone, etc. as some other pod(s)). 1130 properties: 1131 preferredDuringSchedulingIgnoredDuringExecution: 1132 description: The scheduler will prefer to schedule 1133 pods to nodes that satisfy the anti-affinity 1134 expressions specified by this field, but it 1135 may choose a node that violates one or more 1136 of the expressions. The node that is most preferred 1137 is the one with the greatest sum of weights, 1138 i.e. for each node that meets all of the scheduling 1139 requirements (resource request, requiredDuringScheduling 1140 anti-affinity expressions, etc.), compute a 1141 sum by iterating through the elements of this 1142 field and adding "weight" to the sum if the 1143 node has pods which matches the corresponding 1144 podAffinityTerm; the node(s) with the highest 1145 sum are the most preferred. 1146 items: 1147 description: The weights of all of the matched 1148 WeightedPodAffinityTerm fields are added per-node 1149 to find the most preferred node(s) 1150 properties: 1151 podAffinityTerm: 1152 description: Required. A pod affinity term, 1153 associated with the corresponding weight. 1154 properties: 1155 labelSelector: 1156 description: A label query over a set 1157 of resources, in this case pods. 1158 properties: 1159 matchExpressions: 1160 description: matchExpressions is 1161 a list of label selector requirements. 1162 The requirements are ANDed. 1163 items: 1164 description: A label selector 1165 requirement is a selector that 1166 contains values, a key, and 1167 an operator that relates the 1168 key and values. 1169 properties: 1170 key: 1171 description: key is the label 1172 key that the selector applies 1173 to. 1174 type: string 1175 operator: 1176 description: operator represents 1177 a key's relationship to 1178 a set of values. Valid operators 1179 are In, NotIn, Exists and 1180 DoesNotExist. 1181 type: string 1182 values: 1183 description: values is an 1184 array of string values. 1185 If the operator is In or 1186 NotIn, the values array 1187 must be non-empty. If the 1188 operator is Exists or DoesNotExist, 1189 the values array must be 1190 empty. This array is replaced 1191 during a strategic merge 1192 patch. 1193 items: 1194 type: string 1195 type: array 1196 required: 1197 - key 1198 - operator 1199 type: object 1200 type: array 1201 matchLabels: 1202 additionalProperties: 1203 type: string 1204 description: matchLabels is a map 1205 of {key,value} pairs. A single 1206 {key,value} in the matchLabels 1207 map is equivalent to an element 1208 of matchExpressions, whose key 1209 field is "key", the operator is 1210 "In", and the values array contains 1211 only "value". The requirements 1212 are ANDed. 1213 type: object 1214 type: object 1215 namespaceSelector: 1216 description: A label query over the 1217 set of namespaces that the term applies 1218 to. The term is applied to the union 1219 of the namespaces selected by this 1220 field and the ones listed in the namespaces 1221 field. null selector and null or empty 1222 namespaces list means "this pod's 1223 namespace". An empty selector ({}) 1224 matches all namespaces. 1225 properties: 1226 matchExpressions: 1227 description: matchExpressions is 1228 a list of label selector requirements. 1229 The requirements are ANDed. 1230 items: 1231 description: A label selector 1232 requirement is a selector that 1233 contains values, a key, and 1234 an operator that relates the 1235 key and values. 1236 properties: 1237 key: 1238 description: key is the label 1239 key that the selector applies 1240 to. 1241 type: string 1242 operator: 1243 description: operator represents 1244 a key's relationship to 1245 a set of values. Valid operators 1246 are In, NotIn, Exists and 1247 DoesNotExist. 1248 type: string 1249 values: 1250 description: values is an 1251 array of string values. 1252 If the operator is In or 1253 NotIn, the values array 1254 must be non-empty. If the 1255 operator is Exists or DoesNotExist, 1256 the values array must be 1257 empty. This array is replaced 1258 during a strategic merge 1259 patch. 1260 items: 1261 type: string 1262 type: array 1263 required: 1264 - key 1265 - operator 1266 type: object 1267 type: array 1268 matchLabels: 1269 additionalProperties: 1270 type: string 1271 description: matchLabels is a map 1272 of {key,value} pairs. A single 1273 {key,value} in the matchLabels 1274 map is equivalent to an element 1275 of matchExpressions, whose key 1276 field is "key", the operator is 1277 "In", and the values array contains 1278 only "value". The requirements 1279 are ANDed. 1280 type: object 1281 type: object 1282 namespaces: 1283 description: namespaces specifies a 1284 static list of namespace names that 1285 the term applies to. The term is applied 1286 to the union of the namespaces listed 1287 in this field and the ones selected 1288 by namespaceSelector. null or empty 1289 namespaces list and null namespaceSelector 1290 means "this pod's namespace". 1291 items: 1292 type: string 1293 type: array 1294 topologyKey: 1295 description: This pod should be co-located 1296 (affinity) or not co-located (anti-affinity) 1297 with the pods matching the labelSelector 1298 in the specified namespaces, where 1299 co-located is defined as running on 1300 a node whose value of the label with 1301 key topologyKey matches that of any 1302 node on which any of the selected 1303 pods is running. Empty topologyKey 1304 is not allowed. 1305 type: string 1306 required: 1307 - topologyKey 1308 type: object 1309 weight: 1310 description: weight associated with matching 1311 the corresponding podAffinityTerm, in 1312 the range 1-100. 1313 format: int32 1314 type: integer 1315 required: 1316 - podAffinityTerm 1317 - weight 1318 type: object 1319 type: array 1320 requiredDuringSchedulingIgnoredDuringExecution: 1321 description: If the anti-affinity requirements 1322 specified by this field are not met at scheduling 1323 time, the pod will not be scheduled onto the 1324 node. If the anti-affinity requirements specified 1325 by this field cease to be met at some point 1326 during pod execution (e.g. due to a pod label 1327 update), the system may or may not try to eventually 1328 evict the pod from its node. When there are 1329 multiple elements, the lists of nodes corresponding 1330 to each podAffinityTerm are intersected, i.e. 1331 all terms must be satisfied. 1332 items: 1333 description: Defines a set of pods (namely those 1334 matching the labelSelector relative to the 1335 given namespace(s)) that this pod should be 1336 co-located (affinity) or not co-located (anti-affinity) 1337 with, where co-located is defined as running 1338 on a node whose value of the label with key 1339 <topologyKey> matches that of any node on 1340 which a pod of the set of pods is running 1341 properties: 1342 labelSelector: 1343 description: A label query over a set of 1344 resources, in this case pods. 1345 properties: 1346 matchExpressions: 1347 description: matchExpressions is a list 1348 of label selector requirements. The 1349 requirements are ANDed. 1350 items: 1351 description: A label selector requirement 1352 is a selector that contains values, 1353 a key, and an operator that relates 1354 the key and values. 1355 properties: 1356 key: 1357 description: key is the label 1358 key that the selector applies 1359 to. 1360 type: string 1361 operator: 1362 description: operator represents 1363 a key's relationship to a set 1364 of values. Valid operators are 1365 In, NotIn, Exists and DoesNotExist. 1366 type: string 1367 values: 1368 description: values is an array 1369 of string values. If the operator 1370 is In or NotIn, the values array 1371 must be non-empty. If the operator 1372 is Exists or DoesNotExist, the 1373 values array must be empty. 1374 This array is replaced during 1375 a strategic merge patch. 1376 items: 1377 type: string 1378 type: array 1379 required: 1380 - key 1381 - operator 1382 type: object 1383 type: array 1384 matchLabels: 1385 additionalProperties: 1386 type: string 1387 description: matchLabels is a map of 1388 {key,value} pairs. A single {key,value} 1389 in the matchLabels map is equivalent 1390 to an element of matchExpressions, 1391 whose key field is "key", the operator 1392 is "In", and the values array contains 1393 only "value". The requirements are 1394 ANDed. 1395 type: object 1396 type: object 1397 namespaceSelector: 1398 description: A label query over the set 1399 of namespaces that the term applies to. 1400 The term is applied to the union of the 1401 namespaces selected by this field and 1402 the ones listed in the namespaces field. 1403 null selector and null or empty namespaces 1404 list means "this pod's namespace". An 1405 empty selector ({}) matches all namespaces. 1406 properties: 1407 matchExpressions: 1408 description: matchExpressions is a list 1409 of label selector requirements. The 1410 requirements are ANDed. 1411 items: 1412 description: A label selector requirement 1413 is a selector that contains values, 1414 a key, and an operator that relates 1415 the key and values. 1416 properties: 1417 key: 1418 description: key is the label 1419 key that the selector applies 1420 to. 1421 type: string 1422 operator: 1423 description: operator represents 1424 a key's relationship to a set 1425 of values. Valid operators are 1426 In, NotIn, Exists and DoesNotExist. 1427 type: string 1428 values: 1429 description: values is an array 1430 of string values. If the operator 1431 is In or NotIn, the values array 1432 must be non-empty. If the operator 1433 is Exists or DoesNotExist, the 1434 values array must be empty. 1435 This array is replaced during 1436 a strategic merge patch. 1437 items: 1438 type: string 1439 type: array 1440 required: 1441 - key 1442 - operator 1443 type: object 1444 type: array 1445 matchLabels: 1446 additionalProperties: 1447 type: string 1448 description: matchLabels is a map of 1449 {key,value} pairs. A single {key,value} 1450 in the matchLabels map is equivalent 1451 to an element of matchExpressions, 1452 whose key field is "key", the operator 1453 is "In", and the values array contains 1454 only "value". The requirements are 1455 ANDed. 1456 type: object 1457 type: object 1458 namespaces: 1459 description: namespaces specifies a static 1460 list of namespace names that the term 1461 applies to. The term is applied to the 1462 union of the namespaces listed in this 1463 field and the ones selected by namespaceSelector. 1464 null or empty namespaces list and null 1465 namespaceSelector means "this pod's namespace". 1466 items: 1467 type: string 1468 type: array 1469 topologyKey: 1470 description: This pod should be co-located 1471 (affinity) or not co-located (anti-affinity) 1472 with the pods matching the labelSelector 1473 in the specified namespaces, where co-located 1474 is defined as running on a node whose 1475 value of the label with key topologyKey 1476 matches that of any node on which any 1477 of the selected pods is running. Empty 1478 topologyKey is not allowed. 1479 type: string 1480 required: 1481 - topologyKey 1482 type: object 1483 type: array 1484 type: object 1485 type: object 1486 automountServiceAccountToken: 1487 description: AutomountServiceAccountToken indicates whether 1488 a service account token should be automatically mounted. 1489 type: boolean 1490 containers: 1491 description: List of containers belonging to the pod. 1492 Containers cannot currently be added or removed. There 1493 must be at least one container in a Pod. Cannot be updated. 1494 items: 1495 description: A single application container that you 1496 want to run within a pod. 1497 properties: 1498 args: 1499 description: 'Arguments to the entrypoint. The container 1500 image''s CMD is used if this is not provided. 1501 Variable references $(VAR_NAME) are expanded using 1502 the container''s environment. If a variable cannot 1503 be resolved, the reference in the input string 1504 will be unchanged. Double $$ are reduced to a 1505 single $, which allows for escaping the $(VAR_NAME) 1506 syntax: i.e. "$$(VAR_NAME)" will produce the string 1507 literal "$(VAR_NAME)". Escaped references will 1508 never be expanded, regardless of whether the variable 1509 exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1510 items: 1511 type: string 1512 type: array 1513 command: 1514 description: 'Entrypoint array. Not executed within 1515 a shell. The container image''s ENTRYPOINT is 1516 used if this is not provided. Variable references 1517 $(VAR_NAME) are expanded using the container''s 1518 environment. If a variable cannot be resolved, 1519 the reference in the input string will be unchanged. 1520 Double $$ are reduced to a single $, which allows 1521 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1522 will produce the string literal "$(VAR_NAME)". 1523 Escaped references will never be expanded, regardless 1524 of whether the variable exists or not. Cannot 1525 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1526 items: 1527 type: string 1528 type: array 1529 env: 1530 description: List of environment variables to set 1531 in the container. Cannot be updated. 1532 items: 1533 description: EnvVar represents an environment 1534 variable present in a Container. 1535 properties: 1536 name: 1537 description: Name of the environment variable. 1538 Must be a C_IDENTIFIER. 1539 type: string 1540 value: 1541 description: 'Variable references $(VAR_NAME) 1542 are expanded using the previously defined 1543 environment variables in the container and 1544 any service environment variables. If a 1545 variable cannot be resolved, the reference 1546 in the input string will be unchanged. Double 1547 $$ are reduced to a single $, which allows 1548 for escaping the $(VAR_NAME) syntax: i.e. 1549 "$$(VAR_NAME)" will produce the string literal 1550 "$(VAR_NAME)". Escaped references will never 1551 be expanded, regardless of whether the variable 1552 exists or not. Defaults to "".' 1553 type: string 1554 valueFrom: 1555 description: Source for the environment variable's 1556 value. Cannot be used if value is not empty. 1557 properties: 1558 configMapKeyRef: 1559 description: Selects a key of a ConfigMap. 1560 properties: 1561 key: 1562 description: The key to select. 1563 type: string 1564 name: 1565 description: 'Name of the referent. 1566 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1567 TODO: Add other useful fields. apiVersion, 1568 kind, uid?' 1569 type: string 1570 optional: 1571 description: Specify whether the ConfigMap 1572 or its key must be defined 1573 type: boolean 1574 required: 1575 - key 1576 type: object 1577 fieldRef: 1578 description: 'Selects a field of the pod: 1579 supports metadata.name, metadata.namespace, 1580 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 1581 spec.nodeName, spec.serviceAccountName, 1582 status.hostIP, status.podIP, status.podIPs.' 1583 properties: 1584 apiVersion: 1585 description: Version of the schema 1586 the FieldPath is written in terms 1587 of, defaults to "v1". 1588 type: string 1589 fieldPath: 1590 description: Path of the field to 1591 select in the specified API version. 1592 type: string 1593 required: 1594 - fieldPath 1595 type: object 1596 resourceFieldRef: 1597 description: 'Selects a resource of the 1598 container: only resources limits and 1599 requests (limits.cpu, limits.memory, 1600 limits.ephemeral-storage, requests.cpu, 1601 requests.memory and requests.ephemeral-storage) 1602 are currently supported.' 1603 properties: 1604 containerName: 1605 description: 'Container name: required 1606 for volumes, optional for env vars' 1607 type: string 1608 divisor: 1609 anyOf: 1610 - type: integer 1611 - type: string 1612 description: Specifies the output 1613 format of the exposed resources, 1614 defaults to "1" 1615 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1616 x-kubernetes-int-or-string: true 1617 resource: 1618 description: 'Required: resource to 1619 select' 1620 type: string 1621 required: 1622 - resource 1623 type: object 1624 secretKeyRef: 1625 description: Selects a key of a secret 1626 in the pod's namespace 1627 properties: 1628 key: 1629 description: The key of the secret 1630 to select from. Must be a valid 1631 secret key. 1632 type: string 1633 name: 1634 description: 'Name of the referent. 1635 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1636 TODO: Add other useful fields. apiVersion, 1637 kind, uid?' 1638 type: string 1639 optional: 1640 description: Specify whether the Secret 1641 or its key must be defined 1642 type: boolean 1643 required: 1644 - key 1645 type: object 1646 type: object 1647 required: 1648 - name 1649 type: object 1650 type: array 1651 envFrom: 1652 description: List of sources to populate environment 1653 variables in the container. The keys defined within 1654 a source must be a C_IDENTIFIER. All invalid keys 1655 will be reported as an event when the container 1656 is starting. When a key exists in multiple sources, 1657 the value associated with the last source will 1658 take precedence. Values defined by an Env with 1659 a duplicate key will take precedence. Cannot be 1660 updated. 1661 items: 1662 description: EnvFromSource represents the source 1663 of a set of ConfigMaps 1664 properties: 1665 configMapRef: 1666 description: The ConfigMap to select from 1667 properties: 1668 name: 1669 description: 'Name of the referent. More 1670 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1671 TODO: Add other useful fields. apiVersion, 1672 kind, uid?' 1673 type: string 1674 optional: 1675 description: Specify whether the ConfigMap 1676 must be defined 1677 type: boolean 1678 type: object 1679 prefix: 1680 description: An optional identifier to prepend 1681 to each key in the ConfigMap. Must be a 1682 C_IDENTIFIER. 1683 type: string 1684 secretRef: 1685 description: The Secret to select from 1686 properties: 1687 name: 1688 description: 'Name of the referent. More 1689 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1690 TODO: Add other useful fields. apiVersion, 1691 kind, uid?' 1692 type: string 1693 optional: 1694 description: Specify whether the Secret 1695 must be defined 1696 type: boolean 1697 type: object 1698 type: object 1699 type: array 1700 image: 1701 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 1702 This field is optional to allow higher level config 1703 management to default or override container images 1704 in workload controllers like Deployments and StatefulSets.' 1705 type: string 1706 imagePullPolicy: 1707 description: 'Image pull policy. One of Always, 1708 Never, IfNotPresent. Defaults to Always if :latest 1709 tag is specified, or IfNotPresent otherwise. Cannot 1710 be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1711 type: string 1712 lifecycle: 1713 description: Actions that the management system 1714 should take in response to container lifecycle 1715 events. Cannot be updated. 1716 properties: 1717 postStart: 1718 description: 'PostStart is called immediately 1719 after a container is created. If the handler 1720 fails, the container is terminated and restarted 1721 according to its restart policy. Other management 1722 of the container blocks until the hook completes. 1723 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1724 properties: 1725 exec: 1726 description: Exec specifies the action to 1727 take. 1728 properties: 1729 command: 1730 description: Command is the command 1731 line to execute inside the container, 1732 the working directory for the command is 1733 root ('/') in the container's filesystem. 1734 The command is simply exec'd, it is 1735 not run inside a shell, so traditional 1736 shell instructions ('|', etc) won't 1737 work. To use a shell, you need to 1738 explicitly call out to that shell. 1739 Exit status of 0 is treated as live/healthy 1740 and non-zero is unhealthy. 1741 items: 1742 type: string 1743 type: array 1744 type: object 1745 httpGet: 1746 description: HTTPGet specifies the http 1747 request to perform. 1748 properties: 1749 host: 1750 description: Host name to connect to, 1751 defaults to the pod IP. You probably 1752 want to set "Host" in httpHeaders 1753 instead. 1754 type: string 1755 httpHeaders: 1756 description: Custom headers to set in 1757 the request. HTTP allows repeated 1758 headers. 1759 items: 1760 description: HTTPHeader describes 1761 a custom header to be used in HTTP 1762 probes 1763 properties: 1764 name: 1765 description: The header field 1766 name 1767 type: string 1768 value: 1769 description: The header field 1770 value 1771 type: string 1772 required: 1773 - name 1774 - value 1775 type: object 1776 type: array 1777 path: 1778 description: Path to access on the HTTP 1779 server. 1780 type: string 1781 port: 1782 anyOf: 1783 - type: integer 1784 - type: string 1785 description: Name or number of the port 1786 to access on the container. Number 1787 must be in the range 1 to 65535. Name 1788 must be an IANA_SVC_NAME. 1789 x-kubernetes-int-or-string: true 1790 scheme: 1791 description: Scheme to use for connecting 1792 to the host. Defaults to HTTP. 1793 type: string 1794 required: 1795 - port 1796 type: object 1797 tcpSocket: 1798 description: Deprecated. TCPSocket is NOT 1799 supported as a LifecycleHandler and kept 1800 for the backward compatibility. There 1801 are no validation of this field and lifecycle 1802 hooks will fail in runtime when tcp handler 1803 is specified. 1804 properties: 1805 host: 1806 description: 'Optional: Host name to 1807 connect to, defaults to the pod IP.' 1808 type: string 1809 port: 1810 anyOf: 1811 - type: integer 1812 - type: string 1813 description: Number or name of the port 1814 to access on the container. Number 1815 must be in the range 1 to 65535. Name 1816 must be an IANA_SVC_NAME. 1817 x-kubernetes-int-or-string: true 1818 required: 1819 - port 1820 type: object 1821 type: object 1822 preStop: 1823 description: 'PreStop is called immediately 1824 before a container is terminated due to an 1825 API request or management event such as liveness/startup 1826 probe failure, preemption, resource contention, 1827 etc. The handler is not called if the container 1828 crashes or exits. The Pod''s termination grace 1829 period countdown begins before the PreStop 1830 hook is executed. Regardless of the outcome 1831 of the handler, the container will eventually 1832 terminate within the Pod''s termination grace 1833 period (unless delayed by finalizers). Other 1834 management of the container blocks until the 1835 hook completes or until the termination grace 1836 period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1837 properties: 1838 exec: 1839 description: Exec specifies the action to 1840 take. 1841 properties: 1842 command: 1843 description: Command is the command 1844 line to execute inside the container, 1845 the working directory for the command is 1846 root ('/') in the container's filesystem. 1847 The command is simply exec'd, it is 1848 not run inside a shell, so traditional 1849 shell instructions ('|', etc) won't 1850 work. To use a shell, you need to 1851 explicitly call out to that shell. 1852 Exit status of 0 is treated as live/healthy 1853 and non-zero is unhealthy. 1854 items: 1855 type: string 1856 type: array 1857 type: object 1858 httpGet: 1859 description: HTTPGet specifies the http 1860 request to perform. 1861 properties: 1862 host: 1863 description: Host name to connect to, 1864 defaults to the pod IP. You probably 1865 want to set "Host" in httpHeaders 1866 instead. 1867 type: string 1868 httpHeaders: 1869 description: Custom headers to set in 1870 the request. HTTP allows repeated 1871 headers. 1872 items: 1873 description: HTTPHeader describes 1874 a custom header to be used in HTTP 1875 probes 1876 properties: 1877 name: 1878 description: The header field 1879 name 1880 type: string 1881 value: 1882 description: The header field 1883 value 1884 type: string 1885 required: 1886 - name 1887 - value 1888 type: object 1889 type: array 1890 path: 1891 description: Path to access on the HTTP 1892 server. 1893 type: string 1894 port: 1895 anyOf: 1896 - type: integer 1897 - type: string 1898 description: Name or number of the port 1899 to access on the container. Number 1900 must be in the range 1 to 65535. Name 1901 must be an IANA_SVC_NAME. 1902 x-kubernetes-int-or-string: true 1903 scheme: 1904 description: Scheme to use for connecting 1905 to the host. Defaults to HTTP. 1906 type: string 1907 required: 1908 - port 1909 type: object 1910 tcpSocket: 1911 description: Deprecated. TCPSocket is NOT 1912 supported as a LifecycleHandler and kept 1913 for the backward compatibility. There 1914 are no validation of this field and lifecycle 1915 hooks will fail in runtime when tcp handler 1916 is specified. 1917 properties: 1918 host: 1919 description: 'Optional: Host name to 1920 connect to, defaults to the pod IP.' 1921 type: string 1922 port: 1923 anyOf: 1924 - type: integer 1925 - type: string 1926 description: Number or name of the port 1927 to access on the container. Number 1928 must be in the range 1 to 65535. Name 1929 must be an IANA_SVC_NAME. 1930 x-kubernetes-int-or-string: true 1931 required: 1932 - port 1933 type: object 1934 type: object 1935 type: object 1936 livenessProbe: 1937 description: 'Periodic probe of container liveness. 1938 Container will be restarted if the probe fails. 1939 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1940 properties: 1941 exec: 1942 description: Exec specifies the action to take. 1943 properties: 1944 command: 1945 description: Command is the command line 1946 to execute inside the container, the working 1947 directory for the command is root ('/') 1948 in the container's filesystem. The command 1949 is simply exec'd, it is not run inside 1950 a shell, so traditional shell instructions 1951 ('|', etc) won't work. To use a shell, 1952 you need to explicitly call out to that 1953 shell. Exit status of 0 is treated as 1954 live/healthy and non-zero is unhealthy. 1955 items: 1956 type: string 1957 type: array 1958 type: object 1959 failureThreshold: 1960 description: Minimum consecutive failures for 1961 the probe to be considered failed after having 1962 succeeded. Defaults to 3. Minimum value is 1963 1. 1964 format: int32 1965 type: integer 1966 grpc: 1967 description: GRPC specifies an action involving 1968 a GRPC port. This is a beta field and requires 1969 enabling GRPCContainerProbe feature gate. 1970 properties: 1971 port: 1972 description: Port number of the gRPC service. 1973 Number must be in the range 1 to 65535. 1974 format: int32 1975 type: integer 1976 service: 1977 description: "Service is the name of the 1978 service to place in the gRPC HealthCheckRequest 1979 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1980 \n If this is not specified, the default 1981 behavior is defined by gRPC." 1982 type: string 1983 required: 1984 - port 1985 type: object 1986 httpGet: 1987 description: HTTPGet specifies the http request 1988 to perform. 1989 properties: 1990 host: 1991 description: Host name to connect to, defaults 1992 to the pod IP. You probably want to set 1993 "Host" in httpHeaders instead. 1994 type: string 1995 httpHeaders: 1996 description: Custom headers to set in the 1997 request. HTTP allows repeated headers. 1998 items: 1999 description: HTTPHeader describes a custom 2000 header to be used in HTTP probes 2001 properties: 2002 name: 2003 description: The header field name 2004 type: string 2005 value: 2006 description: The header field value 2007 type: string 2008 required: 2009 - name 2010 - value 2011 type: object 2012 type: array 2013 path: 2014 description: Path to access on the HTTP 2015 server. 2016 type: string 2017 port: 2018 anyOf: 2019 - type: integer 2020 - type: string 2021 description: Name or number of the port 2022 to access on the container. Number must 2023 be in the range 1 to 65535. Name must 2024 be an IANA_SVC_NAME. 2025 x-kubernetes-int-or-string: true 2026 scheme: 2027 description: Scheme to use for connecting 2028 to the host. Defaults to HTTP. 2029 type: string 2030 required: 2031 - port 2032 type: object 2033 initialDelaySeconds: 2034 description: 'Number of seconds after the container 2035 has started before liveness probes are initiated. 2036 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2037 format: int32 2038 type: integer 2039 periodSeconds: 2040 description: How often (in seconds) to perform 2041 the probe. Default to 10 seconds. Minimum 2042 value is 1. 2043 format: int32 2044 type: integer 2045 successThreshold: 2046 description: Minimum consecutive successes for 2047 the probe to be considered successful after 2048 having failed. Defaults to 1. Must be 1 for 2049 liveness and startup. Minimum value is 1. 2050 format: int32 2051 type: integer 2052 tcpSocket: 2053 description: TCPSocket specifies an action involving 2054 a TCP port. 2055 properties: 2056 host: 2057 description: 'Optional: Host name to connect 2058 to, defaults to the pod IP.' 2059 type: string 2060 port: 2061 anyOf: 2062 - type: integer 2063 - type: string 2064 description: Number or name of the port 2065 to access on the container. Number must 2066 be in the range 1 to 65535. Name must 2067 be an IANA_SVC_NAME. 2068 x-kubernetes-int-or-string: true 2069 required: 2070 - port 2071 type: object 2072 terminationGracePeriodSeconds: 2073 description: Optional duration in seconds the 2074 pod needs to terminate gracefully upon probe 2075 failure. The grace period is the duration 2076 in seconds after the processes running in 2077 the pod are sent a termination signal and 2078 the time when the processes are forcibly halted 2079 with a kill signal. Set this value longer 2080 than the expected cleanup time for your process. 2081 If this value is nil, the pod's terminationGracePeriodSeconds 2082 will be used. Otherwise, this value overrides 2083 the value provided by the pod spec. Value 2084 must be non-negative integer. The value zero 2085 indicates stop immediately via the kill signal 2086 (no opportunity to shut down). This is a beta 2087 field and requires enabling ProbeTerminationGracePeriod 2088 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2089 is used if unset. 2090 format: int64 2091 type: integer 2092 timeoutSeconds: 2093 description: 'Number of seconds after which 2094 the probe times out. Defaults to 1 second. 2095 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2096 format: int32 2097 type: integer 2098 type: object 2099 name: 2100 description: Name of the container specified as 2101 a DNS_LABEL. Each container in a pod must have 2102 a unique name (DNS_LABEL). Cannot be updated. 2103 type: string 2104 ports: 2105 description: List of ports to expose from the container. 2106 Exposing a port here gives the system additional 2107 information about the network connections a container 2108 uses, but is primarily informational. Not specifying 2109 a port here DOES NOT prevent that port from being 2110 exposed. Any port which is listening on the default 2111 "0.0.0.0" address inside a container will be accessible 2112 from the network. Cannot be updated. 2113 items: 2114 description: ContainerPort represents a network 2115 port in a single container. 2116 properties: 2117 containerPort: 2118 description: Number of port to expose on the 2119 pod's IP address. This must be a valid port 2120 number, 0 < x < 65536. 2121 format: int32 2122 type: integer 2123 hostIP: 2124 description: What host IP to bind the external 2125 port to. 2126 type: string 2127 hostPort: 2128 description: Number of port to expose on the 2129 host. If specified, this must be a valid 2130 port number, 0 < x < 65536. If HostNetwork 2131 is specified, this must match ContainerPort. 2132 Most containers do not need this. 2133 format: int32 2134 type: integer 2135 name: 2136 description: If specified, this must be an 2137 IANA_SVC_NAME and unique within the pod. 2138 Each named port in a pod must have a unique 2139 name. Name for the port that can be referred 2140 to by services. 2141 type: string 2142 protocol: 2143 default: TCP 2144 description: Protocol for port. Must be UDP, 2145 TCP, or SCTP. Defaults to "TCP". 2146 type: string 2147 required: 2148 - containerPort 2149 type: object 2150 type: array 2151 x-kubernetes-list-map-keys: 2152 - containerPort 2153 - protocol 2154 x-kubernetes-list-type: map 2155 readinessProbe: 2156 description: 'Periodic probe of container service 2157 readiness. Container will be removed from service 2158 endpoints if the probe fails. Cannot be updated. 2159 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2160 properties: 2161 exec: 2162 description: Exec specifies the action to take. 2163 properties: 2164 command: 2165 description: Command is the command line 2166 to execute inside the container, the working 2167 directory for the command is root ('/') 2168 in the container's filesystem. The command 2169 is simply exec'd, it is not run inside 2170 a shell, so traditional shell instructions 2171 ('|', etc) won't work. To use a shell, 2172 you need to explicitly call out to that 2173 shell. Exit status of 0 is treated as 2174 live/healthy and non-zero is unhealthy. 2175 items: 2176 type: string 2177 type: array 2178 type: object 2179 failureThreshold: 2180 description: Minimum consecutive failures for 2181 the probe to be considered failed after having 2182 succeeded. Defaults to 3. Minimum value is 2183 1. 2184 format: int32 2185 type: integer 2186 grpc: 2187 description: GRPC specifies an action involving 2188 a GRPC port. This is a beta field and requires 2189 enabling GRPCContainerProbe feature gate. 2190 properties: 2191 port: 2192 description: Port number of the gRPC service. 2193 Number must be in the range 1 to 65535. 2194 format: int32 2195 type: integer 2196 service: 2197 description: "Service is the name of the 2198 service to place in the gRPC HealthCheckRequest 2199 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2200 \n If this is not specified, the default 2201 behavior is defined by gRPC." 2202 type: string 2203 required: 2204 - port 2205 type: object 2206 httpGet: 2207 description: HTTPGet specifies the http request 2208 to perform. 2209 properties: 2210 host: 2211 description: Host name to connect to, defaults 2212 to the pod IP. You probably want to set 2213 "Host" in httpHeaders instead. 2214 type: string 2215 httpHeaders: 2216 description: Custom headers to set in the 2217 request. HTTP allows repeated headers. 2218 items: 2219 description: HTTPHeader describes a custom 2220 header to be used in HTTP probes 2221 properties: 2222 name: 2223 description: The header field name 2224 type: string 2225 value: 2226 description: The header field value 2227 type: string 2228 required: 2229 - name 2230 - value 2231 type: object 2232 type: array 2233 path: 2234 description: Path to access on the HTTP 2235 server. 2236 type: string 2237 port: 2238 anyOf: 2239 - type: integer 2240 - type: string 2241 description: Name or number of the port 2242 to access on the container. Number must 2243 be in the range 1 to 65535. Name must 2244 be an IANA_SVC_NAME. 2245 x-kubernetes-int-or-string: true 2246 scheme: 2247 description: Scheme to use for connecting 2248 to the host. Defaults to HTTP. 2249 type: string 2250 required: 2251 - port 2252 type: object 2253 initialDelaySeconds: 2254 description: 'Number of seconds after the container 2255 has started before liveness probes are initiated. 2256 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2257 format: int32 2258 type: integer 2259 periodSeconds: 2260 description: How often (in seconds) to perform 2261 the probe. Default to 10 seconds. Minimum 2262 value is 1. 2263 format: int32 2264 type: integer 2265 successThreshold: 2266 description: Minimum consecutive successes for 2267 the probe to be considered successful after 2268 having failed. Defaults to 1. Must be 1 for 2269 liveness and startup. Minimum value is 1. 2270 format: int32 2271 type: integer 2272 tcpSocket: 2273 description: TCPSocket specifies an action involving 2274 a TCP port. 2275 properties: 2276 host: 2277 description: 'Optional: Host name to connect 2278 to, defaults to the pod IP.' 2279 type: string 2280 port: 2281 anyOf: 2282 - type: integer 2283 - type: string 2284 description: Number or name of the port 2285 to access on the container. Number must 2286 be in the range 1 to 65535. Name must 2287 be an IANA_SVC_NAME. 2288 x-kubernetes-int-or-string: true 2289 required: 2290 - port 2291 type: object 2292 terminationGracePeriodSeconds: 2293 description: Optional duration in seconds the 2294 pod needs to terminate gracefully upon probe 2295 failure. The grace period is the duration 2296 in seconds after the processes running in 2297 the pod are sent a termination signal and 2298 the time when the processes are forcibly halted 2299 with a kill signal. Set this value longer 2300 than the expected cleanup time for your process. 2301 If this value is nil, the pod's terminationGracePeriodSeconds 2302 will be used. Otherwise, this value overrides 2303 the value provided by the pod spec. Value 2304 must be non-negative integer. The value zero 2305 indicates stop immediately via the kill signal 2306 (no opportunity to shut down). This is a beta 2307 field and requires enabling ProbeTerminationGracePeriod 2308 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2309 is used if unset. 2310 format: int64 2311 type: integer 2312 timeoutSeconds: 2313 description: 'Number of seconds after which 2314 the probe times out. Defaults to 1 second. 2315 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2316 format: int32 2317 type: integer 2318 type: object 2319 resources: 2320 description: 'Compute Resources required by this 2321 container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2322 properties: 2323 limits: 2324 additionalProperties: 2325 anyOf: 2326 - type: integer 2327 - type: string 2328 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2329 x-kubernetes-int-or-string: true 2330 description: 'Limits describes the maximum amount 2331 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2332 type: object 2333 requests: 2334 additionalProperties: 2335 anyOf: 2336 - type: integer 2337 - type: string 2338 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2339 x-kubernetes-int-or-string: true 2340 description: 'Requests describes the minimum 2341 amount of compute resources required. If Requests 2342 is omitted for a container, it defaults to 2343 Limits if that is explicitly specified, otherwise 2344 to an implementation-defined value. More info: 2345 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2346 type: object 2347 type: object 2348 securityContext: 2349 description: 'SecurityContext defines the security 2350 options the container should be run with. If set, 2351 the fields of SecurityContext override the equivalent 2352 fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2353 properties: 2354 allowPrivilegeEscalation: 2355 description: 'AllowPrivilegeEscalation controls 2356 whether a process can gain more privileges 2357 than its parent process. This bool directly 2358 controls if the no_new_privs flag will be 2359 set on the container process. AllowPrivilegeEscalation 2360 is true always when the container is: 1) run 2361 as Privileged 2) has CAP_SYS_ADMIN Note that 2362 this field cannot be set when spec.os.name 2363 is windows.' 2364 type: boolean 2365 capabilities: 2366 description: The capabilities to add/drop when 2367 running containers. Defaults to the default 2368 set of capabilities granted by the container 2369 runtime. Note that this field cannot be set 2370 when spec.os.name is windows. 2371 properties: 2372 add: 2373 description: Added capabilities 2374 items: 2375 description: Capability represent POSIX 2376 capabilities type 2377 type: string 2378 type: array 2379 drop: 2380 description: Removed capabilities 2381 items: 2382 description: Capability represent POSIX 2383 capabilities type 2384 type: string 2385 type: array 2386 type: object 2387 privileged: 2388 description: Run container in privileged mode. 2389 Processes in privileged containers are essentially 2390 equivalent to root on the host. Defaults to 2391 false. Note that this field cannot be set 2392 when spec.os.name is windows. 2393 type: boolean 2394 procMount: 2395 description: procMount denotes the type of proc 2396 mount to use for the containers. The default 2397 is DefaultProcMount which uses the container 2398 runtime defaults for readonly paths and masked 2399 paths. This requires the ProcMountType feature 2400 flag to be enabled. Note that this field cannot 2401 be set when spec.os.name is windows. 2402 type: string 2403 readOnlyRootFilesystem: 2404 description: Whether this container has a read-only 2405 root filesystem. Default is false. Note that 2406 this field cannot be set when spec.os.name 2407 is windows. 2408 type: boolean 2409 runAsGroup: 2410 description: The GID to run the entrypoint of 2411 the container process. Uses runtime default 2412 if unset. May also be set in PodSecurityContext. If 2413 set in both SecurityContext and PodSecurityContext, 2414 the value specified in SecurityContext takes 2415 precedence. Note that this field cannot be 2416 set when spec.os.name is windows. 2417 format: int64 2418 type: integer 2419 runAsNonRoot: 2420 description: Indicates that the container must 2421 run as a non-root user. If true, the Kubelet 2422 will validate the image at runtime to ensure 2423 that it does not run as UID 0 (root) and fail 2424 to start the container if it does. If unset 2425 or false, no such validation will be performed. 2426 May also be set in PodSecurityContext. If 2427 set in both SecurityContext and PodSecurityContext, 2428 the value specified in SecurityContext takes 2429 precedence. 2430 type: boolean 2431 runAsUser: 2432 description: The UID to run the entrypoint of 2433 the container process. Defaults to user specified 2434 in image metadata if unspecified. May also 2435 be set in PodSecurityContext. If set in both 2436 SecurityContext and PodSecurityContext, the 2437 value specified in SecurityContext takes precedence. 2438 Note that this field cannot be set when spec.os.name 2439 is windows. 2440 format: int64 2441 type: integer 2442 seLinuxOptions: 2443 description: The SELinux context to be applied 2444 to the container. If unspecified, the container 2445 runtime will allocate a random SELinux context 2446 for each container. May also be set in PodSecurityContext. If 2447 set in both SecurityContext and PodSecurityContext, 2448 the value specified in SecurityContext takes 2449 precedence. Note that this field cannot be 2450 set when spec.os.name is windows. 2451 properties: 2452 level: 2453 description: Level is SELinux level label 2454 that applies to the container. 2455 type: string 2456 role: 2457 description: Role is a SELinux role label 2458 that applies to the container. 2459 type: string 2460 type: 2461 description: Type is a SELinux type label 2462 that applies to the container. 2463 type: string 2464 user: 2465 description: User is a SELinux user label 2466 that applies to the container. 2467 type: string 2468 type: object 2469 seccompProfile: 2470 description: The seccomp options to use by this 2471 container. If seccomp options are provided 2472 at both the pod & container level, the container 2473 options override the pod options. Note that 2474 this field cannot be set when spec.os.name 2475 is windows. 2476 properties: 2477 localhostProfile: 2478 description: localhostProfile indicates 2479 a profile defined in a file on the node 2480 should be used. The profile must be preconfigured 2481 on the node to work. Must be a descending 2482 path, relative to the kubelet's configured 2483 seccomp profile location. Must only be 2484 set if type is "Localhost". 2485 type: string 2486 type: 2487 description: "type indicates which kind 2488 of seccomp profile will be applied. Valid 2489 options are: \n Localhost - a profile 2490 defined in a file on the node should be 2491 used. RuntimeDefault - the container runtime 2492 default profile should be used. Unconfined 2493 - no profile should be applied." 2494 type: string 2495 required: 2496 - type 2497 type: object 2498 windowsOptions: 2499 description: The Windows specific settings applied 2500 to all containers. If unspecified, the options 2501 from the PodSecurityContext will be used. 2502 If set in both SecurityContext and PodSecurityContext, 2503 the value specified in SecurityContext takes 2504 precedence. Note that this field cannot be 2505 set when spec.os.name is linux. 2506 properties: 2507 gmsaCredentialSpec: 2508 description: GMSACredentialSpec is where 2509 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2510 inlines the contents of the GMSA credential 2511 spec named by the GMSACredentialSpecName 2512 field. 2513 type: string 2514 gmsaCredentialSpecName: 2515 description: GMSACredentialSpecName is the 2516 name of the GMSA credential spec to use. 2517 type: string 2518 hostProcess: 2519 description: HostProcess determines if a 2520 container should be run as a 'Host Process' 2521 container. This field is alpha-level and 2522 will only be honored by components that 2523 enable the WindowsHostProcessContainers 2524 feature flag. Setting this field without 2525 the feature flag will result in errors 2526 when validating the Pod. All of a Pod's 2527 containers must have the same effective 2528 HostProcess value (it is not allowed to 2529 have a mix of HostProcess containers and 2530 non-HostProcess containers). In addition, 2531 if HostProcess is true then HostNetwork 2532 must also be set to true. 2533 type: boolean 2534 runAsUserName: 2535 description: The UserName in Windows to 2536 run the entrypoint of the container process. 2537 Defaults to the user specified in image 2538 metadata if unspecified. May also be set 2539 in PodSecurityContext. If set in both 2540 SecurityContext and PodSecurityContext, 2541 the value specified in SecurityContext 2542 takes precedence. 2543 type: string 2544 type: object 2545 type: object 2546 startupProbe: 2547 description: 'StartupProbe indicates that the Pod 2548 has successfully initialized. If specified, no 2549 other probes are executed until this completes 2550 successfully. If this probe fails, the Pod will 2551 be restarted, just as if the livenessProbe failed. 2552 This can be used to provide different probe parameters 2553 at the beginning of a Pod''s lifecycle, when it 2554 might take a long time to load data or warm a 2555 cache, than during steady-state operation. This 2556 cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2557 properties: 2558 exec: 2559 description: Exec specifies the action to take. 2560 properties: 2561 command: 2562 description: Command is the command line 2563 to execute inside the container, the working 2564 directory for the command is root ('/') 2565 in the container's filesystem. The command 2566 is simply exec'd, it is not run inside 2567 a shell, so traditional shell instructions 2568 ('|', etc) won't work. To use a shell, 2569 you need to explicitly call out to that 2570 shell. Exit status of 0 is treated as 2571 live/healthy and non-zero is unhealthy. 2572 items: 2573 type: string 2574 type: array 2575 type: object 2576 failureThreshold: 2577 description: Minimum consecutive failures for 2578 the probe to be considered failed after having 2579 succeeded. Defaults to 3. Minimum value is 2580 1. 2581 format: int32 2582 type: integer 2583 grpc: 2584 description: GRPC specifies an action involving 2585 a GRPC port. This is a beta field and requires 2586 enabling GRPCContainerProbe feature gate. 2587 properties: 2588 port: 2589 description: Port number of the gRPC service. 2590 Number must be in the range 1 to 65535. 2591 format: int32 2592 type: integer 2593 service: 2594 description: "Service is the name of the 2595 service to place in the gRPC HealthCheckRequest 2596 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2597 \n If this is not specified, the default 2598 behavior is defined by gRPC." 2599 type: string 2600 required: 2601 - port 2602 type: object 2603 httpGet: 2604 description: HTTPGet specifies the http request 2605 to perform. 2606 properties: 2607 host: 2608 description: Host name to connect to, defaults 2609 to the pod IP. You probably want to set 2610 "Host" in httpHeaders instead. 2611 type: string 2612 httpHeaders: 2613 description: Custom headers to set in the 2614 request. HTTP allows repeated headers. 2615 items: 2616 description: HTTPHeader describes a custom 2617 header to be used in HTTP probes 2618 properties: 2619 name: 2620 description: The header field name 2621 type: string 2622 value: 2623 description: The header field value 2624 type: string 2625 required: 2626 - name 2627 - value 2628 type: object 2629 type: array 2630 path: 2631 description: Path to access on the HTTP 2632 server. 2633 type: string 2634 port: 2635 anyOf: 2636 - type: integer 2637 - type: string 2638 description: Name or number of the port 2639 to access on the container. Number must 2640 be in the range 1 to 65535. Name must 2641 be an IANA_SVC_NAME. 2642 x-kubernetes-int-or-string: true 2643 scheme: 2644 description: Scheme to use for connecting 2645 to the host. Defaults to HTTP. 2646 type: string 2647 required: 2648 - port 2649 type: object 2650 initialDelaySeconds: 2651 description: 'Number of seconds after the container 2652 has started before liveness probes are initiated. 2653 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2654 format: int32 2655 type: integer 2656 periodSeconds: 2657 description: How often (in seconds) to perform 2658 the probe. Default to 10 seconds. Minimum 2659 value is 1. 2660 format: int32 2661 type: integer 2662 successThreshold: 2663 description: Minimum consecutive successes for 2664 the probe to be considered successful after 2665 having failed. Defaults to 1. Must be 1 for 2666 liveness and startup. Minimum value is 1. 2667 format: int32 2668 type: integer 2669 tcpSocket: 2670 description: TCPSocket specifies an action involving 2671 a TCP port. 2672 properties: 2673 host: 2674 description: 'Optional: Host name to connect 2675 to, defaults to the pod IP.' 2676 type: string 2677 port: 2678 anyOf: 2679 - type: integer 2680 - type: string 2681 description: Number or name of the port 2682 to access on the container. Number must 2683 be in the range 1 to 65535. Name must 2684 be an IANA_SVC_NAME. 2685 x-kubernetes-int-or-string: true 2686 required: 2687 - port 2688 type: object 2689 terminationGracePeriodSeconds: 2690 description: Optional duration in seconds the 2691 pod needs to terminate gracefully upon probe 2692 failure. The grace period is the duration 2693 in seconds after the processes running in 2694 the pod are sent a termination signal and 2695 the time when the processes are forcibly halted 2696 with a kill signal. Set this value longer 2697 than the expected cleanup time for your process. 2698 If this value is nil, the pod's terminationGracePeriodSeconds 2699 will be used. Otherwise, this value overrides 2700 the value provided by the pod spec. Value 2701 must be non-negative integer. The value zero 2702 indicates stop immediately via the kill signal 2703 (no opportunity to shut down). This is a beta 2704 field and requires enabling ProbeTerminationGracePeriod 2705 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2706 is used if unset. 2707 format: int64 2708 type: integer 2709 timeoutSeconds: 2710 description: 'Number of seconds after which 2711 the probe times out. Defaults to 1 second. 2712 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2713 format: int32 2714 type: integer 2715 type: object 2716 stdin: 2717 description: Whether this container should allocate 2718 a buffer for stdin in the container runtime. If 2719 this is not set, reads from stdin in the container 2720 will always result in EOF. Default is false. 2721 type: boolean 2722 stdinOnce: 2723 description: Whether the container runtime should 2724 close the stdin channel after it has been opened 2725 by a single attach. When stdin is true the stdin 2726 stream will remain open across multiple attach 2727 sessions. If stdinOnce is set to true, stdin is 2728 opened on container start, is empty until the 2729 first client attaches to stdin, and then remains 2730 open and accepts data until the client disconnects, 2731 at which time stdin is closed and remains closed 2732 until the container is restarted. If this flag 2733 is false, a container processes that reads from 2734 stdin will never receive an EOF. Default is false 2735 type: boolean 2736 terminationMessagePath: 2737 description: 'Optional: Path at which the file to 2738 which the container''s termination message will 2739 be written is mounted into the container''s filesystem. 2740 Message written is intended to be brief final 2741 status, such as an assertion failure message. 2742 Will be truncated by the node if greater than 2743 4096 bytes. The total message length across all 2744 containers will be limited to 12kb. Defaults to 2745 /dev/termination-log. Cannot be updated.' 2746 type: string 2747 terminationMessagePolicy: 2748 description: Indicate how the termination message 2749 should be populated. File will use the contents 2750 of terminationMessagePath to populate the container 2751 status message on both success and failure. FallbackToLogsOnError 2752 will use the last chunk of container log output 2753 if the termination message file is empty and the 2754 container exited with an error. The log output 2755 is limited to 2048 bytes or 80 lines, whichever 2756 is smaller. Defaults to File. Cannot be updated. 2757 type: string 2758 tty: 2759 description: Whether this container should allocate 2760 a TTY for itself, also requires 'stdin' to be 2761 true. Default is false. 2762 type: boolean 2763 volumeDevices: 2764 description: volumeDevices is the list of block 2765 devices to be used by the container. 2766 items: 2767 description: volumeDevice describes a mapping 2768 of a raw block device within a container. 2769 properties: 2770 devicePath: 2771 description: devicePath is the path inside 2772 of the container that the device will be 2773 mapped to. 2774 type: string 2775 name: 2776 description: name must match the name of a 2777 persistentVolumeClaim in the pod 2778 type: string 2779 required: 2780 - devicePath 2781 - name 2782 type: object 2783 type: array 2784 volumeMounts: 2785 description: Pod volumes to mount into the container's 2786 filesystem. Cannot be updated. 2787 items: 2788 description: VolumeMount describes a mounting 2789 of a Volume within a container. 2790 properties: 2791 mountPath: 2792 description: Path within the container at 2793 which the volume should be mounted. Must 2794 not contain ':'. 2795 type: string 2796 mountPropagation: 2797 description: mountPropagation determines how 2798 mounts are propagated from the host to container 2799 and the other way around. When not set, 2800 MountPropagationNone is used. This field 2801 is beta in 1.10. 2802 type: string 2803 name: 2804 description: This must match the Name of a 2805 Volume. 2806 type: string 2807 readOnly: 2808 description: Mounted read-only if true, read-write 2809 otherwise (false or unspecified). Defaults 2810 to false. 2811 type: boolean 2812 subPath: 2813 description: Path within the volume from which 2814 the container's volume should be mounted. 2815 Defaults to "" (volume's root). 2816 type: string 2817 subPathExpr: 2818 description: Expanded path within the volume 2819 from which the container's volume should 2820 be mounted. Behaves similarly to SubPath 2821 but environment variable references $(VAR_NAME) 2822 are expanded using the container's environment. 2823 Defaults to "" (volume's root). SubPathExpr 2824 and SubPath are mutually exclusive. 2825 type: string 2826 required: 2827 - mountPath 2828 - name 2829 type: object 2830 type: array 2831 workingDir: 2832 description: Container's working directory. If not 2833 specified, the container runtime's default will 2834 be used, which might be configured in the container 2835 image. Cannot be updated. 2836 type: string 2837 required: 2838 - name 2839 type: object 2840 type: array 2841 dnsConfig: 2842 description: Specifies the DNS parameters of a pod. Parameters 2843 specified here will be merged to the generated DNS configuration 2844 based on DNSPolicy. 2845 properties: 2846 nameservers: 2847 description: A list of DNS name server IP addresses. 2848 This will be appended to the base nameservers generated 2849 from DNSPolicy. Duplicated nameservers will be removed. 2850 items: 2851 type: string 2852 type: array 2853 options: 2854 description: A list of DNS resolver options. This 2855 will be merged with the base options generated from 2856 DNSPolicy. Duplicated entries will be removed. Resolution 2857 options given in Options will override those that 2858 appear in the base DNSPolicy. 2859 items: 2860 description: PodDNSConfigOption defines DNS resolver 2861 options of a pod. 2862 properties: 2863 name: 2864 description: Required. 2865 type: string 2866 value: 2867 type: string 2868 type: object 2869 type: array 2870 searches: 2871 description: A list of DNS search domains for host-name 2872 lookup. This will be appended to the base search 2873 paths generated from DNSPolicy. Duplicated search 2874 paths will be removed. 2875 items: 2876 type: string 2877 type: array 2878 type: object 2879 dnsPolicy: 2880 description: Set DNS policy for the pod. Defaults to "ClusterFirst". 2881 Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 2882 'Default' or 'None'. DNS parameters given in DNSConfig 2883 will be merged with the policy selected with DNSPolicy. 2884 To have DNS options set along with hostNetwork, you 2885 have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 2886 type: string 2887 enableServiceLinks: 2888 description: 'EnableServiceLinks indicates whether information 2889 about services should be injected into pod''s environment 2890 variables, matching the syntax of Docker links. Optional: 2891 Defaults to true.' 2892 type: boolean 2893 ephemeralContainers: 2894 description: List of ephemeral containers run in this 2895 pod. Ephemeral containers may be run in an existing 2896 pod to perform user-initiated actions such as debugging. 2897 This list cannot be specified when creating a pod, and 2898 it cannot be modified by updating the pod spec. In order 2899 to add an ephemeral container to an existing pod, use 2900 the pod's ephemeralcontainers subresource. This field 2901 is beta-level and available on clusters that haven't 2902 disabled the EphemeralContainers feature gate. 2903 items: 2904 description: "An EphemeralContainer is a temporary container 2905 that you may add to an existing Pod for user-initiated 2906 activities such as debugging. Ephemeral containers 2907 have no resource or scheduling guarantees, and they 2908 will not be restarted when they exit or when a Pod 2909 is removed or restarted. The kubelet may evict a Pod 2910 if an ephemeral container causes the Pod to exceed 2911 its resource allocation. \n To add an ephemeral container, 2912 use the ephemeralcontainers subresource of an existing 2913 Pod. Ephemeral containers may not be removed or restarted. 2914 \n This is a beta feature available on clusters that 2915 haven't disabled the EphemeralContainers feature gate." 2916 properties: 2917 args: 2918 description: 'Arguments to the entrypoint. The image''s 2919 CMD is used if this is not provided. Variable 2920 references $(VAR_NAME) are expanded using the 2921 container''s environment. If a variable cannot 2922 be resolved, the reference in the input string 2923 will be unchanged. Double $$ are reduced to a 2924 single $, which allows for escaping the $(VAR_NAME) 2925 syntax: i.e. "$$(VAR_NAME)" will produce the string 2926 literal "$(VAR_NAME)". Escaped references will 2927 never be expanded, regardless of whether the variable 2928 exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2929 items: 2930 type: string 2931 type: array 2932 command: 2933 description: 'Entrypoint array. Not executed within 2934 a shell. The image''s ENTRYPOINT is used if this 2935 is not provided. Variable references $(VAR_NAME) 2936 are expanded using the container''s environment. 2937 If a variable cannot be resolved, the reference 2938 in the input string will be unchanged. Double 2939 $$ are reduced to a single $, which allows for 2940 escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 2941 will produce the string literal "$(VAR_NAME)". 2942 Escaped references will never be expanded, regardless 2943 of whether the variable exists or not. Cannot 2944 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2945 items: 2946 type: string 2947 type: array 2948 env: 2949 description: List of environment variables to set 2950 in the container. Cannot be updated. 2951 items: 2952 description: EnvVar represents an environment 2953 variable present in a Container. 2954 properties: 2955 name: 2956 description: Name of the environment variable. 2957 Must be a C_IDENTIFIER. 2958 type: string 2959 value: 2960 description: 'Variable references $(VAR_NAME) 2961 are expanded using the previously defined 2962 environment variables in the container and 2963 any service environment variables. If a 2964 variable cannot be resolved, the reference 2965 in the input string will be unchanged. Double 2966 $$ are reduced to a single $, which allows 2967 for escaping the $(VAR_NAME) syntax: i.e. 2968 "$$(VAR_NAME)" will produce the string literal 2969 "$(VAR_NAME)". Escaped references will never 2970 be expanded, regardless of whether the variable 2971 exists or not. Defaults to "".' 2972 type: string 2973 valueFrom: 2974 description: Source for the environment variable's 2975 value. Cannot be used if value is not empty. 2976 properties: 2977 configMapKeyRef: 2978 description: Selects a key of a ConfigMap. 2979 properties: 2980 key: 2981 description: The key to select. 2982 type: string 2983 name: 2984 description: 'Name of the referent. 2985 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2986 TODO: Add other useful fields. apiVersion, 2987 kind, uid?' 2988 type: string 2989 optional: 2990 description: Specify whether the ConfigMap 2991 or its key must be defined 2992 type: boolean 2993 required: 2994 - key 2995 type: object 2996 fieldRef: 2997 description: 'Selects a field of the pod: 2998 supports metadata.name, metadata.namespace, 2999 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 3000 spec.nodeName, spec.serviceAccountName, 3001 status.hostIP, status.podIP, status.podIPs.' 3002 properties: 3003 apiVersion: 3004 description: Version of the schema 3005 the FieldPath is written in terms 3006 of, defaults to "v1". 3007 type: string 3008 fieldPath: 3009 description: Path of the field to 3010 select in the specified API version. 3011 type: string 3012 required: 3013 - fieldPath 3014 type: object 3015 resourceFieldRef: 3016 description: 'Selects a resource of the 3017 container: only resources limits and 3018 requests (limits.cpu, limits.memory, 3019 limits.ephemeral-storage, requests.cpu, 3020 requests.memory and requests.ephemeral-storage) 3021 are currently supported.' 3022 properties: 3023 containerName: 3024 description: 'Container name: required 3025 for volumes, optional for env vars' 3026 type: string 3027 divisor: 3028 anyOf: 3029 - type: integer 3030 - type: string 3031 description: Specifies the output 3032 format of the exposed resources, 3033 defaults to "1" 3034 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3035 x-kubernetes-int-or-string: true 3036 resource: 3037 description: 'Required: resource to 3038 select' 3039 type: string 3040 required: 3041 - resource 3042 type: object 3043 secretKeyRef: 3044 description: Selects a key of a secret 3045 in the pod's namespace 3046 properties: 3047 key: 3048 description: The key of the secret 3049 to select from. Must be a valid 3050 secret key. 3051 type: string 3052 name: 3053 description: 'Name of the referent. 3054 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3055 TODO: Add other useful fields. apiVersion, 3056 kind, uid?' 3057 type: string 3058 optional: 3059 description: Specify whether the Secret 3060 or its key must be defined 3061 type: boolean 3062 required: 3063 - key 3064 type: object 3065 type: object 3066 required: 3067 - name 3068 type: object 3069 type: array 3070 envFrom: 3071 description: List of sources to populate environment 3072 variables in the container. The keys defined within 3073 a source must be a C_IDENTIFIER. All invalid keys 3074 will be reported as an event when the container 3075 is starting. When a key exists in multiple sources, 3076 the value associated with the last source will 3077 take precedence. Values defined by an Env with 3078 a duplicate key will take precedence. Cannot be 3079 updated. 3080 items: 3081 description: EnvFromSource represents the source 3082 of a set of ConfigMaps 3083 properties: 3084 configMapRef: 3085 description: The ConfigMap to select from 3086 properties: 3087 name: 3088 description: 'Name of the referent. More 3089 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3090 TODO: Add other useful fields. apiVersion, 3091 kind, uid?' 3092 type: string 3093 optional: 3094 description: Specify whether the ConfigMap 3095 must be defined 3096 type: boolean 3097 type: object 3098 prefix: 3099 description: An optional identifier to prepend 3100 to each key in the ConfigMap. Must be a 3101 C_IDENTIFIER. 3102 type: string 3103 secretRef: 3104 description: The Secret to select from 3105 properties: 3106 name: 3107 description: 'Name of the referent. More 3108 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3109 TODO: Add other useful fields. apiVersion, 3110 kind, uid?' 3111 type: string 3112 optional: 3113 description: Specify whether the Secret 3114 must be defined 3115 type: boolean 3116 type: object 3117 type: object 3118 type: array 3119 image: 3120 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' 3121 type: string 3122 imagePullPolicy: 3123 description: 'Image pull policy. One of Always, 3124 Never, IfNotPresent. Defaults to Always if :latest 3125 tag is specified, or IfNotPresent otherwise. Cannot 3126 be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 3127 type: string 3128 lifecycle: 3129 description: Lifecycle is not allowed for ephemeral 3130 containers. 3131 properties: 3132 postStart: 3133 description: 'PostStart is called immediately 3134 after a container is created. If the handler 3135 fails, the container is terminated and restarted 3136 according to its restart policy. Other management 3137 of the container blocks until the hook completes. 3138 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3139 properties: 3140 exec: 3141 description: Exec specifies the action to 3142 take. 3143 properties: 3144 command: 3145 description: Command is the command 3146 line to execute inside the container, 3147 the working directory for the command is 3148 root ('/') in the container's filesystem. 3149 The command is simply exec'd, it is 3150 not run inside a shell, so traditional 3151 shell instructions ('|', etc) won't 3152 work. To use a shell, you need to 3153 explicitly call out to that shell. 3154 Exit status of 0 is treated as live/healthy 3155 and non-zero is unhealthy. 3156 items: 3157 type: string 3158 type: array 3159 type: object 3160 httpGet: 3161 description: HTTPGet specifies the http 3162 request to perform. 3163 properties: 3164 host: 3165 description: Host name to connect to, 3166 defaults to the pod IP. You probably 3167 want to set "Host" in httpHeaders 3168 instead. 3169 type: string 3170 httpHeaders: 3171 description: Custom headers to set in 3172 the request. HTTP allows repeated 3173 headers. 3174 items: 3175 description: HTTPHeader describes 3176 a custom header to be used in HTTP 3177 probes 3178 properties: 3179 name: 3180 description: The header field 3181 name 3182 type: string 3183 value: 3184 description: The header field 3185 value 3186 type: string 3187 required: 3188 - name 3189 - value 3190 type: object 3191 type: array 3192 path: 3193 description: Path to access on the HTTP 3194 server. 3195 type: string 3196 port: 3197 anyOf: 3198 - type: integer 3199 - type: string 3200 description: Name or number of the port 3201 to access on the container. Number 3202 must be in the range 1 to 65535. Name 3203 must be an IANA_SVC_NAME. 3204 x-kubernetes-int-or-string: true 3205 scheme: 3206 description: Scheme to use for connecting 3207 to the host. Defaults to HTTP. 3208 type: string 3209 required: 3210 - port 3211 type: object 3212 tcpSocket: 3213 description: Deprecated. TCPSocket is NOT 3214 supported as a LifecycleHandler and kept 3215 for the backward compatibility. There 3216 are no validation of this field and lifecycle 3217 hooks will fail in runtime when tcp handler 3218 is specified. 3219 properties: 3220 host: 3221 description: 'Optional: Host name to 3222 connect to, defaults to the pod IP.' 3223 type: string 3224 port: 3225 anyOf: 3226 - type: integer 3227 - type: string 3228 description: Number or name of the port 3229 to access on the container. Number 3230 must be in the range 1 to 65535. Name 3231 must be an IANA_SVC_NAME. 3232 x-kubernetes-int-or-string: true 3233 required: 3234 - port 3235 type: object 3236 type: object 3237 preStop: 3238 description: 'PreStop is called immediately 3239 before a container is terminated due to an 3240 API request or management event such as liveness/startup 3241 probe failure, preemption, resource contention, 3242 etc. The handler is not called if the container 3243 crashes or exits. The Pod''s termination grace 3244 period countdown begins before the PreStop 3245 hook is executed. Regardless of the outcome 3246 of the handler, the container will eventually 3247 terminate within the Pod''s termination grace 3248 period (unless delayed by finalizers). Other 3249 management of the container blocks until the 3250 hook completes or until the termination grace 3251 period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3252 properties: 3253 exec: 3254 description: Exec specifies the action to 3255 take. 3256 properties: 3257 command: 3258 description: Command is the command 3259 line to execute inside the container, 3260 the working directory for the command is 3261 root ('/') in the container's filesystem. 3262 The command is simply exec'd, it is 3263 not run inside a shell, so traditional 3264 shell instructions ('|', etc) won't 3265 work. To use a shell, you need to 3266 explicitly call out to that shell. 3267 Exit status of 0 is treated as live/healthy 3268 and non-zero is unhealthy. 3269 items: 3270 type: string 3271 type: array 3272 type: object 3273 httpGet: 3274 description: HTTPGet specifies the http 3275 request to perform. 3276 properties: 3277 host: 3278 description: Host name to connect to, 3279 defaults to the pod IP. You probably 3280 want to set "Host" in httpHeaders 3281 instead. 3282 type: string 3283 httpHeaders: 3284 description: Custom headers to set in 3285 the request. HTTP allows repeated 3286 headers. 3287 items: 3288 description: HTTPHeader describes 3289 a custom header to be used in HTTP 3290 probes 3291 properties: 3292 name: 3293 description: The header field 3294 name 3295 type: string 3296 value: 3297 description: The header field 3298 value 3299 type: string 3300 required: 3301 - name 3302 - value 3303 type: object 3304 type: array 3305 path: 3306 description: Path to access on the HTTP 3307 server. 3308 type: string 3309 port: 3310 anyOf: 3311 - type: integer 3312 - type: string 3313 description: Name or number of the port 3314 to access on the container. Number 3315 must be in the range 1 to 65535. Name 3316 must be an IANA_SVC_NAME. 3317 x-kubernetes-int-or-string: true 3318 scheme: 3319 description: Scheme to use for connecting 3320 to the host. Defaults to HTTP. 3321 type: string 3322 required: 3323 - port 3324 type: object 3325 tcpSocket: 3326 description: Deprecated. TCPSocket is NOT 3327 supported as a LifecycleHandler and kept 3328 for the backward compatibility. There 3329 are no validation of this field and lifecycle 3330 hooks will fail in runtime when tcp handler 3331 is specified. 3332 properties: 3333 host: 3334 description: 'Optional: Host name to 3335 connect to, defaults to the pod IP.' 3336 type: string 3337 port: 3338 anyOf: 3339 - type: integer 3340 - type: string 3341 description: Number or name of the port 3342 to access on the container. Number 3343 must be in the range 1 to 65535. Name 3344 must be an IANA_SVC_NAME. 3345 x-kubernetes-int-or-string: true 3346 required: 3347 - port 3348 type: object 3349 type: object 3350 type: object 3351 livenessProbe: 3352 description: Probes are not allowed for ephemeral 3353 containers. 3354 properties: 3355 exec: 3356 description: Exec specifies the action to take. 3357 properties: 3358 command: 3359 description: Command is the command line 3360 to execute inside the container, the working 3361 directory for the command is root ('/') 3362 in the container's filesystem. The command 3363 is simply exec'd, it is not run inside 3364 a shell, so traditional shell instructions 3365 ('|', etc) won't work. To use a shell, 3366 you need to explicitly call out to that 3367 shell. Exit status of 0 is treated as 3368 live/healthy and non-zero is unhealthy. 3369 items: 3370 type: string 3371 type: array 3372 type: object 3373 failureThreshold: 3374 description: Minimum consecutive failures for 3375 the probe to be considered failed after having 3376 succeeded. Defaults to 3. Minimum value is 3377 1. 3378 format: int32 3379 type: integer 3380 grpc: 3381 description: GRPC specifies an action involving 3382 a GRPC port. This is a beta field and requires 3383 enabling GRPCContainerProbe feature gate. 3384 properties: 3385 port: 3386 description: Port number of the gRPC service. 3387 Number must be in the range 1 to 65535. 3388 format: int32 3389 type: integer 3390 service: 3391 description: "Service is the name of the 3392 service to place in the gRPC HealthCheckRequest 3393 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3394 \n If this is not specified, the default 3395 behavior is defined by gRPC." 3396 type: string 3397 required: 3398 - port 3399 type: object 3400 httpGet: 3401 description: HTTPGet specifies the http request 3402 to perform. 3403 properties: 3404 host: 3405 description: Host name to connect to, defaults 3406 to the pod IP. You probably want to set 3407 "Host" in httpHeaders instead. 3408 type: string 3409 httpHeaders: 3410 description: Custom headers to set in the 3411 request. HTTP allows repeated headers. 3412 items: 3413 description: HTTPHeader describes a custom 3414 header to be used in HTTP probes 3415 properties: 3416 name: 3417 description: The header field name 3418 type: string 3419 value: 3420 description: The header field value 3421 type: string 3422 required: 3423 - name 3424 - value 3425 type: object 3426 type: array 3427 path: 3428 description: Path to access on the HTTP 3429 server. 3430 type: string 3431 port: 3432 anyOf: 3433 - type: integer 3434 - type: string 3435 description: Name or number of the port 3436 to access on the container. Number must 3437 be in the range 1 to 65535. Name must 3438 be an IANA_SVC_NAME. 3439 x-kubernetes-int-or-string: true 3440 scheme: 3441 description: Scheme to use for connecting 3442 to the host. Defaults to HTTP. 3443 type: string 3444 required: 3445 - port 3446 type: object 3447 initialDelaySeconds: 3448 description: 'Number of seconds after the container 3449 has started before liveness probes are initiated. 3450 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3451 format: int32 3452 type: integer 3453 periodSeconds: 3454 description: How often (in seconds) to perform 3455 the probe. Default to 10 seconds. Minimum 3456 value is 1. 3457 format: int32 3458 type: integer 3459 successThreshold: 3460 description: Minimum consecutive successes for 3461 the probe to be considered successful after 3462 having failed. Defaults to 1. Must be 1 for 3463 liveness and startup. Minimum value is 1. 3464 format: int32 3465 type: integer 3466 tcpSocket: 3467 description: TCPSocket specifies an action involving 3468 a TCP port. 3469 properties: 3470 host: 3471 description: 'Optional: Host name to connect 3472 to, defaults to the pod IP.' 3473 type: string 3474 port: 3475 anyOf: 3476 - type: integer 3477 - type: string 3478 description: Number or name of the port 3479 to access on the container. Number must 3480 be in the range 1 to 65535. Name must 3481 be an IANA_SVC_NAME. 3482 x-kubernetes-int-or-string: true 3483 required: 3484 - port 3485 type: object 3486 terminationGracePeriodSeconds: 3487 description: Optional duration in seconds the 3488 pod needs to terminate gracefully upon probe 3489 failure. The grace period is the duration 3490 in seconds after the processes running in 3491 the pod are sent a termination signal and 3492 the time when the processes are forcibly halted 3493 with a kill signal. Set this value longer 3494 than the expected cleanup time for your process. 3495 If this value is nil, the pod's terminationGracePeriodSeconds 3496 will be used. Otherwise, this value overrides 3497 the value provided by the pod spec. Value 3498 must be non-negative integer. The value zero 3499 indicates stop immediately via the kill signal 3500 (no opportunity to shut down). This is a beta 3501 field and requires enabling ProbeTerminationGracePeriod 3502 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3503 is used if unset. 3504 format: int64 3505 type: integer 3506 timeoutSeconds: 3507 description: 'Number of seconds after which 3508 the probe times out. Defaults to 1 second. 3509 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3510 format: int32 3511 type: integer 3512 type: object 3513 name: 3514 description: Name of the ephemeral container specified 3515 as a DNS_LABEL. This name must be unique among 3516 all containers, init containers and ephemeral 3517 containers. 3518 type: string 3519 ports: 3520 description: Ports are not allowed for ephemeral 3521 containers. 3522 items: 3523 description: ContainerPort represents a network 3524 port in a single container. 3525 properties: 3526 containerPort: 3527 description: Number of port to expose on the 3528 pod's IP address. This must be a valid port 3529 number, 0 < x < 65536. 3530 format: int32 3531 type: integer 3532 hostIP: 3533 description: What host IP to bind the external 3534 port to. 3535 type: string 3536 hostPort: 3537 description: Number of port to expose on the 3538 host. If specified, this must be a valid 3539 port number, 0 < x < 65536. If HostNetwork 3540 is specified, this must match ContainerPort. 3541 Most containers do not need this. 3542 format: int32 3543 type: integer 3544 name: 3545 description: If specified, this must be an 3546 IANA_SVC_NAME and unique within the pod. 3547 Each named port in a pod must have a unique 3548 name. Name for the port that can be referred 3549 to by services. 3550 type: string 3551 protocol: 3552 default: TCP 3553 description: Protocol for port. Must be UDP, 3554 TCP, or SCTP. Defaults to "TCP". 3555 type: string 3556 required: 3557 - containerPort 3558 type: object 3559 type: array 3560 x-kubernetes-list-map-keys: 3561 - containerPort 3562 - protocol 3563 x-kubernetes-list-type: map 3564 readinessProbe: 3565 description: Probes are not allowed for ephemeral 3566 containers. 3567 properties: 3568 exec: 3569 description: Exec specifies the action to take. 3570 properties: 3571 command: 3572 description: Command is the command line 3573 to execute inside the container, the working 3574 directory for the command is root ('/') 3575 in the container's filesystem. The command 3576 is simply exec'd, it is not run inside 3577 a shell, so traditional shell instructions 3578 ('|', etc) won't work. To use a shell, 3579 you need to explicitly call out to that 3580 shell. Exit status of 0 is treated as 3581 live/healthy and non-zero is unhealthy. 3582 items: 3583 type: string 3584 type: array 3585 type: object 3586 failureThreshold: 3587 description: Minimum consecutive failures for 3588 the probe to be considered failed after having 3589 succeeded. Defaults to 3. Minimum value is 3590 1. 3591 format: int32 3592 type: integer 3593 grpc: 3594 description: GRPC specifies an action involving 3595 a GRPC port. This is a beta field and requires 3596 enabling GRPCContainerProbe feature gate. 3597 properties: 3598 port: 3599 description: Port number of the gRPC service. 3600 Number must be in the range 1 to 65535. 3601 format: int32 3602 type: integer 3603 service: 3604 description: "Service is the name of the 3605 service to place in the gRPC HealthCheckRequest 3606 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3607 \n If this is not specified, the default 3608 behavior is defined by gRPC." 3609 type: string 3610 required: 3611 - port 3612 type: object 3613 httpGet: 3614 description: HTTPGet specifies the http request 3615 to perform. 3616 properties: 3617 host: 3618 description: Host name to connect to, defaults 3619 to the pod IP. You probably want to set 3620 "Host" in httpHeaders instead. 3621 type: string 3622 httpHeaders: 3623 description: Custom headers to set in the 3624 request. HTTP allows repeated headers. 3625 items: 3626 description: HTTPHeader describes a custom 3627 header to be used in HTTP probes 3628 properties: 3629 name: 3630 description: The header field name 3631 type: string 3632 value: 3633 description: The header field value 3634 type: string 3635 required: 3636 - name 3637 - value 3638 type: object 3639 type: array 3640 path: 3641 description: Path to access on the HTTP 3642 server. 3643 type: string 3644 port: 3645 anyOf: 3646 - type: integer 3647 - type: string 3648 description: Name or number of the port 3649 to access on the container. Number must 3650 be in the range 1 to 65535. Name must 3651 be an IANA_SVC_NAME. 3652 x-kubernetes-int-or-string: true 3653 scheme: 3654 description: Scheme to use for connecting 3655 to the host. Defaults to HTTP. 3656 type: string 3657 required: 3658 - port 3659 type: object 3660 initialDelaySeconds: 3661 description: 'Number of seconds after the container 3662 has started before liveness probes are initiated. 3663 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3664 format: int32 3665 type: integer 3666 periodSeconds: 3667 description: How often (in seconds) to perform 3668 the probe. Default to 10 seconds. Minimum 3669 value is 1. 3670 format: int32 3671 type: integer 3672 successThreshold: 3673 description: Minimum consecutive successes for 3674 the probe to be considered successful after 3675 having failed. Defaults to 1. Must be 1 for 3676 liveness and startup. Minimum value is 1. 3677 format: int32 3678 type: integer 3679 tcpSocket: 3680 description: TCPSocket specifies an action involving 3681 a TCP port. 3682 properties: 3683 host: 3684 description: 'Optional: Host name to connect 3685 to, defaults to the pod IP.' 3686 type: string 3687 port: 3688 anyOf: 3689 - type: integer 3690 - type: string 3691 description: Number or name of the port 3692 to access on the container. Number must 3693 be in the range 1 to 65535. Name must 3694 be an IANA_SVC_NAME. 3695 x-kubernetes-int-or-string: true 3696 required: 3697 - port 3698 type: object 3699 terminationGracePeriodSeconds: 3700 description: Optional duration in seconds the 3701 pod needs to terminate gracefully upon probe 3702 failure. The grace period is the duration 3703 in seconds after the processes running in 3704 the pod are sent a termination signal and 3705 the time when the processes are forcibly halted 3706 with a kill signal. Set this value longer 3707 than the expected cleanup time for your process. 3708 If this value is nil, the pod's terminationGracePeriodSeconds 3709 will be used. Otherwise, this value overrides 3710 the value provided by the pod spec. Value 3711 must be non-negative integer. The value zero 3712 indicates stop immediately via the kill signal 3713 (no opportunity to shut down). This is a beta 3714 field and requires enabling ProbeTerminationGracePeriod 3715 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 3716 is used if unset. 3717 format: int64 3718 type: integer 3719 timeoutSeconds: 3720 description: 'Number of seconds after which 3721 the probe times out. Defaults to 1 second. 3722 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3723 format: int32 3724 type: integer 3725 type: object 3726 resources: 3727 description: Resources are not allowed for ephemeral 3728 containers. Ephemeral containers use spare resources 3729 already allocated to the pod. 3730 properties: 3731 limits: 3732 additionalProperties: 3733 anyOf: 3734 - type: integer 3735 - type: string 3736 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3737 x-kubernetes-int-or-string: true 3738 description: 'Limits describes the maximum amount 3739 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3740 type: object 3741 requests: 3742 additionalProperties: 3743 anyOf: 3744 - type: integer 3745 - type: string 3746 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3747 x-kubernetes-int-or-string: true 3748 description: 'Requests describes the minimum 3749 amount of compute resources required. If Requests 3750 is omitted for a container, it defaults to 3751 Limits if that is explicitly specified, otherwise 3752 to an implementation-defined value. More info: 3753 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3754 type: object 3755 type: object 3756 securityContext: 3757 description: 'Optional: SecurityContext defines 3758 the security options the ephemeral container should 3759 be run with. If set, the fields of SecurityContext 3760 override the equivalent fields of PodSecurityContext.' 3761 properties: 3762 allowPrivilegeEscalation: 3763 description: 'AllowPrivilegeEscalation controls 3764 whether a process can gain more privileges 3765 than its parent process. This bool directly 3766 controls if the no_new_privs flag will be 3767 set on the container process. AllowPrivilegeEscalation 3768 is true always when the container is: 1) run 3769 as Privileged 2) has CAP_SYS_ADMIN Note that 3770 this field cannot be set when spec.os.name 3771 is windows.' 3772 type: boolean 3773 capabilities: 3774 description: The capabilities to add/drop when 3775 running containers. Defaults to the default 3776 set of capabilities granted by the container 3777 runtime. Note that this field cannot be set 3778 when spec.os.name is windows. 3779 properties: 3780 add: 3781 description: Added capabilities 3782 items: 3783 description: Capability represent POSIX 3784 capabilities type 3785 type: string 3786 type: array 3787 drop: 3788 description: Removed capabilities 3789 items: 3790 description: Capability represent POSIX 3791 capabilities type 3792 type: string 3793 type: array 3794 type: object 3795 privileged: 3796 description: Run container in privileged mode. 3797 Processes in privileged containers are essentially 3798 equivalent to root on the host. Defaults to 3799 false. Note that this field cannot be set 3800 when spec.os.name is windows. 3801 type: boolean 3802 procMount: 3803 description: procMount denotes the type of proc 3804 mount to use for the containers. The default 3805 is DefaultProcMount which uses the container 3806 runtime defaults for readonly paths and masked 3807 paths. This requires the ProcMountType feature 3808 flag to be enabled. Note that this field cannot 3809 be set when spec.os.name is windows. 3810 type: string 3811 readOnlyRootFilesystem: 3812 description: Whether this container has a read-only 3813 root filesystem. Default is false. Note that 3814 this field cannot be set when spec.os.name 3815 is windows. 3816 type: boolean 3817 runAsGroup: 3818 description: The GID to run the entrypoint of 3819 the container process. Uses runtime default 3820 if unset. May also be set in PodSecurityContext. If 3821 set in both SecurityContext and PodSecurityContext, 3822 the value specified in SecurityContext takes 3823 precedence. Note that this field cannot be 3824 set when spec.os.name is windows. 3825 format: int64 3826 type: integer 3827 runAsNonRoot: 3828 description: Indicates that the container must 3829 run as a non-root user. If true, the Kubelet 3830 will validate the image at runtime to ensure 3831 that it does not run as UID 0 (root) and fail 3832 to start the container if it does. If unset 3833 or false, no such validation will be performed. 3834 May also be set in PodSecurityContext. If 3835 set in both SecurityContext and PodSecurityContext, 3836 the value specified in SecurityContext takes 3837 precedence. 3838 type: boolean 3839 runAsUser: 3840 description: The UID to run the entrypoint of 3841 the container process. Defaults to user specified 3842 in image metadata if unspecified. May also 3843 be set in PodSecurityContext. If set in both 3844 SecurityContext and PodSecurityContext, the 3845 value specified in SecurityContext takes precedence. 3846 Note that this field cannot be set when spec.os.name 3847 is windows. 3848 format: int64 3849 type: integer 3850 seLinuxOptions: 3851 description: The SELinux context to be applied 3852 to the container. If unspecified, the container 3853 runtime will allocate a random SELinux context 3854 for each container. May also be set in PodSecurityContext. If 3855 set in both SecurityContext and PodSecurityContext, 3856 the value specified in SecurityContext takes 3857 precedence. Note that this field cannot be 3858 set when spec.os.name is windows. 3859 properties: 3860 level: 3861 description: Level is SELinux level label 3862 that applies to the container. 3863 type: string 3864 role: 3865 description: Role is a SELinux role label 3866 that applies to the container. 3867 type: string 3868 type: 3869 description: Type is a SELinux type label 3870 that applies to the container. 3871 type: string 3872 user: 3873 description: User is a SELinux user label 3874 that applies to the container. 3875 type: string 3876 type: object 3877 seccompProfile: 3878 description: The seccomp options to use by this 3879 container. If seccomp options are provided 3880 at both the pod & container level, the container 3881 options override the pod options. Note that 3882 this field cannot be set when spec.os.name 3883 is windows. 3884 properties: 3885 localhostProfile: 3886 description: localhostProfile indicates 3887 a profile defined in a file on the node 3888 should be used. The profile must be preconfigured 3889 on the node to work. Must be a descending 3890 path, relative to the kubelet's configured 3891 seccomp profile location. Must only be 3892 set if type is "Localhost". 3893 type: string 3894 type: 3895 description: "type indicates which kind 3896 of seccomp profile will be applied. Valid 3897 options are: \n Localhost - a profile 3898 defined in a file on the node should be 3899 used. RuntimeDefault - the container runtime 3900 default profile should be used. Unconfined 3901 - no profile should be applied." 3902 type: string 3903 required: 3904 - type 3905 type: object 3906 windowsOptions: 3907 description: The Windows specific settings applied 3908 to all containers. If unspecified, the options 3909 from the PodSecurityContext will be used. 3910 If set in both SecurityContext and PodSecurityContext, 3911 the value specified in SecurityContext takes 3912 precedence. Note that this field cannot be 3913 set when spec.os.name is linux. 3914 properties: 3915 gmsaCredentialSpec: 3916 description: GMSACredentialSpec is where 3917 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 3918 inlines the contents of the GMSA credential 3919 spec named by the GMSACredentialSpecName 3920 field. 3921 type: string 3922 gmsaCredentialSpecName: 3923 description: GMSACredentialSpecName is the 3924 name of the GMSA credential spec to use. 3925 type: string 3926 hostProcess: 3927 description: HostProcess determines if a 3928 container should be run as a 'Host Process' 3929 container. This field is alpha-level and 3930 will only be honored by components that 3931 enable the WindowsHostProcessContainers 3932 feature flag. Setting this field without 3933 the feature flag will result in errors 3934 when validating the Pod. All of a Pod's 3935 containers must have the same effective 3936 HostProcess value (it is not allowed to 3937 have a mix of HostProcess containers and 3938 non-HostProcess containers). In addition, 3939 if HostProcess is true then HostNetwork 3940 must also be set to true. 3941 type: boolean 3942 runAsUserName: 3943 description: The UserName in Windows to 3944 run the entrypoint of the container process. 3945 Defaults to the user specified in image 3946 metadata if unspecified. May also be set 3947 in PodSecurityContext. If set in both 3948 SecurityContext and PodSecurityContext, 3949 the value specified in SecurityContext 3950 takes precedence. 3951 type: string 3952 type: object 3953 type: object 3954 startupProbe: 3955 description: Probes are not allowed for ephemeral 3956 containers. 3957 properties: 3958 exec: 3959 description: Exec specifies the action to take. 3960 properties: 3961 command: 3962 description: Command is the command line 3963 to execute inside the container, the working 3964 directory for the command is root ('/') 3965 in the container's filesystem. The command 3966 is simply exec'd, it is not run inside 3967 a shell, so traditional shell instructions 3968 ('|', etc) won't work. To use a shell, 3969 you need to explicitly call out to that 3970 shell. Exit status of 0 is treated as 3971 live/healthy and non-zero is unhealthy. 3972 items: 3973 type: string 3974 type: array 3975 type: object 3976 failureThreshold: 3977 description: Minimum consecutive failures for 3978 the probe to be considered failed after having 3979 succeeded. Defaults to 3. Minimum value is 3980 1. 3981 format: int32 3982 type: integer 3983 grpc: 3984 description: GRPC specifies an action involving 3985 a GRPC port. This is a beta field and requires 3986 enabling GRPCContainerProbe feature gate. 3987 properties: 3988 port: 3989 description: Port number of the gRPC service. 3990 Number must be in the range 1 to 65535. 3991 format: int32 3992 type: integer 3993 service: 3994 description: "Service is the name of the 3995 service to place in the gRPC HealthCheckRequest 3996 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3997 \n If this is not specified, the default 3998 behavior is defined by gRPC." 3999 type: string 4000 required: 4001 - port 4002 type: object 4003 httpGet: 4004 description: HTTPGet specifies the http request 4005 to perform. 4006 properties: 4007 host: 4008 description: Host name to connect to, defaults 4009 to the pod IP. You probably want to set 4010 "Host" in httpHeaders instead. 4011 type: string 4012 httpHeaders: 4013 description: Custom headers to set in the 4014 request. HTTP allows repeated headers. 4015 items: 4016 description: HTTPHeader describes a custom 4017 header to be used in HTTP probes 4018 properties: 4019 name: 4020 description: The header field name 4021 type: string 4022 value: 4023 description: The header field value 4024 type: string 4025 required: 4026 - name 4027 - value 4028 type: object 4029 type: array 4030 path: 4031 description: Path to access on the HTTP 4032 server. 4033 type: string 4034 port: 4035 anyOf: 4036 - type: integer 4037 - type: string 4038 description: Name or number of the port 4039 to access on the container. Number must 4040 be in the range 1 to 65535. Name must 4041 be an IANA_SVC_NAME. 4042 x-kubernetes-int-or-string: true 4043 scheme: 4044 description: Scheme to use for connecting 4045 to the host. Defaults to HTTP. 4046 type: string 4047 required: 4048 - port 4049 type: object 4050 initialDelaySeconds: 4051 description: 'Number of seconds after the container 4052 has started before liveness probes are initiated. 4053 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4054 format: int32 4055 type: integer 4056 periodSeconds: 4057 description: How often (in seconds) to perform 4058 the probe. Default to 10 seconds. Minimum 4059 value is 1. 4060 format: int32 4061 type: integer 4062 successThreshold: 4063 description: Minimum consecutive successes for 4064 the probe to be considered successful after 4065 having failed. Defaults to 1. Must be 1 for 4066 liveness and startup. Minimum value is 1. 4067 format: int32 4068 type: integer 4069 tcpSocket: 4070 description: TCPSocket specifies an action involving 4071 a TCP port. 4072 properties: 4073 host: 4074 description: 'Optional: Host name to connect 4075 to, defaults to the pod IP.' 4076 type: string 4077 port: 4078 anyOf: 4079 - type: integer 4080 - type: string 4081 description: Number or name of the port 4082 to access on the container. Number must 4083 be in the range 1 to 65535. Name must 4084 be an IANA_SVC_NAME. 4085 x-kubernetes-int-or-string: true 4086 required: 4087 - port 4088 type: object 4089 terminationGracePeriodSeconds: 4090 description: Optional duration in seconds the 4091 pod needs to terminate gracefully upon probe 4092 failure. The grace period is the duration 4093 in seconds after the processes running in 4094 the pod are sent a termination signal and 4095 the time when the processes are forcibly halted 4096 with a kill signal. Set this value longer 4097 than the expected cleanup time for your process. 4098 If this value is nil, the pod's terminationGracePeriodSeconds 4099 will be used. Otherwise, this value overrides 4100 the value provided by the pod spec. Value 4101 must be non-negative integer. The value zero 4102 indicates stop immediately via the kill signal 4103 (no opportunity to shut down). This is a beta 4104 field and requires enabling ProbeTerminationGracePeriod 4105 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 4106 is used if unset. 4107 format: int64 4108 type: integer 4109 timeoutSeconds: 4110 description: 'Number of seconds after which 4111 the probe times out. Defaults to 1 second. 4112 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4113 format: int32 4114 type: integer 4115 type: object 4116 stdin: 4117 description: Whether this container should allocate 4118 a buffer for stdin in the container runtime. If 4119 this is not set, reads from stdin in the container 4120 will always result in EOF. Default is false. 4121 type: boolean 4122 stdinOnce: 4123 description: Whether the container runtime should 4124 close the stdin channel after it has been opened 4125 by a single attach. When stdin is true the stdin 4126 stream will remain open across multiple attach 4127 sessions. If stdinOnce is set to true, stdin is 4128 opened on container start, is empty until the 4129 first client attaches to stdin, and then remains 4130 open and accepts data until the client disconnects, 4131 at which time stdin is closed and remains closed 4132 until the container is restarted. If this flag 4133 is false, a container processes that reads from 4134 stdin will never receive an EOF. Default is false 4135 type: boolean 4136 targetContainerName: 4137 description: "If set, the name of the container 4138 from PodSpec that this ephemeral container targets. 4139 The ephemeral container will be run in the namespaces 4140 (IPC, PID, etc) of this container. If not set 4141 then the ephemeral container uses the namespaces 4142 configured in the Pod spec. \n The container runtime 4143 must implement support for this feature. If the 4144 runtime does not support namespace targeting then 4145 the result of setting this field is undefined." 4146 type: string 4147 terminationMessagePath: 4148 description: 'Optional: Path at which the file to 4149 which the container''s termination message will 4150 be written is mounted into the container''s filesystem. 4151 Message written is intended to be brief final 4152 status, such as an assertion failure message. 4153 Will be truncated by the node if greater than 4154 4096 bytes. The total message length across all 4155 containers will be limited to 12kb. Defaults to 4156 /dev/termination-log. Cannot be updated.' 4157 type: string 4158 terminationMessagePolicy: 4159 description: Indicate how the termination message 4160 should be populated. File will use the contents 4161 of terminationMessagePath to populate the container 4162 status message on both success and failure. FallbackToLogsOnError 4163 will use the last chunk of container log output 4164 if the termination message file is empty and the 4165 container exited with an error. The log output 4166 is limited to 2048 bytes or 80 lines, whichever 4167 is smaller. Defaults to File. Cannot be updated. 4168 type: string 4169 tty: 4170 description: Whether this container should allocate 4171 a TTY for itself, also requires 'stdin' to be 4172 true. Default is false. 4173 type: boolean 4174 volumeDevices: 4175 description: volumeDevices is the list of block 4176 devices to be used by the container. 4177 items: 4178 description: volumeDevice describes a mapping 4179 of a raw block device within a container. 4180 properties: 4181 devicePath: 4182 description: devicePath is the path inside 4183 of the container that the device will be 4184 mapped to. 4185 type: string 4186 name: 4187 description: name must match the name of a 4188 persistentVolumeClaim in the pod 4189 type: string 4190 required: 4191 - devicePath 4192 - name 4193 type: object 4194 type: array 4195 volumeMounts: 4196 description: Pod volumes to mount into the container's 4197 filesystem. Subpath mounts are not allowed for 4198 ephemeral containers. Cannot be updated. 4199 items: 4200 description: VolumeMount describes a mounting 4201 of a Volume within a container. 4202 properties: 4203 mountPath: 4204 description: Path within the container at 4205 which the volume should be mounted. Must 4206 not contain ':'. 4207 type: string 4208 mountPropagation: 4209 description: mountPropagation determines how 4210 mounts are propagated from the host to container 4211 and the other way around. When not set, 4212 MountPropagationNone is used. This field 4213 is beta in 1.10. 4214 type: string 4215 name: 4216 description: This must match the Name of a 4217 Volume. 4218 type: string 4219 readOnly: 4220 description: Mounted read-only if true, read-write 4221 otherwise (false or unspecified). Defaults 4222 to false. 4223 type: boolean 4224 subPath: 4225 description: Path within the volume from which 4226 the container's volume should be mounted. 4227 Defaults to "" (volume's root). 4228 type: string 4229 subPathExpr: 4230 description: Expanded path within the volume 4231 from which the container's volume should 4232 be mounted. Behaves similarly to SubPath 4233 but environment variable references $(VAR_NAME) 4234 are expanded using the container's environment. 4235 Defaults to "" (volume's root). SubPathExpr 4236 and SubPath are mutually exclusive. 4237 type: string 4238 required: 4239 - mountPath 4240 - name 4241 type: object 4242 type: array 4243 workingDir: 4244 description: Container's working directory. If not 4245 specified, the container runtime's default will 4246 be used, which might be configured in the container 4247 image. Cannot be updated. 4248 type: string 4249 required: 4250 - name 4251 type: object 4252 type: array 4253 hostAliases: 4254 description: HostAliases is an optional list of hosts 4255 and IPs that will be injected into the pod's hosts file 4256 if specified. This is only valid for non-hostNetwork 4257 pods. 4258 items: 4259 description: HostAlias holds the mapping between IP 4260 and hostnames that will be injected as an entry in 4261 the pod's hosts file. 4262 properties: 4263 hostnames: 4264 description: Hostnames for the above IP address. 4265 items: 4266 type: string 4267 type: array 4268 ip: 4269 description: IP address of the host file entry. 4270 type: string 4271 type: object 4272 type: array 4273 hostIPC: 4274 description: 'Use the host''s ipc namespace. Optional: 4275 Default to false.' 4276 type: boolean 4277 hostNetwork: 4278 description: Host networking requested for this pod. Use 4279 the host's network namespace. If this option is set, 4280 the ports that will be used must be specified. Default 4281 to false. 4282 type: boolean 4283 hostPID: 4284 description: 'Use the host''s pid namespace. Optional: 4285 Default to false.' 4286 type: boolean 4287 hostname: 4288 description: Specifies the hostname of the Pod If not 4289 specified, the pod's hostname will be set to a system-defined 4290 value. 4291 type: string 4292 imagePullSecrets: 4293 description: 'ImagePullSecrets is an optional list of 4294 references to secrets in the same namespace to use for 4295 pulling any of the images used by this PodSpec. If specified, 4296 these secrets will be passed to individual puller implementations 4297 for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 4298 items: 4299 description: LocalObjectReference contains enough information 4300 to let you locate the referenced object inside the 4301 same namespace. 4302 properties: 4303 name: 4304 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4305 TODO: Add other useful fields. apiVersion, kind, 4306 uid?' 4307 type: string 4308 type: object 4309 type: array 4310 initContainers: 4311 description: 'List of initialization containers belonging 4312 to the pod. Init containers are executed in order prior 4313 to containers being started. If any init container fails, 4314 the pod is considered to have failed and is handled 4315 according to its restartPolicy. The name for an init 4316 container or normal container must be unique among all 4317 containers. Init containers may not have Lifecycle actions, 4318 Readiness probes, Liveness probes, or Startup probes. 4319 The resourceRequirements of an init container are taken 4320 into account during scheduling by finding the highest 4321 request/limit for each resource type, and then using 4322 the max of of that value or the sum of the normal containers. 4323 Limits are applied to init containers in a similar fashion. 4324 Init containers cannot currently be added or removed. 4325 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' 4326 items: 4327 description: A single application container that you 4328 want to run within a pod. 4329 properties: 4330 args: 4331 description: 'Arguments to the entrypoint. The container 4332 image''s CMD is used if this is not provided. 4333 Variable references $(VAR_NAME) are expanded using 4334 the container''s environment. If a variable cannot 4335 be resolved, the reference in the input string 4336 will be unchanged. Double $$ are reduced to a 4337 single $, which allows for escaping the $(VAR_NAME) 4338 syntax: i.e. "$$(VAR_NAME)" will produce the string 4339 literal "$(VAR_NAME)". Escaped references will 4340 never be expanded, regardless of whether the variable 4341 exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4342 items: 4343 type: string 4344 type: array 4345 command: 4346 description: 'Entrypoint array. Not executed within 4347 a shell. The container image''s ENTRYPOINT is 4348 used if this is not provided. Variable references 4349 $(VAR_NAME) are expanded using the container''s 4350 environment. If a variable cannot be resolved, 4351 the reference in the input string will be unchanged. 4352 Double $$ are reduced to a single $, which allows 4353 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 4354 will produce the string literal "$(VAR_NAME)". 4355 Escaped references will never be expanded, regardless 4356 of whether the variable exists or not. Cannot 4357 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4358 items: 4359 type: string 4360 type: array 4361 env: 4362 description: List of environment variables to set 4363 in the container. Cannot be updated. 4364 items: 4365 description: EnvVar represents an environment 4366 variable present in a Container. 4367 properties: 4368 name: 4369 description: Name of the environment variable. 4370 Must be a C_IDENTIFIER. 4371 type: string 4372 value: 4373 description: 'Variable references $(VAR_NAME) 4374 are expanded using the previously defined 4375 environment variables in the container and 4376 any service environment variables. If a 4377 variable cannot be resolved, the reference 4378 in the input string will be unchanged. Double 4379 $$ are reduced to a single $, which allows 4380 for escaping the $(VAR_NAME) syntax: i.e. 4381 "$$(VAR_NAME)" will produce the string literal 4382 "$(VAR_NAME)". Escaped references will never 4383 be expanded, regardless of whether the variable 4384 exists or not. Defaults to "".' 4385 type: string 4386 valueFrom: 4387 description: Source for the environment variable's 4388 value. Cannot be used if value is not empty. 4389 properties: 4390 configMapKeyRef: 4391 description: Selects a key of a ConfigMap. 4392 properties: 4393 key: 4394 description: The key to select. 4395 type: string 4396 name: 4397 description: 'Name of the referent. 4398 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4399 TODO: Add other useful fields. apiVersion, 4400 kind, uid?' 4401 type: string 4402 optional: 4403 description: Specify whether the ConfigMap 4404 or its key must be defined 4405 type: boolean 4406 required: 4407 - key 4408 type: object 4409 fieldRef: 4410 description: 'Selects a field of the pod: 4411 supports metadata.name, metadata.namespace, 4412 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 4413 spec.nodeName, spec.serviceAccountName, 4414 status.hostIP, status.podIP, status.podIPs.' 4415 properties: 4416 apiVersion: 4417 description: Version of the schema 4418 the FieldPath is written in terms 4419 of, defaults to "v1". 4420 type: string 4421 fieldPath: 4422 description: Path of the field to 4423 select in the specified API version. 4424 type: string 4425 required: 4426 - fieldPath 4427 type: object 4428 resourceFieldRef: 4429 description: 'Selects a resource of the 4430 container: only resources limits and 4431 requests (limits.cpu, limits.memory, 4432 limits.ephemeral-storage, requests.cpu, 4433 requests.memory and requests.ephemeral-storage) 4434 are currently supported.' 4435 properties: 4436 containerName: 4437 description: 'Container name: required 4438 for volumes, optional for env vars' 4439 type: string 4440 divisor: 4441 anyOf: 4442 - type: integer 4443 - type: string 4444 description: Specifies the output 4445 format of the exposed resources, 4446 defaults to "1" 4447 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4448 x-kubernetes-int-or-string: true 4449 resource: 4450 description: 'Required: resource to 4451 select' 4452 type: string 4453 required: 4454 - resource 4455 type: object 4456 secretKeyRef: 4457 description: Selects a key of a secret 4458 in the pod's namespace 4459 properties: 4460 key: 4461 description: The key of the secret 4462 to select from. Must be a valid 4463 secret key. 4464 type: string 4465 name: 4466 description: 'Name of the referent. 4467 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4468 TODO: Add other useful fields. apiVersion, 4469 kind, uid?' 4470 type: string 4471 optional: 4472 description: Specify whether the Secret 4473 or its key must be defined 4474 type: boolean 4475 required: 4476 - key 4477 type: object 4478 type: object 4479 required: 4480 - name 4481 type: object 4482 type: array 4483 envFrom: 4484 description: List of sources to populate environment 4485 variables in the container. The keys defined within 4486 a source must be a C_IDENTIFIER. All invalid keys 4487 will be reported as an event when the container 4488 is starting. When a key exists in multiple sources, 4489 the value associated with the last source will 4490 take precedence. Values defined by an Env with 4491 a duplicate key will take precedence. Cannot be 4492 updated. 4493 items: 4494 description: EnvFromSource represents the source 4495 of a set of ConfigMaps 4496 properties: 4497 configMapRef: 4498 description: The ConfigMap to select from 4499 properties: 4500 name: 4501 description: 'Name of the referent. More 4502 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4503 TODO: Add other useful fields. apiVersion, 4504 kind, uid?' 4505 type: string 4506 optional: 4507 description: Specify whether the ConfigMap 4508 must be defined 4509 type: boolean 4510 type: object 4511 prefix: 4512 description: An optional identifier to prepend 4513 to each key in the ConfigMap. Must be a 4514 C_IDENTIFIER. 4515 type: string 4516 secretRef: 4517 description: The Secret to select from 4518 properties: 4519 name: 4520 description: 'Name of the referent. More 4521 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4522 TODO: Add other useful fields. apiVersion, 4523 kind, uid?' 4524 type: string 4525 optional: 4526 description: Specify whether the Secret 4527 must be defined 4528 type: boolean 4529 type: object 4530 type: object 4531 type: array 4532 image: 4533 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 4534 This field is optional to allow higher level config 4535 management to default or override container images 4536 in workload controllers like Deployments and StatefulSets.' 4537 type: string 4538 imagePullPolicy: 4539 description: 'Image pull policy. One of Always, 4540 Never, IfNotPresent. Defaults to Always if :latest 4541 tag is specified, or IfNotPresent otherwise. Cannot 4542 be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 4543 type: string 4544 lifecycle: 4545 description: Actions that the management system 4546 should take in response to container lifecycle 4547 events. Cannot be updated. 4548 properties: 4549 postStart: 4550 description: 'PostStart is called immediately 4551 after a container is created. If the handler 4552 fails, the container is terminated and restarted 4553 according to its restart policy. Other management 4554 of the container blocks until the hook completes. 4555 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4556 properties: 4557 exec: 4558 description: Exec specifies the action to 4559 take. 4560 properties: 4561 command: 4562 description: Command is the command 4563 line to execute inside the container, 4564 the working directory for the command is 4565 root ('/') in the container's filesystem. 4566 The command is simply exec'd, it is 4567 not run inside a shell, so traditional 4568 shell instructions ('|', etc) won't 4569 work. To use a shell, you need to 4570 explicitly call out to that shell. 4571 Exit status of 0 is treated as live/healthy 4572 and non-zero is unhealthy. 4573 items: 4574 type: string 4575 type: array 4576 type: object 4577 httpGet: 4578 description: HTTPGet specifies the http 4579 request to perform. 4580 properties: 4581 host: 4582 description: Host name to connect to, 4583 defaults to the pod IP. You probably 4584 want to set "Host" in httpHeaders 4585 instead. 4586 type: string 4587 httpHeaders: 4588 description: Custom headers to set in 4589 the request. HTTP allows repeated 4590 headers. 4591 items: 4592 description: HTTPHeader describes 4593 a custom header to be used in HTTP 4594 probes 4595 properties: 4596 name: 4597 description: The header field 4598 name 4599 type: string 4600 value: 4601 description: The header field 4602 value 4603 type: string 4604 required: 4605 - name 4606 - value 4607 type: object 4608 type: array 4609 path: 4610 description: Path to access on the HTTP 4611 server. 4612 type: string 4613 port: 4614 anyOf: 4615 - type: integer 4616 - type: string 4617 description: Name or number of the port 4618 to access on the container. Number 4619 must be in the range 1 to 65535. Name 4620 must be an IANA_SVC_NAME. 4621 x-kubernetes-int-or-string: true 4622 scheme: 4623 description: Scheme to use for connecting 4624 to the host. Defaults to HTTP. 4625 type: string 4626 required: 4627 - port 4628 type: object 4629 tcpSocket: 4630 description: Deprecated. TCPSocket is NOT 4631 supported as a LifecycleHandler and kept 4632 for the backward compatibility. There 4633 are no validation of this field and lifecycle 4634 hooks will fail in runtime when tcp handler 4635 is specified. 4636 properties: 4637 host: 4638 description: 'Optional: Host name to 4639 connect to, defaults to the pod IP.' 4640 type: string 4641 port: 4642 anyOf: 4643 - type: integer 4644 - type: string 4645 description: Number or name of the port 4646 to access on the container. Number 4647 must be in the range 1 to 65535. Name 4648 must be an IANA_SVC_NAME. 4649 x-kubernetes-int-or-string: true 4650 required: 4651 - port 4652 type: object 4653 type: object 4654 preStop: 4655 description: 'PreStop is called immediately 4656 before a container is terminated due to an 4657 API request or management event such as liveness/startup 4658 probe failure, preemption, resource contention, 4659 etc. The handler is not called if the container 4660 crashes or exits. The Pod''s termination grace 4661 period countdown begins before the PreStop 4662 hook is executed. Regardless of the outcome 4663 of the handler, the container will eventually 4664 terminate within the Pod''s termination grace 4665 period (unless delayed by finalizers). Other 4666 management of the container blocks until the 4667 hook completes or until the termination grace 4668 period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4669 properties: 4670 exec: 4671 description: Exec specifies the action to 4672 take. 4673 properties: 4674 command: 4675 description: Command is the command 4676 line to execute inside the container, 4677 the working directory for the command is 4678 root ('/') in the container's filesystem. 4679 The command is simply exec'd, it is 4680 not run inside a shell, so traditional 4681 shell instructions ('|', etc) won't 4682 work. To use a shell, you need to 4683 explicitly call out to that shell. 4684 Exit status of 0 is treated as live/healthy 4685 and non-zero is unhealthy. 4686 items: 4687 type: string 4688 type: array 4689 type: object 4690 httpGet: 4691 description: HTTPGet specifies the http 4692 request to perform. 4693 properties: 4694 host: 4695 description: Host name to connect to, 4696 defaults to the pod IP. You probably 4697 want to set "Host" in httpHeaders 4698 instead. 4699 type: string 4700 httpHeaders: 4701 description: Custom headers to set in 4702 the request. HTTP allows repeated 4703 headers. 4704 items: 4705 description: HTTPHeader describes 4706 a custom header to be used in HTTP 4707 probes 4708 properties: 4709 name: 4710 description: The header field 4711 name 4712 type: string 4713 value: 4714 description: The header field 4715 value 4716 type: string 4717 required: 4718 - name 4719 - value 4720 type: object 4721 type: array 4722 path: 4723 description: Path to access on the HTTP 4724 server. 4725 type: string 4726 port: 4727 anyOf: 4728 - type: integer 4729 - type: string 4730 description: Name or number of the port 4731 to access on the container. Number 4732 must be in the range 1 to 65535. Name 4733 must be an IANA_SVC_NAME. 4734 x-kubernetes-int-or-string: true 4735 scheme: 4736 description: Scheme to use for connecting 4737 to the host. Defaults to HTTP. 4738 type: string 4739 required: 4740 - port 4741 type: object 4742 tcpSocket: 4743 description: Deprecated. TCPSocket is NOT 4744 supported as a LifecycleHandler and kept 4745 for the backward compatibility. There 4746 are no validation of this field and lifecycle 4747 hooks will fail in runtime when tcp handler 4748 is specified. 4749 properties: 4750 host: 4751 description: 'Optional: Host name to 4752 connect to, defaults to the pod IP.' 4753 type: string 4754 port: 4755 anyOf: 4756 - type: integer 4757 - type: string 4758 description: Number or name of the port 4759 to access on the container. Number 4760 must be in the range 1 to 65535. Name 4761 must be an IANA_SVC_NAME. 4762 x-kubernetes-int-or-string: true 4763 required: 4764 - port 4765 type: object 4766 type: object 4767 type: object 4768 livenessProbe: 4769 description: 'Periodic probe of container liveness. 4770 Container will be restarted if the probe fails. 4771 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4772 properties: 4773 exec: 4774 description: Exec specifies the action to take. 4775 properties: 4776 command: 4777 description: Command is the command line 4778 to execute inside the container, the working 4779 directory for the command is root ('/') 4780 in the container's filesystem. The command 4781 is simply exec'd, it is not run inside 4782 a shell, so traditional shell instructions 4783 ('|', etc) won't work. To use a shell, 4784 you need to explicitly call out to that 4785 shell. Exit status of 0 is treated as 4786 live/healthy and non-zero is unhealthy. 4787 items: 4788 type: string 4789 type: array 4790 type: object 4791 failureThreshold: 4792 description: Minimum consecutive failures for 4793 the probe to be considered failed after having 4794 succeeded. Defaults to 3. Minimum value is 4795 1. 4796 format: int32 4797 type: integer 4798 grpc: 4799 description: GRPC specifies an action involving 4800 a GRPC port. This is a beta field and requires 4801 enabling GRPCContainerProbe feature gate. 4802 properties: 4803 port: 4804 description: Port number of the gRPC service. 4805 Number must be in the range 1 to 65535. 4806 format: int32 4807 type: integer 4808 service: 4809 description: "Service is the name of the 4810 service to place in the gRPC HealthCheckRequest 4811 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4812 \n If this is not specified, the default 4813 behavior is defined by gRPC." 4814 type: string 4815 required: 4816 - port 4817 type: object 4818 httpGet: 4819 description: HTTPGet specifies the http request 4820 to perform. 4821 properties: 4822 host: 4823 description: Host name to connect to, defaults 4824 to the pod IP. You probably want to set 4825 "Host" in httpHeaders instead. 4826 type: string 4827 httpHeaders: 4828 description: Custom headers to set in the 4829 request. HTTP allows repeated headers. 4830 items: 4831 description: HTTPHeader describes a custom 4832 header to be used in HTTP probes 4833 properties: 4834 name: 4835 description: The header field name 4836 type: string 4837 value: 4838 description: The header field value 4839 type: string 4840 required: 4841 - name 4842 - value 4843 type: object 4844 type: array 4845 path: 4846 description: Path to access on the HTTP 4847 server. 4848 type: string 4849 port: 4850 anyOf: 4851 - type: integer 4852 - type: string 4853 description: Name or number of the port 4854 to access on the container. Number must 4855 be in the range 1 to 65535. Name must 4856 be an IANA_SVC_NAME. 4857 x-kubernetes-int-or-string: true 4858 scheme: 4859 description: Scheme to use for connecting 4860 to the host. Defaults to HTTP. 4861 type: string 4862 required: 4863 - port 4864 type: object 4865 initialDelaySeconds: 4866 description: 'Number of seconds after the container 4867 has started before liveness probes are initiated. 4868 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4869 format: int32 4870 type: integer 4871 periodSeconds: 4872 description: How often (in seconds) to perform 4873 the probe. Default to 10 seconds. Minimum 4874 value is 1. 4875 format: int32 4876 type: integer 4877 successThreshold: 4878 description: Minimum consecutive successes for 4879 the probe to be considered successful after 4880 having failed. Defaults to 1. Must be 1 for 4881 liveness and startup. Minimum value is 1. 4882 format: int32 4883 type: integer 4884 tcpSocket: 4885 description: TCPSocket specifies an action involving 4886 a TCP port. 4887 properties: 4888 host: 4889 description: 'Optional: Host name to connect 4890 to, defaults to the pod IP.' 4891 type: string 4892 port: 4893 anyOf: 4894 - type: integer 4895 - type: string 4896 description: Number or name of the port 4897 to access on the container. Number must 4898 be in the range 1 to 65535. Name must 4899 be an IANA_SVC_NAME. 4900 x-kubernetes-int-or-string: true 4901 required: 4902 - port 4903 type: object 4904 terminationGracePeriodSeconds: 4905 description: Optional duration in seconds the 4906 pod needs to terminate gracefully upon probe 4907 failure. The grace period is the duration 4908 in seconds after the processes running in 4909 the pod are sent a termination signal and 4910 the time when the processes are forcibly halted 4911 with a kill signal. Set this value longer 4912 than the expected cleanup time for your process. 4913 If this value is nil, the pod's terminationGracePeriodSeconds 4914 will be used. Otherwise, this value overrides 4915 the value provided by the pod spec. Value 4916 must be non-negative integer. The value zero 4917 indicates stop immediately via the kill signal 4918 (no opportunity to shut down). This is a beta 4919 field and requires enabling ProbeTerminationGracePeriod 4920 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 4921 is used if unset. 4922 format: int64 4923 type: integer 4924 timeoutSeconds: 4925 description: 'Number of seconds after which 4926 the probe times out. Defaults to 1 second. 4927 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4928 format: int32 4929 type: integer 4930 type: object 4931 name: 4932 description: Name of the container specified as 4933 a DNS_LABEL. Each container in a pod must have 4934 a unique name (DNS_LABEL). Cannot be updated. 4935 type: string 4936 ports: 4937 description: List of ports to expose from the container. 4938 Exposing a port here gives the system additional 4939 information about the network connections a container 4940 uses, but is primarily informational. Not specifying 4941 a port here DOES NOT prevent that port from being 4942 exposed. Any port which is listening on the default 4943 "0.0.0.0" address inside a container will be accessible 4944 from the network. Cannot be updated. 4945 items: 4946 description: ContainerPort represents a network 4947 port in a single container. 4948 properties: 4949 containerPort: 4950 description: Number of port to expose on the 4951 pod's IP address. This must be a valid port 4952 number, 0 < x < 65536. 4953 format: int32 4954 type: integer 4955 hostIP: 4956 description: What host IP to bind the external 4957 port to. 4958 type: string 4959 hostPort: 4960 description: Number of port to expose on the 4961 host. If specified, this must be a valid 4962 port number, 0 < x < 65536. If HostNetwork 4963 is specified, this must match ContainerPort. 4964 Most containers do not need this. 4965 format: int32 4966 type: integer 4967 name: 4968 description: If specified, this must be an 4969 IANA_SVC_NAME and unique within the pod. 4970 Each named port in a pod must have a unique 4971 name. Name for the port that can be referred 4972 to by services. 4973 type: string 4974 protocol: 4975 default: TCP 4976 description: Protocol for port. Must be UDP, 4977 TCP, or SCTP. Defaults to "TCP". 4978 type: string 4979 required: 4980 - containerPort 4981 type: object 4982 type: array 4983 x-kubernetes-list-map-keys: 4984 - containerPort 4985 - protocol 4986 x-kubernetes-list-type: map 4987 readinessProbe: 4988 description: 'Periodic probe of container service 4989 readiness. Container will be removed from service 4990 endpoints if the probe fails. Cannot be updated. 4991 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4992 properties: 4993 exec: 4994 description: Exec specifies the action to take. 4995 properties: 4996 command: 4997 description: Command is the command line 4998 to execute inside the container, the working 4999 directory for the command is root ('/') 5000 in the container's filesystem. The command 5001 is simply exec'd, it is not run inside 5002 a shell, so traditional shell instructions 5003 ('|', etc) won't work. To use a shell, 5004 you need to explicitly call out to that 5005 shell. Exit status of 0 is treated as 5006 live/healthy and non-zero is unhealthy. 5007 items: 5008 type: string 5009 type: array 5010 type: object 5011 failureThreshold: 5012 description: Minimum consecutive failures for 5013 the probe to be considered failed after having 5014 succeeded. Defaults to 3. Minimum value is 5015 1. 5016 format: int32 5017 type: integer 5018 grpc: 5019 description: GRPC specifies an action involving 5020 a GRPC port. This is a beta field and requires 5021 enabling GRPCContainerProbe feature gate. 5022 properties: 5023 port: 5024 description: Port number of the gRPC service. 5025 Number must be in the range 1 to 65535. 5026 format: int32 5027 type: integer 5028 service: 5029 description: "Service is the name of the 5030 service to place in the gRPC HealthCheckRequest 5031 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5032 \n If this is not specified, the default 5033 behavior is defined by gRPC." 5034 type: string 5035 required: 5036 - port 5037 type: object 5038 httpGet: 5039 description: HTTPGet specifies the http request 5040 to perform. 5041 properties: 5042 host: 5043 description: Host name to connect to, defaults 5044 to the pod IP. You probably want to set 5045 "Host" in httpHeaders instead. 5046 type: string 5047 httpHeaders: 5048 description: Custom headers to set in the 5049 request. HTTP allows repeated headers. 5050 items: 5051 description: HTTPHeader describes a custom 5052 header to be used in HTTP probes 5053 properties: 5054 name: 5055 description: The header field name 5056 type: string 5057 value: 5058 description: The header field value 5059 type: string 5060 required: 5061 - name 5062 - value 5063 type: object 5064 type: array 5065 path: 5066 description: Path to access on the HTTP 5067 server. 5068 type: string 5069 port: 5070 anyOf: 5071 - type: integer 5072 - type: string 5073 description: Name or number of the port 5074 to access on the container. Number must 5075 be in the range 1 to 65535. Name must 5076 be an IANA_SVC_NAME. 5077 x-kubernetes-int-or-string: true 5078 scheme: 5079 description: Scheme to use for connecting 5080 to the host. Defaults to HTTP. 5081 type: string 5082 required: 5083 - port 5084 type: object 5085 initialDelaySeconds: 5086 description: 'Number of seconds after the container 5087 has started before liveness probes are initiated. 5088 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5089 format: int32 5090 type: integer 5091 periodSeconds: 5092 description: How often (in seconds) to perform 5093 the probe. Default to 10 seconds. Minimum 5094 value is 1. 5095 format: int32 5096 type: integer 5097 successThreshold: 5098 description: Minimum consecutive successes for 5099 the probe to be considered successful after 5100 having failed. Defaults to 1. Must be 1 for 5101 liveness and startup. Minimum value is 1. 5102 format: int32 5103 type: integer 5104 tcpSocket: 5105 description: TCPSocket specifies an action involving 5106 a TCP port. 5107 properties: 5108 host: 5109 description: 'Optional: Host name to connect 5110 to, defaults to the pod IP.' 5111 type: string 5112 port: 5113 anyOf: 5114 - type: integer 5115 - type: string 5116 description: Number or name of the port 5117 to access on the container. Number must 5118 be in the range 1 to 65535. Name must 5119 be an IANA_SVC_NAME. 5120 x-kubernetes-int-or-string: true 5121 required: 5122 - port 5123 type: object 5124 terminationGracePeriodSeconds: 5125 description: Optional duration in seconds the 5126 pod needs to terminate gracefully upon probe 5127 failure. The grace period is the duration 5128 in seconds after the processes running in 5129 the pod are sent a termination signal and 5130 the time when the processes are forcibly halted 5131 with a kill signal. Set this value longer 5132 than the expected cleanup time for your process. 5133 If this value is nil, the pod's terminationGracePeriodSeconds 5134 will be used. Otherwise, this value overrides 5135 the value provided by the pod spec. Value 5136 must be non-negative integer. The value zero 5137 indicates stop immediately via the kill signal 5138 (no opportunity to shut down). This is a beta 5139 field and requires enabling ProbeTerminationGracePeriod 5140 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5141 is used if unset. 5142 format: int64 5143 type: integer 5144 timeoutSeconds: 5145 description: 'Number of seconds after which 5146 the probe times out. Defaults to 1 second. 5147 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5148 format: int32 5149 type: integer 5150 type: object 5151 resources: 5152 description: 'Compute Resources required by this 5153 container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5154 properties: 5155 limits: 5156 additionalProperties: 5157 anyOf: 5158 - type: integer 5159 - type: string 5160 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5161 x-kubernetes-int-or-string: true 5162 description: 'Limits describes the maximum amount 5163 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5164 type: object 5165 requests: 5166 additionalProperties: 5167 anyOf: 5168 - type: integer 5169 - type: string 5170 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5171 x-kubernetes-int-or-string: true 5172 description: 'Requests describes the minimum 5173 amount of compute resources required. If Requests 5174 is omitted for a container, it defaults to 5175 Limits if that is explicitly specified, otherwise 5176 to an implementation-defined value. More info: 5177 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5178 type: object 5179 type: object 5180 securityContext: 5181 description: 'SecurityContext defines the security 5182 options the container should be run with. If set, 5183 the fields of SecurityContext override the equivalent 5184 fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 5185 properties: 5186 allowPrivilegeEscalation: 5187 description: 'AllowPrivilegeEscalation controls 5188 whether a process can gain more privileges 5189 than its parent process. This bool directly 5190 controls if the no_new_privs flag will be 5191 set on the container process. AllowPrivilegeEscalation 5192 is true always when the container is: 1) run 5193 as Privileged 2) has CAP_SYS_ADMIN Note that 5194 this field cannot be set when spec.os.name 5195 is windows.' 5196 type: boolean 5197 capabilities: 5198 description: The capabilities to add/drop when 5199 running containers. Defaults to the default 5200 set of capabilities granted by the container 5201 runtime. Note that this field cannot be set 5202 when spec.os.name is windows. 5203 properties: 5204 add: 5205 description: Added capabilities 5206 items: 5207 description: Capability represent POSIX 5208 capabilities type 5209 type: string 5210 type: array 5211 drop: 5212 description: Removed capabilities 5213 items: 5214 description: Capability represent POSIX 5215 capabilities type 5216 type: string 5217 type: array 5218 type: object 5219 privileged: 5220 description: Run container in privileged mode. 5221 Processes in privileged containers are essentially 5222 equivalent to root on the host. Defaults to 5223 false. Note that this field cannot be set 5224 when spec.os.name is windows. 5225 type: boolean 5226 procMount: 5227 description: procMount denotes the type of proc 5228 mount to use for the containers. The default 5229 is DefaultProcMount which uses the container 5230 runtime defaults for readonly paths and masked 5231 paths. This requires the ProcMountType feature 5232 flag to be enabled. Note that this field cannot 5233 be set when spec.os.name is windows. 5234 type: string 5235 readOnlyRootFilesystem: 5236 description: Whether this container has a read-only 5237 root filesystem. Default is false. Note that 5238 this field cannot be set when spec.os.name 5239 is windows. 5240 type: boolean 5241 runAsGroup: 5242 description: The GID to run the entrypoint of 5243 the container process. Uses runtime default 5244 if unset. May also be set in PodSecurityContext. If 5245 set in both SecurityContext and PodSecurityContext, 5246 the value specified in SecurityContext takes 5247 precedence. Note that this field cannot be 5248 set when spec.os.name is windows. 5249 format: int64 5250 type: integer 5251 runAsNonRoot: 5252 description: Indicates that the container must 5253 run as a non-root user. If true, the Kubelet 5254 will validate the image at runtime to ensure 5255 that it does not run as UID 0 (root) and fail 5256 to start the container if it does. If unset 5257 or false, no such validation will be performed. 5258 May also be set in PodSecurityContext. If 5259 set in both SecurityContext and PodSecurityContext, 5260 the value specified in SecurityContext takes 5261 precedence. 5262 type: boolean 5263 runAsUser: 5264 description: The UID to run the entrypoint of 5265 the container process. Defaults to user specified 5266 in image metadata if unspecified. May also 5267 be set in PodSecurityContext. If set in both 5268 SecurityContext and PodSecurityContext, the 5269 value specified in SecurityContext takes precedence. 5270 Note that this field cannot be set when spec.os.name 5271 is windows. 5272 format: int64 5273 type: integer 5274 seLinuxOptions: 5275 description: The SELinux context to be applied 5276 to the container. If unspecified, the container 5277 runtime will allocate a random SELinux context 5278 for each container. May also be set in PodSecurityContext. If 5279 set in both SecurityContext and PodSecurityContext, 5280 the value specified in SecurityContext takes 5281 precedence. Note that this field cannot be 5282 set when spec.os.name is windows. 5283 properties: 5284 level: 5285 description: Level is SELinux level label 5286 that applies to the container. 5287 type: string 5288 role: 5289 description: Role is a SELinux role label 5290 that applies to the container. 5291 type: string 5292 type: 5293 description: Type is a SELinux type label 5294 that applies to the container. 5295 type: string 5296 user: 5297 description: User is a SELinux user label 5298 that applies to the container. 5299 type: string 5300 type: object 5301 seccompProfile: 5302 description: The seccomp options to use by this 5303 container. If seccomp options are provided 5304 at both the pod & container level, the container 5305 options override the pod options. Note that 5306 this field cannot be set when spec.os.name 5307 is windows. 5308 properties: 5309 localhostProfile: 5310 description: localhostProfile indicates 5311 a profile defined in a file on the node 5312 should be used. The profile must be preconfigured 5313 on the node to work. Must be a descending 5314 path, relative to the kubelet's configured 5315 seccomp profile location. Must only be 5316 set if type is "Localhost". 5317 type: string 5318 type: 5319 description: "type indicates which kind 5320 of seccomp profile will be applied. Valid 5321 options are: \n Localhost - a profile 5322 defined in a file on the node should be 5323 used. RuntimeDefault - the container runtime 5324 default profile should be used. Unconfined 5325 - no profile should be applied." 5326 type: string 5327 required: 5328 - type 5329 type: object 5330 windowsOptions: 5331 description: The Windows specific settings applied 5332 to all containers. If unspecified, the options 5333 from the PodSecurityContext will be used. 5334 If set in both SecurityContext and PodSecurityContext, 5335 the value specified in SecurityContext takes 5336 precedence. Note that this field cannot be 5337 set when spec.os.name is linux. 5338 properties: 5339 gmsaCredentialSpec: 5340 description: GMSACredentialSpec is where 5341 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5342 inlines the contents of the GMSA credential 5343 spec named by the GMSACredentialSpecName 5344 field. 5345 type: string 5346 gmsaCredentialSpecName: 5347 description: GMSACredentialSpecName is the 5348 name of the GMSA credential spec to use. 5349 type: string 5350 hostProcess: 5351 description: HostProcess determines if a 5352 container should be run as a 'Host Process' 5353 container. This field is alpha-level and 5354 will only be honored by components that 5355 enable the WindowsHostProcessContainers 5356 feature flag. Setting this field without 5357 the feature flag will result in errors 5358 when validating the Pod. All of a Pod's 5359 containers must have the same effective 5360 HostProcess value (it is not allowed to 5361 have a mix of HostProcess containers and 5362 non-HostProcess containers). In addition, 5363 if HostProcess is true then HostNetwork 5364 must also be set to true. 5365 type: boolean 5366 runAsUserName: 5367 description: The UserName in Windows to 5368 run the entrypoint of the container process. 5369 Defaults to the user specified in image 5370 metadata if unspecified. May also be set 5371 in PodSecurityContext. If set in both 5372 SecurityContext and PodSecurityContext, 5373 the value specified in SecurityContext 5374 takes precedence. 5375 type: string 5376 type: object 5377 type: object 5378 startupProbe: 5379 description: 'StartupProbe indicates that the Pod 5380 has successfully initialized. If specified, no 5381 other probes are executed until this completes 5382 successfully. If this probe fails, the Pod will 5383 be restarted, just as if the livenessProbe failed. 5384 This can be used to provide different probe parameters 5385 at the beginning of a Pod''s lifecycle, when it 5386 might take a long time to load data or warm a 5387 cache, than during steady-state operation. This 5388 cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5389 properties: 5390 exec: 5391 description: Exec specifies the action to take. 5392 properties: 5393 command: 5394 description: Command is the command line 5395 to execute inside the container, the working 5396 directory for the command is root ('/') 5397 in the container's filesystem. The command 5398 is simply exec'd, it is not run inside 5399 a shell, so traditional shell instructions 5400 ('|', etc) won't work. To use a shell, 5401 you need to explicitly call out to that 5402 shell. Exit status of 0 is treated as 5403 live/healthy and non-zero is unhealthy. 5404 items: 5405 type: string 5406 type: array 5407 type: object 5408 failureThreshold: 5409 description: Minimum consecutive failures for 5410 the probe to be considered failed after having 5411 succeeded. Defaults to 3. Minimum value is 5412 1. 5413 format: int32 5414 type: integer 5415 grpc: 5416 description: GRPC specifies an action involving 5417 a GRPC port. This is a beta field and requires 5418 enabling GRPCContainerProbe feature gate. 5419 properties: 5420 port: 5421 description: Port number of the gRPC service. 5422 Number must be in the range 1 to 65535. 5423 format: int32 5424 type: integer 5425 service: 5426 description: "Service is the name of the 5427 service to place in the gRPC HealthCheckRequest 5428 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5429 \n If this is not specified, the default 5430 behavior is defined by gRPC." 5431 type: string 5432 required: 5433 - port 5434 type: object 5435 httpGet: 5436 description: HTTPGet specifies the http request 5437 to perform. 5438 properties: 5439 host: 5440 description: Host name to connect to, defaults 5441 to the pod IP. You probably want to set 5442 "Host" in httpHeaders instead. 5443 type: string 5444 httpHeaders: 5445 description: Custom headers to set in the 5446 request. HTTP allows repeated headers. 5447 items: 5448 description: HTTPHeader describes a custom 5449 header to be used in HTTP probes 5450 properties: 5451 name: 5452 description: The header field name 5453 type: string 5454 value: 5455 description: The header field value 5456 type: string 5457 required: 5458 - name 5459 - value 5460 type: object 5461 type: array 5462 path: 5463 description: Path to access on the HTTP 5464 server. 5465 type: string 5466 port: 5467 anyOf: 5468 - type: integer 5469 - type: string 5470 description: Name or number of the port 5471 to access on the container. Number must 5472 be in the range 1 to 65535. Name must 5473 be an IANA_SVC_NAME. 5474 x-kubernetes-int-or-string: true 5475 scheme: 5476 description: Scheme to use for connecting 5477 to the host. Defaults to HTTP. 5478 type: string 5479 required: 5480 - port 5481 type: object 5482 initialDelaySeconds: 5483 description: 'Number of seconds after the container 5484 has started before liveness probes are initiated. 5485 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5486 format: int32 5487 type: integer 5488 periodSeconds: 5489 description: How often (in seconds) to perform 5490 the probe. Default to 10 seconds. Minimum 5491 value is 1. 5492 format: int32 5493 type: integer 5494 successThreshold: 5495 description: Minimum consecutive successes for 5496 the probe to be considered successful after 5497 having failed. Defaults to 1. Must be 1 for 5498 liveness and startup. Minimum value is 1. 5499 format: int32 5500 type: integer 5501 tcpSocket: 5502 description: TCPSocket specifies an action involving 5503 a TCP port. 5504 properties: 5505 host: 5506 description: 'Optional: Host name to connect 5507 to, defaults to the pod IP.' 5508 type: string 5509 port: 5510 anyOf: 5511 - type: integer 5512 - type: string 5513 description: Number or name of the port 5514 to access on the container. Number must 5515 be in the range 1 to 65535. Name must 5516 be an IANA_SVC_NAME. 5517 x-kubernetes-int-or-string: true 5518 required: 5519 - port 5520 type: object 5521 terminationGracePeriodSeconds: 5522 description: Optional duration in seconds the 5523 pod needs to terminate gracefully upon probe 5524 failure. The grace period is the duration 5525 in seconds after the processes running in 5526 the pod are sent a termination signal and 5527 the time when the processes are forcibly halted 5528 with a kill signal. Set this value longer 5529 than the expected cleanup time for your process. 5530 If this value is nil, the pod's terminationGracePeriodSeconds 5531 will be used. Otherwise, this value overrides 5532 the value provided by the pod spec. Value 5533 must be non-negative integer. The value zero 5534 indicates stop immediately via the kill signal 5535 (no opportunity to shut down). This is a beta 5536 field and requires enabling ProbeTerminationGracePeriod 5537 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5538 is used if unset. 5539 format: int64 5540 type: integer 5541 timeoutSeconds: 5542 description: 'Number of seconds after which 5543 the probe times out. Defaults to 1 second. 5544 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5545 format: int32 5546 type: integer 5547 type: object 5548 stdin: 5549 description: Whether this container should allocate 5550 a buffer for stdin in the container runtime. If 5551 this is not set, reads from stdin in the container 5552 will always result in EOF. Default is false. 5553 type: boolean 5554 stdinOnce: 5555 description: Whether the container runtime should 5556 close the stdin channel after it has been opened 5557 by a single attach. When stdin is true the stdin 5558 stream will remain open across multiple attach 5559 sessions. If stdinOnce is set to true, stdin is 5560 opened on container start, is empty until the 5561 first client attaches to stdin, and then remains 5562 open and accepts data until the client disconnects, 5563 at which time stdin is closed and remains closed 5564 until the container is restarted. If this flag 5565 is false, a container processes that reads from 5566 stdin will never receive an EOF. Default is false 5567 type: boolean 5568 terminationMessagePath: 5569 description: 'Optional: Path at which the file to 5570 which the container''s termination message will 5571 be written is mounted into the container''s filesystem. 5572 Message written is intended to be brief final 5573 status, such as an assertion failure message. 5574 Will be truncated by the node if greater than 5575 4096 bytes. The total message length across all 5576 containers will be limited to 12kb. Defaults to 5577 /dev/termination-log. Cannot be updated.' 5578 type: string 5579 terminationMessagePolicy: 5580 description: Indicate how the termination message 5581 should be populated. File will use the contents 5582 of terminationMessagePath to populate the container 5583 status message on both success and failure. FallbackToLogsOnError 5584 will use the last chunk of container log output 5585 if the termination message file is empty and the 5586 container exited with an error. The log output 5587 is limited to 2048 bytes or 80 lines, whichever 5588 is smaller. Defaults to File. Cannot be updated. 5589 type: string 5590 tty: 5591 description: Whether this container should allocate 5592 a TTY for itself, also requires 'stdin' to be 5593 true. Default is false. 5594 type: boolean 5595 volumeDevices: 5596 description: volumeDevices is the list of block 5597 devices to be used by the container. 5598 items: 5599 description: volumeDevice describes a mapping 5600 of a raw block device within a container. 5601 properties: 5602 devicePath: 5603 description: devicePath is the path inside 5604 of the container that the device will be 5605 mapped to. 5606 type: string 5607 name: 5608 description: name must match the name of a 5609 persistentVolumeClaim in the pod 5610 type: string 5611 required: 5612 - devicePath 5613 - name 5614 type: object 5615 type: array 5616 volumeMounts: 5617 description: Pod volumes to mount into the container's 5618 filesystem. Cannot be updated. 5619 items: 5620 description: VolumeMount describes a mounting 5621 of a Volume within a container. 5622 properties: 5623 mountPath: 5624 description: Path within the container at 5625 which the volume should be mounted. Must 5626 not contain ':'. 5627 type: string 5628 mountPropagation: 5629 description: mountPropagation determines how 5630 mounts are propagated from the host to container 5631 and the other way around. When not set, 5632 MountPropagationNone is used. This field 5633 is beta in 1.10. 5634 type: string 5635 name: 5636 description: This must match the Name of a 5637 Volume. 5638 type: string 5639 readOnly: 5640 description: Mounted read-only if true, read-write 5641 otherwise (false or unspecified). Defaults 5642 to false. 5643 type: boolean 5644 subPath: 5645 description: Path within the volume from which 5646 the container's volume should be mounted. 5647 Defaults to "" (volume's root). 5648 type: string 5649 subPathExpr: 5650 description: Expanded path within the volume 5651 from which the container's volume should 5652 be mounted. Behaves similarly to SubPath 5653 but environment variable references $(VAR_NAME) 5654 are expanded using the container's environment. 5655 Defaults to "" (volume's root). SubPathExpr 5656 and SubPath are mutually exclusive. 5657 type: string 5658 required: 5659 - mountPath 5660 - name 5661 type: object 5662 type: array 5663 workingDir: 5664 description: Container's working directory. If not 5665 specified, the container runtime's default will 5666 be used, which might be configured in the container 5667 image. Cannot be updated. 5668 type: string 5669 required: 5670 - name 5671 type: object 5672 type: array 5673 nodeName: 5674 description: NodeName is a request to schedule this pod 5675 onto a specific node. If it is non-empty, the scheduler 5676 simply schedules this pod onto that node, assuming that 5677 it fits resource requirements. 5678 type: string 5679 nodeSelector: 5680 additionalProperties: 5681 type: string 5682 description: 'NodeSelector is a selector which must be 5683 true for the pod to fit on a node. Selector which must 5684 match a node''s labels for the pod to be scheduled on 5685 that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 5686 type: object 5687 x-kubernetes-map-type: atomic 5688 os: 5689 description: "Specifies the OS of the containers in the 5690 pod. Some pod and container fields are restricted if 5691 this is set. \n If the OS field is set to linux, the 5692 following fields must be unset: -securityContext.windowsOptions 5693 \n If the OS field is set to windows, following fields 5694 must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions 5695 - spec.securityContext.seccompProfile - spec.securityContext.fsGroup 5696 - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls 5697 - spec.shareProcessNamespace - spec.securityContext.runAsUser 5698 - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups 5699 - spec.containers[*].securityContext.seLinuxOptions 5700 - spec.containers[*].securityContext.seccompProfile 5701 - spec.containers[*].securityContext.capabilities - 5702 spec.containers[*].securityContext.readOnlyRootFilesystem 5703 - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation 5704 - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser 5705 - spec.containers[*].securityContext.runAsGroup This 5706 is a beta field and requires the IdentifyPodOS feature" 5707 properties: 5708 name: 5709 description: 'Name is the name of the operating system. 5710 The currently supported values are linux and windows. 5711 Additional value may be defined in future and can 5712 be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration 5713 Clients should expect to handle additional values 5714 and treat unrecognized values in this field as os: 5715 null' 5716 type: string 5717 required: 5718 - name 5719 type: object 5720 overhead: 5721 additionalProperties: 5722 anyOf: 5723 - type: integer 5724 - type: string 5725 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5726 x-kubernetes-int-or-string: true 5727 description: 'Overhead represents the resource overhead 5728 associated with running a pod for a given RuntimeClass. 5729 This field will be autopopulated at admission time by 5730 the RuntimeClass admission controller. If the RuntimeClass 5731 admission controller is enabled, overhead must not be 5732 set in Pod create requests. The RuntimeClass admission 5733 controller will reject Pod create requests which have 5734 the overhead already set. If RuntimeClass is configured 5735 and selected in the PodSpec, Overhead will be set to 5736 the value defined in the corresponding RuntimeClass, 5737 otherwise it will remain unset and treated as zero. 5738 More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' 5739 type: object 5740 preemptionPolicy: 5741 description: PreemptionPolicy is the Policy for preempting 5742 pods with lower priority. One of Never, PreemptLowerPriority. 5743 Defaults to PreemptLowerPriority if unset. 5744 type: string 5745 priority: 5746 description: The priority value. Various system components 5747 use this field to find the priority of the pod. When 5748 Priority Admission Controller is enabled, it prevents 5749 users from setting this field. The admission controller 5750 populates this field from PriorityClassName. The higher 5751 the value, the higher the priority. 5752 format: int32 5753 type: integer 5754 priorityClassName: 5755 description: If specified, indicates the pod's priority. 5756 "system-node-critical" and "system-cluster-critical" 5757 are two special keywords which indicate the highest 5758 priorities with the former being the highest priority. 5759 Any other name must be defined by creating a PriorityClass 5760 object with that name. If not specified, the pod priority 5761 will be default or zero if there is no default. 5762 type: string 5763 readinessGates: 5764 description: 'If specified, all readiness gates will be 5765 evaluated for pod readiness. A pod is ready when all 5766 its containers are ready AND all conditions specified 5767 in the readiness gates have status equal to "True" More 5768 info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' 5769 items: 5770 description: PodReadinessGate contains the reference 5771 to a pod condition 5772 properties: 5773 conditionType: 5774 description: ConditionType refers to a condition 5775 in the pod's condition list with matching type. 5776 type: string 5777 required: 5778 - conditionType 5779 type: object 5780 type: array 5781 restartPolicy: 5782 description: 'Restart policy for all containers within 5783 the pod. One of Always, OnFailure, Never. Default to 5784 Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 5785 type: string 5786 runtimeClassName: 5787 description: 'RuntimeClassName refers to a RuntimeClass 5788 object in the node.k8s.io group, which should be used 5789 to run this pod. If no RuntimeClass resource matches 5790 the named class, the pod will not be run. If unset or 5791 empty, the "legacy" RuntimeClass will be used, which 5792 is an implicit class with an empty definition that uses 5793 the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' 5794 type: string 5795 schedulerName: 5796 description: If specified, the pod will be dispatched 5797 by specified scheduler. If not specified, the pod will 5798 be dispatched by default scheduler. 5799 type: string 5800 securityContext: 5801 description: 'SecurityContext holds pod-level security 5802 attributes and common container settings. Optional: 5803 Defaults to empty. See type description for default 5804 values of each field.' 5805 properties: 5806 fsGroup: 5807 description: "A special supplemental group that applies 5808 to all containers in a pod. Some volume types allow 5809 the Kubelet to change the ownership of that volume 5810 to be owned by the pod: \n 1. The owning GID will 5811 be the FSGroup 2. The setgid bit is set (new files 5812 created in the volume will be owned by FSGroup) 5813 3. The permission bits are OR'd with rw-rw---- \n 5814 If unset, the Kubelet will not modify the ownership 5815 and permissions of any volume. Note that this field 5816 cannot be set when spec.os.name is windows." 5817 format: int64 5818 type: integer 5819 fsGroupChangePolicy: 5820 description: 'fsGroupChangePolicy defines behavior 5821 of changing ownership and permission of the volume 5822 before being exposed inside Pod. This field will 5823 only apply to volume types which support fsGroup 5824 based ownership(and permissions). It will have no 5825 effect on ephemeral volume types such as: secret, 5826 configmaps and emptydir. Valid values are "OnRootMismatch" 5827 and "Always". If not specified, "Always" is used. 5828 Note that this field cannot be set when spec.os.name 5829 is windows.' 5830 type: string 5831 runAsGroup: 5832 description: The GID to run the entrypoint of the 5833 container process. Uses runtime default if unset. 5834 May also be set in SecurityContext. If set in both 5835 SecurityContext and PodSecurityContext, the value 5836 specified in SecurityContext takes precedence for 5837 that container. Note that this field cannot be set 5838 when spec.os.name is windows. 5839 format: int64 5840 type: integer 5841 runAsNonRoot: 5842 description: Indicates that the container must run 5843 as a non-root user. If true, the Kubelet will validate 5844 the image at runtime to ensure that it does not 5845 run as UID 0 (root) and fail to start the container 5846 if it does. If unset or false, no such validation 5847 will be performed. May also be set in SecurityContext. If 5848 set in both SecurityContext and PodSecurityContext, 5849 the value specified in SecurityContext takes precedence. 5850 type: boolean 5851 runAsUser: 5852 description: The UID to run the entrypoint of the 5853 container process. Defaults to user specified in 5854 image metadata if unspecified. May also be set in 5855 SecurityContext. If set in both SecurityContext 5856 and PodSecurityContext, the value specified in SecurityContext 5857 takes precedence for that container. Note that this 5858 field cannot be set when spec.os.name is windows. 5859 format: int64 5860 type: integer 5861 seLinuxOptions: 5862 description: The SELinux context to be applied to 5863 all containers. If unspecified, the container runtime 5864 will allocate a random SELinux context for each 5865 container. May also be set in SecurityContext. If 5866 set in both SecurityContext and PodSecurityContext, 5867 the value specified in SecurityContext takes precedence 5868 for that container. Note that this field cannot 5869 be set when spec.os.name is windows. 5870 properties: 5871 level: 5872 description: Level is SELinux level label that 5873 applies to the container. 5874 type: string 5875 role: 5876 description: Role is a SELinux role label that 5877 applies to the container. 5878 type: string 5879 type: 5880 description: Type is a SELinux type label that 5881 applies to the container. 5882 type: string 5883 user: 5884 description: User is a SELinux user label that 5885 applies to the container. 5886 type: string 5887 type: object 5888 seccompProfile: 5889 description: The seccomp options to use by the containers 5890 in this pod. Note that this field cannot be set 5891 when spec.os.name is windows. 5892 properties: 5893 localhostProfile: 5894 description: localhostProfile indicates a profile 5895 defined in a file on the node should be used. 5896 The profile must be preconfigured on the node 5897 to work. Must be a descending path, relative 5898 to the kubelet's configured seccomp profile 5899 location. Must only be set if type is "Localhost". 5900 type: string 5901 type: 5902 description: "type indicates which kind of seccomp 5903 profile will be applied. Valid options are: 5904 \n Localhost - a profile defined in a file on 5905 the node should be used. RuntimeDefault - the 5906 container runtime default profile should be 5907 used. Unconfined - no profile should be applied." 5908 type: string 5909 required: 5910 - type 5911 type: object 5912 supplementalGroups: 5913 description: A list of groups applied to the first 5914 process run in each container, in addition to the 5915 container's primary GID. If unspecified, no groups 5916 will be added to any container. Note that this field 5917 cannot be set when spec.os.name is windows. 5918 items: 5919 format: int64 5920 type: integer 5921 type: array 5922 sysctls: 5923 description: Sysctls hold a list of namespaced sysctls 5924 used for the pod. Pods with unsupported sysctls 5925 (by the container runtime) might fail to launch. 5926 Note that this field cannot be set when spec.os.name 5927 is windows. 5928 items: 5929 description: Sysctl defines a kernel parameter to 5930 be set 5931 properties: 5932 name: 5933 description: Name of a property to set 5934 type: string 5935 value: 5936 description: Value of a property to set 5937 type: string 5938 required: 5939 - name 5940 - value 5941 type: object 5942 type: array 5943 windowsOptions: 5944 description: The Windows specific settings applied 5945 to all containers. If unspecified, the options within 5946 a container's SecurityContext will be used. If set 5947 in both SecurityContext and PodSecurityContext, 5948 the value specified in SecurityContext takes precedence. 5949 Note that this field cannot be set when spec.os.name 5950 is linux. 5951 properties: 5952 gmsaCredentialSpec: 5953 description: GMSACredentialSpec is where the GMSA 5954 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5955 inlines the contents of the GMSA credential 5956 spec named by the GMSACredentialSpecName field. 5957 type: string 5958 gmsaCredentialSpecName: 5959 description: GMSACredentialSpecName is the name 5960 of the GMSA credential spec to use. 5961 type: string 5962 hostProcess: 5963 description: HostProcess determines if a container 5964 should be run as a 'Host Process' container. 5965 This field is alpha-level and will only be honored 5966 by components that enable the WindowsHostProcessContainers 5967 feature flag. Setting this field without the 5968 feature flag will result in errors when validating 5969 the Pod. All of a Pod's containers must have 5970 the same effective HostProcess value (it is 5971 not allowed to have a mix of HostProcess containers 5972 and non-HostProcess containers). In addition, 5973 if HostProcess is true then HostNetwork must 5974 also be set to true. 5975 type: boolean 5976 runAsUserName: 5977 description: The UserName in Windows to run the 5978 entrypoint of the container process. Defaults 5979 to the user specified in image metadata if unspecified. 5980 May also be set in PodSecurityContext. If set 5981 in both SecurityContext and PodSecurityContext, 5982 the value specified in SecurityContext takes 5983 precedence. 5984 type: string 5985 type: object 5986 type: object 5987 serviceAccount: 5988 description: 'DeprecatedServiceAccount is a depreciated 5989 alias for ServiceAccountName. Deprecated: Use serviceAccountName 5990 instead.' 5991 type: string 5992 serviceAccountName: 5993 description: 'ServiceAccountName is the name of the ServiceAccount 5994 to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 5995 type: string 5996 setHostnameAsFQDN: 5997 description: If true the pod's hostname will be configured 5998 as the pod's FQDN, rather than the leaf name (the default). 5999 In Linux containers, this means setting the FQDN in 6000 the hostname field of the kernel (the nodename field 6001 of struct utsname). In Windows containers, this means 6002 setting the registry value of hostname for the registry 6003 key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters 6004 to FQDN. If a pod does not have FQDN, this has no effect. 6005 Default to false. 6006 type: boolean 6007 shareProcessNamespace: 6008 description: 'Share a single process namespace between 6009 all of the containers in a pod. When this is set containers 6010 will be able to view and signal processes from other 6011 containers in the same pod, and the first process in 6012 each container will not be assigned PID 1. HostPID and 6013 ShareProcessNamespace cannot both be set. Optional: 6014 Default to false.' 6015 type: boolean 6016 subdomain: 6017 description: If specified, the fully qualified Pod hostname 6018 will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster 6019 domain>". If not specified, the pod will not have a 6020 domainname at all. 6021 type: string 6022 terminationGracePeriodSeconds: 6023 description: Optional duration in seconds the pod needs 6024 to terminate gracefully. May be decreased in delete 6025 request. Value must be non-negative integer. The value 6026 zero indicates stop immediately via the kill signal 6027 (no opportunity to shut down). If this value is nil, 6028 the default grace period will be used instead. The grace 6029 period is the duration in seconds after the processes 6030 running in the pod are sent a termination signal and 6031 the time when the processes are forcibly halted with 6032 a kill signal. Set this value longer than the expected 6033 cleanup time for your process. Defaults to 30 seconds. 6034 format: int64 6035 type: integer 6036 tolerations: 6037 description: If specified, the pod's tolerations. 6038 items: 6039 description: The pod this Toleration is attached to 6040 tolerates any taint that matches the triple <key,value,effect> 6041 using the matching operator <operator>. 6042 properties: 6043 effect: 6044 description: Effect indicates the taint effect to 6045 match. Empty means match all taint effects. When 6046 specified, allowed values are NoSchedule, PreferNoSchedule 6047 and NoExecute. 6048 type: string 6049 key: 6050 description: Key is the taint key that the toleration 6051 applies to. Empty means match all taint keys. 6052 If the key is empty, operator must be Exists; 6053 this combination means to match all values and 6054 all keys. 6055 type: string 6056 operator: 6057 description: Operator represents a key's relationship 6058 to the value. Valid operators are Exists and Equal. 6059 Defaults to Equal. Exists is equivalent to wildcard 6060 for value, so that a pod can tolerate all taints 6061 of a particular category. 6062 type: string 6063 tolerationSeconds: 6064 description: TolerationSeconds represents the period 6065 of time the toleration (which must be of effect 6066 NoExecute, otherwise this field is ignored) tolerates 6067 the taint. By default, it is not set, which means 6068 tolerate the taint forever (do not evict). Zero 6069 and negative values will be treated as 0 (evict 6070 immediately) by the system. 6071 format: int64 6072 type: integer 6073 value: 6074 description: Value is the taint value the toleration 6075 matches to. If the operator is Exists, the value 6076 should be empty, otherwise just a regular string. 6077 type: string 6078 type: object 6079 type: array 6080 topologySpreadConstraints: 6081 description: TopologySpreadConstraints describes how a 6082 group of pods ought to spread across topology domains. 6083 Scheduler will schedule pods in a way which abides by 6084 the constraints. All topologySpreadConstraints are ANDed. 6085 items: 6086 description: TopologySpreadConstraint specifies how 6087 to spread matching pods among the given topology. 6088 properties: 6089 labelSelector: 6090 description: LabelSelector is used to find matching 6091 pods. Pods that match this label selector are 6092 counted to determine the number of pods in their 6093 corresponding topology domain. 6094 properties: 6095 matchExpressions: 6096 description: matchExpressions is a list of label 6097 selector requirements. The requirements are 6098 ANDed. 6099 items: 6100 description: A label selector requirement 6101 is a selector that contains values, a key, 6102 and an operator that relates the key and 6103 values. 6104 properties: 6105 key: 6106 description: key is the label key that 6107 the selector applies to. 6108 type: string 6109 operator: 6110 description: operator represents a key's 6111 relationship to a set of values. Valid 6112 operators are In, NotIn, Exists and 6113 DoesNotExist. 6114 type: string 6115 values: 6116 description: values is an array of string 6117 values. If the operator is In or NotIn, 6118 the values array must be non-empty. 6119 If the operator is Exists or DoesNotExist, 6120 the values array must be empty. This 6121 array is replaced during a strategic 6122 merge patch. 6123 items: 6124 type: string 6125 type: array 6126 required: 6127 - key 6128 - operator 6129 type: object 6130 type: array 6131 matchLabels: 6132 additionalProperties: 6133 type: string 6134 description: matchLabels is a map of {key,value} 6135 pairs. A single {key,value} in the matchLabels 6136 map is equivalent to an element of matchExpressions, 6137 whose key field is "key", the operator is 6138 "In", and the values array contains only "value". 6139 The requirements are ANDed. 6140 type: object 6141 type: object 6142 maxSkew: 6143 description: 'MaxSkew describes the degree to which 6144 pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 6145 it is the maximum permitted difference between 6146 the number of matching pods in the target topology 6147 and the global minimum. The global minimum is 6148 the minimum number of matching pods in an eligible 6149 domain or zero if the number of eligible domains 6150 is less than MinDomains. For example, in a 3-zone 6151 cluster, MaxSkew is set to 1, and pods with the 6152 same labelSelector spread as 2/2/1: In this case, 6153 the global minimum is 1. | zone1 | zone2 | zone3 6154 | | P P | P P | P | - if MaxSkew is 1, 6155 incoming pod can only be scheduled to zone3 to 6156 become 2/2/2; scheduling it onto zone1(zone2) 6157 would make the ActualSkew(3-1) on zone1(zone2) 6158 violate MaxSkew(1). - if MaxSkew is 2, incoming 6159 pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 6160 it is used to give higher precedence to topologies 6161 that satisfy it. It''s a required field. Default 6162 value is 1 and 0 is not allowed.' 6163 format: int32 6164 type: integer 6165 minDomains: 6166 description: "MinDomains indicates a minimum number 6167 of eligible domains. When the number of eligible 6168 domains with matching topology keys is less than 6169 minDomains, Pod Topology Spread treats \"global 6170 minimum\" as 0, and then the calculation of Skew 6171 is performed. And when the number of eligible 6172 domains with matching topology keys equals or 6173 greater than minDomains, this value has no effect 6174 on scheduling. As a result, when the number of 6175 eligible domains is less than minDomains, scheduler 6176 won't schedule more than maxSkew Pods to those 6177 domains. If value is nil, the constraint behaves 6178 as if MinDomains is equal to 1. Valid values are 6179 integers greater than 0. When value is not nil, 6180 WhenUnsatisfiable must be DoNotSchedule. \n For 6181 example, in a 3-zone cluster, MaxSkew is set to 6182 2, MinDomains is set to 5 and pods with the same 6183 labelSelector spread as 2/2/2: | zone1 | zone2 6184 | zone3 | | P P | P P | P P | The number 6185 of domains is less than 5(MinDomains), so \"global 6186 minimum\" is treated as 0. In this situation, 6187 new pod with the same labelSelector cannot be 6188 scheduled, because computed skew will be 3(3 - 6189 0) if new Pod is scheduled to any of the three 6190 zones, it will violate MaxSkew. \n This is an 6191 alpha field and requires enabling MinDomainsInPodTopologySpread 6192 feature gate." 6193 format: int32 6194 type: integer 6195 topologyKey: 6196 description: TopologyKey is the key of node labels. 6197 Nodes that have a label with this key and identical 6198 values are considered to be in the same topology. 6199 We consider each <key, value> as a "bucket", and 6200 try to put balanced number of pods into each bucket. 6201 We define a domain as a particular instance of 6202 a topology. Also, we define an eligible domain 6203 as a domain whose nodes match the node selector. 6204 e.g. If TopologyKey is "kubernetes.io/hostname", 6205 each Node is a domain of that topology. And, if 6206 TopologyKey is "topology.kubernetes.io/zone", 6207 each zone is a domain of that topology. It's a 6208 required field. 6209 type: string 6210 whenUnsatisfiable: 6211 description: 'WhenUnsatisfiable indicates how to 6212 deal with a pod if it doesn''t satisfy the spread 6213 constraint. - DoNotSchedule (default) tells the 6214 scheduler not to schedule it. - ScheduleAnyway 6215 tells the scheduler to schedule the pod in any 6216 location, but giving higher precedence to topologies 6217 that would help reduce the skew. A constraint 6218 is considered "Unsatisfiable" for an incoming 6219 pod if and only if every possible node assignment 6220 for that pod would violate "MaxSkew" on some topology. 6221 For example, in a 3-zone cluster, MaxSkew is set 6222 to 1, and pods with the same labelSelector spread 6223 as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | 6224 If WhenUnsatisfiable is set to DoNotSchedule, 6225 incoming pod can only be scheduled to zone2(zone3) 6226 to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) 6227 satisfies MaxSkew(1). In other words, the cluster 6228 can still be imbalanced, but scheduler won''t 6229 make it *more* imbalanced. It''s a required field.' 6230 type: string 6231 required: 6232 - maxSkew 6233 - topologyKey 6234 - whenUnsatisfiable 6235 type: object 6236 type: array 6237 x-kubernetes-list-map-keys: 6238 - topologyKey 6239 - whenUnsatisfiable 6240 x-kubernetes-list-type: map 6241 volumes: 6242 description: 'List of volumes that can be mounted by containers 6243 belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 6244 items: 6245 description: Volume represents a named volume in a pod 6246 that may be accessed by any container in the pod. 6247 properties: 6248 awsElasticBlockStore: 6249 description: 'awsElasticBlockStore represents an 6250 AWS Disk resource that is attached to a kubelet''s 6251 host machine and then exposed to the pod. More 6252 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6253 properties: 6254 fsType: 6255 description: 'fsType is the filesystem type 6256 of the volume that you want to mount. Tip: 6257 Ensure that the filesystem type is supported 6258 by the host operating system. Examples: "ext4", 6259 "xfs", "ntfs". Implicitly inferred to be "ext4" 6260 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6261 TODO: how do we prevent errors in the filesystem 6262 from compromising the machine' 6263 type: string 6264 partition: 6265 description: 'partition is the partition in 6266 the volume that you want to mount. If omitted, 6267 the default is to mount by volume name. Examples: 6268 For volume /dev/sda1, you specify the partition 6269 as "1". Similarly, the volume partition for 6270 /dev/sda is "0" (or you can leave the property 6271 empty).' 6272 format: int32 6273 type: integer 6274 readOnly: 6275 description: 'readOnly value true will force 6276 the readOnly setting in VolumeMounts. More 6277 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6278 type: boolean 6279 volumeID: 6280 description: 'volumeID is unique ID of the persistent 6281 disk resource in AWS (Amazon EBS volume). 6282 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6283 type: string 6284 required: 6285 - volumeID 6286 type: object 6287 azureDisk: 6288 description: azureDisk represents an Azure Data 6289 Disk mount on the host and bind mount to the pod. 6290 properties: 6291 cachingMode: 6292 description: 'cachingMode is the Host Caching 6293 mode: None, Read Only, Read Write.' 6294 type: string 6295 diskName: 6296 description: diskName is the Name of the data 6297 disk in the blob storage 6298 type: string 6299 diskURI: 6300 description: diskURI is the URI of data disk 6301 in the blob storage 6302 type: string 6303 fsType: 6304 description: fsType is Filesystem type to mount. 6305 Must be a filesystem type supported by the 6306 host operating system. Ex. "ext4", "xfs", 6307 "ntfs". Implicitly inferred to be "ext4" if 6308 unspecified. 6309 type: string 6310 kind: 6311 description: 'kind expected values are Shared: 6312 multiple blob disks per storage account Dedicated: 6313 single blob disk per storage account Managed: 6314 azure managed data disk (only in managed availability 6315 set). defaults to shared' 6316 type: string 6317 readOnly: 6318 description: readOnly Defaults to false (read/write). 6319 ReadOnly here will force the ReadOnly setting 6320 in VolumeMounts. 6321 type: boolean 6322 required: 6323 - diskName 6324 - diskURI 6325 type: object 6326 azureFile: 6327 description: azureFile represents an Azure File 6328 Service mount on the host and bind mount to the 6329 pod. 6330 properties: 6331 readOnly: 6332 description: readOnly defaults to false (read/write). 6333 ReadOnly here will force the ReadOnly setting 6334 in VolumeMounts. 6335 type: boolean 6336 secretName: 6337 description: secretName is the name of secret 6338 that contains Azure Storage Account Name and 6339 Key 6340 type: string 6341 shareName: 6342 description: shareName is the azure share Name 6343 type: string 6344 required: 6345 - secretName 6346 - shareName 6347 type: object 6348 cephfs: 6349 description: cephFS represents a Ceph FS mount on 6350 the host that shares a pod's lifetime 6351 properties: 6352 monitors: 6353 description: 'monitors is Required: Monitors 6354 is a collection of Ceph monitors More info: 6355 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6356 items: 6357 type: string 6358 type: array 6359 path: 6360 description: 'path is Optional: Used as the 6361 mounted root, rather than the full Ceph tree, 6362 default is /' 6363 type: string 6364 readOnly: 6365 description: 'readOnly is Optional: Defaults 6366 to false (read/write). ReadOnly here will 6367 force the ReadOnly setting in VolumeMounts. 6368 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6369 type: boolean 6370 secretFile: 6371 description: 'secretFile is Optional: SecretFile 6372 is the path to key ring for User, default 6373 is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6374 type: string 6375 secretRef: 6376 description: 'secretRef is Optional: SecretRef 6377 is reference to the authentication secret 6378 for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6379 properties: 6380 name: 6381 description: 'Name of the referent. More 6382 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6383 TODO: Add other useful fields. apiVersion, 6384 kind, uid?' 6385 type: string 6386 type: object 6387 user: 6388 description: 'user is optional: User is the 6389 rados user name, default is admin More info: 6390 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6391 type: string 6392 required: 6393 - monitors 6394 type: object 6395 cinder: 6396 description: 'cinder represents a cinder volume 6397 attached and mounted on kubelets host machine. 6398 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6399 properties: 6400 fsType: 6401 description: 'fsType is the filesystem type 6402 to mount. Must be a filesystem type supported 6403 by the host operating system. Examples: "ext4", 6404 "xfs", "ntfs". Implicitly inferred to be "ext4" 6405 if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6406 type: string 6407 readOnly: 6408 description: 'readOnly defaults to false (read/write). 6409 ReadOnly here will force the ReadOnly setting 6410 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6411 type: boolean 6412 secretRef: 6413 description: 'secretRef is optional: points 6414 to a secret object containing parameters used 6415 to connect to OpenStack.' 6416 properties: 6417 name: 6418 description: 'Name of the referent. More 6419 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6420 TODO: Add other useful fields. apiVersion, 6421 kind, uid?' 6422 type: string 6423 type: object 6424 volumeID: 6425 description: 'volumeID used to identify the 6426 volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6427 type: string 6428 required: 6429 - volumeID 6430 type: object 6431 configMap: 6432 description: configMap represents a configMap that 6433 should populate this volume 6434 properties: 6435 defaultMode: 6436 description: 'defaultMode is optional: mode 6437 bits used to set permissions on created files 6438 by default. Must be an octal value between 6439 0000 and 0777 or a decimal value between 0 6440 and 511. YAML accepts both octal and decimal 6441 values, JSON requires decimal values for mode 6442 bits. Defaults to 0644. Directories within 6443 the path are not affected by this setting. 6444 This might be in conflict with other options 6445 that affect the file mode, like fsGroup, and 6446 the result can be other mode bits set.' 6447 format: int32 6448 type: integer 6449 items: 6450 description: items if unspecified, each key-value 6451 pair in the Data field of the referenced ConfigMap 6452 will be projected into the volume as a file 6453 whose name is the key and content is the value. 6454 If specified, the listed keys will be projected 6455 into the specified paths, and unlisted keys 6456 will not be present. If a key is specified 6457 which is not present in the ConfigMap, the 6458 volume setup will error unless it is marked 6459 optional. Paths must be relative and may not 6460 contain the '..' path or start with '..'. 6461 items: 6462 description: Maps a string key to a path within 6463 a volume. 6464 properties: 6465 key: 6466 description: key is the key to project. 6467 type: string 6468 mode: 6469 description: 'mode is Optional: mode bits 6470 used to set permissions on this file. 6471 Must be an octal value between 0000 6472 and 0777 or a decimal value between 6473 0 and 511. YAML accepts both octal and 6474 decimal values, JSON requires decimal 6475 values for mode bits. If not specified, 6476 the volume defaultMode will be used. 6477 This might be in conflict with other 6478 options that affect the file mode, like 6479 fsGroup, and the result can be other 6480 mode bits set.' 6481 format: int32 6482 type: integer 6483 path: 6484 description: path is the relative path 6485 of the file to map the key to. May not 6486 be an absolute path. May not contain 6487 the path element '..'. May not start 6488 with the string '..'. 6489 type: string 6490 required: 6491 - key 6492 - path 6493 type: object 6494 type: array 6495 name: 6496 description: 'Name of the referent. More info: 6497 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6498 TODO: Add other useful fields. apiVersion, 6499 kind, uid?' 6500 type: string 6501 optional: 6502 description: optional specify whether the ConfigMap 6503 or its keys must be defined 6504 type: boolean 6505 type: object 6506 csi: 6507 description: csi (Container Storage Interface) represents 6508 ephemeral storage that is handled by certain external 6509 CSI drivers (Beta feature). 6510 properties: 6511 driver: 6512 description: driver is the name of the CSI driver 6513 that handles this volume. Consult with your 6514 admin for the correct name as registered in 6515 the cluster. 6516 type: string 6517 fsType: 6518 description: fsType to mount. Ex. "ext4", "xfs", 6519 "ntfs". If not provided, the empty value is 6520 passed to the associated CSI driver which 6521 will determine the default filesystem to apply. 6522 type: string 6523 nodePublishSecretRef: 6524 description: nodePublishSecretRef is a reference 6525 to the secret object containing sensitive 6526 information to pass to the CSI driver to complete 6527 the CSI NodePublishVolume and NodeUnpublishVolume 6528 calls. This field is optional, and may be 6529 empty if no secret is required. If the secret 6530 object contains more than one secret, all 6531 secret references are passed. 6532 properties: 6533 name: 6534 description: 'Name of the referent. More 6535 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6536 TODO: Add other useful fields. apiVersion, 6537 kind, uid?' 6538 type: string 6539 type: object 6540 readOnly: 6541 description: readOnly specifies a read-only 6542 configuration for the volume. Defaults to 6543 false (read/write). 6544 type: boolean 6545 volumeAttributes: 6546 additionalProperties: 6547 type: string 6548 description: volumeAttributes stores driver-specific 6549 properties that are passed to the CSI driver. 6550 Consult your driver's documentation for supported 6551 values. 6552 type: object 6553 required: 6554 - driver 6555 type: object 6556 downwardAPI: 6557 description: downwardAPI represents downward API 6558 about the pod that should populate this volume 6559 properties: 6560 defaultMode: 6561 description: 'Optional: mode bits to use on 6562 created files by default. Must be a Optional: 6563 mode bits used to set permissions on created 6564 files by default. Must be an octal value between 6565 0000 and 0777 or a decimal value between 0 6566 and 511. YAML accepts both octal and decimal 6567 values, JSON requires decimal values for mode 6568 bits. Defaults to 0644. Directories within 6569 the path are not affected by this setting. 6570 This might be in conflict with other options 6571 that affect the file mode, like fsGroup, and 6572 the result can be other mode bits set.' 6573 format: int32 6574 type: integer 6575 items: 6576 description: Items is a list of downward API 6577 volume file 6578 items: 6579 description: DownwardAPIVolumeFile represents 6580 information to create the file containing 6581 the pod field 6582 properties: 6583 fieldRef: 6584 description: 'Required: Selects a field 6585 of the pod: only annotations, labels, 6586 name and namespace are supported.' 6587 properties: 6588 apiVersion: 6589 description: Version of the schema 6590 the FieldPath is written in terms 6591 of, defaults to "v1". 6592 type: string 6593 fieldPath: 6594 description: Path of the field to 6595 select in the specified API version. 6596 type: string 6597 required: 6598 - fieldPath 6599 type: object 6600 mode: 6601 description: 'Optional: mode bits used 6602 to set permissions on this file, must 6603 be an octal value between 0000 and 0777 6604 or a decimal value between 0 and 511. 6605 YAML accepts both octal and decimal 6606 values, JSON requires decimal values 6607 for mode bits. If not specified, the 6608 volume defaultMode will be used. This 6609 might be in conflict with other options 6610 that affect the file mode, like fsGroup, 6611 and the result can be other mode bits 6612 set.' 6613 format: int32 6614 type: integer 6615 path: 6616 description: 'Required: Path is the relative 6617 path name of the file to be created. 6618 Must not be absolute or contain the 6619 ''..'' path. Must be utf-8 encoded. 6620 The first item of the relative path 6621 must not start with ''..''' 6622 type: string 6623 resourceFieldRef: 6624 description: 'Selects a resource of the 6625 container: only resources limits and 6626 requests (limits.cpu, limits.memory, 6627 requests.cpu and requests.memory) are 6628 currently supported.' 6629 properties: 6630 containerName: 6631 description: 'Container name: required 6632 for volumes, optional for env vars' 6633 type: string 6634 divisor: 6635 anyOf: 6636 - type: integer 6637 - type: string 6638 description: Specifies the output 6639 format of the exposed resources, 6640 defaults to "1" 6641 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6642 x-kubernetes-int-or-string: true 6643 resource: 6644 description: 'Required: resource to 6645 select' 6646 type: string 6647 required: 6648 - resource 6649 type: object 6650 required: 6651 - path 6652 type: object 6653 type: array 6654 type: object 6655 emptyDir: 6656 description: 'emptyDir represents a temporary directory 6657 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6658 properties: 6659 medium: 6660 description: 'medium represents what type of 6661 storage medium should back this directory. 6662 The default is "" which means to use the node''s 6663 default medium. Must be an empty string (default) 6664 or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6665 type: string 6666 sizeLimit: 6667 anyOf: 6668 - type: integer 6669 - type: string 6670 description: 'sizeLimit is the total amount 6671 of local storage required for this EmptyDir 6672 volume. The size limit is also applicable 6673 for memory medium. The maximum usage on memory 6674 medium EmptyDir would be the minimum value 6675 between the SizeLimit specified here and the 6676 sum of memory limits of all containers in 6677 a pod. The default is nil which means that 6678 the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 6679 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6680 x-kubernetes-int-or-string: true 6681 type: object 6682 ephemeral: 6683 description: "ephemeral represents a volume that 6684 is handled by a cluster storage driver. The volume's 6685 lifecycle is tied to the pod that defines it - 6686 it will be created before the pod starts, and 6687 deleted when the pod is removed. \n Use this if: 6688 a) the volume is only needed while the pod runs, 6689 b) features of normal volumes like restoring from 6690 snapshot or capacity tracking are needed, c) the 6691 storage driver is specified through a storage 6692 class, and d) the storage driver supports dynamic 6693 volume provisioning through a PersistentVolumeClaim 6694 (see EphemeralVolumeSource for more information 6695 on the connection between this volume type and 6696 PersistentVolumeClaim). \n Use PersistentVolumeClaim 6697 or one of the vendor-specific APIs for volumes 6698 that persist for longer than the lifecycle of 6699 an individual pod. \n Use CSI for light-weight 6700 local ephemeral volumes if the CSI driver is meant 6701 to be used that way - see the documentation of 6702 the driver for more information. \n A pod can 6703 use both types of ephemeral volumes and persistent 6704 volumes at the same time." 6705 properties: 6706 volumeClaimTemplate: 6707 description: "Will be used to create a stand-alone 6708 PVC to provision the volume. The pod in which 6709 this EphemeralVolumeSource is embedded will 6710 be the owner of the PVC, i.e. the PVC will 6711 be deleted together with the pod. The name 6712 of the PVC will be `<pod name>-<volume name>` 6713 where `<volume name>` is the name from the 6714 `PodSpec.Volumes` array entry. Pod validation 6715 will reject the pod if the concatenated name 6716 is not valid for a PVC (for example, too long). 6717 \n An existing PVC with that name that is 6718 not owned by the pod will *not* be used for 6719 the pod to avoid using an unrelated volume 6720 by mistake. Starting the pod is then blocked 6721 until the unrelated PVC is removed. If such 6722 a pre-created PVC is meant to be used by the 6723 pod, the PVC has to updated with an owner 6724 reference to the pod once the pod exists. 6725 Normally this should not be necessary, but 6726 it may be useful when manually reconstructing 6727 a broken cluster. \n This field is read-only 6728 and no changes will be made by Kubernetes 6729 to the PVC after it has been created. \n Required, 6730 must not be nil." 6731 properties: 6732 metadata: 6733 description: May contain labels and annotations 6734 that will be copied into the PVC when 6735 creating it. No other fields are allowed 6736 and will be rejected during validation. 6737 type: object 6738 spec: 6739 description: The specification for the PersistentVolumeClaim. 6740 The entire content is copied unchanged 6741 into the PVC that gets created from this 6742 template. The same fields as in a PersistentVolumeClaim 6743 are also valid here. 6744 properties: 6745 accessModes: 6746 description: 'accessModes contains the 6747 desired access modes the volume should 6748 have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 6749 items: 6750 type: string 6751 type: array 6752 dataSource: 6753 description: 'dataSource field can be 6754 used to specify either: * An existing 6755 VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 6756 * An existing PVC (PersistentVolumeClaim) 6757 If the provisioner or an external 6758 controller can support the specified 6759 data source, it will create a new 6760 volume based on the contents of the 6761 specified data source. If the AnyVolumeDataSource 6762 feature gate is enabled, this field 6763 will always have the same contents 6764 as the DataSourceRef field.' 6765 properties: 6766 apiGroup: 6767 description: APIGroup is the group 6768 for the resource being referenced. 6769 If APIGroup is not specified, 6770 the specified Kind must be in 6771 the core API group. For any other 6772 third-party types, APIGroup is 6773 required. 6774 type: string 6775 kind: 6776 description: Kind is the type of 6777 resource being referenced 6778 type: string 6779 name: 6780 description: Name is the name of 6781 resource being referenced 6782 type: string 6783 required: 6784 - kind 6785 - name 6786 type: object 6787 dataSourceRef: 6788 description: 'dataSourceRef specifies 6789 the object from which to populate 6790 the volume with data, if a non-empty 6791 volume is desired. This may be any 6792 local object from a non-empty API 6793 group (non core object) or a PersistentVolumeClaim 6794 object. When this field is specified, 6795 volume binding will only succeed if 6796 the type of the specified object matches 6797 some installed volume populator or 6798 dynamic provisioner. This field will 6799 replace the functionality of the DataSource 6800 field and as such if both fields are 6801 non-empty, they must have the same 6802 value. For backwards compatibility, 6803 both fields (DataSource and DataSourceRef) 6804 will be set to the same value automatically 6805 if one of them is empty and the other 6806 is non-empty. There are two important 6807 differences between DataSource and 6808 DataSourceRef: * While DataSource 6809 only allows two specific types of 6810 objects, DataSourceRef allows any 6811 non-core object, as well as PersistentVolumeClaim 6812 objects. * While DataSource ignores 6813 disallowed values (dropping them), 6814 DataSourceRef preserves all values, 6815 and generates an error if a disallowed 6816 value is specified. (Beta) Using this 6817 field requires the AnyVolumeDataSource 6818 feature gate to be enabled.' 6819 properties: 6820 apiGroup: 6821 description: APIGroup is the group 6822 for the resource being referenced. 6823 If APIGroup is not specified, 6824 the specified Kind must be in 6825 the core API group. For any other 6826 third-party types, APIGroup is 6827 required. 6828 type: string 6829 kind: 6830 description: Kind is the type of 6831 resource being referenced 6832 type: string 6833 name: 6834 description: Name is the name of 6835 resource being referenced 6836 type: string 6837 required: 6838 - kind 6839 - name 6840 type: object 6841 resources: 6842 description: 'resources represents the 6843 minimum resources the volume should 6844 have. If RecoverVolumeExpansionFailure 6845 feature is enabled users are allowed 6846 to specify resource requirements that 6847 are lower than previous value but 6848 must still be higher than capacity 6849 recorded in the status field of the 6850 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 6851 properties: 6852 limits: 6853 additionalProperties: 6854 anyOf: 6855 - type: integer 6856 - type: string 6857 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6858 x-kubernetes-int-or-string: true 6859 description: 'Limits describes the 6860 maximum amount of compute resources 6861 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6862 type: object 6863 requests: 6864 additionalProperties: 6865 anyOf: 6866 - type: integer 6867 - type: string 6868 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6869 x-kubernetes-int-or-string: true 6870 description: 'Requests describes 6871 the minimum amount of compute 6872 resources required. If Requests 6873 is omitted for a container, it 6874 defaults to Limits if that is 6875 explicitly specified, otherwise 6876 to an implementation-defined value. 6877 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6878 type: object 6879 type: object 6880 selector: 6881 description: selector is a label query 6882 over volumes to consider for binding. 6883 properties: 6884 matchExpressions: 6885 description: matchExpressions is 6886 a list of label selector requirements. 6887 The requirements are ANDed. 6888 items: 6889 description: A label selector 6890 requirement is a selector that 6891 contains values, a key, and 6892 an operator that relates the 6893 key and values. 6894 properties: 6895 key: 6896 description: key is the label 6897 key that the selector applies 6898 to. 6899 type: string 6900 operator: 6901 description: operator represents 6902 a key's relationship to 6903 a set of values. Valid operators 6904 are In, NotIn, Exists and 6905 DoesNotExist. 6906 type: string 6907 values: 6908 description: values is an 6909 array of string values. 6910 If the operator is In or 6911 NotIn, the values array 6912 must be non-empty. If the 6913 operator is Exists or DoesNotExist, 6914 the values array must be 6915 empty. This array is replaced 6916 during a strategic merge 6917 patch. 6918 items: 6919 type: string 6920 type: array 6921 required: 6922 - key 6923 - operator 6924 type: object 6925 type: array 6926 matchLabels: 6927 additionalProperties: 6928 type: string 6929 description: matchLabels is a map 6930 of {key,value} pairs. A single 6931 {key,value} in the matchLabels 6932 map is equivalent to an element 6933 of matchExpressions, whose key 6934 field is "key", the operator is 6935 "In", and the values array contains 6936 only "value". The requirements 6937 are ANDed. 6938 type: object 6939 type: object 6940 storageClassName: 6941 description: 'storageClassName is the 6942 name of the StorageClass required 6943 by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 6944 type: string 6945 volumeMode: 6946 description: volumeMode defines what 6947 type of volume is required by the 6948 claim. Value of Filesystem is implied 6949 when not included in claim spec. 6950 type: string 6951 volumeName: 6952 description: volumeName is the binding 6953 reference to the PersistentVolume 6954 backing this claim. 6955 type: string 6956 type: object 6957 required: 6958 - spec 6959 type: object 6960 type: object 6961 fc: 6962 description: fc represents a Fibre Channel resource 6963 that is attached to a kubelet's host machine and 6964 then exposed to the pod. 6965 properties: 6966 fsType: 6967 description: 'fsType is the filesystem type 6968 to mount. Must be a filesystem type supported 6969 by the host operating system. Ex. "ext4", 6970 "xfs", "ntfs". Implicitly inferred to be "ext4" 6971 if unspecified. TODO: how do we prevent errors 6972 in the filesystem from compromising the machine' 6973 type: string 6974 lun: 6975 description: 'lun is Optional: FC target lun 6976 number' 6977 format: int32 6978 type: integer 6979 readOnly: 6980 description: 'readOnly is Optional: Defaults 6981 to false (read/write). ReadOnly here will 6982 force the ReadOnly setting in VolumeMounts.' 6983 type: boolean 6984 targetWWNs: 6985 description: 'targetWWNs is Optional: FC target 6986 worldwide names (WWNs)' 6987 items: 6988 type: string 6989 type: array 6990 wwids: 6991 description: 'wwids Optional: FC volume world 6992 wide identifiers (wwids) Either wwids or combination 6993 of targetWWNs and lun must be set, but not 6994 both simultaneously.' 6995 items: 6996 type: string 6997 type: array 6998 type: object 6999 flexVolume: 7000 description: flexVolume represents a generic volume 7001 resource that is provisioned/attached using an 7002 exec based plugin. 7003 properties: 7004 driver: 7005 description: driver is the name of the driver 7006 to use for this volume. 7007 type: string 7008 fsType: 7009 description: fsType is the filesystem type to 7010 mount. Must be a filesystem type supported 7011 by the host operating system. Ex. "ext4", 7012 "xfs", "ntfs". The default filesystem depends 7013 on FlexVolume script. 7014 type: string 7015 options: 7016 additionalProperties: 7017 type: string 7018 description: 'options is Optional: this field 7019 holds extra command options if any.' 7020 type: object 7021 readOnly: 7022 description: 'readOnly is Optional: defaults 7023 to false (read/write). ReadOnly here will 7024 force the ReadOnly setting in VolumeMounts.' 7025 type: boolean 7026 secretRef: 7027 description: 'secretRef is Optional: secretRef 7028 is reference to the secret object containing 7029 sensitive information to pass to the plugin 7030 scripts. This may be empty if no secret object 7031 is specified. If the secret object contains 7032 more than one secret, all secrets are passed 7033 to the plugin scripts.' 7034 properties: 7035 name: 7036 description: 'Name of the referent. More 7037 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7038 TODO: Add other useful fields. apiVersion, 7039 kind, uid?' 7040 type: string 7041 type: object 7042 required: 7043 - driver 7044 type: object 7045 flocker: 7046 description: flocker represents a Flocker volume 7047 attached to a kubelet's host machine. This depends 7048 on the Flocker control service being running 7049 properties: 7050 datasetName: 7051 description: datasetName is Name of the dataset 7052 stored as metadata -> name on the dataset 7053 for Flocker should be considered as deprecated 7054 type: string 7055 datasetUUID: 7056 description: datasetUUID is the UUID of the 7057 dataset. This is unique identifier of a Flocker 7058 dataset 7059 type: string 7060 type: object 7061 gcePersistentDisk: 7062 description: 'gcePersistentDisk represents a GCE 7063 Disk resource that is attached to a kubelet''s 7064 host machine and then exposed to the pod. More 7065 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7066 properties: 7067 fsType: 7068 description: 'fsType is filesystem type of the 7069 volume that you want to mount. Tip: Ensure 7070 that the filesystem type is supported by the 7071 host operating system. Examples: "ext4", "xfs", 7072 "ntfs". Implicitly inferred to be "ext4" if 7073 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 7074 TODO: how do we prevent errors in the filesystem 7075 from compromising the machine' 7076 type: string 7077 partition: 7078 description: 'partition is the partition in 7079 the volume that you want to mount. If omitted, 7080 the default is to mount by volume name. Examples: 7081 For volume /dev/sda1, you specify the partition 7082 as "1". Similarly, the volume partition for 7083 /dev/sda is "0" (or you can leave the property 7084 empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7085 format: int32 7086 type: integer 7087 pdName: 7088 description: 'pdName is unique name of the PD 7089 resource in GCE. Used to identify the disk 7090 in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7091 type: string 7092 readOnly: 7093 description: 'readOnly here will force the ReadOnly 7094 setting in VolumeMounts. Defaults to false. 7095 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7096 type: boolean 7097 required: 7098 - pdName 7099 type: object 7100 gitRepo: 7101 description: 'gitRepo represents a git repository 7102 at a particular revision. DEPRECATED: GitRepo 7103 is deprecated. To provision a container with a 7104 git repo, mount an EmptyDir into an InitContainer 7105 that clones the repo using git, then mount the 7106 EmptyDir into the Pod''s container.' 7107 properties: 7108 directory: 7109 description: directory is the target directory 7110 name. Must not contain or start with '..'. If 7111 '.' is supplied, the volume directory will 7112 be the git repository. Otherwise, if specified, 7113 the volume will contain the git repository 7114 in the subdirectory with the given name. 7115 type: string 7116 repository: 7117 description: repository is the URL 7118 type: string 7119 revision: 7120 description: revision is the commit hash for 7121 the specified revision. 7122 type: string 7123 required: 7124 - repository 7125 type: object 7126 glusterfs: 7127 description: 'glusterfs represents a Glusterfs mount 7128 on the host that shares a pod''s lifetime. More 7129 info: https://examples.k8s.io/volumes/glusterfs/README.md' 7130 properties: 7131 endpoints: 7132 description: 'endpoints is the endpoint name 7133 that details Glusterfs topology. More info: 7134 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7135 type: string 7136 path: 7137 description: 'path is the Glusterfs volume path. 7138 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7139 type: string 7140 readOnly: 7141 description: 'readOnly here will force the Glusterfs 7142 volume to be mounted with read-only permissions. 7143 Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7144 type: boolean 7145 required: 7146 - endpoints 7147 - path 7148 type: object 7149 hostPath: 7150 description: 'hostPath represents a pre-existing 7151 file or directory on the host machine that is 7152 directly exposed to the container. This is generally 7153 used for system agents or other privileged things 7154 that are allowed to see the host machine. Most 7155 containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 7156 --- TODO(jonesdl) We need to restrict who can 7157 use host directory mounts and who can/can not 7158 mount host directories as read/write.' 7159 properties: 7160 path: 7161 description: 'path of the directory on the host. 7162 If the path is a symlink, it will follow the 7163 link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 7164 type: string 7165 type: 7166 description: 'type for HostPath Volume Defaults 7167 to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 7168 type: string 7169 required: 7170 - path 7171 type: object 7172 iscsi: 7173 description: 'iscsi represents an ISCSI Disk resource 7174 that is attached to a kubelet''s host machine 7175 and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 7176 properties: 7177 chapAuthDiscovery: 7178 description: chapAuthDiscovery defines whether 7179 support iSCSI Discovery CHAP authentication 7180 type: boolean 7181 chapAuthSession: 7182 description: chapAuthSession defines whether 7183 support iSCSI Session CHAP authentication 7184 type: boolean 7185 fsType: 7186 description: 'fsType is the filesystem type 7187 of the volume that you want to mount. Tip: 7188 Ensure that the filesystem type is supported 7189 by the host operating system. Examples: "ext4", 7190 "xfs", "ntfs". Implicitly inferred to be "ext4" 7191 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 7192 TODO: how do we prevent errors in the filesystem 7193 from compromising the machine' 7194 type: string 7195 initiatorName: 7196 description: initiatorName is the custom iSCSI 7197 Initiator Name. If initiatorName is specified 7198 with iscsiInterface simultaneously, new iSCSI 7199 interface <target portal>:<volume name> will 7200 be created for the connection. 7201 type: string 7202 iqn: 7203 description: iqn is the target iSCSI Qualified 7204 Name. 7205 type: string 7206 iscsiInterface: 7207 description: iscsiInterface is the interface 7208 Name that uses an iSCSI transport. Defaults 7209 to 'default' (tcp). 7210 type: string 7211 lun: 7212 description: lun represents iSCSI Target Lun 7213 number. 7214 format: int32 7215 type: integer 7216 portals: 7217 description: portals is the iSCSI Target Portal 7218 List. The portal is either an IP or ip_addr:port 7219 if the port is other than default (typically 7220 TCP ports 860 and 3260). 7221 items: 7222 type: string 7223 type: array 7224 readOnly: 7225 description: readOnly here will force the ReadOnly 7226 setting in VolumeMounts. Defaults to false. 7227 type: boolean 7228 secretRef: 7229 description: secretRef is the CHAP Secret for 7230 iSCSI target and initiator authentication 7231 properties: 7232 name: 7233 description: 'Name of the referent. More 7234 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7235 TODO: Add other useful fields. apiVersion, 7236 kind, uid?' 7237 type: string 7238 type: object 7239 targetPortal: 7240 description: targetPortal is iSCSI Target Portal. 7241 The Portal is either an IP or ip_addr:port 7242 if the port is other than default (typically 7243 TCP ports 860 and 3260). 7244 type: string 7245 required: 7246 - iqn 7247 - lun 7248 - targetPortal 7249 type: object 7250 name: 7251 description: 'name of the volume. Must be a DNS_LABEL 7252 and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 7253 type: string 7254 nfs: 7255 description: 'nfs represents an NFS mount on the 7256 host that shares a pod''s lifetime More info: 7257 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7258 properties: 7259 path: 7260 description: 'path that is exported by the NFS 7261 server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7262 type: string 7263 readOnly: 7264 description: 'readOnly here will force the NFS 7265 export to be mounted with read-only permissions. 7266 Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7267 type: boolean 7268 server: 7269 description: 'server is the hostname or IP address 7270 of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7271 type: string 7272 required: 7273 - path 7274 - server 7275 type: object 7276 persistentVolumeClaim: 7277 description: 'persistentVolumeClaimVolumeSource 7278 represents a reference to a PersistentVolumeClaim 7279 in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7280 properties: 7281 claimName: 7282 description: 'claimName is the name of a PersistentVolumeClaim 7283 in the same namespace as the pod using this 7284 volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7285 type: string 7286 readOnly: 7287 description: readOnly Will force the ReadOnly 7288 setting in VolumeMounts. Default false. 7289 type: boolean 7290 required: 7291 - claimName 7292 type: object 7293 photonPersistentDisk: 7294 description: photonPersistentDisk represents a PhotonController 7295 persistent disk attached and mounted on kubelets 7296 host machine 7297 properties: 7298 fsType: 7299 description: fsType is the filesystem type to 7300 mount. Must be a filesystem type supported 7301 by the host operating system. Ex. "ext4", 7302 "xfs", "ntfs". Implicitly inferred to be "ext4" 7303 if unspecified. 7304 type: string 7305 pdID: 7306 description: pdID is the ID that identifies 7307 Photon Controller persistent disk 7308 type: string 7309 required: 7310 - pdID 7311 type: object 7312 portworxVolume: 7313 description: portworxVolume represents a portworx 7314 volume attached and mounted on kubelets host machine 7315 properties: 7316 fsType: 7317 description: fSType represents the filesystem 7318 type to mount Must be a filesystem type supported 7319 by the host operating system. Ex. "ext4", 7320 "xfs". Implicitly inferred to be "ext4" if 7321 unspecified. 7322 type: string 7323 readOnly: 7324 description: readOnly defaults to false (read/write). 7325 ReadOnly here will force the ReadOnly setting 7326 in VolumeMounts. 7327 type: boolean 7328 volumeID: 7329 description: volumeID uniquely identifies a 7330 Portworx volume 7331 type: string 7332 required: 7333 - volumeID 7334 type: object 7335 projected: 7336 description: projected items for all in one resources 7337 secrets, configmaps, and downward API 7338 properties: 7339 defaultMode: 7340 description: defaultMode are the mode bits used 7341 to set permissions on created files by default. 7342 Must be an octal value between 0000 and 0777 7343 or a decimal value between 0 and 511. YAML 7344 accepts both octal and decimal values, JSON 7345 requires decimal values for mode bits. Directories 7346 within the path are not affected by this setting. 7347 This might be in conflict with other options 7348 that affect the file mode, like fsGroup, and 7349 the result can be other mode bits set. 7350 format: int32 7351 type: integer 7352 sources: 7353 description: sources is the list of volume projections 7354 items: 7355 description: Projection that may be projected 7356 along with other supported volume types 7357 properties: 7358 configMap: 7359 description: configMap information about 7360 the configMap data to project 7361 properties: 7362 items: 7363 description: items if unspecified, 7364 each key-value pair in the Data 7365 field of the referenced ConfigMap 7366 will be projected into the volume 7367 as a file whose name is the key 7368 and content is the value. If specified, 7369 the listed keys will be projected 7370 into the specified paths, and unlisted 7371 keys will not be present. If a key 7372 is specified which is not present 7373 in the ConfigMap, the volume setup 7374 will error unless it is marked optional. 7375 Paths must be relative and may not 7376 contain the '..' path or start with 7377 '..'. 7378 items: 7379 description: Maps a string key to 7380 a path within a volume. 7381 properties: 7382 key: 7383 description: key is the key 7384 to project. 7385 type: string 7386 mode: 7387 description: 'mode is Optional: 7388 mode bits used to set permissions 7389 on this file. Must be an octal 7390 value between 0000 and 0777 7391 or a decimal value between 7392 0 and 511. YAML accepts both 7393 octal and decimal values, 7394 JSON requires decimal values 7395 for mode bits. If not specified, 7396 the volume defaultMode will 7397 be used. This might be in 7398 conflict with other options 7399 that affect the file mode, 7400 like fsGroup, and the result 7401 can be other mode bits set.' 7402 format: int32 7403 type: integer 7404 path: 7405 description: path is the relative 7406 path of the file to map the 7407 key to. May not be an absolute 7408 path. May not contain the 7409 path element '..'. May not 7410 start with the string '..'. 7411 type: string 7412 required: 7413 - key 7414 - path 7415 type: object 7416 type: array 7417 name: 7418 description: 'Name of the referent. 7419 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7420 TODO: Add other useful fields. apiVersion, 7421 kind, uid?' 7422 type: string 7423 optional: 7424 description: optional specify whether 7425 the ConfigMap or its keys must be 7426 defined 7427 type: boolean 7428 type: object 7429 downwardAPI: 7430 description: downwardAPI information about 7431 the downwardAPI data to project 7432 properties: 7433 items: 7434 description: Items is a list of DownwardAPIVolume 7435 file 7436 items: 7437 description: DownwardAPIVolumeFile 7438 represents information to create 7439 the file containing the pod field 7440 properties: 7441 fieldRef: 7442 description: 'Required: Selects 7443 a field of the pod: only annotations, 7444 labels, name and namespace 7445 are supported.' 7446 properties: 7447 apiVersion: 7448 description: Version of 7449 the schema the FieldPath 7450 is written in terms of, 7451 defaults to "v1". 7452 type: string 7453 fieldPath: 7454 description: Path of the 7455 field to select in the 7456 specified API version. 7457 type: string 7458 required: 7459 - fieldPath 7460 type: object 7461 mode: 7462 description: 'Optional: mode 7463 bits used to set permissions 7464 on this file, must be an octal 7465 value between 0000 and 0777 7466 or a decimal value between 7467 0 and 511. YAML accepts both 7468 octal and decimal values, 7469 JSON requires decimal values 7470 for mode bits. If not specified, 7471 the volume defaultMode will 7472 be used. This might be in 7473 conflict with other options 7474 that affect the file mode, 7475 like fsGroup, and the result 7476 can be other mode bits set.' 7477 format: int32 7478 type: integer 7479 path: 7480 description: 'Required: Path 7481 is the relative path name 7482 of the file to be created. 7483 Must not be absolute or contain 7484 the ''..'' path. Must be utf-8 7485 encoded. The first item of 7486 the relative path must not 7487 start with ''..''' 7488 type: string 7489 resourceFieldRef: 7490 description: 'Selects a resource 7491 of the container: only resources 7492 limits and requests (limits.cpu, 7493 limits.memory, requests.cpu 7494 and requests.memory) are currently 7495 supported.' 7496 properties: 7497 containerName: 7498 description: 'Container 7499 name: required for volumes, 7500 optional for env vars' 7501 type: string 7502 divisor: 7503 anyOf: 7504 - type: integer 7505 - type: string 7506 description: Specifies the 7507 output format of the exposed 7508 resources, defaults to 7509 "1" 7510 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7511 x-kubernetes-int-or-string: true 7512 resource: 7513 description: 'Required: 7514 resource to select' 7515 type: string 7516 required: 7517 - resource 7518 type: object 7519 required: 7520 - path 7521 type: object 7522 type: array 7523 type: object 7524 secret: 7525 description: secret information about 7526 the secret data to project 7527 properties: 7528 items: 7529 description: items if unspecified, 7530 each key-value pair in the Data 7531 field of the referenced Secret will 7532 be projected into the volume as 7533 a file whose name is the key and 7534 content is the value. If specified, 7535 the listed keys will be projected 7536 into the specified paths, and unlisted 7537 keys will not be present. If a key 7538 is specified which is not present 7539 in the Secret, the volume setup 7540 will error unless it is marked optional. 7541 Paths must be relative and may not 7542 contain the '..' path or start with 7543 '..'. 7544 items: 7545 description: Maps a string key to 7546 a path within a volume. 7547 properties: 7548 key: 7549 description: key is the key 7550 to project. 7551 type: string 7552 mode: 7553 description: 'mode is Optional: 7554 mode bits used to set permissions 7555 on this file. Must be an octal 7556 value between 0000 and 0777 7557 or a decimal value between 7558 0 and 511. YAML accepts both 7559 octal and decimal values, 7560 JSON requires decimal values 7561 for mode bits. If not specified, 7562 the volume defaultMode will 7563 be used. This might be in 7564 conflict with other options 7565 that affect the file mode, 7566 like fsGroup, and the result 7567 can be other mode bits set.' 7568 format: int32 7569 type: integer 7570 path: 7571 description: path is the relative 7572 path of the file to map the 7573 key to. May not be an absolute 7574 path. May not contain the 7575 path element '..'. May not 7576 start with the string '..'. 7577 type: string 7578 required: 7579 - key 7580 - path 7581 type: object 7582 type: array 7583 name: 7584 description: 'Name of the referent. 7585 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7586 TODO: Add other useful fields. apiVersion, 7587 kind, uid?' 7588 type: string 7589 optional: 7590 description: optional field specify 7591 whether the Secret or its key must 7592 be defined 7593 type: boolean 7594 type: object 7595 serviceAccountToken: 7596 description: serviceAccountToken is information 7597 about the serviceAccountToken data to 7598 project 7599 properties: 7600 audience: 7601 description: audience is the intended 7602 audience of the token. A recipient 7603 of a token must identify itself 7604 with an identifier specified in 7605 the audience of the token, and otherwise 7606 should reject the token. The audience 7607 defaults to the identifier of the 7608 apiserver. 7609 type: string 7610 expirationSeconds: 7611 description: expirationSeconds is 7612 the requested duration of validity 7613 of the service account token. As 7614 the token approaches expiration, 7615 the kubelet volume plugin will proactively 7616 rotate the service account token. 7617 The kubelet will start trying to 7618 rotate the token if the token is 7619 older than 80 percent of its time 7620 to live or if the token is older 7621 than 24 hours.Defaults to 1 hour 7622 and must be at least 10 minutes. 7623 format: int64 7624 type: integer 7625 path: 7626 description: path is the path relative 7627 to the mount point of the file to 7628 project the token into. 7629 type: string 7630 required: 7631 - path 7632 type: object 7633 type: object 7634 type: array 7635 type: object 7636 quobyte: 7637 description: quobyte represents a Quobyte mount 7638 on the host that shares a pod's lifetime 7639 properties: 7640 group: 7641 description: group to map volume access to Default 7642 is no group 7643 type: string 7644 readOnly: 7645 description: readOnly here will force the Quobyte 7646 volume to be mounted with read-only permissions. 7647 Defaults to false. 7648 type: boolean 7649 registry: 7650 description: registry represents a single or 7651 multiple Quobyte Registry services specified 7652 as a string as host:port pair (multiple entries 7653 are separated with commas) which acts as the 7654 central registry for volumes 7655 type: string 7656 tenant: 7657 description: tenant owning the given Quobyte 7658 volume in the Backend Used with dynamically 7659 provisioned Quobyte volumes, value is set 7660 by the plugin 7661 type: string 7662 user: 7663 description: user to map volume access to Defaults 7664 to serivceaccount user 7665 type: string 7666 volume: 7667 description: volume is a string that references 7668 an already created Quobyte volume by name. 7669 type: string 7670 required: 7671 - registry 7672 - volume 7673 type: object 7674 rbd: 7675 description: 'rbd represents a Rados Block Device 7676 mount on the host that shares a pod''s lifetime. 7677 More info: https://examples.k8s.io/volumes/rbd/README.md' 7678 properties: 7679 fsType: 7680 description: 'fsType is the filesystem type 7681 of the volume that you want to mount. Tip: 7682 Ensure that the filesystem type is supported 7683 by the host operating system. Examples: "ext4", 7684 "xfs", "ntfs". Implicitly inferred to be "ext4" 7685 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 7686 TODO: how do we prevent errors in the filesystem 7687 from compromising the machine' 7688 type: string 7689 image: 7690 description: 'image is the rados image name. 7691 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7692 type: string 7693 keyring: 7694 description: 'keyring is the path to key ring 7695 for RBDUser. Default is /etc/ceph/keyring. 7696 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7697 type: string 7698 monitors: 7699 description: 'monitors is a collection of Ceph 7700 monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7701 items: 7702 type: string 7703 type: array 7704 pool: 7705 description: 'pool is the rados pool name. Default 7706 is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7707 type: string 7708 readOnly: 7709 description: 'readOnly here will force the ReadOnly 7710 setting in VolumeMounts. Defaults to false. 7711 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7712 type: boolean 7713 secretRef: 7714 description: 'secretRef is name of the authentication 7715 secret for RBDUser. If provided overrides 7716 keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7717 properties: 7718 name: 7719 description: 'Name of the referent. More 7720 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7721 TODO: Add other useful fields. apiVersion, 7722 kind, uid?' 7723 type: string 7724 type: object 7725 user: 7726 description: 'user is the rados user name. Default 7727 is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7728 type: string 7729 required: 7730 - image 7731 - monitors 7732 type: object 7733 scaleIO: 7734 description: scaleIO represents a ScaleIO persistent 7735 volume attached and mounted on Kubernetes nodes. 7736 properties: 7737 fsType: 7738 description: fsType is the filesystem type to 7739 mount. Must be a filesystem type supported 7740 by the host operating system. Ex. "ext4", 7741 "xfs", "ntfs". Default is "xfs". 7742 type: string 7743 gateway: 7744 description: gateway is the host address of 7745 the ScaleIO API Gateway. 7746 type: string 7747 protectionDomain: 7748 description: protectionDomain is the name of 7749 the ScaleIO Protection Domain for the configured 7750 storage. 7751 type: string 7752 readOnly: 7753 description: readOnly Defaults to false (read/write). 7754 ReadOnly here will force the ReadOnly setting 7755 in VolumeMounts. 7756 type: boolean 7757 secretRef: 7758 description: secretRef references to the secret 7759 for ScaleIO user and other sensitive information. 7760 If this is not provided, Login operation will 7761 fail. 7762 properties: 7763 name: 7764 description: 'Name of the referent. More 7765 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7766 TODO: Add other useful fields. apiVersion, 7767 kind, uid?' 7768 type: string 7769 type: object 7770 sslEnabled: 7771 description: sslEnabled Flag enable/disable 7772 SSL communication with Gateway, default false 7773 type: boolean 7774 storageMode: 7775 description: storageMode indicates whether the 7776 storage for a volume should be ThickProvisioned 7777 or ThinProvisioned. Default is ThinProvisioned. 7778 type: string 7779 storagePool: 7780 description: storagePool is the ScaleIO Storage 7781 Pool associated with the protection domain. 7782 type: string 7783 system: 7784 description: system is the name of the storage 7785 system as configured in ScaleIO. 7786 type: string 7787 volumeName: 7788 description: volumeName is the name of a volume 7789 already created in the ScaleIO system that 7790 is associated with this volume source. 7791 type: string 7792 required: 7793 - gateway 7794 - secretRef 7795 - system 7796 type: object 7797 secret: 7798 description: 'secret represents a secret that should 7799 populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 7800 properties: 7801 defaultMode: 7802 description: 'defaultMode is Optional: mode 7803 bits used to set permissions on created files 7804 by default. Must be an octal value between 7805 0000 and 0777 or a decimal value between 0 7806 and 511. YAML accepts both octal and decimal 7807 values, JSON requires decimal values for mode 7808 bits. Defaults to 0644. Directories within 7809 the path are not affected by this setting. 7810 This might be in conflict with other options 7811 that affect the file mode, like fsGroup, and 7812 the result can be other mode bits set.' 7813 format: int32 7814 type: integer 7815 items: 7816 description: items If unspecified, each key-value 7817 pair in the Data field of the referenced Secret 7818 will be projected into the volume as a file 7819 whose name is the key and content is the value. 7820 If specified, the listed keys will be projected 7821 into the specified paths, and unlisted keys 7822 will not be present. If a key is specified 7823 which is not present in the Secret, the volume 7824 setup will error unless it is marked optional. 7825 Paths must be relative and may not contain 7826 the '..' path or start with '..'. 7827 items: 7828 description: Maps a string key to a path within 7829 a volume. 7830 properties: 7831 key: 7832 description: key is the key to project. 7833 type: string 7834 mode: 7835 description: 'mode is Optional: mode bits 7836 used to set permissions on this file. 7837 Must be an octal value between 0000 7838 and 0777 or a decimal value between 7839 0 and 511. YAML accepts both octal and 7840 decimal values, JSON requires decimal 7841 values for mode bits. If not specified, 7842 the volume defaultMode will be used. 7843 This might be in conflict with other 7844 options that affect the file mode, like 7845 fsGroup, and the result can be other 7846 mode bits set.' 7847 format: int32 7848 type: integer 7849 path: 7850 description: path is the relative path 7851 of the file to map the key to. May not 7852 be an absolute path. May not contain 7853 the path element '..'. May not start 7854 with the string '..'. 7855 type: string 7856 required: 7857 - key 7858 - path 7859 type: object 7860 type: array 7861 optional: 7862 description: optional field specify whether 7863 the Secret or its keys must be defined 7864 type: boolean 7865 secretName: 7866 description: 'secretName is the name of the 7867 secret in the pod''s namespace to use. More 7868 info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 7869 type: string 7870 type: object 7871 storageos: 7872 description: storageOS represents a StorageOS volume 7873 attached and mounted on Kubernetes nodes. 7874 properties: 7875 fsType: 7876 description: fsType is the filesystem type to 7877 mount. Must be a filesystem type supported 7878 by the host operating system. Ex. "ext4", 7879 "xfs", "ntfs". Implicitly inferred to be "ext4" 7880 if unspecified. 7881 type: string 7882 readOnly: 7883 description: readOnly defaults to false (read/write). 7884 ReadOnly here will force the ReadOnly setting 7885 in VolumeMounts. 7886 type: boolean 7887 secretRef: 7888 description: secretRef specifies the secret 7889 to use for obtaining the StorageOS API credentials. If 7890 not specified, default values will be attempted. 7891 properties: 7892 name: 7893 description: 'Name of the referent. More 7894 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7895 TODO: Add other useful fields. apiVersion, 7896 kind, uid?' 7897 type: string 7898 type: object 7899 volumeName: 7900 description: volumeName is the human-readable 7901 name of the StorageOS volume. Volume names 7902 are only unique within a namespace. 7903 type: string 7904 volumeNamespace: 7905 description: volumeNamespace specifies the scope 7906 of the volume within StorageOS. If no namespace 7907 is specified then the Pod's namespace will 7908 be used. This allows the Kubernetes name 7909 scoping to be mirrored within StorageOS for 7910 tighter integration. Set VolumeName to any 7911 name to override the default behaviour. Set 7912 to "default" if you are not using namespaces 7913 within StorageOS. Namespaces that do not pre-exist 7914 within StorageOS will be created. 7915 type: string 7916 type: object 7917 vsphereVolume: 7918 description: vsphereVolume represents a vSphere 7919 volume attached and mounted on kubelets host machine 7920 properties: 7921 fsType: 7922 description: fsType is filesystem type to mount. 7923 Must be a filesystem type supported by the 7924 host operating system. Ex. "ext4", "xfs", 7925 "ntfs". Implicitly inferred to be "ext4" if 7926 unspecified. 7927 type: string 7928 storagePolicyID: 7929 description: storagePolicyID is the storage 7930 Policy Based Management (SPBM) profile ID 7931 associated with the StoragePolicyName. 7932 type: string 7933 storagePolicyName: 7934 description: storagePolicyName is the storage 7935 Policy Based Management (SPBM) profile name. 7936 type: string 7937 volumePath: 7938 description: volumePath is the path that identifies 7939 vSphere volume vmdk 7940 type: string 7941 required: 7942 - volumePath 7943 type: object 7944 required: 7945 - name 7946 type: object 7947 type: array 7948 required: 7949 - containers 7950 type: object 7951 type: object 7952 type: object 7953 useLocalObjectStore: 7954 description: If true the system will use local object storage. By 7955 default the system uses minio 7956 type: boolean 7957 version: 7958 type: string 7959 type: object 7960 status: 7961 description: ModelaStatus defines the observed state of Modela 7962 properties: 7963 actualModelaVersion: 7964 description: 'INSERT ADDITIONAL STATUS FIELD - define observed state 7965 of cluster Important: Run "make" to regenerate code after modifying 7966 this file Actual Version is the actual modela version' 7967 type: string 7968 conditions: 7969 items: 7970 description: ClusterCondition describes the state of a cluster object 7971 at a certain point 7972 properties: 7973 lastTransitionTime: 7974 description: Last time the condition transitioned from one status 7975 to another. 7976 format: date-time 7977 type: string 7978 message: 7979 description: A human readable message indicating details about 7980 the transition. 7981 type: string 7982 reason: 7983 description: The reason for the condition's last transition. 7984 type: string 7985 status: 7986 description: Status of the condition, one of True, False, Unknown. 7987 type: string 7988 type: 7989 description: Type of the condition. 7990 type: string 7991 type: object 7992 type: array 7993 control: 7994 description: Status of the control plane 7995 properties: 7996 deploymentStatus: 7997 description: The status of the control plane 7998 type: string 7999 serviceStatus: 8000 type: string 8001 type: object 8002 data: 8003 description: Status of data plane 8004 properties: 8005 deploymentStatus: 8006 description: The status of the control plane 8007 type: string 8008 serviceStatus: 8009 type: string 8010 type: object 8011 failureMessage: 8012 description: In the case of failure, the DataSource resource controller 8013 will set this field with a failure message 8014 type: string 8015 gateway: 8016 description: Status of the api gateway 8017 properties: 8018 deploymentStatus: 8019 description: The status of the control plane 8020 type: string 8021 serviceStatus: 8022 type: string 8023 type: object 8024 lastUpgraded: 8025 description: Last time the modela installation was upgraded 8026 format: date-time 8027 type: string 8028 observedGeneration: 8029 description: ObservedGeneration is the last generation that was acted 8030 on 8031 format: int64 8032 type: integer 8033 type: object 8034 type: object 8035 served: true 8036 storage: true 8037 subresources: 8038 status: {} 8039 status: 8040 acceptedNames: 8041 kind: "" 8042 plural: "" 8043 conditions: null 8044 storedVersions: null