github.com/operator-framework/operator-lifecycle-manager@v0.30.0/deploy/chart/crds/0000_50_olm_00-clusterserviceversions.crd.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 controller-gen.kubebuilder.io/version: v0.16.1 6 name: clusterserviceversions.operators.coreos.com 7 spec: 8 group: operators.coreos.com 9 names: 10 categories: 11 - olm 12 kind: ClusterServiceVersion 13 listKind: ClusterServiceVersionList 14 plural: clusterserviceversions 15 shortNames: 16 - csv 17 - csvs 18 singular: clusterserviceversion 19 scope: Namespaced 20 versions: 21 - additionalPrinterColumns: 22 - description: The name of the CSV 23 jsonPath: .spec.displayName 24 name: Display 25 type: string 26 - description: The version of the CSV 27 jsonPath: .spec.version 28 name: Version 29 type: string 30 - description: The name of a CSV that this one replaces 31 jsonPath: .spec.replaces 32 name: Replaces 33 type: string 34 - jsonPath: .status.phase 35 name: Phase 36 type: string 37 name: v1alpha1 38 schema: 39 openAPIV3Schema: 40 description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. 41 type: object 42 required: 43 - metadata 44 - spec 45 properties: 46 apiVersion: 47 description: |- 48 APIVersion defines the versioned schema of this representation of an object. 49 Servers should convert recognized schemas to the latest internal value, and 50 may reject unrecognized values. 51 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 52 type: string 53 kind: 54 description: |- 55 Kind is a string value representing the REST resource this object represents. 56 Servers may infer this from the endpoint the client submits requests to. 57 Cannot be updated. 58 In CamelCase. 59 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 60 type: string 61 metadata: 62 type: object 63 spec: 64 description: |- 65 ClusterServiceVersionSpec declarations tell OLM how to install an operator 66 that can manage apps for a given version. 67 type: object 68 required: 69 - displayName 70 - install 71 properties: 72 annotations: 73 description: |- 74 Annotations is an unstructured key value map stored with a resource that may be 75 set by external tools to store and retrieve arbitrary metadata. 76 type: object 77 additionalProperties: 78 type: string 79 apiservicedefinitions: 80 description: |- 81 APIServiceDefinitions declares all of the extension apis managed or required by 82 an operator being ran by ClusterServiceVersion. 83 type: object 84 properties: 85 owned: 86 type: array 87 items: 88 description: APIServiceDescription provides details to OLM about apis provided via aggregation 89 type: object 90 required: 91 - group 92 - kind 93 - name 94 - version 95 properties: 96 actionDescriptors: 97 type: array 98 items: 99 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 100 type: object 101 required: 102 - path 103 properties: 104 description: 105 type: string 106 displayName: 107 type: string 108 path: 109 type: string 110 value: 111 description: |- 112 RawMessage is a raw encoded JSON value. 113 It implements [Marshaler] and [Unmarshaler] and can 114 be used to delay JSON decoding or precompute a JSON encoding. 115 type: string 116 format: byte 117 x-descriptors: 118 type: array 119 items: 120 type: string 121 containerPort: 122 type: integer 123 format: int32 124 deploymentName: 125 type: string 126 description: 127 type: string 128 displayName: 129 type: string 130 group: 131 type: string 132 kind: 133 type: string 134 name: 135 type: string 136 resources: 137 type: array 138 items: 139 description: APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes. 140 type: object 141 required: 142 - kind 143 - name 144 - version 145 properties: 146 kind: 147 description: Kind of the referenced resource type. 148 type: string 149 name: 150 description: Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource. 151 type: string 152 version: 153 description: API Version of the referenced resource type. 154 type: string 155 specDescriptors: 156 type: array 157 items: 158 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 159 type: object 160 required: 161 - path 162 properties: 163 description: 164 type: string 165 displayName: 166 type: string 167 path: 168 type: string 169 value: 170 description: |- 171 RawMessage is a raw encoded JSON value. 172 It implements [Marshaler] and [Unmarshaler] and can 173 be used to delay JSON decoding or precompute a JSON encoding. 174 type: string 175 format: byte 176 x-descriptors: 177 type: array 178 items: 179 type: string 180 statusDescriptors: 181 type: array 182 items: 183 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 184 type: object 185 required: 186 - path 187 properties: 188 description: 189 type: string 190 displayName: 191 type: string 192 path: 193 type: string 194 value: 195 description: |- 196 RawMessage is a raw encoded JSON value. 197 It implements [Marshaler] and [Unmarshaler] and can 198 be used to delay JSON decoding or precompute a JSON encoding. 199 type: string 200 format: byte 201 x-descriptors: 202 type: array 203 items: 204 type: string 205 version: 206 type: string 207 required: 208 type: array 209 items: 210 description: APIServiceDescription provides details to OLM about apis provided via aggregation 211 type: object 212 required: 213 - group 214 - kind 215 - name 216 - version 217 properties: 218 actionDescriptors: 219 type: array 220 items: 221 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 222 type: object 223 required: 224 - path 225 properties: 226 description: 227 type: string 228 displayName: 229 type: string 230 path: 231 type: string 232 value: 233 description: |- 234 RawMessage is a raw encoded JSON value. 235 It implements [Marshaler] and [Unmarshaler] and can 236 be used to delay JSON decoding or precompute a JSON encoding. 237 type: string 238 format: byte 239 x-descriptors: 240 type: array 241 items: 242 type: string 243 containerPort: 244 type: integer 245 format: int32 246 deploymentName: 247 type: string 248 description: 249 type: string 250 displayName: 251 type: string 252 group: 253 type: string 254 kind: 255 type: string 256 name: 257 type: string 258 resources: 259 type: array 260 items: 261 description: APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes. 262 type: object 263 required: 264 - kind 265 - name 266 - version 267 properties: 268 kind: 269 description: Kind of the referenced resource type. 270 type: string 271 name: 272 description: Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource. 273 type: string 274 version: 275 description: API Version of the referenced resource type. 276 type: string 277 specDescriptors: 278 type: array 279 items: 280 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 281 type: object 282 required: 283 - path 284 properties: 285 description: 286 type: string 287 displayName: 288 type: string 289 path: 290 type: string 291 value: 292 description: |- 293 RawMessage is a raw encoded JSON value. 294 It implements [Marshaler] and [Unmarshaler] and can 295 be used to delay JSON decoding or precompute a JSON encoding. 296 type: string 297 format: byte 298 x-descriptors: 299 type: array 300 items: 301 type: string 302 statusDescriptors: 303 type: array 304 items: 305 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 306 type: object 307 required: 308 - path 309 properties: 310 description: 311 type: string 312 displayName: 313 type: string 314 path: 315 type: string 316 value: 317 description: |- 318 RawMessage is a raw encoded JSON value. 319 It implements [Marshaler] and [Unmarshaler] and can 320 be used to delay JSON decoding or precompute a JSON encoding. 321 type: string 322 format: byte 323 x-descriptors: 324 type: array 325 items: 326 type: string 327 version: 328 type: string 329 cleanup: 330 description: Cleanup specifies the cleanup behaviour when the CSV gets deleted 331 type: object 332 required: 333 - enabled 334 properties: 335 enabled: 336 type: boolean 337 customresourcedefinitions: 338 description: |- 339 CustomResourceDefinitions declares all of the CRDs managed or required by 340 an operator being ran by ClusterServiceVersion. 341 342 If the CRD is present in the Owned list, it is implicitly required. 343 type: object 344 properties: 345 owned: 346 type: array 347 items: 348 description: CRDDescription provides details to OLM about the CRDs 349 type: object 350 required: 351 - kind 352 - name 353 - version 354 properties: 355 actionDescriptors: 356 type: array 357 items: 358 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 359 type: object 360 required: 361 - path 362 properties: 363 description: 364 type: string 365 displayName: 366 type: string 367 path: 368 type: string 369 value: 370 description: |- 371 RawMessage is a raw encoded JSON value. 372 It implements [Marshaler] and [Unmarshaler] and can 373 be used to delay JSON decoding or precompute a JSON encoding. 374 type: string 375 format: byte 376 x-descriptors: 377 type: array 378 items: 379 type: string 380 description: 381 type: string 382 displayName: 383 type: string 384 kind: 385 type: string 386 name: 387 type: string 388 resources: 389 type: array 390 items: 391 description: APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes. 392 type: object 393 required: 394 - kind 395 - name 396 - version 397 properties: 398 kind: 399 description: Kind of the referenced resource type. 400 type: string 401 name: 402 description: Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource. 403 type: string 404 version: 405 description: API Version of the referenced resource type. 406 type: string 407 specDescriptors: 408 type: array 409 items: 410 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 411 type: object 412 required: 413 - path 414 properties: 415 description: 416 type: string 417 displayName: 418 type: string 419 path: 420 type: string 421 value: 422 description: |- 423 RawMessage is a raw encoded JSON value. 424 It implements [Marshaler] and [Unmarshaler] and can 425 be used to delay JSON decoding or precompute a JSON encoding. 426 type: string 427 format: byte 428 x-descriptors: 429 type: array 430 items: 431 type: string 432 statusDescriptors: 433 type: array 434 items: 435 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 436 type: object 437 required: 438 - path 439 properties: 440 description: 441 type: string 442 displayName: 443 type: string 444 path: 445 type: string 446 value: 447 description: |- 448 RawMessage is a raw encoded JSON value. 449 It implements [Marshaler] and [Unmarshaler] and can 450 be used to delay JSON decoding or precompute a JSON encoding. 451 type: string 452 format: byte 453 x-descriptors: 454 type: array 455 items: 456 type: string 457 version: 458 type: string 459 required: 460 type: array 461 items: 462 description: CRDDescription provides details to OLM about the CRDs 463 type: object 464 required: 465 - kind 466 - name 467 - version 468 properties: 469 actionDescriptors: 470 type: array 471 items: 472 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 473 type: object 474 required: 475 - path 476 properties: 477 description: 478 type: string 479 displayName: 480 type: string 481 path: 482 type: string 483 value: 484 description: |- 485 RawMessage is a raw encoded JSON value. 486 It implements [Marshaler] and [Unmarshaler] and can 487 be used to delay JSON decoding or precompute a JSON encoding. 488 type: string 489 format: byte 490 x-descriptors: 491 type: array 492 items: 493 type: string 494 description: 495 type: string 496 displayName: 497 type: string 498 kind: 499 type: string 500 name: 501 type: string 502 resources: 503 type: array 504 items: 505 description: APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes. 506 type: object 507 required: 508 - kind 509 - name 510 - version 511 properties: 512 kind: 513 description: Kind of the referenced resource type. 514 type: string 515 name: 516 description: Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource. 517 type: string 518 version: 519 description: API Version of the referenced resource type. 520 type: string 521 specDescriptors: 522 type: array 523 items: 524 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 525 type: object 526 required: 527 - path 528 properties: 529 description: 530 type: string 531 displayName: 532 type: string 533 path: 534 type: string 535 value: 536 description: |- 537 RawMessage is a raw encoded JSON value. 538 It implements [Marshaler] and [Unmarshaler] and can 539 be used to delay JSON decoding or precompute a JSON encoding. 540 type: string 541 format: byte 542 x-descriptors: 543 type: array 544 items: 545 type: string 546 statusDescriptors: 547 type: array 548 items: 549 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 550 type: object 551 required: 552 - path 553 properties: 554 description: 555 type: string 556 displayName: 557 type: string 558 path: 559 type: string 560 value: 561 description: |- 562 RawMessage is a raw encoded JSON value. 563 It implements [Marshaler] and [Unmarshaler] and can 564 be used to delay JSON decoding or precompute a JSON encoding. 565 type: string 566 format: byte 567 x-descriptors: 568 type: array 569 items: 570 type: string 571 version: 572 type: string 573 description: 574 description: |- 575 Description of the operator. Can include the features, limitations or use-cases of the 576 operator. 577 type: string 578 displayName: 579 description: The name of the operator in display format. 580 type: string 581 icon: 582 description: The icon for this operator. 583 type: array 584 items: 585 type: object 586 required: 587 - base64data 588 - mediatype 589 properties: 590 base64data: 591 type: string 592 mediatype: 593 type: string 594 install: 595 description: |- 596 NamedInstallStrategy represents the block of an ClusterServiceVersion resource 597 where the install strategy is specified. 598 type: object 599 required: 600 - strategy 601 properties: 602 spec: 603 description: |- 604 StrategyDetailsDeployment represents the parsed details of a Deployment 605 InstallStrategy. 606 type: object 607 required: 608 - deployments 609 properties: 610 clusterPermissions: 611 type: array 612 items: 613 description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy 614 type: object 615 required: 616 - rules 617 - serviceAccountName 618 properties: 619 rules: 620 type: array 621 items: 622 description: |- 623 PolicyRule holds information that describes a policy rule, but does not contain information 624 about who the rule applies to or which namespace the rule applies to. 625 type: object 626 required: 627 - verbs 628 properties: 629 apiGroups: 630 description: |- 631 APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of 632 the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. 633 type: array 634 items: 635 type: string 636 x-kubernetes-list-type: atomic 637 nonResourceURLs: 638 description: |- 639 NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path 640 Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. 641 Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. 642 type: array 643 items: 644 type: string 645 x-kubernetes-list-type: atomic 646 resourceNames: 647 description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. 648 type: array 649 items: 650 type: string 651 x-kubernetes-list-type: atomic 652 resources: 653 description: Resources is a list of resources this rule applies to. '*' represents all resources. 654 type: array 655 items: 656 type: string 657 x-kubernetes-list-type: atomic 658 verbs: 659 description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. 660 type: array 661 items: 662 type: string 663 x-kubernetes-list-type: atomic 664 serviceAccountName: 665 type: string 666 deployments: 667 type: array 668 items: 669 description: StrategyDeploymentSpec contains the name, spec and labels for the deployment ALM should create 670 type: object 671 required: 672 - name 673 - spec 674 properties: 675 label: 676 description: Set is a map of label:value. It implements Labels. 677 type: object 678 additionalProperties: 679 type: string 680 name: 681 type: string 682 spec: 683 description: DeploymentSpec is the specification of the desired behavior of the Deployment. 684 type: object 685 required: 686 - selector 687 - template 688 properties: 689 minReadySeconds: 690 description: |- 691 Minimum number of seconds for which a newly created pod should be ready 692 without any of its container crashing, for it to be considered available. 693 Defaults to 0 (pod will be considered available as soon as it is ready) 694 type: integer 695 format: int32 696 paused: 697 description: Indicates that the deployment is paused. 698 type: boolean 699 progressDeadlineSeconds: 700 description: |- 701 The maximum time in seconds for a deployment to make progress before it 702 is considered to be failed. The deployment controller will continue to 703 process failed deployments and a condition with a ProgressDeadlineExceeded 704 reason will be surfaced in the deployment status. Note that progress will 705 not be estimated during the time a deployment is paused. Defaults to 600s. 706 type: integer 707 format: int32 708 replicas: 709 description: |- 710 Number of desired pods. This is a pointer to distinguish between explicit 711 zero and not specified. Defaults to 1. 712 type: integer 713 format: int32 714 revisionHistoryLimit: 715 description: |- 716 The number of old ReplicaSets to retain to allow rollback. 717 This is a pointer to distinguish between explicit zero and not specified. 718 Defaults to 10. 719 type: integer 720 format: int32 721 selector: 722 description: |- 723 Label selector for pods. Existing ReplicaSets whose pods are 724 selected by this will be the ones affected by this deployment. 725 It must match the pod template's labels. 726 type: object 727 properties: 728 matchExpressions: 729 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 730 type: array 731 items: 732 description: |- 733 A label selector requirement is a selector that contains values, a key, and an operator that 734 relates the key and values. 735 type: object 736 required: 737 - key 738 - operator 739 properties: 740 key: 741 description: key is the label key that the selector applies to. 742 type: string 743 operator: 744 description: |- 745 operator represents a key's relationship to a set of values. 746 Valid operators are In, NotIn, Exists and DoesNotExist. 747 type: string 748 values: 749 description: |- 750 values is an array of string values. If the operator is In or NotIn, 751 the values array must be non-empty. If the operator is Exists or DoesNotExist, 752 the values array must be empty. This array is replaced during a strategic 753 merge patch. 754 type: array 755 items: 756 type: string 757 x-kubernetes-list-type: atomic 758 x-kubernetes-list-type: atomic 759 matchLabels: 760 description: |- 761 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 762 map is equivalent to an element of matchExpressions, whose key field is "key", the 763 operator is "In", and the values array contains only "value". The requirements are ANDed. 764 type: object 765 additionalProperties: 766 type: string 767 x-kubernetes-map-type: atomic 768 strategy: 769 description: The deployment strategy to use to replace existing pods with new ones. 770 type: object 771 properties: 772 rollingUpdate: 773 description: |- 774 Rolling update config params. Present only if DeploymentStrategyType = 775 RollingUpdate. 776 type: object 777 properties: 778 maxSurge: 779 description: |- 780 The maximum number of pods that can be scheduled above the desired number of 781 pods. 782 Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). 783 This can not be 0 if MaxUnavailable is 0. 784 Absolute number is calculated from percentage by rounding up. 785 Defaults to 25%. 786 Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when 787 the rolling update starts, such that the total number of old and new pods do not exceed 788 130% of desired pods. Once old pods have been killed, 789 new ReplicaSet can be scaled up further, ensuring that total number of pods running 790 at any time during the update is at most 130% of desired pods. 791 anyOf: 792 - type: integer 793 - type: string 794 x-kubernetes-int-or-string: true 795 maxUnavailable: 796 description: |- 797 The maximum number of pods that can be unavailable during the update. 798 Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). 799 Absolute number is calculated from percentage by rounding down. 800 This can not be 0 if MaxSurge is 0. 801 Defaults to 25%. 802 Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods 803 immediately when the rolling update starts. Once new pods are ready, old ReplicaSet 804 can be scaled down further, followed by scaling up the new ReplicaSet, ensuring 805 that the total number of pods available at all times during the update is at 806 least 70% of desired pods. 807 anyOf: 808 - type: integer 809 - type: string 810 x-kubernetes-int-or-string: true 811 type: 812 description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. 813 type: string 814 template: 815 description: |- 816 Template describes the pods that will be created. 817 The only allowed template.spec.restartPolicy value is "Always". 818 type: object 819 properties: 820 metadata: 821 description: |- 822 Standard object's metadata. 823 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 824 type: object 825 x-kubernetes-preserve-unknown-fields: true 826 spec: 827 description: |- 828 Specification of the desired behavior of the pod. 829 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 830 type: object 831 required: 832 - containers 833 properties: 834 activeDeadlineSeconds: 835 description: |- 836 Optional duration in seconds the pod may be active on the node relative to 837 StartTime before the system will actively try to mark it failed and kill associated containers. 838 Value must be a positive integer. 839 type: integer 840 format: int64 841 affinity: 842 description: If specified, the pod's scheduling constraints 843 type: object 844 properties: 845 nodeAffinity: 846 description: Describes node affinity scheduling rules for the pod. 847 type: object 848 properties: 849 preferredDuringSchedulingIgnoredDuringExecution: 850 description: |- 851 The scheduler will prefer to schedule pods to nodes that satisfy 852 the affinity expressions specified by this field, but it may choose 853 a node that violates one or more of the expressions. The node that is 854 most preferred is the one with the greatest sum of weights, i.e. 855 for each node that meets all of the scheduling requirements (resource 856 request, requiredDuringScheduling affinity expressions, etc.), 857 compute a sum by iterating through the elements of this field and adding 858 "weight" to the sum if the node matches the corresponding matchExpressions; the 859 node(s) with the highest sum are the most preferred. 860 type: array 861 items: 862 description: |- 863 An empty preferred scheduling term matches all objects with implicit weight 0 864 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). 865 type: object 866 required: 867 - preference 868 - weight 869 properties: 870 preference: 871 description: A node selector term, associated with the corresponding weight. 872 type: object 873 properties: 874 matchExpressions: 875 description: A list of node selector requirements by node's labels. 876 type: array 877 items: 878 description: |- 879 A node selector requirement is a selector that contains values, a key, and an operator 880 that relates the key and values. 881 type: object 882 required: 883 - key 884 - operator 885 properties: 886 key: 887 description: The label key that the selector applies to. 888 type: string 889 operator: 890 description: |- 891 Represents a key's relationship to a set of values. 892 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 893 type: string 894 values: 895 description: |- 896 An array of string values. If the operator is In or NotIn, 897 the values array must be non-empty. If the operator is Exists or DoesNotExist, 898 the values array must be empty. If the operator is Gt or Lt, the values 899 array must have a single element, which will be interpreted as an integer. 900 This array is replaced during a strategic merge patch. 901 type: array 902 items: 903 type: string 904 x-kubernetes-list-type: atomic 905 x-kubernetes-list-type: atomic 906 matchFields: 907 description: A list of node selector requirements by node's fields. 908 type: array 909 items: 910 description: |- 911 A node selector requirement is a selector that contains values, a key, and an operator 912 that relates the key and values. 913 type: object 914 required: 915 - key 916 - operator 917 properties: 918 key: 919 description: The label key that the selector applies to. 920 type: string 921 operator: 922 description: |- 923 Represents a key's relationship to a set of values. 924 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 925 type: string 926 values: 927 description: |- 928 An array of string values. If the operator is In or NotIn, 929 the values array must be non-empty. If the operator is Exists or DoesNotExist, 930 the values array must be empty. If the operator is Gt or Lt, the values 931 array must have a single element, which will be interpreted as an integer. 932 This array is replaced during a strategic merge patch. 933 type: array 934 items: 935 type: string 936 x-kubernetes-list-type: atomic 937 x-kubernetes-list-type: atomic 938 x-kubernetes-map-type: atomic 939 weight: 940 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 941 type: integer 942 format: int32 943 x-kubernetes-list-type: atomic 944 requiredDuringSchedulingIgnoredDuringExecution: 945 description: |- 946 If the affinity requirements specified by this field are not met at 947 scheduling time, the pod will not be scheduled onto the node. 948 If the affinity requirements specified by this field cease to be met 949 at some point during pod execution (e.g. due to an update), the system 950 may or may not try to eventually evict the pod from its node. 951 type: object 952 required: 953 - nodeSelectorTerms 954 properties: 955 nodeSelectorTerms: 956 description: Required. A list of node selector terms. The terms are ORed. 957 type: array 958 items: 959 description: |- 960 A null or empty node selector term matches no objects. The requirements of 961 them are ANDed. 962 The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. 963 type: object 964 properties: 965 matchExpressions: 966 description: A list of node selector requirements by node's labels. 967 type: array 968 items: 969 description: |- 970 A node selector requirement is a selector that contains values, a key, and an operator 971 that relates the key and values. 972 type: object 973 required: 974 - key 975 - operator 976 properties: 977 key: 978 description: The label key that the selector applies to. 979 type: string 980 operator: 981 description: |- 982 Represents a key's relationship to a set of values. 983 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 984 type: string 985 values: 986 description: |- 987 An array of string values. If the operator is In or NotIn, 988 the values array must be non-empty. If the operator is Exists or DoesNotExist, 989 the values array must be empty. If the operator is Gt or Lt, the values 990 array must have a single element, which will be interpreted as an integer. 991 This array is replaced during a strategic merge patch. 992 type: array 993 items: 994 type: string 995 x-kubernetes-list-type: atomic 996 x-kubernetes-list-type: atomic 997 matchFields: 998 description: A list of node selector requirements by node's fields. 999 type: array 1000 items: 1001 description: |- 1002 A node selector requirement is a selector that contains values, a key, and an operator 1003 that relates the key and values. 1004 type: object 1005 required: 1006 - key 1007 - operator 1008 properties: 1009 key: 1010 description: The label key that the selector applies to. 1011 type: string 1012 operator: 1013 description: |- 1014 Represents a key's relationship to a set of values. 1015 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 1016 type: string 1017 values: 1018 description: |- 1019 An array of string values. If the operator is In or NotIn, 1020 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1021 the values array must be empty. If the operator is Gt or Lt, the values 1022 array must have a single element, which will be interpreted as an integer. 1023 This array is replaced during a strategic merge patch. 1024 type: array 1025 items: 1026 type: string 1027 x-kubernetes-list-type: atomic 1028 x-kubernetes-list-type: atomic 1029 x-kubernetes-map-type: atomic 1030 x-kubernetes-list-type: atomic 1031 x-kubernetes-map-type: atomic 1032 podAffinity: 1033 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 1034 type: object 1035 properties: 1036 preferredDuringSchedulingIgnoredDuringExecution: 1037 description: |- 1038 The scheduler will prefer to schedule pods to nodes that satisfy 1039 the affinity expressions specified by this field, but it may choose 1040 a node that violates one or more of the expressions. The node that is 1041 most preferred is the one with the greatest sum of weights, i.e. 1042 for each node that meets all of the scheduling requirements (resource 1043 request, requiredDuringScheduling affinity expressions, etc.), 1044 compute a sum by iterating through the elements of this field and adding 1045 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 1046 node(s) with the highest sum are the most preferred. 1047 type: array 1048 items: 1049 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) 1050 type: object 1051 required: 1052 - podAffinityTerm 1053 - weight 1054 properties: 1055 podAffinityTerm: 1056 description: Required. A pod affinity term, associated with the corresponding weight. 1057 type: object 1058 required: 1059 - topologyKey 1060 properties: 1061 labelSelector: 1062 description: |- 1063 A label query over a set of resources, in this case pods. 1064 If it's null, this PodAffinityTerm matches with no Pods. 1065 type: object 1066 properties: 1067 matchExpressions: 1068 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1069 type: array 1070 items: 1071 description: |- 1072 A label selector requirement is a selector that contains values, a key, and an operator that 1073 relates the key and values. 1074 type: object 1075 required: 1076 - key 1077 - operator 1078 properties: 1079 key: 1080 description: key is the label key that the selector applies to. 1081 type: string 1082 operator: 1083 description: |- 1084 operator represents a key's relationship to a set of values. 1085 Valid operators are In, NotIn, Exists and DoesNotExist. 1086 type: string 1087 values: 1088 description: |- 1089 values is an array of string values. If the operator is In or NotIn, 1090 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1091 the values array must be empty. This array is replaced during a strategic 1092 merge patch. 1093 type: array 1094 items: 1095 type: string 1096 x-kubernetes-list-type: atomic 1097 x-kubernetes-list-type: atomic 1098 matchLabels: 1099 description: |- 1100 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1101 map is equivalent to an element of matchExpressions, whose key field is "key", the 1102 operator is "In", and the values array contains only "value". The requirements are ANDed. 1103 type: object 1104 additionalProperties: 1105 type: string 1106 x-kubernetes-map-type: atomic 1107 matchLabelKeys: 1108 description: |- 1109 MatchLabelKeys is a set of pod label keys to select which pods will 1110 be taken into consideration. The keys are used to lookup values from the 1111 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` 1112 to select the group of existing pods which pods will be taken into consideration 1113 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 1114 pod labels will be ignored. The default value is empty. 1115 The same key is forbidden to exist in both matchLabelKeys and labelSelector. 1116 Also, matchLabelKeys cannot be set when labelSelector isn't set. 1117 This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1118 type: array 1119 items: 1120 type: string 1121 x-kubernetes-list-type: atomic 1122 mismatchLabelKeys: 1123 description: |- 1124 MismatchLabelKeys is a set of pod label keys to select which pods will 1125 be taken into consideration. The keys are used to lookup values from the 1126 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` 1127 to select the group of existing pods which pods will be taken into consideration 1128 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 1129 pod labels will be ignored. The default value is empty. 1130 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. 1131 Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 1132 This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1133 type: array 1134 items: 1135 type: string 1136 x-kubernetes-list-type: atomic 1137 namespaceSelector: 1138 description: |- 1139 A label query over the set of namespaces that the term applies to. 1140 The term is applied to the union of the namespaces selected by this field 1141 and the ones listed in the namespaces field. 1142 null selector and null or empty namespaces list means "this pod's namespace". 1143 An empty selector ({}) matches all namespaces. 1144 type: object 1145 properties: 1146 matchExpressions: 1147 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1148 type: array 1149 items: 1150 description: |- 1151 A label selector requirement is a selector that contains values, a key, and an operator that 1152 relates the key and values. 1153 type: object 1154 required: 1155 - key 1156 - operator 1157 properties: 1158 key: 1159 description: key is the label key that the selector applies to. 1160 type: string 1161 operator: 1162 description: |- 1163 operator represents a key's relationship to a set of values. 1164 Valid operators are In, NotIn, Exists and DoesNotExist. 1165 type: string 1166 values: 1167 description: |- 1168 values is an array of string values. If the operator is In or NotIn, 1169 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1170 the values array must be empty. This array is replaced during a strategic 1171 merge patch. 1172 type: array 1173 items: 1174 type: string 1175 x-kubernetes-list-type: atomic 1176 x-kubernetes-list-type: atomic 1177 matchLabels: 1178 description: |- 1179 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1180 map is equivalent to an element of matchExpressions, whose key field is "key", the 1181 operator is "In", and the values array contains only "value". The requirements are ANDed. 1182 type: object 1183 additionalProperties: 1184 type: string 1185 x-kubernetes-map-type: atomic 1186 namespaces: 1187 description: |- 1188 namespaces specifies a static list of namespace names that the term applies to. 1189 The term is applied to the union of the namespaces listed in this field 1190 and the ones selected by namespaceSelector. 1191 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1192 type: array 1193 items: 1194 type: string 1195 x-kubernetes-list-type: atomic 1196 topologyKey: 1197 description: |- 1198 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 1199 the labelSelector in the specified namespaces, where co-located is defined as running on a node 1200 whose value of the label with key topologyKey matches that of any node on which any of the 1201 selected pods is running. 1202 Empty topologyKey is not allowed. 1203 type: string 1204 weight: 1205 description: |- 1206 weight associated with matching the corresponding podAffinityTerm, 1207 in the range 1-100. 1208 type: integer 1209 format: int32 1210 x-kubernetes-list-type: atomic 1211 requiredDuringSchedulingIgnoredDuringExecution: 1212 description: |- 1213 If the affinity requirements specified by this field are not met at 1214 scheduling time, the pod will not be scheduled onto the node. 1215 If the affinity requirements specified by this field cease to be met 1216 at some point during pod execution (e.g. due to a pod label update), the 1217 system may or may not try to eventually evict the pod from its node. 1218 When there are multiple elements, the lists of nodes corresponding to each 1219 podAffinityTerm are intersected, i.e. all terms must be satisfied. 1220 type: array 1221 items: 1222 description: |- 1223 Defines a set of pods (namely those matching the labelSelector 1224 relative to the given namespace(s)) that this pod should be 1225 co-located (affinity) or not co-located (anti-affinity) with, 1226 where co-located is defined as running on a node whose value of 1227 the label with key <topologyKey> matches that of any node on which 1228 a pod of the set of pods is running 1229 type: object 1230 required: 1231 - topologyKey 1232 properties: 1233 labelSelector: 1234 description: |- 1235 A label query over a set of resources, in this case pods. 1236 If it's null, this PodAffinityTerm matches with no Pods. 1237 type: object 1238 properties: 1239 matchExpressions: 1240 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1241 type: array 1242 items: 1243 description: |- 1244 A label selector requirement is a selector that contains values, a key, and an operator that 1245 relates the key and values. 1246 type: object 1247 required: 1248 - key 1249 - operator 1250 properties: 1251 key: 1252 description: key is the label key that the selector applies to. 1253 type: string 1254 operator: 1255 description: |- 1256 operator represents a key's relationship to a set of values. 1257 Valid operators are In, NotIn, Exists and DoesNotExist. 1258 type: string 1259 values: 1260 description: |- 1261 values is an array of string values. If the operator is In or NotIn, 1262 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1263 the values array must be empty. This array is replaced during a strategic 1264 merge patch. 1265 type: array 1266 items: 1267 type: string 1268 x-kubernetes-list-type: atomic 1269 x-kubernetes-list-type: atomic 1270 matchLabels: 1271 description: |- 1272 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1273 map is equivalent to an element of matchExpressions, whose key field is "key", the 1274 operator is "In", and the values array contains only "value". The requirements are ANDed. 1275 type: object 1276 additionalProperties: 1277 type: string 1278 x-kubernetes-map-type: atomic 1279 matchLabelKeys: 1280 description: |- 1281 MatchLabelKeys is a set of pod label keys to select which pods will 1282 be taken into consideration. The keys are used to lookup values from the 1283 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` 1284 to select the group of existing pods which pods will be taken into consideration 1285 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 1286 pod labels will be ignored. The default value is empty. 1287 The same key is forbidden to exist in both matchLabelKeys and labelSelector. 1288 Also, matchLabelKeys cannot be set when labelSelector isn't set. 1289 This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1290 type: array 1291 items: 1292 type: string 1293 x-kubernetes-list-type: atomic 1294 mismatchLabelKeys: 1295 description: |- 1296 MismatchLabelKeys is a set of pod label keys to select which pods will 1297 be taken into consideration. The keys are used to lookup values from the 1298 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` 1299 to select the group of existing pods which pods will be taken into consideration 1300 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 1301 pod labels will be ignored. The default value is empty. 1302 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. 1303 Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 1304 This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1305 type: array 1306 items: 1307 type: string 1308 x-kubernetes-list-type: atomic 1309 namespaceSelector: 1310 description: |- 1311 A label query over the set of namespaces that the term applies to. 1312 The term is applied to the union of the namespaces selected by this field 1313 and the ones listed in the namespaces field. 1314 null selector and null or empty namespaces list means "this pod's namespace". 1315 An empty selector ({}) matches all namespaces. 1316 type: object 1317 properties: 1318 matchExpressions: 1319 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1320 type: array 1321 items: 1322 description: |- 1323 A label selector requirement is a selector that contains values, a key, and an operator that 1324 relates the key and values. 1325 type: object 1326 required: 1327 - key 1328 - operator 1329 properties: 1330 key: 1331 description: key is the label key that the selector applies to. 1332 type: string 1333 operator: 1334 description: |- 1335 operator represents a key's relationship to a set of values. 1336 Valid operators are In, NotIn, Exists and DoesNotExist. 1337 type: string 1338 values: 1339 description: |- 1340 values is an array of string values. If the operator is In or NotIn, 1341 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1342 the values array must be empty. This array is replaced during a strategic 1343 merge patch. 1344 type: array 1345 items: 1346 type: string 1347 x-kubernetes-list-type: atomic 1348 x-kubernetes-list-type: atomic 1349 matchLabels: 1350 description: |- 1351 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1352 map is equivalent to an element of matchExpressions, whose key field is "key", the 1353 operator is "In", and the values array contains only "value". The requirements are ANDed. 1354 type: object 1355 additionalProperties: 1356 type: string 1357 x-kubernetes-map-type: atomic 1358 namespaces: 1359 description: |- 1360 namespaces specifies a static list of namespace names that the term applies to. 1361 The term is applied to the union of the namespaces listed in this field 1362 and the ones selected by namespaceSelector. 1363 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1364 type: array 1365 items: 1366 type: string 1367 x-kubernetes-list-type: atomic 1368 topologyKey: 1369 description: |- 1370 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 1371 the labelSelector in the specified namespaces, where co-located is defined as running on a node 1372 whose value of the label with key topologyKey matches that of any node on which any of the 1373 selected pods is running. 1374 Empty topologyKey is not allowed. 1375 type: string 1376 x-kubernetes-list-type: atomic 1377 podAntiAffinity: 1378 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 1379 type: object 1380 properties: 1381 preferredDuringSchedulingIgnoredDuringExecution: 1382 description: |- 1383 The scheduler will prefer to schedule pods to nodes that satisfy 1384 the anti-affinity expressions specified by this field, but it may choose 1385 a node that violates one or more of the expressions. The node that is 1386 most preferred is the one with the greatest sum of weights, i.e. 1387 for each node that meets all of the scheduling requirements (resource 1388 request, requiredDuringScheduling anti-affinity expressions, etc.), 1389 compute a sum by iterating through the elements of this field and adding 1390 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 1391 node(s) with the highest sum are the most preferred. 1392 type: array 1393 items: 1394 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) 1395 type: object 1396 required: 1397 - podAffinityTerm 1398 - weight 1399 properties: 1400 podAffinityTerm: 1401 description: Required. A pod affinity term, associated with the corresponding weight. 1402 type: object 1403 required: 1404 - topologyKey 1405 properties: 1406 labelSelector: 1407 description: |- 1408 A label query over a set of resources, in this case pods. 1409 If it's null, this PodAffinityTerm matches with no Pods. 1410 type: object 1411 properties: 1412 matchExpressions: 1413 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1414 type: array 1415 items: 1416 description: |- 1417 A label selector requirement is a selector that contains values, a key, and an operator that 1418 relates the key and values. 1419 type: object 1420 required: 1421 - key 1422 - operator 1423 properties: 1424 key: 1425 description: key is the label key that the selector applies to. 1426 type: string 1427 operator: 1428 description: |- 1429 operator represents a key's relationship to a set of values. 1430 Valid operators are In, NotIn, Exists and DoesNotExist. 1431 type: string 1432 values: 1433 description: |- 1434 values is an array of string values. If the operator is In or NotIn, 1435 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1436 the values array must be empty. This array is replaced during a strategic 1437 merge patch. 1438 type: array 1439 items: 1440 type: string 1441 x-kubernetes-list-type: atomic 1442 x-kubernetes-list-type: atomic 1443 matchLabels: 1444 description: |- 1445 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1446 map is equivalent to an element of matchExpressions, whose key field is "key", the 1447 operator is "In", and the values array contains only "value". The requirements are ANDed. 1448 type: object 1449 additionalProperties: 1450 type: string 1451 x-kubernetes-map-type: atomic 1452 matchLabelKeys: 1453 description: |- 1454 MatchLabelKeys is a set of pod label keys to select which pods will 1455 be taken into consideration. The keys are used to lookup values from the 1456 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` 1457 to select the group of existing pods which pods will be taken into consideration 1458 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 1459 pod labels will be ignored. The default value is empty. 1460 The same key is forbidden to exist in both matchLabelKeys and labelSelector. 1461 Also, matchLabelKeys cannot be set when labelSelector isn't set. 1462 This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1463 type: array 1464 items: 1465 type: string 1466 x-kubernetes-list-type: atomic 1467 mismatchLabelKeys: 1468 description: |- 1469 MismatchLabelKeys is a set of pod label keys to select which pods will 1470 be taken into consideration. The keys are used to lookup values from the 1471 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` 1472 to select the group of existing pods which pods will be taken into consideration 1473 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 1474 pod labels will be ignored. The default value is empty. 1475 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. 1476 Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 1477 This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1478 type: array 1479 items: 1480 type: string 1481 x-kubernetes-list-type: atomic 1482 namespaceSelector: 1483 description: |- 1484 A label query over the set of namespaces that the term applies to. 1485 The term is applied to the union of the namespaces selected by this field 1486 and the ones listed in the namespaces field. 1487 null selector and null or empty namespaces list means "this pod's namespace". 1488 An empty selector ({}) matches all namespaces. 1489 type: object 1490 properties: 1491 matchExpressions: 1492 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1493 type: array 1494 items: 1495 description: |- 1496 A label selector requirement is a selector that contains values, a key, and an operator that 1497 relates the key and values. 1498 type: object 1499 required: 1500 - key 1501 - operator 1502 properties: 1503 key: 1504 description: key is the label key that the selector applies to. 1505 type: string 1506 operator: 1507 description: |- 1508 operator represents a key's relationship to a set of values. 1509 Valid operators are In, NotIn, Exists and DoesNotExist. 1510 type: string 1511 values: 1512 description: |- 1513 values is an array of string values. If the operator is In or NotIn, 1514 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1515 the values array must be empty. This array is replaced during a strategic 1516 merge patch. 1517 type: array 1518 items: 1519 type: string 1520 x-kubernetes-list-type: atomic 1521 x-kubernetes-list-type: atomic 1522 matchLabels: 1523 description: |- 1524 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1525 map is equivalent to an element of matchExpressions, whose key field is "key", the 1526 operator is "In", and the values array contains only "value". The requirements are ANDed. 1527 type: object 1528 additionalProperties: 1529 type: string 1530 x-kubernetes-map-type: atomic 1531 namespaces: 1532 description: |- 1533 namespaces specifies a static list of namespace names that the term applies to. 1534 The term is applied to the union of the namespaces listed in this field 1535 and the ones selected by namespaceSelector. 1536 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1537 type: array 1538 items: 1539 type: string 1540 x-kubernetes-list-type: atomic 1541 topologyKey: 1542 description: |- 1543 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 1544 the labelSelector in the specified namespaces, where co-located is defined as running on a node 1545 whose value of the label with key topologyKey matches that of any node on which any of the 1546 selected pods is running. 1547 Empty topologyKey is not allowed. 1548 type: string 1549 weight: 1550 description: |- 1551 weight associated with matching the corresponding podAffinityTerm, 1552 in the range 1-100. 1553 type: integer 1554 format: int32 1555 x-kubernetes-list-type: atomic 1556 requiredDuringSchedulingIgnoredDuringExecution: 1557 description: |- 1558 If the anti-affinity requirements specified by this field are not met at 1559 scheduling time, the pod will not be scheduled onto the node. 1560 If the anti-affinity requirements specified by this field cease to be met 1561 at some point during pod execution (e.g. due to a pod label update), the 1562 system may or may not try to eventually evict the pod from its node. 1563 When there are multiple elements, the lists of nodes corresponding to each 1564 podAffinityTerm are intersected, i.e. all terms must be satisfied. 1565 type: array 1566 items: 1567 description: |- 1568 Defines a set of pods (namely those matching the labelSelector 1569 relative to the given namespace(s)) that this pod should be 1570 co-located (affinity) or not co-located (anti-affinity) with, 1571 where co-located is defined as running on a node whose value of 1572 the label with key <topologyKey> matches that of any node on which 1573 a pod of the set of pods is running 1574 type: object 1575 required: 1576 - topologyKey 1577 properties: 1578 labelSelector: 1579 description: |- 1580 A label query over a set of resources, in this case pods. 1581 If it's null, this PodAffinityTerm matches with no Pods. 1582 type: object 1583 properties: 1584 matchExpressions: 1585 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1586 type: array 1587 items: 1588 description: |- 1589 A label selector requirement is a selector that contains values, a key, and an operator that 1590 relates the key and values. 1591 type: object 1592 required: 1593 - key 1594 - operator 1595 properties: 1596 key: 1597 description: key is the label key that the selector applies to. 1598 type: string 1599 operator: 1600 description: |- 1601 operator represents a key's relationship to a set of values. 1602 Valid operators are In, NotIn, Exists and DoesNotExist. 1603 type: string 1604 values: 1605 description: |- 1606 values is an array of string values. If the operator is In or NotIn, 1607 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1608 the values array must be empty. This array is replaced during a strategic 1609 merge patch. 1610 type: array 1611 items: 1612 type: string 1613 x-kubernetes-list-type: atomic 1614 x-kubernetes-list-type: atomic 1615 matchLabels: 1616 description: |- 1617 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1618 map is equivalent to an element of matchExpressions, whose key field is "key", the 1619 operator is "In", and the values array contains only "value". The requirements are ANDed. 1620 type: object 1621 additionalProperties: 1622 type: string 1623 x-kubernetes-map-type: atomic 1624 matchLabelKeys: 1625 description: |- 1626 MatchLabelKeys is a set of pod label keys to select which pods will 1627 be taken into consideration. The keys are used to lookup values from the 1628 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` 1629 to select the group of existing pods which pods will be taken into consideration 1630 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 1631 pod labels will be ignored. The default value is empty. 1632 The same key is forbidden to exist in both matchLabelKeys and labelSelector. 1633 Also, matchLabelKeys cannot be set when labelSelector isn't set. 1634 This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1635 type: array 1636 items: 1637 type: string 1638 x-kubernetes-list-type: atomic 1639 mismatchLabelKeys: 1640 description: |- 1641 MismatchLabelKeys is a set of pod label keys to select which pods will 1642 be taken into consideration. The keys are used to lookup values from the 1643 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` 1644 to select the group of existing pods which pods will be taken into consideration 1645 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 1646 pod labels will be ignored. The default value is empty. 1647 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. 1648 Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 1649 This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 1650 type: array 1651 items: 1652 type: string 1653 x-kubernetes-list-type: atomic 1654 namespaceSelector: 1655 description: |- 1656 A label query over the set of namespaces that the term applies to. 1657 The term is applied to the union of the namespaces selected by this field 1658 and the ones listed in the namespaces field. 1659 null selector and null or empty namespaces list means "this pod's namespace". 1660 An empty selector ({}) matches all namespaces. 1661 type: object 1662 properties: 1663 matchExpressions: 1664 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1665 type: array 1666 items: 1667 description: |- 1668 A label selector requirement is a selector that contains values, a key, and an operator that 1669 relates the key and values. 1670 type: object 1671 required: 1672 - key 1673 - operator 1674 properties: 1675 key: 1676 description: key is the label key that the selector applies to. 1677 type: string 1678 operator: 1679 description: |- 1680 operator represents a key's relationship to a set of values. 1681 Valid operators are In, NotIn, Exists and DoesNotExist. 1682 type: string 1683 values: 1684 description: |- 1685 values is an array of string values. If the operator is In or NotIn, 1686 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1687 the values array must be empty. This array is replaced during a strategic 1688 merge patch. 1689 type: array 1690 items: 1691 type: string 1692 x-kubernetes-list-type: atomic 1693 x-kubernetes-list-type: atomic 1694 matchLabels: 1695 description: |- 1696 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1697 map is equivalent to an element of matchExpressions, whose key field is "key", the 1698 operator is "In", and the values array contains only "value". The requirements are ANDed. 1699 type: object 1700 additionalProperties: 1701 type: string 1702 x-kubernetes-map-type: atomic 1703 namespaces: 1704 description: |- 1705 namespaces specifies a static list of namespace names that the term applies to. 1706 The term is applied to the union of the namespaces listed in this field 1707 and the ones selected by namespaceSelector. 1708 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1709 type: array 1710 items: 1711 type: string 1712 x-kubernetes-list-type: atomic 1713 topologyKey: 1714 description: |- 1715 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 1716 the labelSelector in the specified namespaces, where co-located is defined as running on a node 1717 whose value of the label with key topologyKey matches that of any node on which any of the 1718 selected pods is running. 1719 Empty topologyKey is not allowed. 1720 type: string 1721 x-kubernetes-list-type: atomic 1722 automountServiceAccountToken: 1723 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 1724 type: boolean 1725 containers: 1726 description: |- 1727 List of containers belonging to the pod. 1728 Containers cannot currently be added or removed. 1729 There must be at least one container in a Pod. 1730 Cannot be updated. 1731 type: array 1732 items: 1733 description: A single application container that you want to run within a pod. 1734 type: object 1735 required: 1736 - name 1737 properties: 1738 args: 1739 description: |- 1740 Arguments to the entrypoint. 1741 The container image's CMD is used if this is not provided. 1742 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 1743 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 1744 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 1745 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 1746 of whether the variable exists or not. Cannot be updated. 1747 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 1748 type: array 1749 items: 1750 type: string 1751 x-kubernetes-list-type: atomic 1752 command: 1753 description: |- 1754 Entrypoint array. Not executed within a shell. 1755 The container image's ENTRYPOINT is used if this is not provided. 1756 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 1757 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 1758 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 1759 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 1760 of whether the variable exists or not. Cannot be updated. 1761 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 1762 type: array 1763 items: 1764 type: string 1765 x-kubernetes-list-type: atomic 1766 env: 1767 description: |- 1768 List of environment variables to set in the container. 1769 Cannot be updated. 1770 type: array 1771 items: 1772 description: EnvVar represents an environment variable present in a Container. 1773 type: object 1774 required: 1775 - name 1776 properties: 1777 name: 1778 description: Name of the environment variable. Must be a C_IDENTIFIER. 1779 type: string 1780 value: 1781 description: |- 1782 Variable references $(VAR_NAME) are expanded 1783 using the previously defined environment variables in the container and 1784 any service environment variables. If a variable cannot be resolved, 1785 the reference in the input string will be unchanged. Double $$ are reduced 1786 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. 1787 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 1788 Escaped references will never be expanded, regardless of whether the variable 1789 exists or not. 1790 Defaults to "". 1791 type: string 1792 valueFrom: 1793 description: Source for the environment variable's value. Cannot be used if value is not empty. 1794 type: object 1795 properties: 1796 configMapKeyRef: 1797 description: Selects a key of a ConfigMap. 1798 type: object 1799 required: 1800 - key 1801 properties: 1802 key: 1803 description: The key to select. 1804 type: string 1805 name: 1806 description: |- 1807 Name of the referent. 1808 This field is effectively required, but due to backwards compatibility is 1809 allowed to be empty. Instances of this type with an empty value here are 1810 almost certainly wrong. 1811 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1812 type: string 1813 default: "" 1814 optional: 1815 description: Specify whether the ConfigMap or its key must be defined 1816 type: boolean 1817 x-kubernetes-map-type: atomic 1818 fieldRef: 1819 description: |- 1820 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, 1821 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. 1822 type: object 1823 required: 1824 - fieldPath 1825 properties: 1826 apiVersion: 1827 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 1828 type: string 1829 fieldPath: 1830 description: Path of the field to select in the specified API version. 1831 type: string 1832 x-kubernetes-map-type: atomic 1833 resourceFieldRef: 1834 description: |- 1835 Selects a resource of the container: only resources limits and requests 1836 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 1837 type: object 1838 required: 1839 - resource 1840 properties: 1841 containerName: 1842 description: 'Container name: required for volumes, optional for env vars' 1843 type: string 1844 divisor: 1845 description: Specifies the output format of the exposed resources, defaults to "1" 1846 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1847 anyOf: 1848 - type: integer 1849 - type: string 1850 x-kubernetes-int-or-string: true 1851 resource: 1852 description: 'Required: resource to select' 1853 type: string 1854 x-kubernetes-map-type: atomic 1855 secretKeyRef: 1856 description: Selects a key of a secret in the pod's namespace 1857 type: object 1858 required: 1859 - key 1860 properties: 1861 key: 1862 description: The key of the secret to select from. Must be a valid secret key. 1863 type: string 1864 name: 1865 description: |- 1866 Name of the referent. 1867 This field is effectively required, but due to backwards compatibility is 1868 allowed to be empty. Instances of this type with an empty value here are 1869 almost certainly wrong. 1870 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1871 type: string 1872 default: "" 1873 optional: 1874 description: Specify whether the Secret or its key must be defined 1875 type: boolean 1876 x-kubernetes-map-type: atomic 1877 x-kubernetes-list-map-keys: 1878 - name 1879 x-kubernetes-list-type: map 1880 envFrom: 1881 description: |- 1882 List of sources to populate environment variables in the container. 1883 The keys defined within a source must be a C_IDENTIFIER. All invalid keys 1884 will be reported as an event when the container is starting. When a key exists in multiple 1885 sources, the value associated with the last source will take precedence. 1886 Values defined by an Env with a duplicate key will take precedence. 1887 Cannot be updated. 1888 type: array 1889 items: 1890 description: EnvFromSource represents the source of a set of ConfigMaps 1891 type: object 1892 properties: 1893 configMapRef: 1894 description: The ConfigMap to select from 1895 type: object 1896 properties: 1897 name: 1898 description: |- 1899 Name of the referent. 1900 This field is effectively required, but due to backwards compatibility is 1901 allowed to be empty. Instances of this type with an empty value here are 1902 almost certainly wrong. 1903 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1904 type: string 1905 default: "" 1906 optional: 1907 description: Specify whether the ConfigMap must be defined 1908 type: boolean 1909 x-kubernetes-map-type: atomic 1910 prefix: 1911 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 1912 type: string 1913 secretRef: 1914 description: The Secret to select from 1915 type: object 1916 properties: 1917 name: 1918 description: |- 1919 Name of the referent. 1920 This field is effectively required, but due to backwards compatibility is 1921 allowed to be empty. Instances of this type with an empty value here are 1922 almost certainly wrong. 1923 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1924 type: string 1925 default: "" 1926 optional: 1927 description: Specify whether the Secret must be defined 1928 type: boolean 1929 x-kubernetes-map-type: atomic 1930 x-kubernetes-list-type: atomic 1931 image: 1932 description: |- 1933 Container image name. 1934 More info: https://kubernetes.io/docs/concepts/containers/images 1935 This field is optional to allow higher level config management to default or override 1936 container images in workload controllers like Deployments and StatefulSets. 1937 type: string 1938 imagePullPolicy: 1939 description: |- 1940 Image pull policy. 1941 One of Always, Never, IfNotPresent. 1942 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 1943 Cannot be updated. 1944 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 1945 type: string 1946 lifecycle: 1947 description: |- 1948 Actions that the management system should take in response to container lifecycle events. 1949 Cannot be updated. 1950 type: object 1951 properties: 1952 postStart: 1953 description: |- 1954 PostStart is called immediately after a container is created. If the handler fails, 1955 the container is terminated and restarted according to its restart policy. 1956 Other management of the container blocks until the hook completes. 1957 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 1958 type: object 1959 properties: 1960 exec: 1961 description: Exec specifies the action to take. 1962 type: object 1963 properties: 1964 command: 1965 description: |- 1966 Command is the command line to execute inside the container, the working directory for the 1967 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1968 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1969 a shell, you need to explicitly call out to that shell. 1970 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1971 type: array 1972 items: 1973 type: string 1974 x-kubernetes-list-type: atomic 1975 httpGet: 1976 description: HTTPGet specifies the http request to perform. 1977 type: object 1978 required: 1979 - port 1980 properties: 1981 host: 1982 description: |- 1983 Host name to connect to, defaults to the pod IP. You probably want to set 1984 "Host" in httpHeaders instead. 1985 type: string 1986 httpHeaders: 1987 description: Custom headers to set in the request. HTTP allows repeated headers. 1988 type: array 1989 items: 1990 description: HTTPHeader describes a custom header to be used in HTTP probes 1991 type: object 1992 required: 1993 - name 1994 - value 1995 properties: 1996 name: 1997 description: |- 1998 The header field name. 1999 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2000 type: string 2001 value: 2002 description: The header field value 2003 type: string 2004 x-kubernetes-list-type: atomic 2005 path: 2006 description: Path to access on the HTTP server. 2007 type: string 2008 port: 2009 description: |- 2010 Name or number of the port to access on the container. 2011 Number must be in the range 1 to 65535. 2012 Name must be an IANA_SVC_NAME. 2013 anyOf: 2014 - type: integer 2015 - type: string 2016 x-kubernetes-int-or-string: true 2017 scheme: 2018 description: |- 2019 Scheme to use for connecting to the host. 2020 Defaults to HTTP. 2021 type: string 2022 sleep: 2023 description: Sleep represents the duration that the container should sleep before being terminated. 2024 type: object 2025 required: 2026 - seconds 2027 properties: 2028 seconds: 2029 description: Seconds is the number of seconds to sleep. 2030 type: integer 2031 format: int64 2032 tcpSocket: 2033 description: |- 2034 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 2035 for the backward compatibility. There are no validation of this field and 2036 lifecycle hooks will fail in runtime when tcp handler is specified. 2037 type: object 2038 required: 2039 - port 2040 properties: 2041 host: 2042 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2043 type: string 2044 port: 2045 description: |- 2046 Number or name of the port to access on the container. 2047 Number must be in the range 1 to 65535. 2048 Name must be an IANA_SVC_NAME. 2049 anyOf: 2050 - type: integer 2051 - type: string 2052 x-kubernetes-int-or-string: true 2053 preStop: 2054 description: |- 2055 PreStop is called immediately before a container is terminated due to an 2056 API request or management event such as liveness/startup probe failure, 2057 preemption, resource contention, etc. The handler is not called if the 2058 container crashes or exits. The Pod's termination grace period countdown begins before the 2059 PreStop hook is executed. Regardless of the outcome of the handler, the 2060 container will eventually terminate within the Pod's termination grace 2061 period (unless delayed by finalizers). Other management of the container blocks until the hook completes 2062 or until the termination grace period is reached. 2063 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 2064 type: object 2065 properties: 2066 exec: 2067 description: Exec specifies the action to take. 2068 type: object 2069 properties: 2070 command: 2071 description: |- 2072 Command is the command line to execute inside the container, the working directory for the 2073 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2074 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2075 a shell, you need to explicitly call out to that shell. 2076 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2077 type: array 2078 items: 2079 type: string 2080 x-kubernetes-list-type: atomic 2081 httpGet: 2082 description: HTTPGet specifies the http request to perform. 2083 type: object 2084 required: 2085 - port 2086 properties: 2087 host: 2088 description: |- 2089 Host name to connect to, defaults to the pod IP. You probably want to set 2090 "Host" in httpHeaders instead. 2091 type: string 2092 httpHeaders: 2093 description: Custom headers to set in the request. HTTP allows repeated headers. 2094 type: array 2095 items: 2096 description: HTTPHeader describes a custom header to be used in HTTP probes 2097 type: object 2098 required: 2099 - name 2100 - value 2101 properties: 2102 name: 2103 description: |- 2104 The header field name. 2105 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2106 type: string 2107 value: 2108 description: The header field value 2109 type: string 2110 x-kubernetes-list-type: atomic 2111 path: 2112 description: Path to access on the HTTP server. 2113 type: string 2114 port: 2115 description: |- 2116 Name or number of the port to access on the container. 2117 Number must be in the range 1 to 65535. 2118 Name must be an IANA_SVC_NAME. 2119 anyOf: 2120 - type: integer 2121 - type: string 2122 x-kubernetes-int-or-string: true 2123 scheme: 2124 description: |- 2125 Scheme to use for connecting to the host. 2126 Defaults to HTTP. 2127 type: string 2128 sleep: 2129 description: Sleep represents the duration that the container should sleep before being terminated. 2130 type: object 2131 required: 2132 - seconds 2133 properties: 2134 seconds: 2135 description: Seconds is the number of seconds to sleep. 2136 type: integer 2137 format: int64 2138 tcpSocket: 2139 description: |- 2140 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 2141 for the backward compatibility. There are no validation of this field and 2142 lifecycle hooks will fail in runtime when tcp handler is specified. 2143 type: object 2144 required: 2145 - port 2146 properties: 2147 host: 2148 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2149 type: string 2150 port: 2151 description: |- 2152 Number or name of the port to access on the container. 2153 Number must be in the range 1 to 65535. 2154 Name must be an IANA_SVC_NAME. 2155 anyOf: 2156 - type: integer 2157 - type: string 2158 x-kubernetes-int-or-string: true 2159 livenessProbe: 2160 description: |- 2161 Periodic probe of container liveness. 2162 Container will be restarted if the probe fails. 2163 Cannot be updated. 2164 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2165 type: object 2166 properties: 2167 exec: 2168 description: Exec specifies the action to take. 2169 type: object 2170 properties: 2171 command: 2172 description: |- 2173 Command is the command line to execute inside the container, the working directory for the 2174 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2175 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2176 a shell, you need to explicitly call out to that shell. 2177 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2178 type: array 2179 items: 2180 type: string 2181 x-kubernetes-list-type: atomic 2182 failureThreshold: 2183 description: |- 2184 Minimum consecutive failures for the probe to be considered failed after having succeeded. 2185 Defaults to 3. Minimum value is 1. 2186 type: integer 2187 format: int32 2188 grpc: 2189 description: GRPC specifies an action involving a GRPC port. 2190 type: object 2191 required: 2192 - port 2193 properties: 2194 port: 2195 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2196 type: integer 2197 format: int32 2198 service: 2199 description: |- 2200 Service is the name of the service to place in the gRPC HealthCheckRequest 2201 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2202 2203 If this is not specified, the default behavior is defined by gRPC. 2204 type: string 2205 default: "" 2206 httpGet: 2207 description: HTTPGet specifies the http request to perform. 2208 type: object 2209 required: 2210 - port 2211 properties: 2212 host: 2213 description: |- 2214 Host name to connect to, defaults to the pod IP. You probably want to set 2215 "Host" in httpHeaders instead. 2216 type: string 2217 httpHeaders: 2218 description: Custom headers to set in the request. HTTP allows repeated headers. 2219 type: array 2220 items: 2221 description: HTTPHeader describes a custom header to be used in HTTP probes 2222 type: object 2223 required: 2224 - name 2225 - value 2226 properties: 2227 name: 2228 description: |- 2229 The header field name. 2230 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2231 type: string 2232 value: 2233 description: The header field value 2234 type: string 2235 x-kubernetes-list-type: atomic 2236 path: 2237 description: Path to access on the HTTP server. 2238 type: string 2239 port: 2240 description: |- 2241 Name or number of the port to access on the container. 2242 Number must be in the range 1 to 65535. 2243 Name must be an IANA_SVC_NAME. 2244 anyOf: 2245 - type: integer 2246 - type: string 2247 x-kubernetes-int-or-string: true 2248 scheme: 2249 description: |- 2250 Scheme to use for connecting to the host. 2251 Defaults to HTTP. 2252 type: string 2253 initialDelaySeconds: 2254 description: |- 2255 Number of seconds after the container has started before liveness probes are initiated. 2256 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2257 type: integer 2258 format: int32 2259 periodSeconds: 2260 description: |- 2261 How often (in seconds) to perform the probe. 2262 Default to 10 seconds. Minimum value is 1. 2263 type: integer 2264 format: int32 2265 successThreshold: 2266 description: |- 2267 Minimum consecutive successes for the probe to be considered successful after having failed. 2268 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2269 type: integer 2270 format: int32 2271 tcpSocket: 2272 description: TCPSocket specifies an action involving a TCP port. 2273 type: object 2274 required: 2275 - port 2276 properties: 2277 host: 2278 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2279 type: string 2280 port: 2281 description: |- 2282 Number or name of the port to access on the container. 2283 Number must be in the range 1 to 65535. 2284 Name must be an IANA_SVC_NAME. 2285 anyOf: 2286 - type: integer 2287 - type: string 2288 x-kubernetes-int-or-string: true 2289 terminationGracePeriodSeconds: 2290 description: |- 2291 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 2292 The grace period is the duration in seconds after the processes running in the pod are sent 2293 a termination signal and the time when the processes are forcibly halted with a kill signal. 2294 Set this value longer than the expected cleanup time for your process. 2295 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 2296 value overrides the value provided by the pod spec. 2297 Value must be non-negative integer. The value zero indicates stop immediately via 2298 the kill signal (no opportunity to shut down). 2299 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 2300 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2301 type: integer 2302 format: int64 2303 timeoutSeconds: 2304 description: |- 2305 Number of seconds after which the probe times out. 2306 Defaults to 1 second. Minimum value is 1. 2307 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2308 type: integer 2309 format: int32 2310 name: 2311 description: |- 2312 Name of the container specified as a DNS_LABEL. 2313 Each container in a pod must have a unique name (DNS_LABEL). 2314 Cannot be updated. 2315 type: string 2316 ports: 2317 description: |- 2318 List of ports to expose from the container. Not specifying a port here 2319 DOES NOT prevent that port from being exposed. Any port which is 2320 listening on the default "0.0.0.0" address inside a container will be 2321 accessible from the network. 2322 Modifying this array with strategic merge patch may corrupt the data. 2323 For more information See https://github.com/kubernetes/kubernetes/issues/108255. 2324 Cannot be updated. 2325 type: array 2326 items: 2327 description: ContainerPort represents a network port in a single container. 2328 type: object 2329 required: 2330 - containerPort 2331 properties: 2332 containerPort: 2333 description: |- 2334 Number of port to expose on the pod's IP address. 2335 This must be a valid port number, 0 < x < 65536. 2336 type: integer 2337 format: int32 2338 hostIP: 2339 description: What host IP to bind the external port to. 2340 type: string 2341 hostPort: 2342 description: |- 2343 Number of port to expose on the host. 2344 If specified, this must be a valid port number, 0 < x < 65536. 2345 If HostNetwork is specified, this must match ContainerPort. 2346 Most containers do not need this. 2347 type: integer 2348 format: int32 2349 name: 2350 description: |- 2351 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 2352 named port in a pod must have a unique name. Name for the port that can be 2353 referred to by services. 2354 type: string 2355 protocol: 2356 description: |- 2357 Protocol for port. Must be UDP, TCP, or SCTP. 2358 Defaults to "TCP". 2359 type: string 2360 default: TCP 2361 x-kubernetes-list-map-keys: 2362 - containerPort 2363 - protocol 2364 x-kubernetes-list-type: map 2365 readinessProbe: 2366 description: |- 2367 Periodic probe of container service readiness. 2368 Container will be removed from service endpoints if the probe fails. 2369 Cannot be updated. 2370 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2371 type: object 2372 properties: 2373 exec: 2374 description: Exec specifies the action to take. 2375 type: object 2376 properties: 2377 command: 2378 description: |- 2379 Command is the command line to execute inside the container, the working directory for the 2380 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2381 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2382 a shell, you need to explicitly call out to that shell. 2383 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2384 type: array 2385 items: 2386 type: string 2387 x-kubernetes-list-type: atomic 2388 failureThreshold: 2389 description: |- 2390 Minimum consecutive failures for the probe to be considered failed after having succeeded. 2391 Defaults to 3. Minimum value is 1. 2392 type: integer 2393 format: int32 2394 grpc: 2395 description: GRPC specifies an action involving a GRPC port. 2396 type: object 2397 required: 2398 - port 2399 properties: 2400 port: 2401 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2402 type: integer 2403 format: int32 2404 service: 2405 description: |- 2406 Service is the name of the service to place in the gRPC HealthCheckRequest 2407 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2408 2409 If this is not specified, the default behavior is defined by gRPC. 2410 type: string 2411 default: "" 2412 httpGet: 2413 description: HTTPGet specifies the http request to perform. 2414 type: object 2415 required: 2416 - port 2417 properties: 2418 host: 2419 description: |- 2420 Host name to connect to, defaults to the pod IP. You probably want to set 2421 "Host" in httpHeaders instead. 2422 type: string 2423 httpHeaders: 2424 description: Custom headers to set in the request. HTTP allows repeated headers. 2425 type: array 2426 items: 2427 description: HTTPHeader describes a custom header to be used in HTTP probes 2428 type: object 2429 required: 2430 - name 2431 - value 2432 properties: 2433 name: 2434 description: |- 2435 The header field name. 2436 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2437 type: string 2438 value: 2439 description: The header field value 2440 type: string 2441 x-kubernetes-list-type: atomic 2442 path: 2443 description: Path to access on the HTTP server. 2444 type: string 2445 port: 2446 description: |- 2447 Name or number of the port to access on the container. 2448 Number must be in the range 1 to 65535. 2449 Name must be an IANA_SVC_NAME. 2450 anyOf: 2451 - type: integer 2452 - type: string 2453 x-kubernetes-int-or-string: true 2454 scheme: 2455 description: |- 2456 Scheme to use for connecting to the host. 2457 Defaults to HTTP. 2458 type: string 2459 initialDelaySeconds: 2460 description: |- 2461 Number of seconds after the container has started before liveness probes are initiated. 2462 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2463 type: integer 2464 format: int32 2465 periodSeconds: 2466 description: |- 2467 How often (in seconds) to perform the probe. 2468 Default to 10 seconds. Minimum value is 1. 2469 type: integer 2470 format: int32 2471 successThreshold: 2472 description: |- 2473 Minimum consecutive successes for the probe to be considered successful after having failed. 2474 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2475 type: integer 2476 format: int32 2477 tcpSocket: 2478 description: TCPSocket specifies an action involving a TCP port. 2479 type: object 2480 required: 2481 - port 2482 properties: 2483 host: 2484 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2485 type: string 2486 port: 2487 description: |- 2488 Number or name of the port to access on the container. 2489 Number must be in the range 1 to 65535. 2490 Name must be an IANA_SVC_NAME. 2491 anyOf: 2492 - type: integer 2493 - type: string 2494 x-kubernetes-int-or-string: true 2495 terminationGracePeriodSeconds: 2496 description: |- 2497 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 2498 The grace period is the duration in seconds after the processes running in the pod are sent 2499 a termination signal and the time when the processes are forcibly halted with a kill signal. 2500 Set this value longer than the expected cleanup time for your process. 2501 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 2502 value overrides the value provided by the pod spec. 2503 Value must be non-negative integer. The value zero indicates stop immediately via 2504 the kill signal (no opportunity to shut down). 2505 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 2506 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2507 type: integer 2508 format: int64 2509 timeoutSeconds: 2510 description: |- 2511 Number of seconds after which the probe times out. 2512 Defaults to 1 second. Minimum value is 1. 2513 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2514 type: integer 2515 format: int32 2516 resizePolicy: 2517 description: Resources resize policy for the container. 2518 type: array 2519 items: 2520 description: ContainerResizePolicy represents resource resize policy for the container. 2521 type: object 2522 required: 2523 - resourceName 2524 - restartPolicy 2525 properties: 2526 resourceName: 2527 description: |- 2528 Name of the resource to which this resource resize policy applies. 2529 Supported values: cpu, memory. 2530 type: string 2531 restartPolicy: 2532 description: |- 2533 Restart policy to apply when specified resource is resized. 2534 If not specified, it defaults to NotRequired. 2535 type: string 2536 x-kubernetes-list-type: atomic 2537 resources: 2538 description: |- 2539 Compute Resources required by this container. 2540 Cannot be updated. 2541 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 2542 type: object 2543 properties: 2544 claims: 2545 description: |- 2546 Claims lists the names of resources, defined in spec.resourceClaims, 2547 that are used by this container. 2548 2549 This is an alpha field and requires enabling the 2550 DynamicResourceAllocation feature gate. 2551 2552 This field is immutable. It can only be set for containers. 2553 type: array 2554 items: 2555 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 2556 type: object 2557 required: 2558 - name 2559 properties: 2560 name: 2561 description: |- 2562 Name must match the name of one entry in pod.spec.resourceClaims of 2563 the Pod where this field is used. It makes that resource available 2564 inside a container. 2565 type: string 2566 request: 2567 description: |- 2568 Request is the name chosen for a request in the referenced claim. 2569 If empty, everything from the claim is made available, otherwise 2570 only the result of this request. 2571 type: string 2572 x-kubernetes-list-map-keys: 2573 - name 2574 x-kubernetes-list-type: map 2575 limits: 2576 description: |- 2577 Limits describes the maximum amount of compute resources allowed. 2578 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 2579 type: object 2580 additionalProperties: 2581 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2582 anyOf: 2583 - type: integer 2584 - type: string 2585 x-kubernetes-int-or-string: true 2586 requests: 2587 description: |- 2588 Requests describes the minimum amount of compute resources required. 2589 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 2590 otherwise to an implementation-defined value. Requests cannot exceed Limits. 2591 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 2592 type: object 2593 additionalProperties: 2594 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2595 anyOf: 2596 - type: integer 2597 - type: string 2598 x-kubernetes-int-or-string: true 2599 restartPolicy: 2600 description: |- 2601 RestartPolicy defines the restart behavior of individual containers in a pod. 2602 This field may only be set for init containers, and the only allowed value is "Always". 2603 For non-init containers or when this field is not specified, 2604 the restart behavior is defined by the Pod's restart policy and the container type. 2605 Setting the RestartPolicy as "Always" for the init container will have the following effect: 2606 this init container will be continually restarted on 2607 exit until all regular containers have terminated. Once all regular 2608 containers have completed, all init containers with restartPolicy "Always" 2609 will be shut down. This lifecycle differs from normal init containers and 2610 is often referred to as a "sidecar" container. Although this init 2611 container still starts in the init container sequence, it does not wait 2612 for the container to complete before proceeding to the next init 2613 container. Instead, the next init container starts immediately after this 2614 init container is started, or after any startupProbe has successfully 2615 completed. 2616 type: string 2617 securityContext: 2618 description: |- 2619 SecurityContext defines the security options the container should be run with. 2620 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. 2621 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 2622 type: object 2623 properties: 2624 allowPrivilegeEscalation: 2625 description: |- 2626 AllowPrivilegeEscalation controls whether a process can gain more 2627 privileges than its parent process. This bool directly controls if 2628 the no_new_privs flag will be set on the container process. 2629 AllowPrivilegeEscalation is true always when the container is: 2630 1) run as Privileged 2631 2) has CAP_SYS_ADMIN 2632 Note that this field cannot be set when spec.os.name is windows. 2633 type: boolean 2634 appArmorProfile: 2635 description: |- 2636 appArmorProfile is the AppArmor options to use by this container. If set, this profile 2637 overrides the pod's appArmorProfile. 2638 Note that this field cannot be set when spec.os.name is windows. 2639 type: object 2640 required: 2641 - type 2642 properties: 2643 localhostProfile: 2644 description: |- 2645 localhostProfile indicates a profile loaded on the node that should be used. 2646 The profile must be preconfigured on the node to work. 2647 Must match the loaded name of the profile. 2648 Must be set if and only if type is "Localhost". 2649 type: string 2650 type: 2651 description: |- 2652 type indicates which kind of AppArmor profile will be applied. 2653 Valid options are: 2654 Localhost - a profile pre-loaded on the node. 2655 RuntimeDefault - the container runtime's default profile. 2656 Unconfined - no AppArmor enforcement. 2657 type: string 2658 capabilities: 2659 description: |- 2660 The capabilities to add/drop when running containers. 2661 Defaults to the default set of capabilities granted by the container runtime. 2662 Note that this field cannot be set when spec.os.name is windows. 2663 type: object 2664 properties: 2665 add: 2666 description: Added capabilities 2667 type: array 2668 items: 2669 description: Capability represent POSIX capabilities type 2670 type: string 2671 x-kubernetes-list-type: atomic 2672 drop: 2673 description: Removed capabilities 2674 type: array 2675 items: 2676 description: Capability represent POSIX capabilities type 2677 type: string 2678 x-kubernetes-list-type: atomic 2679 privileged: 2680 description: |- 2681 Run container in privileged mode. 2682 Processes in privileged containers are essentially equivalent to root on the host. 2683 Defaults to false. 2684 Note that this field cannot be set when spec.os.name is windows. 2685 type: boolean 2686 procMount: 2687 description: |- 2688 procMount denotes the type of proc mount to use for the containers. 2689 The default value is Default which uses the container runtime defaults for 2690 readonly paths and masked paths. 2691 This requires the ProcMountType feature flag to be enabled. 2692 Note that this field cannot be set when spec.os.name is windows. 2693 type: string 2694 readOnlyRootFilesystem: 2695 description: |- 2696 Whether this container has a read-only root filesystem. 2697 Default is false. 2698 Note that this field cannot be set when spec.os.name is windows. 2699 type: boolean 2700 runAsGroup: 2701 description: |- 2702 The GID to run the entrypoint of the container process. 2703 Uses runtime default if unset. 2704 May also be set in PodSecurityContext. If set in both SecurityContext and 2705 PodSecurityContext, the value specified in SecurityContext takes precedence. 2706 Note that this field cannot be set when spec.os.name is windows. 2707 type: integer 2708 format: int64 2709 runAsNonRoot: 2710 description: |- 2711 Indicates that the container must run as a non-root user. 2712 If true, the Kubelet will validate the image at runtime to ensure that it 2713 does not run as UID 0 (root) and fail to start the container if it does. 2714 If unset or false, no such validation will be performed. 2715 May also be set in PodSecurityContext. If set in both SecurityContext and 2716 PodSecurityContext, the value specified in SecurityContext takes precedence. 2717 type: boolean 2718 runAsUser: 2719 description: |- 2720 The UID to run the entrypoint of the container process. 2721 Defaults to user specified in image metadata if unspecified. 2722 May also be set in PodSecurityContext. If set in both SecurityContext and 2723 PodSecurityContext, the value specified in SecurityContext takes precedence. 2724 Note that this field cannot be set when spec.os.name is windows. 2725 type: integer 2726 format: int64 2727 seLinuxOptions: 2728 description: |- 2729 The SELinux context to be applied to the container. 2730 If unspecified, the container runtime will allocate a random SELinux context for each 2731 container. May also be set in PodSecurityContext. If set in both SecurityContext and 2732 PodSecurityContext, the value specified in SecurityContext takes precedence. 2733 Note that this field cannot be set when spec.os.name is windows. 2734 type: object 2735 properties: 2736 level: 2737 description: Level is SELinux level label that applies to the container. 2738 type: string 2739 role: 2740 description: Role is a SELinux role label that applies to the container. 2741 type: string 2742 type: 2743 description: Type is a SELinux type label that applies to the container. 2744 type: string 2745 user: 2746 description: User is a SELinux user label that applies to the container. 2747 type: string 2748 seccompProfile: 2749 description: |- 2750 The seccomp options to use by this container. If seccomp options are 2751 provided at both the pod & container level, the container options 2752 override the pod options. 2753 Note that this field cannot be set when spec.os.name is windows. 2754 type: object 2755 required: 2756 - type 2757 properties: 2758 localhostProfile: 2759 description: |- 2760 localhostProfile indicates a profile defined in a file on the node should be used. 2761 The profile must be preconfigured on the node to work. 2762 Must be a descending path, relative to the kubelet's configured seccomp profile location. 2763 Must be set if type is "Localhost". Must NOT be set for any other type. 2764 type: string 2765 type: 2766 description: |- 2767 type indicates which kind of seccomp profile will be applied. 2768 Valid options are: 2769 2770 Localhost - a profile defined in a file on the node should be used. 2771 RuntimeDefault - the container runtime default profile should be used. 2772 Unconfined - no profile should be applied. 2773 type: string 2774 windowsOptions: 2775 description: |- 2776 The Windows specific settings applied to all containers. 2777 If unspecified, the options from the PodSecurityContext will be used. 2778 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2779 Note that this field cannot be set when spec.os.name is linux. 2780 type: object 2781 properties: 2782 gmsaCredentialSpec: 2783 description: |- 2784 GMSACredentialSpec is where the GMSA admission webhook 2785 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 2786 GMSA credential spec named by the GMSACredentialSpecName field. 2787 type: string 2788 gmsaCredentialSpecName: 2789 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 2790 type: string 2791 hostProcess: 2792 description: |- 2793 HostProcess determines if a container should be run as a 'Host Process' container. 2794 All of a Pod's containers must have the same effective HostProcess value 2795 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 2796 In addition, if HostProcess is true then HostNetwork must also be set to true. 2797 type: boolean 2798 runAsUserName: 2799 description: |- 2800 The UserName in Windows to run the entrypoint of the container process. 2801 Defaults to the user specified in image metadata if unspecified. 2802 May also be set in PodSecurityContext. If set in both SecurityContext and 2803 PodSecurityContext, the value specified in SecurityContext takes precedence. 2804 type: string 2805 startupProbe: 2806 description: |- 2807 StartupProbe indicates that the Pod has successfully initialized. 2808 If specified, no other probes are executed until this completes successfully. 2809 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. 2810 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, 2811 when it might take a long time to load data or warm a cache, than during steady-state operation. 2812 This cannot be updated. 2813 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2814 type: object 2815 properties: 2816 exec: 2817 description: Exec specifies the action to take. 2818 type: object 2819 properties: 2820 command: 2821 description: |- 2822 Command is the command line to execute inside the container, the working directory for the 2823 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2824 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2825 a shell, you need to explicitly call out to that shell. 2826 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2827 type: array 2828 items: 2829 type: string 2830 x-kubernetes-list-type: atomic 2831 failureThreshold: 2832 description: |- 2833 Minimum consecutive failures for the probe to be considered failed after having succeeded. 2834 Defaults to 3. Minimum value is 1. 2835 type: integer 2836 format: int32 2837 grpc: 2838 description: GRPC specifies an action involving a GRPC port. 2839 type: object 2840 required: 2841 - port 2842 properties: 2843 port: 2844 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2845 type: integer 2846 format: int32 2847 service: 2848 description: |- 2849 Service is the name of the service to place in the gRPC HealthCheckRequest 2850 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2851 2852 If this is not specified, the default behavior is defined by gRPC. 2853 type: string 2854 default: "" 2855 httpGet: 2856 description: HTTPGet specifies the http request to perform. 2857 type: object 2858 required: 2859 - port 2860 properties: 2861 host: 2862 description: |- 2863 Host name to connect to, defaults to the pod IP. You probably want to set 2864 "Host" in httpHeaders instead. 2865 type: string 2866 httpHeaders: 2867 description: Custom headers to set in the request. HTTP allows repeated headers. 2868 type: array 2869 items: 2870 description: HTTPHeader describes a custom header to be used in HTTP probes 2871 type: object 2872 required: 2873 - name 2874 - value 2875 properties: 2876 name: 2877 description: |- 2878 The header field name. 2879 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2880 type: string 2881 value: 2882 description: The header field value 2883 type: string 2884 x-kubernetes-list-type: atomic 2885 path: 2886 description: Path to access on the HTTP server. 2887 type: string 2888 port: 2889 description: |- 2890 Name or number of the port to access on the container. 2891 Number must be in the range 1 to 65535. 2892 Name must be an IANA_SVC_NAME. 2893 anyOf: 2894 - type: integer 2895 - type: string 2896 x-kubernetes-int-or-string: true 2897 scheme: 2898 description: |- 2899 Scheme to use for connecting to the host. 2900 Defaults to HTTP. 2901 type: string 2902 initialDelaySeconds: 2903 description: |- 2904 Number of seconds after the container has started before liveness probes are initiated. 2905 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2906 type: integer 2907 format: int32 2908 periodSeconds: 2909 description: |- 2910 How often (in seconds) to perform the probe. 2911 Default to 10 seconds. Minimum value is 1. 2912 type: integer 2913 format: int32 2914 successThreshold: 2915 description: |- 2916 Minimum consecutive successes for the probe to be considered successful after having failed. 2917 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2918 type: integer 2919 format: int32 2920 tcpSocket: 2921 description: TCPSocket specifies an action involving a TCP port. 2922 type: object 2923 required: 2924 - port 2925 properties: 2926 host: 2927 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2928 type: string 2929 port: 2930 description: |- 2931 Number or name of the port to access on the container. 2932 Number must be in the range 1 to 65535. 2933 Name must be an IANA_SVC_NAME. 2934 anyOf: 2935 - type: integer 2936 - type: string 2937 x-kubernetes-int-or-string: true 2938 terminationGracePeriodSeconds: 2939 description: |- 2940 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 2941 The grace period is the duration in seconds after the processes running in the pod are sent 2942 a termination signal and the time when the processes are forcibly halted with a kill signal. 2943 Set this value longer than the expected cleanup time for your process. 2944 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 2945 value overrides the value provided by the pod spec. 2946 Value must be non-negative integer. The value zero indicates stop immediately via 2947 the kill signal (no opportunity to shut down). 2948 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 2949 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2950 type: integer 2951 format: int64 2952 timeoutSeconds: 2953 description: |- 2954 Number of seconds after which the probe times out. 2955 Defaults to 1 second. Minimum value is 1. 2956 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2957 type: integer 2958 format: int32 2959 stdin: 2960 description: |- 2961 Whether this container should allocate a buffer for stdin in the container runtime. If this 2962 is not set, reads from stdin in the container will always result in EOF. 2963 Default is false. 2964 type: boolean 2965 stdinOnce: 2966 description: |- 2967 Whether the container runtime should close the stdin channel after it has been opened by 2968 a single attach. When stdin is true the stdin stream will remain open across multiple attach 2969 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 2970 first client attaches to stdin, and then remains open and accepts data until the client disconnects, 2971 at which time stdin is closed and remains closed until the container is restarted. If this 2972 flag is false, a container processes that reads from stdin will never receive an EOF. 2973 Default is false 2974 type: boolean 2975 terminationMessagePath: 2976 description: |- 2977 Optional: Path at which the file to which the container's termination message 2978 will be written is mounted into the container's filesystem. 2979 Message written is intended to be brief final status, such as an assertion failure message. 2980 Will be truncated by the node if greater than 4096 bytes. The total message length across 2981 all containers will be limited to 12kb. 2982 Defaults to /dev/termination-log. 2983 Cannot be updated. 2984 type: string 2985 terminationMessagePolicy: 2986 description: |- 2987 Indicate how the termination message should be populated. File will use the contents of 2988 terminationMessagePath to populate the container status message on both success and failure. 2989 FallbackToLogsOnError will use the last chunk of container log output if the termination 2990 message file is empty and the container exited with an error. 2991 The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 2992 Defaults to File. 2993 Cannot be updated. 2994 type: string 2995 tty: 2996 description: |- 2997 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 2998 Default is false. 2999 type: boolean 3000 volumeDevices: 3001 description: volumeDevices is the list of block devices to be used by the container. 3002 type: array 3003 items: 3004 description: volumeDevice describes a mapping of a raw block device within a container. 3005 type: object 3006 required: 3007 - devicePath 3008 - name 3009 properties: 3010 devicePath: 3011 description: devicePath is the path inside of the container that the device will be mapped to. 3012 type: string 3013 name: 3014 description: name must match the name of a persistentVolumeClaim in the pod 3015 type: string 3016 x-kubernetes-list-map-keys: 3017 - devicePath 3018 x-kubernetes-list-type: map 3019 volumeMounts: 3020 description: |- 3021 Pod volumes to mount into the container's filesystem. 3022 Cannot be updated. 3023 type: array 3024 items: 3025 description: VolumeMount describes a mounting of a Volume within a container. 3026 type: object 3027 required: 3028 - mountPath 3029 - name 3030 properties: 3031 mountPath: 3032 description: |- 3033 Path within the container at which the volume should be mounted. Must 3034 not contain ':'. 3035 type: string 3036 mountPropagation: 3037 description: |- 3038 mountPropagation determines how mounts are propagated from the host 3039 to container and the other way around. 3040 When not set, MountPropagationNone is used. 3041 This field is beta in 1.10. 3042 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified 3043 (which defaults to None). 3044 type: string 3045 name: 3046 description: This must match the Name of a Volume. 3047 type: string 3048 readOnly: 3049 description: |- 3050 Mounted read-only if true, read-write otherwise (false or unspecified). 3051 Defaults to false. 3052 type: boolean 3053 recursiveReadOnly: 3054 description: |- 3055 RecursiveReadOnly specifies whether read-only mounts should be handled 3056 recursively. 3057 3058 If ReadOnly is false, this field has no meaning and must be unspecified. 3059 3060 If ReadOnly is true, and this field is set to Disabled, the mount is not made 3061 recursively read-only. If this field is set to IfPossible, the mount is made 3062 recursively read-only, if it is supported by the container runtime. If this 3063 field is set to Enabled, the mount is made recursively read-only if it is 3064 supported by the container runtime, otherwise the pod will not be started and 3065 an error will be generated to indicate the reason. 3066 3067 If this field is set to IfPossible or Enabled, MountPropagation must be set to 3068 None (or be unspecified, which defaults to None). 3069 3070 If this field is not specified, it is treated as an equivalent of Disabled. 3071 type: string 3072 subPath: 3073 description: |- 3074 Path within the volume from which the container's volume should be mounted. 3075 Defaults to "" (volume's root). 3076 type: string 3077 subPathExpr: 3078 description: |- 3079 Expanded path within the volume from which the container's volume should be mounted. 3080 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. 3081 Defaults to "" (volume's root). 3082 SubPathExpr and SubPath are mutually exclusive. 3083 type: string 3084 x-kubernetes-list-map-keys: 3085 - mountPath 3086 x-kubernetes-list-type: map 3087 workingDir: 3088 description: |- 3089 Container's working directory. 3090 If not specified, the container runtime's default will be used, which 3091 might be configured in the container image. 3092 Cannot be updated. 3093 type: string 3094 x-kubernetes-list-map-keys: 3095 - name 3096 x-kubernetes-list-type: map 3097 dnsConfig: 3098 description: |- 3099 Specifies the DNS parameters of a pod. 3100 Parameters specified here will be merged to the generated DNS 3101 configuration based on DNSPolicy. 3102 type: object 3103 properties: 3104 nameservers: 3105 description: |- 3106 A list of DNS name server IP addresses. 3107 This will be appended to the base nameservers generated from DNSPolicy. 3108 Duplicated nameservers will be removed. 3109 type: array 3110 items: 3111 type: string 3112 x-kubernetes-list-type: atomic 3113 options: 3114 description: |- 3115 A list of DNS resolver options. 3116 This will be merged with the base options generated from DNSPolicy. 3117 Duplicated entries will be removed. Resolution options given in Options 3118 will override those that appear in the base DNSPolicy. 3119 type: array 3120 items: 3121 description: PodDNSConfigOption defines DNS resolver options of a pod. 3122 type: object 3123 properties: 3124 name: 3125 description: Required. 3126 type: string 3127 value: 3128 type: string 3129 x-kubernetes-list-type: atomic 3130 searches: 3131 description: |- 3132 A list of DNS search domains for host-name lookup. 3133 This will be appended to the base search paths generated from DNSPolicy. 3134 Duplicated search paths will be removed. 3135 type: array 3136 items: 3137 type: string 3138 x-kubernetes-list-type: atomic 3139 dnsPolicy: 3140 description: |- 3141 Set DNS policy for the pod. 3142 Defaults to "ClusterFirst". 3143 Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. 3144 DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. 3145 To have DNS options set along with hostNetwork, you have to specify DNS policy 3146 explicitly to 'ClusterFirstWithHostNet'. 3147 type: string 3148 enableServiceLinks: 3149 description: |- 3150 EnableServiceLinks indicates whether information about services should be injected into pod's 3151 environment variables, matching the syntax of Docker links. 3152 Optional: Defaults to true. 3153 type: boolean 3154 ephemeralContainers: 3155 description: |- 3156 List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing 3157 pod to perform user-initiated actions such as debugging. This list cannot be specified when 3158 creating a pod, and it cannot be modified by updating the pod spec. In order to add an 3159 ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 3160 type: array 3161 items: 3162 description: |- 3163 An EphemeralContainer is a temporary container that you may add to an existing Pod for 3164 user-initiated activities such as debugging. Ephemeral containers have no resource or 3165 scheduling guarantees, and they will not be restarted when they exit or when a Pod is 3166 removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the 3167 Pod to exceed its resource allocation. 3168 3169 To add an ephemeral container, use the ephemeralcontainers subresource of an existing 3170 Pod. Ephemeral containers may not be removed or restarted. 3171 type: object 3172 required: 3173 - name 3174 properties: 3175 args: 3176 description: |- 3177 Arguments to the entrypoint. 3178 The image's CMD is used if this is not provided. 3179 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 3180 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 3181 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 3182 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 3183 of whether the variable exists or not. Cannot be updated. 3184 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 3185 type: array 3186 items: 3187 type: string 3188 x-kubernetes-list-type: atomic 3189 command: 3190 description: |- 3191 Entrypoint array. Not executed within a shell. 3192 The image's ENTRYPOINT is used if this is not provided. 3193 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 3194 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 3195 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 3196 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 3197 of whether the variable exists or not. Cannot be updated. 3198 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 3199 type: array 3200 items: 3201 type: string 3202 x-kubernetes-list-type: atomic 3203 env: 3204 description: |- 3205 List of environment variables to set in the container. 3206 Cannot be updated. 3207 type: array 3208 items: 3209 description: EnvVar represents an environment variable present in a Container. 3210 type: object 3211 required: 3212 - name 3213 properties: 3214 name: 3215 description: Name of the environment variable. Must be a C_IDENTIFIER. 3216 type: string 3217 value: 3218 description: |- 3219 Variable references $(VAR_NAME) are expanded 3220 using the previously defined environment variables in the container and 3221 any service environment variables. If a variable cannot be resolved, 3222 the reference in the input string will be unchanged. Double $$ are reduced 3223 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. 3224 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 3225 Escaped references will never be expanded, regardless of whether the variable 3226 exists or not. 3227 Defaults to "". 3228 type: string 3229 valueFrom: 3230 description: Source for the environment variable's value. Cannot be used if value is not empty. 3231 type: object 3232 properties: 3233 configMapKeyRef: 3234 description: Selects a key of a ConfigMap. 3235 type: object 3236 required: 3237 - key 3238 properties: 3239 key: 3240 description: The key to select. 3241 type: string 3242 name: 3243 description: |- 3244 Name of the referent. 3245 This field is effectively required, but due to backwards compatibility is 3246 allowed to be empty. Instances of this type with an empty value here are 3247 almost certainly wrong. 3248 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3249 type: string 3250 default: "" 3251 optional: 3252 description: Specify whether the ConfigMap or its key must be defined 3253 type: boolean 3254 x-kubernetes-map-type: atomic 3255 fieldRef: 3256 description: |- 3257 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, 3258 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. 3259 type: object 3260 required: 3261 - fieldPath 3262 properties: 3263 apiVersion: 3264 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 3265 type: string 3266 fieldPath: 3267 description: Path of the field to select in the specified API version. 3268 type: string 3269 x-kubernetes-map-type: atomic 3270 resourceFieldRef: 3271 description: |- 3272 Selects a resource of the container: only resources limits and requests 3273 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 3274 type: object 3275 required: 3276 - resource 3277 properties: 3278 containerName: 3279 description: 'Container name: required for volumes, optional for env vars' 3280 type: string 3281 divisor: 3282 description: Specifies the output format of the exposed resources, defaults to "1" 3283 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3284 anyOf: 3285 - type: integer 3286 - type: string 3287 x-kubernetes-int-or-string: true 3288 resource: 3289 description: 'Required: resource to select' 3290 type: string 3291 x-kubernetes-map-type: atomic 3292 secretKeyRef: 3293 description: Selects a key of a secret in the pod's namespace 3294 type: object 3295 required: 3296 - key 3297 properties: 3298 key: 3299 description: The key of the secret to select from. Must be a valid secret key. 3300 type: string 3301 name: 3302 description: |- 3303 Name of the referent. 3304 This field is effectively required, but due to backwards compatibility is 3305 allowed to be empty. Instances of this type with an empty value here are 3306 almost certainly wrong. 3307 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3308 type: string 3309 default: "" 3310 optional: 3311 description: Specify whether the Secret or its key must be defined 3312 type: boolean 3313 x-kubernetes-map-type: atomic 3314 x-kubernetes-list-map-keys: 3315 - name 3316 x-kubernetes-list-type: map 3317 envFrom: 3318 description: |- 3319 List of sources to populate environment variables in the container. 3320 The keys defined within a source must be a C_IDENTIFIER. All invalid keys 3321 will be reported as an event when the container is starting. When a key exists in multiple 3322 sources, the value associated with the last source will take precedence. 3323 Values defined by an Env with a duplicate key will take precedence. 3324 Cannot be updated. 3325 type: array 3326 items: 3327 description: EnvFromSource represents the source of a set of ConfigMaps 3328 type: object 3329 properties: 3330 configMapRef: 3331 description: The ConfigMap to select from 3332 type: object 3333 properties: 3334 name: 3335 description: |- 3336 Name of the referent. 3337 This field is effectively required, but due to backwards compatibility is 3338 allowed to be empty. Instances of this type with an empty value here are 3339 almost certainly wrong. 3340 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3341 type: string 3342 default: "" 3343 optional: 3344 description: Specify whether the ConfigMap must be defined 3345 type: boolean 3346 x-kubernetes-map-type: atomic 3347 prefix: 3348 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 3349 type: string 3350 secretRef: 3351 description: The Secret to select from 3352 type: object 3353 properties: 3354 name: 3355 description: |- 3356 Name of the referent. 3357 This field is effectively required, but due to backwards compatibility is 3358 allowed to be empty. Instances of this type with an empty value here are 3359 almost certainly wrong. 3360 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3361 type: string 3362 default: "" 3363 optional: 3364 description: Specify whether the Secret must be defined 3365 type: boolean 3366 x-kubernetes-map-type: atomic 3367 x-kubernetes-list-type: atomic 3368 image: 3369 description: |- 3370 Container image name. 3371 More info: https://kubernetes.io/docs/concepts/containers/images 3372 type: string 3373 imagePullPolicy: 3374 description: |- 3375 Image pull policy. 3376 One of Always, Never, IfNotPresent. 3377 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 3378 Cannot be updated. 3379 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 3380 type: string 3381 lifecycle: 3382 description: Lifecycle is not allowed for ephemeral containers. 3383 type: object 3384 properties: 3385 postStart: 3386 description: |- 3387 PostStart is called immediately after a container is created. If the handler fails, 3388 the container is terminated and restarted according to its restart policy. 3389 Other management of the container blocks until the hook completes. 3390 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 3391 type: object 3392 properties: 3393 exec: 3394 description: Exec specifies the action to take. 3395 type: object 3396 properties: 3397 command: 3398 description: |- 3399 Command is the command line to execute inside the container, the working directory for the 3400 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 3401 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 3402 a shell, you need to explicitly call out to that shell. 3403 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3404 type: array 3405 items: 3406 type: string 3407 x-kubernetes-list-type: atomic 3408 httpGet: 3409 description: HTTPGet specifies the http request to perform. 3410 type: object 3411 required: 3412 - port 3413 properties: 3414 host: 3415 description: |- 3416 Host name to connect to, defaults to the pod IP. You probably want to set 3417 "Host" in httpHeaders instead. 3418 type: string 3419 httpHeaders: 3420 description: Custom headers to set in the request. HTTP allows repeated headers. 3421 type: array 3422 items: 3423 description: HTTPHeader describes a custom header to be used in HTTP probes 3424 type: object 3425 required: 3426 - name 3427 - value 3428 properties: 3429 name: 3430 description: |- 3431 The header field name. 3432 This will be canonicalized upon output, so case-variant names will be understood as the same header. 3433 type: string 3434 value: 3435 description: The header field value 3436 type: string 3437 x-kubernetes-list-type: atomic 3438 path: 3439 description: Path to access on the HTTP server. 3440 type: string 3441 port: 3442 description: |- 3443 Name or number of the port to access on the container. 3444 Number must be in the range 1 to 65535. 3445 Name must be an IANA_SVC_NAME. 3446 anyOf: 3447 - type: integer 3448 - type: string 3449 x-kubernetes-int-or-string: true 3450 scheme: 3451 description: |- 3452 Scheme to use for connecting to the host. 3453 Defaults to HTTP. 3454 type: string 3455 sleep: 3456 description: Sleep represents the duration that the container should sleep before being terminated. 3457 type: object 3458 required: 3459 - seconds 3460 properties: 3461 seconds: 3462 description: Seconds is the number of seconds to sleep. 3463 type: integer 3464 format: int64 3465 tcpSocket: 3466 description: |- 3467 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 3468 for the backward compatibility. There are no validation of this field and 3469 lifecycle hooks will fail in runtime when tcp handler is specified. 3470 type: object 3471 required: 3472 - port 3473 properties: 3474 host: 3475 description: 'Optional: Host name to connect to, defaults to the pod IP.' 3476 type: string 3477 port: 3478 description: |- 3479 Number or name of the port to access on the container. 3480 Number must be in the range 1 to 65535. 3481 Name must be an IANA_SVC_NAME. 3482 anyOf: 3483 - type: integer 3484 - type: string 3485 x-kubernetes-int-or-string: true 3486 preStop: 3487 description: |- 3488 PreStop is called immediately before a container is terminated due to an 3489 API request or management event such as liveness/startup probe failure, 3490 preemption, resource contention, etc. The handler is not called if the 3491 container crashes or exits. The Pod's termination grace period countdown begins before the 3492 PreStop hook is executed. Regardless of the outcome of the handler, the 3493 container will eventually terminate within the Pod's termination grace 3494 period (unless delayed by finalizers). Other management of the container blocks until the hook completes 3495 or until the termination grace period is reached. 3496 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 3497 type: object 3498 properties: 3499 exec: 3500 description: Exec specifies the action to take. 3501 type: object 3502 properties: 3503 command: 3504 description: |- 3505 Command is the command line to execute inside the container, the working directory for the 3506 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 3507 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 3508 a shell, you need to explicitly call out to that shell. 3509 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3510 type: array 3511 items: 3512 type: string 3513 x-kubernetes-list-type: atomic 3514 httpGet: 3515 description: HTTPGet specifies the http request to perform. 3516 type: object 3517 required: 3518 - port 3519 properties: 3520 host: 3521 description: |- 3522 Host name to connect to, defaults to the pod IP. You probably want to set 3523 "Host" in httpHeaders instead. 3524 type: string 3525 httpHeaders: 3526 description: Custom headers to set in the request. HTTP allows repeated headers. 3527 type: array 3528 items: 3529 description: HTTPHeader describes a custom header to be used in HTTP probes 3530 type: object 3531 required: 3532 - name 3533 - value 3534 properties: 3535 name: 3536 description: |- 3537 The header field name. 3538 This will be canonicalized upon output, so case-variant names will be understood as the same header. 3539 type: string 3540 value: 3541 description: The header field value 3542 type: string 3543 x-kubernetes-list-type: atomic 3544 path: 3545 description: Path to access on the HTTP server. 3546 type: string 3547 port: 3548 description: |- 3549 Name or number of the port to access on the container. 3550 Number must be in the range 1 to 65535. 3551 Name must be an IANA_SVC_NAME. 3552 anyOf: 3553 - type: integer 3554 - type: string 3555 x-kubernetes-int-or-string: true 3556 scheme: 3557 description: |- 3558 Scheme to use for connecting to the host. 3559 Defaults to HTTP. 3560 type: string 3561 sleep: 3562 description: Sleep represents the duration that the container should sleep before being terminated. 3563 type: object 3564 required: 3565 - seconds 3566 properties: 3567 seconds: 3568 description: Seconds is the number of seconds to sleep. 3569 type: integer 3570 format: int64 3571 tcpSocket: 3572 description: |- 3573 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 3574 for the backward compatibility. There are no validation of this field and 3575 lifecycle hooks will fail in runtime when tcp handler is specified. 3576 type: object 3577 required: 3578 - port 3579 properties: 3580 host: 3581 description: 'Optional: Host name to connect to, defaults to the pod IP.' 3582 type: string 3583 port: 3584 description: |- 3585 Number or name of the port to access on the container. 3586 Number must be in the range 1 to 65535. 3587 Name must be an IANA_SVC_NAME. 3588 anyOf: 3589 - type: integer 3590 - type: string 3591 x-kubernetes-int-or-string: true 3592 livenessProbe: 3593 description: Probes are not allowed for ephemeral containers. 3594 type: object 3595 properties: 3596 exec: 3597 description: Exec specifies the action to take. 3598 type: object 3599 properties: 3600 command: 3601 description: |- 3602 Command is the command line to execute inside the container, the working directory for the 3603 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 3604 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 3605 a shell, you need to explicitly call out to that shell. 3606 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3607 type: array 3608 items: 3609 type: string 3610 x-kubernetes-list-type: atomic 3611 failureThreshold: 3612 description: |- 3613 Minimum consecutive failures for the probe to be considered failed after having succeeded. 3614 Defaults to 3. Minimum value is 1. 3615 type: integer 3616 format: int32 3617 grpc: 3618 description: GRPC specifies an action involving a GRPC port. 3619 type: object 3620 required: 3621 - port 3622 properties: 3623 port: 3624 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3625 type: integer 3626 format: int32 3627 service: 3628 description: |- 3629 Service is the name of the service to place in the gRPC HealthCheckRequest 3630 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3631 3632 If this is not specified, the default behavior is defined by gRPC. 3633 type: string 3634 default: "" 3635 httpGet: 3636 description: HTTPGet specifies the http request to perform. 3637 type: object 3638 required: 3639 - port 3640 properties: 3641 host: 3642 description: |- 3643 Host name to connect to, defaults to the pod IP. You probably want to set 3644 "Host" in httpHeaders instead. 3645 type: string 3646 httpHeaders: 3647 description: Custom headers to set in the request. HTTP allows repeated headers. 3648 type: array 3649 items: 3650 description: HTTPHeader describes a custom header to be used in HTTP probes 3651 type: object 3652 required: 3653 - name 3654 - value 3655 properties: 3656 name: 3657 description: |- 3658 The header field name. 3659 This will be canonicalized upon output, so case-variant names will be understood as the same header. 3660 type: string 3661 value: 3662 description: The header field value 3663 type: string 3664 x-kubernetes-list-type: atomic 3665 path: 3666 description: Path to access on the HTTP server. 3667 type: string 3668 port: 3669 description: |- 3670 Name or number of the port to access on the container. 3671 Number must be in the range 1 to 65535. 3672 Name must be an IANA_SVC_NAME. 3673 anyOf: 3674 - type: integer 3675 - type: string 3676 x-kubernetes-int-or-string: true 3677 scheme: 3678 description: |- 3679 Scheme to use for connecting to the host. 3680 Defaults to HTTP. 3681 type: string 3682 initialDelaySeconds: 3683 description: |- 3684 Number of seconds after the container has started before liveness probes are initiated. 3685 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3686 type: integer 3687 format: int32 3688 periodSeconds: 3689 description: |- 3690 How often (in seconds) to perform the probe. 3691 Default to 10 seconds. Minimum value is 1. 3692 type: integer 3693 format: int32 3694 successThreshold: 3695 description: |- 3696 Minimum consecutive successes for the probe to be considered successful after having failed. 3697 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3698 type: integer 3699 format: int32 3700 tcpSocket: 3701 description: TCPSocket specifies an action involving a TCP port. 3702 type: object 3703 required: 3704 - port 3705 properties: 3706 host: 3707 description: 'Optional: Host name to connect to, defaults to the pod IP.' 3708 type: string 3709 port: 3710 description: |- 3711 Number or name of the port to access on the container. 3712 Number must be in the range 1 to 65535. 3713 Name must be an IANA_SVC_NAME. 3714 anyOf: 3715 - type: integer 3716 - type: string 3717 x-kubernetes-int-or-string: true 3718 terminationGracePeriodSeconds: 3719 description: |- 3720 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 3721 The grace period is the duration in seconds after the processes running in the pod are sent 3722 a termination signal and the time when the processes are forcibly halted with a kill signal. 3723 Set this value longer than the expected cleanup time for your process. 3724 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 3725 value overrides the value provided by the pod spec. 3726 Value must be non-negative integer. The value zero indicates stop immediately via 3727 the kill signal (no opportunity to shut down). 3728 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 3729 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3730 type: integer 3731 format: int64 3732 timeoutSeconds: 3733 description: |- 3734 Number of seconds after which the probe times out. 3735 Defaults to 1 second. Minimum value is 1. 3736 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3737 type: integer 3738 format: int32 3739 name: 3740 description: |- 3741 Name of the ephemeral container specified as a DNS_LABEL. 3742 This name must be unique among all containers, init containers and ephemeral containers. 3743 type: string 3744 ports: 3745 description: Ports are not allowed for ephemeral containers. 3746 type: array 3747 items: 3748 description: ContainerPort represents a network port in a single container. 3749 type: object 3750 required: 3751 - containerPort 3752 properties: 3753 containerPort: 3754 description: |- 3755 Number of port to expose on the pod's IP address. 3756 This must be a valid port number, 0 < x < 65536. 3757 type: integer 3758 format: int32 3759 hostIP: 3760 description: What host IP to bind the external port to. 3761 type: string 3762 hostPort: 3763 description: |- 3764 Number of port to expose on the host. 3765 If specified, this must be a valid port number, 0 < x < 65536. 3766 If HostNetwork is specified, this must match ContainerPort. 3767 Most containers do not need this. 3768 type: integer 3769 format: int32 3770 name: 3771 description: |- 3772 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 3773 named port in a pod must have a unique name. Name for the port that can be 3774 referred to by services. 3775 type: string 3776 protocol: 3777 description: |- 3778 Protocol for port. Must be UDP, TCP, or SCTP. 3779 Defaults to "TCP". 3780 type: string 3781 default: TCP 3782 x-kubernetes-list-map-keys: 3783 - containerPort 3784 - protocol 3785 x-kubernetes-list-type: map 3786 readinessProbe: 3787 description: Probes are not allowed for ephemeral containers. 3788 type: object 3789 properties: 3790 exec: 3791 description: Exec specifies the action to take. 3792 type: object 3793 properties: 3794 command: 3795 description: |- 3796 Command is the command line to execute inside the container, the working directory for the 3797 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 3798 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 3799 a shell, you need to explicitly call out to that shell. 3800 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3801 type: array 3802 items: 3803 type: string 3804 x-kubernetes-list-type: atomic 3805 failureThreshold: 3806 description: |- 3807 Minimum consecutive failures for the probe to be considered failed after having succeeded. 3808 Defaults to 3. Minimum value is 1. 3809 type: integer 3810 format: int32 3811 grpc: 3812 description: GRPC specifies an action involving a GRPC port. 3813 type: object 3814 required: 3815 - port 3816 properties: 3817 port: 3818 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3819 type: integer 3820 format: int32 3821 service: 3822 description: |- 3823 Service is the name of the service to place in the gRPC HealthCheckRequest 3824 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3825 3826 If this is not specified, the default behavior is defined by gRPC. 3827 type: string 3828 default: "" 3829 httpGet: 3830 description: HTTPGet specifies the http request to perform. 3831 type: object 3832 required: 3833 - port 3834 properties: 3835 host: 3836 description: |- 3837 Host name to connect to, defaults to the pod IP. You probably want to set 3838 "Host" in httpHeaders instead. 3839 type: string 3840 httpHeaders: 3841 description: Custom headers to set in the request. HTTP allows repeated headers. 3842 type: array 3843 items: 3844 description: HTTPHeader describes a custom header to be used in HTTP probes 3845 type: object 3846 required: 3847 - name 3848 - value 3849 properties: 3850 name: 3851 description: |- 3852 The header field name. 3853 This will be canonicalized upon output, so case-variant names will be understood as the same header. 3854 type: string 3855 value: 3856 description: The header field value 3857 type: string 3858 x-kubernetes-list-type: atomic 3859 path: 3860 description: Path to access on the HTTP server. 3861 type: string 3862 port: 3863 description: |- 3864 Name or number of the port to access on the container. 3865 Number must be in the range 1 to 65535. 3866 Name must be an IANA_SVC_NAME. 3867 anyOf: 3868 - type: integer 3869 - type: string 3870 x-kubernetes-int-or-string: true 3871 scheme: 3872 description: |- 3873 Scheme to use for connecting to the host. 3874 Defaults to HTTP. 3875 type: string 3876 initialDelaySeconds: 3877 description: |- 3878 Number of seconds after the container has started before liveness probes are initiated. 3879 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3880 type: integer 3881 format: int32 3882 periodSeconds: 3883 description: |- 3884 How often (in seconds) to perform the probe. 3885 Default to 10 seconds. Minimum value is 1. 3886 type: integer 3887 format: int32 3888 successThreshold: 3889 description: |- 3890 Minimum consecutive successes for the probe to be considered successful after having failed. 3891 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3892 type: integer 3893 format: int32 3894 tcpSocket: 3895 description: TCPSocket specifies an action involving a TCP port. 3896 type: object 3897 required: 3898 - port 3899 properties: 3900 host: 3901 description: 'Optional: Host name to connect to, defaults to the pod IP.' 3902 type: string 3903 port: 3904 description: |- 3905 Number or name of the port to access on the container. 3906 Number must be in the range 1 to 65535. 3907 Name must be an IANA_SVC_NAME. 3908 anyOf: 3909 - type: integer 3910 - type: string 3911 x-kubernetes-int-or-string: true 3912 terminationGracePeriodSeconds: 3913 description: |- 3914 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 3915 The grace period is the duration in seconds after the processes running in the pod are sent 3916 a termination signal and the time when the processes are forcibly halted with a kill signal. 3917 Set this value longer than the expected cleanup time for your process. 3918 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 3919 value overrides the value provided by the pod spec. 3920 Value must be non-negative integer. The value zero indicates stop immediately via 3921 the kill signal (no opportunity to shut down). 3922 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 3923 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3924 type: integer 3925 format: int64 3926 timeoutSeconds: 3927 description: |- 3928 Number of seconds after which the probe times out. 3929 Defaults to 1 second. Minimum value is 1. 3930 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3931 type: integer 3932 format: int32 3933 resizePolicy: 3934 description: Resources resize policy for the container. 3935 type: array 3936 items: 3937 description: ContainerResizePolicy represents resource resize policy for the container. 3938 type: object 3939 required: 3940 - resourceName 3941 - restartPolicy 3942 properties: 3943 resourceName: 3944 description: |- 3945 Name of the resource to which this resource resize policy applies. 3946 Supported values: cpu, memory. 3947 type: string 3948 restartPolicy: 3949 description: |- 3950 Restart policy to apply when specified resource is resized. 3951 If not specified, it defaults to NotRequired. 3952 type: string 3953 x-kubernetes-list-type: atomic 3954 resources: 3955 description: |- 3956 Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources 3957 already allocated to the pod. 3958 type: object 3959 properties: 3960 claims: 3961 description: |- 3962 Claims lists the names of resources, defined in spec.resourceClaims, 3963 that are used by this container. 3964 3965 This is an alpha field and requires enabling the 3966 DynamicResourceAllocation feature gate. 3967 3968 This field is immutable. It can only be set for containers. 3969 type: array 3970 items: 3971 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 3972 type: object 3973 required: 3974 - name 3975 properties: 3976 name: 3977 description: |- 3978 Name must match the name of one entry in pod.spec.resourceClaims of 3979 the Pod where this field is used. It makes that resource available 3980 inside a container. 3981 type: string 3982 request: 3983 description: |- 3984 Request is the name chosen for a request in the referenced claim. 3985 If empty, everything from the claim is made available, otherwise 3986 only the result of this request. 3987 type: string 3988 x-kubernetes-list-map-keys: 3989 - name 3990 x-kubernetes-list-type: map 3991 limits: 3992 description: |- 3993 Limits describes the maximum amount of compute resources allowed. 3994 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 3995 type: object 3996 additionalProperties: 3997 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3998 anyOf: 3999 - type: integer 4000 - type: string 4001 x-kubernetes-int-or-string: true 4002 requests: 4003 description: |- 4004 Requests describes the minimum amount of compute resources required. 4005 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 4006 otherwise to an implementation-defined value. Requests cannot exceed Limits. 4007 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 4008 type: object 4009 additionalProperties: 4010 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4011 anyOf: 4012 - type: integer 4013 - type: string 4014 x-kubernetes-int-or-string: true 4015 restartPolicy: 4016 description: |- 4017 Restart policy for the container to manage the restart behavior of each 4018 container within a pod. 4019 This may only be set for init containers. You cannot set this field on 4020 ephemeral containers. 4021 type: string 4022 securityContext: 4023 description: |- 4024 Optional: SecurityContext defines the security options the ephemeral container should be run with. 4025 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. 4026 type: object 4027 properties: 4028 allowPrivilegeEscalation: 4029 description: |- 4030 AllowPrivilegeEscalation controls whether a process can gain more 4031 privileges than its parent process. This bool directly controls if 4032 the no_new_privs flag will be set on the container process. 4033 AllowPrivilegeEscalation is true always when the container is: 4034 1) run as Privileged 4035 2) has CAP_SYS_ADMIN 4036 Note that this field cannot be set when spec.os.name is windows. 4037 type: boolean 4038 appArmorProfile: 4039 description: |- 4040 appArmorProfile is the AppArmor options to use by this container. If set, this profile 4041 overrides the pod's appArmorProfile. 4042 Note that this field cannot be set when spec.os.name is windows. 4043 type: object 4044 required: 4045 - type 4046 properties: 4047 localhostProfile: 4048 description: |- 4049 localhostProfile indicates a profile loaded on the node that should be used. 4050 The profile must be preconfigured on the node to work. 4051 Must match the loaded name of the profile. 4052 Must be set if and only if type is "Localhost". 4053 type: string 4054 type: 4055 description: |- 4056 type indicates which kind of AppArmor profile will be applied. 4057 Valid options are: 4058 Localhost - a profile pre-loaded on the node. 4059 RuntimeDefault - the container runtime's default profile. 4060 Unconfined - no AppArmor enforcement. 4061 type: string 4062 capabilities: 4063 description: |- 4064 The capabilities to add/drop when running containers. 4065 Defaults to the default set of capabilities granted by the container runtime. 4066 Note that this field cannot be set when spec.os.name is windows. 4067 type: object 4068 properties: 4069 add: 4070 description: Added capabilities 4071 type: array 4072 items: 4073 description: Capability represent POSIX capabilities type 4074 type: string 4075 x-kubernetes-list-type: atomic 4076 drop: 4077 description: Removed capabilities 4078 type: array 4079 items: 4080 description: Capability represent POSIX capabilities type 4081 type: string 4082 x-kubernetes-list-type: atomic 4083 privileged: 4084 description: |- 4085 Run container in privileged mode. 4086 Processes in privileged containers are essentially equivalent to root on the host. 4087 Defaults to false. 4088 Note that this field cannot be set when spec.os.name is windows. 4089 type: boolean 4090 procMount: 4091 description: |- 4092 procMount denotes the type of proc mount to use for the containers. 4093 The default value is Default which uses the container runtime defaults for 4094 readonly paths and masked paths. 4095 This requires the ProcMountType feature flag to be enabled. 4096 Note that this field cannot be set when spec.os.name is windows. 4097 type: string 4098 readOnlyRootFilesystem: 4099 description: |- 4100 Whether this container has a read-only root filesystem. 4101 Default is false. 4102 Note that this field cannot be set when spec.os.name is windows. 4103 type: boolean 4104 runAsGroup: 4105 description: |- 4106 The GID to run the entrypoint of the container process. 4107 Uses runtime default if unset. 4108 May also be set in PodSecurityContext. If set in both SecurityContext and 4109 PodSecurityContext, the value specified in SecurityContext takes precedence. 4110 Note that this field cannot be set when spec.os.name is windows. 4111 type: integer 4112 format: int64 4113 runAsNonRoot: 4114 description: |- 4115 Indicates that the container must run as a non-root user. 4116 If true, the Kubelet will validate the image at runtime to ensure that it 4117 does not run as UID 0 (root) and fail to start the container if it does. 4118 If unset or false, no such validation will be performed. 4119 May also be set in PodSecurityContext. If set in both SecurityContext and 4120 PodSecurityContext, the value specified in SecurityContext takes precedence. 4121 type: boolean 4122 runAsUser: 4123 description: |- 4124 The UID to run the entrypoint of the container process. 4125 Defaults to user specified in image metadata if unspecified. 4126 May also be set in PodSecurityContext. If set in both SecurityContext and 4127 PodSecurityContext, the value specified in SecurityContext takes precedence. 4128 Note that this field cannot be set when spec.os.name is windows. 4129 type: integer 4130 format: int64 4131 seLinuxOptions: 4132 description: |- 4133 The SELinux context to be applied to the container. 4134 If unspecified, the container runtime will allocate a random SELinux context for each 4135 container. May also be set in PodSecurityContext. If set in both SecurityContext and 4136 PodSecurityContext, the value specified in SecurityContext takes precedence. 4137 Note that this field cannot be set when spec.os.name is windows. 4138 type: object 4139 properties: 4140 level: 4141 description: Level is SELinux level label that applies to the container. 4142 type: string 4143 role: 4144 description: Role is a SELinux role label that applies to the container. 4145 type: string 4146 type: 4147 description: Type is a SELinux type label that applies to the container. 4148 type: string 4149 user: 4150 description: User is a SELinux user label that applies to the container. 4151 type: string 4152 seccompProfile: 4153 description: |- 4154 The seccomp options to use by this container. If seccomp options are 4155 provided at both the pod & container level, the container options 4156 override the pod options. 4157 Note that this field cannot be set when spec.os.name is windows. 4158 type: object 4159 required: 4160 - type 4161 properties: 4162 localhostProfile: 4163 description: |- 4164 localhostProfile indicates a profile defined in a file on the node should be used. 4165 The profile must be preconfigured on the node to work. 4166 Must be a descending path, relative to the kubelet's configured seccomp profile location. 4167 Must be set if type is "Localhost". Must NOT be set for any other type. 4168 type: string 4169 type: 4170 description: |- 4171 type indicates which kind of seccomp profile will be applied. 4172 Valid options are: 4173 4174 Localhost - a profile defined in a file on the node should be used. 4175 RuntimeDefault - the container runtime default profile should be used. 4176 Unconfined - no profile should be applied. 4177 type: string 4178 windowsOptions: 4179 description: |- 4180 The Windows specific settings applied to all containers. 4181 If unspecified, the options from the PodSecurityContext will be used. 4182 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 4183 Note that this field cannot be set when spec.os.name is linux. 4184 type: object 4185 properties: 4186 gmsaCredentialSpec: 4187 description: |- 4188 GMSACredentialSpec is where the GMSA admission webhook 4189 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 4190 GMSA credential spec named by the GMSACredentialSpecName field. 4191 type: string 4192 gmsaCredentialSpecName: 4193 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 4194 type: string 4195 hostProcess: 4196 description: |- 4197 HostProcess determines if a container should be run as a 'Host Process' container. 4198 All of a Pod's containers must have the same effective HostProcess value 4199 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 4200 In addition, if HostProcess is true then HostNetwork must also be set to true. 4201 type: boolean 4202 runAsUserName: 4203 description: |- 4204 The UserName in Windows to run the entrypoint of the container process. 4205 Defaults to the user specified in image metadata if unspecified. 4206 May also be set in PodSecurityContext. If set in both SecurityContext and 4207 PodSecurityContext, the value specified in SecurityContext takes precedence. 4208 type: string 4209 startupProbe: 4210 description: Probes are not allowed for ephemeral containers. 4211 type: object 4212 properties: 4213 exec: 4214 description: Exec specifies the action to take. 4215 type: object 4216 properties: 4217 command: 4218 description: |- 4219 Command is the command line to execute inside the container, the working directory for the 4220 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4221 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4222 a shell, you need to explicitly call out to that shell. 4223 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4224 type: array 4225 items: 4226 type: string 4227 x-kubernetes-list-type: atomic 4228 failureThreshold: 4229 description: |- 4230 Minimum consecutive failures for the probe to be considered failed after having succeeded. 4231 Defaults to 3. Minimum value is 1. 4232 type: integer 4233 format: int32 4234 grpc: 4235 description: GRPC specifies an action involving a GRPC port. 4236 type: object 4237 required: 4238 - port 4239 properties: 4240 port: 4241 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 4242 type: integer 4243 format: int32 4244 service: 4245 description: |- 4246 Service is the name of the service to place in the gRPC HealthCheckRequest 4247 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4248 4249 If this is not specified, the default behavior is defined by gRPC. 4250 type: string 4251 default: "" 4252 httpGet: 4253 description: HTTPGet specifies the http request to perform. 4254 type: object 4255 required: 4256 - port 4257 properties: 4258 host: 4259 description: |- 4260 Host name to connect to, defaults to the pod IP. You probably want to set 4261 "Host" in httpHeaders instead. 4262 type: string 4263 httpHeaders: 4264 description: Custom headers to set in the request. HTTP allows repeated headers. 4265 type: array 4266 items: 4267 description: HTTPHeader describes a custom header to be used in HTTP probes 4268 type: object 4269 required: 4270 - name 4271 - value 4272 properties: 4273 name: 4274 description: |- 4275 The header field name. 4276 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4277 type: string 4278 value: 4279 description: The header field value 4280 type: string 4281 x-kubernetes-list-type: atomic 4282 path: 4283 description: Path to access on the HTTP server. 4284 type: string 4285 port: 4286 description: |- 4287 Name or number of the port to access on the container. 4288 Number must be in the range 1 to 65535. 4289 Name must be an IANA_SVC_NAME. 4290 anyOf: 4291 - type: integer 4292 - type: string 4293 x-kubernetes-int-or-string: true 4294 scheme: 4295 description: |- 4296 Scheme to use for connecting to the host. 4297 Defaults to HTTP. 4298 type: string 4299 initialDelaySeconds: 4300 description: |- 4301 Number of seconds after the container has started before liveness probes are initiated. 4302 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4303 type: integer 4304 format: int32 4305 periodSeconds: 4306 description: |- 4307 How often (in seconds) to perform the probe. 4308 Default to 10 seconds. Minimum value is 1. 4309 type: integer 4310 format: int32 4311 successThreshold: 4312 description: |- 4313 Minimum consecutive successes for the probe to be considered successful after having failed. 4314 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 4315 type: integer 4316 format: int32 4317 tcpSocket: 4318 description: TCPSocket specifies an action involving a TCP port. 4319 type: object 4320 required: 4321 - port 4322 properties: 4323 host: 4324 description: 'Optional: Host name to connect to, defaults to the pod IP.' 4325 type: string 4326 port: 4327 description: |- 4328 Number or name of the port to access on the container. 4329 Number must be in the range 1 to 65535. 4330 Name must be an IANA_SVC_NAME. 4331 anyOf: 4332 - type: integer 4333 - type: string 4334 x-kubernetes-int-or-string: true 4335 terminationGracePeriodSeconds: 4336 description: |- 4337 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 4338 The grace period is the duration in seconds after the processes running in the pod are sent 4339 a termination signal and the time when the processes are forcibly halted with a kill signal. 4340 Set this value longer than the expected cleanup time for your process. 4341 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 4342 value overrides the value provided by the pod spec. 4343 Value must be non-negative integer. The value zero indicates stop immediately via 4344 the kill signal (no opportunity to shut down). 4345 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 4346 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 4347 type: integer 4348 format: int64 4349 timeoutSeconds: 4350 description: |- 4351 Number of seconds after which the probe times out. 4352 Defaults to 1 second. Minimum value is 1. 4353 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4354 type: integer 4355 format: int32 4356 stdin: 4357 description: |- 4358 Whether this container should allocate a buffer for stdin in the container runtime. If this 4359 is not set, reads from stdin in the container will always result in EOF. 4360 Default is false. 4361 type: boolean 4362 stdinOnce: 4363 description: |- 4364 Whether the container runtime should close the stdin channel after it has been opened by 4365 a single attach. When stdin is true the stdin stream will remain open across multiple attach 4366 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 4367 first client attaches to stdin, and then remains open and accepts data until the client disconnects, 4368 at which time stdin is closed and remains closed until the container is restarted. If this 4369 flag is false, a container processes that reads from stdin will never receive an EOF. 4370 Default is false 4371 type: boolean 4372 targetContainerName: 4373 description: |- 4374 If set, the name of the container from PodSpec that this ephemeral container targets. 4375 The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. 4376 If not set then the ephemeral container uses the namespaces configured in the Pod spec. 4377 4378 The container runtime must implement support for this feature. If the runtime does not 4379 support namespace targeting then the result of setting this field is undefined. 4380 type: string 4381 terminationMessagePath: 4382 description: |- 4383 Optional: Path at which the file to which the container's termination message 4384 will be written is mounted into the container's filesystem. 4385 Message written is intended to be brief final status, such as an assertion failure message. 4386 Will be truncated by the node if greater than 4096 bytes. The total message length across 4387 all containers will be limited to 12kb. 4388 Defaults to /dev/termination-log. 4389 Cannot be updated. 4390 type: string 4391 terminationMessagePolicy: 4392 description: |- 4393 Indicate how the termination message should be populated. File will use the contents of 4394 terminationMessagePath to populate the container status message on both success and failure. 4395 FallbackToLogsOnError will use the last chunk of container log output if the termination 4396 message file is empty and the container exited with an error. 4397 The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 4398 Defaults to File. 4399 Cannot be updated. 4400 type: string 4401 tty: 4402 description: |- 4403 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 4404 Default is false. 4405 type: boolean 4406 volumeDevices: 4407 description: volumeDevices is the list of block devices to be used by the container. 4408 type: array 4409 items: 4410 description: volumeDevice describes a mapping of a raw block device within a container. 4411 type: object 4412 required: 4413 - devicePath 4414 - name 4415 properties: 4416 devicePath: 4417 description: devicePath is the path inside of the container that the device will be mapped to. 4418 type: string 4419 name: 4420 description: name must match the name of a persistentVolumeClaim in the pod 4421 type: string 4422 x-kubernetes-list-map-keys: 4423 - devicePath 4424 x-kubernetes-list-type: map 4425 volumeMounts: 4426 description: |- 4427 Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. 4428 Cannot be updated. 4429 type: array 4430 items: 4431 description: VolumeMount describes a mounting of a Volume within a container. 4432 type: object 4433 required: 4434 - mountPath 4435 - name 4436 properties: 4437 mountPath: 4438 description: |- 4439 Path within the container at which the volume should be mounted. Must 4440 not contain ':'. 4441 type: string 4442 mountPropagation: 4443 description: |- 4444 mountPropagation determines how mounts are propagated from the host 4445 to container and the other way around. 4446 When not set, MountPropagationNone is used. 4447 This field is beta in 1.10. 4448 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified 4449 (which defaults to None). 4450 type: string 4451 name: 4452 description: This must match the Name of a Volume. 4453 type: string 4454 readOnly: 4455 description: |- 4456 Mounted read-only if true, read-write otherwise (false or unspecified). 4457 Defaults to false. 4458 type: boolean 4459 recursiveReadOnly: 4460 description: |- 4461 RecursiveReadOnly specifies whether read-only mounts should be handled 4462 recursively. 4463 4464 If ReadOnly is false, this field has no meaning and must be unspecified. 4465 4466 If ReadOnly is true, and this field is set to Disabled, the mount is not made 4467 recursively read-only. If this field is set to IfPossible, the mount is made 4468 recursively read-only, if it is supported by the container runtime. If this 4469 field is set to Enabled, the mount is made recursively read-only if it is 4470 supported by the container runtime, otherwise the pod will not be started and 4471 an error will be generated to indicate the reason. 4472 4473 If this field is set to IfPossible or Enabled, MountPropagation must be set to 4474 None (or be unspecified, which defaults to None). 4475 4476 If this field is not specified, it is treated as an equivalent of Disabled. 4477 type: string 4478 subPath: 4479 description: |- 4480 Path within the volume from which the container's volume should be mounted. 4481 Defaults to "" (volume's root). 4482 type: string 4483 subPathExpr: 4484 description: |- 4485 Expanded path within the volume from which the container's volume should be mounted. 4486 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. 4487 Defaults to "" (volume's root). 4488 SubPathExpr and SubPath are mutually exclusive. 4489 type: string 4490 x-kubernetes-list-map-keys: 4491 - mountPath 4492 x-kubernetes-list-type: map 4493 workingDir: 4494 description: |- 4495 Container's working directory. 4496 If not specified, the container runtime's default will be used, which 4497 might be configured in the container image. 4498 Cannot be updated. 4499 type: string 4500 x-kubernetes-list-map-keys: 4501 - name 4502 x-kubernetes-list-type: map 4503 hostAliases: 4504 description: |- 4505 HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts 4506 file if specified. 4507 type: array 4508 items: 4509 description: |- 4510 HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the 4511 pod's hosts file. 4512 type: object 4513 required: 4514 - ip 4515 properties: 4516 hostnames: 4517 description: Hostnames for the above IP address. 4518 type: array 4519 items: 4520 type: string 4521 x-kubernetes-list-type: atomic 4522 ip: 4523 description: IP address of the host file entry. 4524 type: string 4525 default: "" 4526 x-kubernetes-list-map-keys: 4527 - ip 4528 x-kubernetes-list-type: map 4529 hostIPC: 4530 description: |- 4531 Use the host's ipc namespace. 4532 Optional: Default to false. 4533 type: boolean 4534 hostNetwork: 4535 description: |- 4536 Host networking requested for this pod. Use the host's network namespace. 4537 If this option is set, the ports that will be used must be specified. 4538 Default to false. 4539 type: boolean 4540 hostPID: 4541 description: |- 4542 Use the host's pid namespace. 4543 Optional: Default to false. 4544 type: boolean 4545 hostUsers: 4546 description: |- 4547 Use the host's user namespace. 4548 Optional: Default to true. 4549 If set to true or not present, the pod will be run in the host user namespace, useful 4550 for when the pod needs a feature only available to the host user namespace, such as 4551 loading a kernel module with CAP_SYS_MODULE. 4552 When set to false, a new userns is created for the pod. Setting false is useful for 4553 mitigating container breakout vulnerabilities even allowing users to run their 4554 containers as root without actually having root privileges on the host. 4555 This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. 4556 type: boolean 4557 hostname: 4558 description: |- 4559 Specifies the hostname of the Pod 4560 If not specified, the pod's hostname will be set to a system-defined value. 4561 type: string 4562 imagePullSecrets: 4563 description: |- 4564 ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. 4565 If specified, these secrets will be passed to individual puller implementations for them to use. 4566 More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod 4567 type: array 4568 items: 4569 description: |- 4570 LocalObjectReference contains enough information to let you locate the 4571 referenced object inside the same namespace. 4572 type: object 4573 properties: 4574 name: 4575 description: |- 4576 Name of the referent. 4577 This field is effectively required, but due to backwards compatibility is 4578 allowed to be empty. Instances of this type with an empty value here are 4579 almost certainly wrong. 4580 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4581 type: string 4582 default: "" 4583 x-kubernetes-map-type: atomic 4584 x-kubernetes-list-map-keys: 4585 - name 4586 x-kubernetes-list-type: map 4587 initContainers: 4588 description: |- 4589 List of initialization containers belonging to the pod. 4590 Init containers are executed in order prior to containers being started. If any 4591 init container fails, the pod is considered to have failed and is handled according 4592 to its restartPolicy. The name for an init container or normal container must be 4593 unique among all containers. 4594 Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. 4595 The resourceRequirements of an init container are taken into account during scheduling 4596 by finding the highest request/limit for each resource type, and then using the max of 4597 of that value or the sum of the normal containers. Limits are applied to init containers 4598 in a similar fashion. 4599 Init containers cannot currently be added or removed. 4600 Cannot be updated. 4601 More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ 4602 type: array 4603 items: 4604 description: A single application container that you want to run within a pod. 4605 type: object 4606 required: 4607 - name 4608 properties: 4609 args: 4610 description: |- 4611 Arguments to the entrypoint. 4612 The container image's CMD is used if this is not provided. 4613 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 4614 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 4615 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 4616 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 4617 of whether the variable exists or not. Cannot be updated. 4618 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 4619 type: array 4620 items: 4621 type: string 4622 x-kubernetes-list-type: atomic 4623 command: 4624 description: |- 4625 Entrypoint array. Not executed within a shell. 4626 The container image's ENTRYPOINT is used if this is not provided. 4627 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 4628 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 4629 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 4630 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 4631 of whether the variable exists or not. Cannot be updated. 4632 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 4633 type: array 4634 items: 4635 type: string 4636 x-kubernetes-list-type: atomic 4637 env: 4638 description: |- 4639 List of environment variables to set in the container. 4640 Cannot be updated. 4641 type: array 4642 items: 4643 description: EnvVar represents an environment variable present in a Container. 4644 type: object 4645 required: 4646 - name 4647 properties: 4648 name: 4649 description: Name of the environment variable. Must be a C_IDENTIFIER. 4650 type: string 4651 value: 4652 description: |- 4653 Variable references $(VAR_NAME) are expanded 4654 using the previously defined environment variables in the container and 4655 any service environment variables. If a variable cannot be resolved, 4656 the reference in the input string will be unchanged. Double $$ are reduced 4657 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. 4658 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 4659 Escaped references will never be expanded, regardless of whether the variable 4660 exists or not. 4661 Defaults to "". 4662 type: string 4663 valueFrom: 4664 description: Source for the environment variable's value. Cannot be used if value is not empty. 4665 type: object 4666 properties: 4667 configMapKeyRef: 4668 description: Selects a key of a ConfigMap. 4669 type: object 4670 required: 4671 - key 4672 properties: 4673 key: 4674 description: The key to select. 4675 type: string 4676 name: 4677 description: |- 4678 Name of the referent. 4679 This field is effectively required, but due to backwards compatibility is 4680 allowed to be empty. Instances of this type with an empty value here are 4681 almost certainly wrong. 4682 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4683 type: string 4684 default: "" 4685 optional: 4686 description: Specify whether the ConfigMap or its key must be defined 4687 type: boolean 4688 x-kubernetes-map-type: atomic 4689 fieldRef: 4690 description: |- 4691 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, 4692 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. 4693 type: object 4694 required: 4695 - fieldPath 4696 properties: 4697 apiVersion: 4698 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 4699 type: string 4700 fieldPath: 4701 description: Path of the field to select in the specified API version. 4702 type: string 4703 x-kubernetes-map-type: atomic 4704 resourceFieldRef: 4705 description: |- 4706 Selects a resource of the container: only resources limits and requests 4707 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 4708 type: object 4709 required: 4710 - resource 4711 properties: 4712 containerName: 4713 description: 'Container name: required for volumes, optional for env vars' 4714 type: string 4715 divisor: 4716 description: Specifies the output format of the exposed resources, defaults to "1" 4717 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4718 anyOf: 4719 - type: integer 4720 - type: string 4721 x-kubernetes-int-or-string: true 4722 resource: 4723 description: 'Required: resource to select' 4724 type: string 4725 x-kubernetes-map-type: atomic 4726 secretKeyRef: 4727 description: Selects a key of a secret in the pod's namespace 4728 type: object 4729 required: 4730 - key 4731 properties: 4732 key: 4733 description: The key of the secret to select from. Must be a valid secret key. 4734 type: string 4735 name: 4736 description: |- 4737 Name of the referent. 4738 This field is effectively required, but due to backwards compatibility is 4739 allowed to be empty. Instances of this type with an empty value here are 4740 almost certainly wrong. 4741 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4742 type: string 4743 default: "" 4744 optional: 4745 description: Specify whether the Secret or its key must be defined 4746 type: boolean 4747 x-kubernetes-map-type: atomic 4748 x-kubernetes-list-map-keys: 4749 - name 4750 x-kubernetes-list-type: map 4751 envFrom: 4752 description: |- 4753 List of sources to populate environment variables in the container. 4754 The keys defined within a source must be a C_IDENTIFIER. All invalid keys 4755 will be reported as an event when the container is starting. When a key exists in multiple 4756 sources, the value associated with the last source will take precedence. 4757 Values defined by an Env with a duplicate key will take precedence. 4758 Cannot be updated. 4759 type: array 4760 items: 4761 description: EnvFromSource represents the source of a set of ConfigMaps 4762 type: object 4763 properties: 4764 configMapRef: 4765 description: The ConfigMap to select from 4766 type: object 4767 properties: 4768 name: 4769 description: |- 4770 Name of the referent. 4771 This field is effectively required, but due to backwards compatibility is 4772 allowed to be empty. Instances of this type with an empty value here are 4773 almost certainly wrong. 4774 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4775 type: string 4776 default: "" 4777 optional: 4778 description: Specify whether the ConfigMap must be defined 4779 type: boolean 4780 x-kubernetes-map-type: atomic 4781 prefix: 4782 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 4783 type: string 4784 secretRef: 4785 description: The Secret to select from 4786 type: object 4787 properties: 4788 name: 4789 description: |- 4790 Name of the referent. 4791 This field is effectively required, but due to backwards compatibility is 4792 allowed to be empty. Instances of this type with an empty value here are 4793 almost certainly wrong. 4794 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4795 type: string 4796 default: "" 4797 optional: 4798 description: Specify whether the Secret must be defined 4799 type: boolean 4800 x-kubernetes-map-type: atomic 4801 x-kubernetes-list-type: atomic 4802 image: 4803 description: |- 4804 Container image name. 4805 More info: https://kubernetes.io/docs/concepts/containers/images 4806 This field is optional to allow higher level config management to default or override 4807 container images in workload controllers like Deployments and StatefulSets. 4808 type: string 4809 imagePullPolicy: 4810 description: |- 4811 Image pull policy. 4812 One of Always, Never, IfNotPresent. 4813 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 4814 Cannot be updated. 4815 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 4816 type: string 4817 lifecycle: 4818 description: |- 4819 Actions that the management system should take in response to container lifecycle events. 4820 Cannot be updated. 4821 type: object 4822 properties: 4823 postStart: 4824 description: |- 4825 PostStart is called immediately after a container is created. If the handler fails, 4826 the container is terminated and restarted according to its restart policy. 4827 Other management of the container blocks until the hook completes. 4828 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 4829 type: object 4830 properties: 4831 exec: 4832 description: Exec specifies the action to take. 4833 type: object 4834 properties: 4835 command: 4836 description: |- 4837 Command is the command line to execute inside the container, the working directory for the 4838 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4839 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4840 a shell, you need to explicitly call out to that shell. 4841 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4842 type: array 4843 items: 4844 type: string 4845 x-kubernetes-list-type: atomic 4846 httpGet: 4847 description: HTTPGet specifies the http request to perform. 4848 type: object 4849 required: 4850 - port 4851 properties: 4852 host: 4853 description: |- 4854 Host name to connect to, defaults to the pod IP. You probably want to set 4855 "Host" in httpHeaders instead. 4856 type: string 4857 httpHeaders: 4858 description: Custom headers to set in the request. HTTP allows repeated headers. 4859 type: array 4860 items: 4861 description: HTTPHeader describes a custom header to be used in HTTP probes 4862 type: object 4863 required: 4864 - name 4865 - value 4866 properties: 4867 name: 4868 description: |- 4869 The header field name. 4870 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4871 type: string 4872 value: 4873 description: The header field value 4874 type: string 4875 x-kubernetes-list-type: atomic 4876 path: 4877 description: Path to access on the HTTP server. 4878 type: string 4879 port: 4880 description: |- 4881 Name or number of the port to access on the container. 4882 Number must be in the range 1 to 65535. 4883 Name must be an IANA_SVC_NAME. 4884 anyOf: 4885 - type: integer 4886 - type: string 4887 x-kubernetes-int-or-string: true 4888 scheme: 4889 description: |- 4890 Scheme to use for connecting to the host. 4891 Defaults to HTTP. 4892 type: string 4893 sleep: 4894 description: Sleep represents the duration that the container should sleep before being terminated. 4895 type: object 4896 required: 4897 - seconds 4898 properties: 4899 seconds: 4900 description: Seconds is the number of seconds to sleep. 4901 type: integer 4902 format: int64 4903 tcpSocket: 4904 description: |- 4905 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 4906 for the backward compatibility. There are no validation of this field and 4907 lifecycle hooks will fail in runtime when tcp handler is specified. 4908 type: object 4909 required: 4910 - port 4911 properties: 4912 host: 4913 description: 'Optional: Host name to connect to, defaults to the pod IP.' 4914 type: string 4915 port: 4916 description: |- 4917 Number or name of the port to access on the container. 4918 Number must be in the range 1 to 65535. 4919 Name must be an IANA_SVC_NAME. 4920 anyOf: 4921 - type: integer 4922 - type: string 4923 x-kubernetes-int-or-string: true 4924 preStop: 4925 description: |- 4926 PreStop is called immediately before a container is terminated due to an 4927 API request or management event such as liveness/startup probe failure, 4928 preemption, resource contention, etc. The handler is not called if the 4929 container crashes or exits. The Pod's termination grace period countdown begins before the 4930 PreStop hook is executed. Regardless of the outcome of the handler, the 4931 container will eventually terminate within the Pod's termination grace 4932 period (unless delayed by finalizers). Other management of the container blocks until the hook completes 4933 or until the termination grace period is reached. 4934 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 4935 type: object 4936 properties: 4937 exec: 4938 description: Exec specifies the action to take. 4939 type: object 4940 properties: 4941 command: 4942 description: |- 4943 Command is the command line to execute inside the container, the working directory for the 4944 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4945 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4946 a shell, you need to explicitly call out to that shell. 4947 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4948 type: array 4949 items: 4950 type: string 4951 x-kubernetes-list-type: atomic 4952 httpGet: 4953 description: HTTPGet specifies the http request to perform. 4954 type: object 4955 required: 4956 - port 4957 properties: 4958 host: 4959 description: |- 4960 Host name to connect to, defaults to the pod IP. You probably want to set 4961 "Host" in httpHeaders instead. 4962 type: string 4963 httpHeaders: 4964 description: Custom headers to set in the request. HTTP allows repeated headers. 4965 type: array 4966 items: 4967 description: HTTPHeader describes a custom header to be used in HTTP probes 4968 type: object 4969 required: 4970 - name 4971 - value 4972 properties: 4973 name: 4974 description: |- 4975 The header field name. 4976 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4977 type: string 4978 value: 4979 description: The header field value 4980 type: string 4981 x-kubernetes-list-type: atomic 4982 path: 4983 description: Path to access on the HTTP server. 4984 type: string 4985 port: 4986 description: |- 4987 Name or number of the port to access on the container. 4988 Number must be in the range 1 to 65535. 4989 Name must be an IANA_SVC_NAME. 4990 anyOf: 4991 - type: integer 4992 - type: string 4993 x-kubernetes-int-or-string: true 4994 scheme: 4995 description: |- 4996 Scheme to use for connecting to the host. 4997 Defaults to HTTP. 4998 type: string 4999 sleep: 5000 description: Sleep represents the duration that the container should sleep before being terminated. 5001 type: object 5002 required: 5003 - seconds 5004 properties: 5005 seconds: 5006 description: Seconds is the number of seconds to sleep. 5007 type: integer 5008 format: int64 5009 tcpSocket: 5010 description: |- 5011 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 5012 for the backward compatibility. There are no validation of this field and 5013 lifecycle hooks will fail in runtime when tcp handler is specified. 5014 type: object 5015 required: 5016 - port 5017 properties: 5018 host: 5019 description: 'Optional: Host name to connect to, defaults to the pod IP.' 5020 type: string 5021 port: 5022 description: |- 5023 Number or name of the port to access on the container. 5024 Number must be in the range 1 to 65535. 5025 Name must be an IANA_SVC_NAME. 5026 anyOf: 5027 - type: integer 5028 - type: string 5029 x-kubernetes-int-or-string: true 5030 livenessProbe: 5031 description: |- 5032 Periodic probe of container liveness. 5033 Container will be restarted if the probe fails. 5034 Cannot be updated. 5035 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5036 type: object 5037 properties: 5038 exec: 5039 description: Exec specifies the action to take. 5040 type: object 5041 properties: 5042 command: 5043 description: |- 5044 Command is the command line to execute inside the container, the working directory for the 5045 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 5046 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 5047 a shell, you need to explicitly call out to that shell. 5048 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 5049 type: array 5050 items: 5051 type: string 5052 x-kubernetes-list-type: atomic 5053 failureThreshold: 5054 description: |- 5055 Minimum consecutive failures for the probe to be considered failed after having succeeded. 5056 Defaults to 3. Minimum value is 1. 5057 type: integer 5058 format: int32 5059 grpc: 5060 description: GRPC specifies an action involving a GRPC port. 5061 type: object 5062 required: 5063 - port 5064 properties: 5065 port: 5066 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 5067 type: integer 5068 format: int32 5069 service: 5070 description: |- 5071 Service is the name of the service to place in the gRPC HealthCheckRequest 5072 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5073 5074 If this is not specified, the default behavior is defined by gRPC. 5075 type: string 5076 default: "" 5077 httpGet: 5078 description: HTTPGet specifies the http request to perform. 5079 type: object 5080 required: 5081 - port 5082 properties: 5083 host: 5084 description: |- 5085 Host name to connect to, defaults to the pod IP. You probably want to set 5086 "Host" in httpHeaders instead. 5087 type: string 5088 httpHeaders: 5089 description: Custom headers to set in the request. HTTP allows repeated headers. 5090 type: array 5091 items: 5092 description: HTTPHeader describes a custom header to be used in HTTP probes 5093 type: object 5094 required: 5095 - name 5096 - value 5097 properties: 5098 name: 5099 description: |- 5100 The header field name. 5101 This will be canonicalized upon output, so case-variant names will be understood as the same header. 5102 type: string 5103 value: 5104 description: The header field value 5105 type: string 5106 x-kubernetes-list-type: atomic 5107 path: 5108 description: Path to access on the HTTP server. 5109 type: string 5110 port: 5111 description: |- 5112 Name or number of the port to access on the container. 5113 Number must be in the range 1 to 65535. 5114 Name must be an IANA_SVC_NAME. 5115 anyOf: 5116 - type: integer 5117 - type: string 5118 x-kubernetes-int-or-string: true 5119 scheme: 5120 description: |- 5121 Scheme to use for connecting to the host. 5122 Defaults to HTTP. 5123 type: string 5124 initialDelaySeconds: 5125 description: |- 5126 Number of seconds after the container has started before liveness probes are initiated. 5127 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5128 type: integer 5129 format: int32 5130 periodSeconds: 5131 description: |- 5132 How often (in seconds) to perform the probe. 5133 Default to 10 seconds. Minimum value is 1. 5134 type: integer 5135 format: int32 5136 successThreshold: 5137 description: |- 5138 Minimum consecutive successes for the probe to be considered successful after having failed. 5139 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 5140 type: integer 5141 format: int32 5142 tcpSocket: 5143 description: TCPSocket specifies an action involving a TCP port. 5144 type: object 5145 required: 5146 - port 5147 properties: 5148 host: 5149 description: 'Optional: Host name to connect to, defaults to the pod IP.' 5150 type: string 5151 port: 5152 description: |- 5153 Number or name of the port to access on the container. 5154 Number must be in the range 1 to 65535. 5155 Name must be an IANA_SVC_NAME. 5156 anyOf: 5157 - type: integer 5158 - type: string 5159 x-kubernetes-int-or-string: true 5160 terminationGracePeriodSeconds: 5161 description: |- 5162 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 5163 The grace period is the duration in seconds after the processes running in the pod are sent 5164 a termination signal and the time when the processes are forcibly halted with a kill signal. 5165 Set this value longer than the expected cleanup time for your process. 5166 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 5167 value overrides the value provided by the pod spec. 5168 Value must be non-negative integer. The value zero indicates stop immediately via 5169 the kill signal (no opportunity to shut down). 5170 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 5171 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 5172 type: integer 5173 format: int64 5174 timeoutSeconds: 5175 description: |- 5176 Number of seconds after which the probe times out. 5177 Defaults to 1 second. Minimum value is 1. 5178 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5179 type: integer 5180 format: int32 5181 name: 5182 description: |- 5183 Name of the container specified as a DNS_LABEL. 5184 Each container in a pod must have a unique name (DNS_LABEL). 5185 Cannot be updated. 5186 type: string 5187 ports: 5188 description: |- 5189 List of ports to expose from the container. Not specifying a port here 5190 DOES NOT prevent that port from being exposed. Any port which is 5191 listening on the default "0.0.0.0" address inside a container will be 5192 accessible from the network. 5193 Modifying this array with strategic merge patch may corrupt the data. 5194 For more information See https://github.com/kubernetes/kubernetes/issues/108255. 5195 Cannot be updated. 5196 type: array 5197 items: 5198 description: ContainerPort represents a network port in a single container. 5199 type: object 5200 required: 5201 - containerPort 5202 properties: 5203 containerPort: 5204 description: |- 5205 Number of port to expose on the pod's IP address. 5206 This must be a valid port number, 0 < x < 65536. 5207 type: integer 5208 format: int32 5209 hostIP: 5210 description: What host IP to bind the external port to. 5211 type: string 5212 hostPort: 5213 description: |- 5214 Number of port to expose on the host. 5215 If specified, this must be a valid port number, 0 < x < 65536. 5216 If HostNetwork is specified, this must match ContainerPort. 5217 Most containers do not need this. 5218 type: integer 5219 format: int32 5220 name: 5221 description: |- 5222 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 5223 named port in a pod must have a unique name. Name for the port that can be 5224 referred to by services. 5225 type: string 5226 protocol: 5227 description: |- 5228 Protocol for port. Must be UDP, TCP, or SCTP. 5229 Defaults to "TCP". 5230 type: string 5231 default: TCP 5232 x-kubernetes-list-map-keys: 5233 - containerPort 5234 - protocol 5235 x-kubernetes-list-type: map 5236 readinessProbe: 5237 description: |- 5238 Periodic probe of container service readiness. 5239 Container will be removed from service endpoints if the probe fails. 5240 Cannot be updated. 5241 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5242 type: object 5243 properties: 5244 exec: 5245 description: Exec specifies the action to take. 5246 type: object 5247 properties: 5248 command: 5249 description: |- 5250 Command is the command line to execute inside the container, the working directory for the 5251 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 5252 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 5253 a shell, you need to explicitly call out to that shell. 5254 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 5255 type: array 5256 items: 5257 type: string 5258 x-kubernetes-list-type: atomic 5259 failureThreshold: 5260 description: |- 5261 Minimum consecutive failures for the probe to be considered failed after having succeeded. 5262 Defaults to 3. Minimum value is 1. 5263 type: integer 5264 format: int32 5265 grpc: 5266 description: GRPC specifies an action involving a GRPC port. 5267 type: object 5268 required: 5269 - port 5270 properties: 5271 port: 5272 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 5273 type: integer 5274 format: int32 5275 service: 5276 description: |- 5277 Service is the name of the service to place in the gRPC HealthCheckRequest 5278 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5279 5280 If this is not specified, the default behavior is defined by gRPC. 5281 type: string 5282 default: "" 5283 httpGet: 5284 description: HTTPGet specifies the http request to perform. 5285 type: object 5286 required: 5287 - port 5288 properties: 5289 host: 5290 description: |- 5291 Host name to connect to, defaults to the pod IP. You probably want to set 5292 "Host" in httpHeaders instead. 5293 type: string 5294 httpHeaders: 5295 description: Custom headers to set in the request. HTTP allows repeated headers. 5296 type: array 5297 items: 5298 description: HTTPHeader describes a custom header to be used in HTTP probes 5299 type: object 5300 required: 5301 - name 5302 - value 5303 properties: 5304 name: 5305 description: |- 5306 The header field name. 5307 This will be canonicalized upon output, so case-variant names will be understood as the same header. 5308 type: string 5309 value: 5310 description: The header field value 5311 type: string 5312 x-kubernetes-list-type: atomic 5313 path: 5314 description: Path to access on the HTTP server. 5315 type: string 5316 port: 5317 description: |- 5318 Name or number of the port to access on the container. 5319 Number must be in the range 1 to 65535. 5320 Name must be an IANA_SVC_NAME. 5321 anyOf: 5322 - type: integer 5323 - type: string 5324 x-kubernetes-int-or-string: true 5325 scheme: 5326 description: |- 5327 Scheme to use for connecting to the host. 5328 Defaults to HTTP. 5329 type: string 5330 initialDelaySeconds: 5331 description: |- 5332 Number of seconds after the container has started before liveness probes are initiated. 5333 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5334 type: integer 5335 format: int32 5336 periodSeconds: 5337 description: |- 5338 How often (in seconds) to perform the probe. 5339 Default to 10 seconds. Minimum value is 1. 5340 type: integer 5341 format: int32 5342 successThreshold: 5343 description: |- 5344 Minimum consecutive successes for the probe to be considered successful after having failed. 5345 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 5346 type: integer 5347 format: int32 5348 tcpSocket: 5349 description: TCPSocket specifies an action involving a TCP port. 5350 type: object 5351 required: 5352 - port 5353 properties: 5354 host: 5355 description: 'Optional: Host name to connect to, defaults to the pod IP.' 5356 type: string 5357 port: 5358 description: |- 5359 Number or name of the port to access on the container. 5360 Number must be in the range 1 to 65535. 5361 Name must be an IANA_SVC_NAME. 5362 anyOf: 5363 - type: integer 5364 - type: string 5365 x-kubernetes-int-or-string: true 5366 terminationGracePeriodSeconds: 5367 description: |- 5368 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 5369 The grace period is the duration in seconds after the processes running in the pod are sent 5370 a termination signal and the time when the processes are forcibly halted with a kill signal. 5371 Set this value longer than the expected cleanup time for your process. 5372 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 5373 value overrides the value provided by the pod spec. 5374 Value must be non-negative integer. The value zero indicates stop immediately via 5375 the kill signal (no opportunity to shut down). 5376 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 5377 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 5378 type: integer 5379 format: int64 5380 timeoutSeconds: 5381 description: |- 5382 Number of seconds after which the probe times out. 5383 Defaults to 1 second. Minimum value is 1. 5384 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5385 type: integer 5386 format: int32 5387 resizePolicy: 5388 description: Resources resize policy for the container. 5389 type: array 5390 items: 5391 description: ContainerResizePolicy represents resource resize policy for the container. 5392 type: object 5393 required: 5394 - resourceName 5395 - restartPolicy 5396 properties: 5397 resourceName: 5398 description: |- 5399 Name of the resource to which this resource resize policy applies. 5400 Supported values: cpu, memory. 5401 type: string 5402 restartPolicy: 5403 description: |- 5404 Restart policy to apply when specified resource is resized. 5405 If not specified, it defaults to NotRequired. 5406 type: string 5407 x-kubernetes-list-type: atomic 5408 resources: 5409 description: |- 5410 Compute Resources required by this container. 5411 Cannot be updated. 5412 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 5413 type: object 5414 properties: 5415 claims: 5416 description: |- 5417 Claims lists the names of resources, defined in spec.resourceClaims, 5418 that are used by this container. 5419 5420 This is an alpha field and requires enabling the 5421 DynamicResourceAllocation feature gate. 5422 5423 This field is immutable. It can only be set for containers. 5424 type: array 5425 items: 5426 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 5427 type: object 5428 required: 5429 - name 5430 properties: 5431 name: 5432 description: |- 5433 Name must match the name of one entry in pod.spec.resourceClaims of 5434 the Pod where this field is used. It makes that resource available 5435 inside a container. 5436 type: string 5437 request: 5438 description: |- 5439 Request is the name chosen for a request in the referenced claim. 5440 If empty, everything from the claim is made available, otherwise 5441 only the result of this request. 5442 type: string 5443 x-kubernetes-list-map-keys: 5444 - name 5445 x-kubernetes-list-type: map 5446 limits: 5447 description: |- 5448 Limits describes the maximum amount of compute resources allowed. 5449 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 5450 type: object 5451 additionalProperties: 5452 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5453 anyOf: 5454 - type: integer 5455 - type: string 5456 x-kubernetes-int-or-string: true 5457 requests: 5458 description: |- 5459 Requests describes the minimum amount of compute resources required. 5460 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 5461 otherwise to an implementation-defined value. Requests cannot exceed Limits. 5462 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 5463 type: object 5464 additionalProperties: 5465 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5466 anyOf: 5467 - type: integer 5468 - type: string 5469 x-kubernetes-int-or-string: true 5470 restartPolicy: 5471 description: |- 5472 RestartPolicy defines the restart behavior of individual containers in a pod. 5473 This field may only be set for init containers, and the only allowed value is "Always". 5474 For non-init containers or when this field is not specified, 5475 the restart behavior is defined by the Pod's restart policy and the container type. 5476 Setting the RestartPolicy as "Always" for the init container will have the following effect: 5477 this init container will be continually restarted on 5478 exit until all regular containers have terminated. Once all regular 5479 containers have completed, all init containers with restartPolicy "Always" 5480 will be shut down. This lifecycle differs from normal init containers and 5481 is often referred to as a "sidecar" container. Although this init 5482 container still starts in the init container sequence, it does not wait 5483 for the container to complete before proceeding to the next init 5484 container. Instead, the next init container starts immediately after this 5485 init container is started, or after any startupProbe has successfully 5486 completed. 5487 type: string 5488 securityContext: 5489 description: |- 5490 SecurityContext defines the security options the container should be run with. 5491 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. 5492 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 5493 type: object 5494 properties: 5495 allowPrivilegeEscalation: 5496 description: |- 5497 AllowPrivilegeEscalation controls whether a process can gain more 5498 privileges than its parent process. This bool directly controls if 5499 the no_new_privs flag will be set on the container process. 5500 AllowPrivilegeEscalation is true always when the container is: 5501 1) run as Privileged 5502 2) has CAP_SYS_ADMIN 5503 Note that this field cannot be set when spec.os.name is windows. 5504 type: boolean 5505 appArmorProfile: 5506 description: |- 5507 appArmorProfile is the AppArmor options to use by this container. If set, this profile 5508 overrides the pod's appArmorProfile. 5509 Note that this field cannot be set when spec.os.name is windows. 5510 type: object 5511 required: 5512 - type 5513 properties: 5514 localhostProfile: 5515 description: |- 5516 localhostProfile indicates a profile loaded on the node that should be used. 5517 The profile must be preconfigured on the node to work. 5518 Must match the loaded name of the profile. 5519 Must be set if and only if type is "Localhost". 5520 type: string 5521 type: 5522 description: |- 5523 type indicates which kind of AppArmor profile will be applied. 5524 Valid options are: 5525 Localhost - a profile pre-loaded on the node. 5526 RuntimeDefault - the container runtime's default profile. 5527 Unconfined - no AppArmor enforcement. 5528 type: string 5529 capabilities: 5530 description: |- 5531 The capabilities to add/drop when running containers. 5532 Defaults to the default set of capabilities granted by the container runtime. 5533 Note that this field cannot be set when spec.os.name is windows. 5534 type: object 5535 properties: 5536 add: 5537 description: Added capabilities 5538 type: array 5539 items: 5540 description: Capability represent POSIX capabilities type 5541 type: string 5542 x-kubernetes-list-type: atomic 5543 drop: 5544 description: Removed capabilities 5545 type: array 5546 items: 5547 description: Capability represent POSIX capabilities type 5548 type: string 5549 x-kubernetes-list-type: atomic 5550 privileged: 5551 description: |- 5552 Run container in privileged mode. 5553 Processes in privileged containers are essentially equivalent to root on the host. 5554 Defaults to false. 5555 Note that this field cannot be set when spec.os.name is windows. 5556 type: boolean 5557 procMount: 5558 description: |- 5559 procMount denotes the type of proc mount to use for the containers. 5560 The default value is Default which uses the container runtime defaults for 5561 readonly paths and masked paths. 5562 This requires the ProcMountType feature flag to be enabled. 5563 Note that this field cannot be set when spec.os.name is windows. 5564 type: string 5565 readOnlyRootFilesystem: 5566 description: |- 5567 Whether this container has a read-only root filesystem. 5568 Default is false. 5569 Note that this field cannot be set when spec.os.name is windows. 5570 type: boolean 5571 runAsGroup: 5572 description: |- 5573 The GID to run the entrypoint of the container process. 5574 Uses runtime default if unset. 5575 May also be set in PodSecurityContext. If set in both SecurityContext and 5576 PodSecurityContext, the value specified in SecurityContext takes precedence. 5577 Note that this field cannot be set when spec.os.name is windows. 5578 type: integer 5579 format: int64 5580 runAsNonRoot: 5581 description: |- 5582 Indicates that the container must run as a non-root user. 5583 If true, the Kubelet will validate the image at runtime to ensure that it 5584 does not run as UID 0 (root) and fail to start the container if it does. 5585 If unset or false, no such validation will be performed. 5586 May also be set in PodSecurityContext. If set in both SecurityContext and 5587 PodSecurityContext, the value specified in SecurityContext takes precedence. 5588 type: boolean 5589 runAsUser: 5590 description: |- 5591 The UID to run the entrypoint of the container process. 5592 Defaults to user specified in image metadata if unspecified. 5593 May also be set in PodSecurityContext. If set in both SecurityContext and 5594 PodSecurityContext, the value specified in SecurityContext takes precedence. 5595 Note that this field cannot be set when spec.os.name is windows. 5596 type: integer 5597 format: int64 5598 seLinuxOptions: 5599 description: |- 5600 The SELinux context to be applied to the container. 5601 If unspecified, the container runtime will allocate a random SELinux context for each 5602 container. May also be set in PodSecurityContext. If set in both SecurityContext and 5603 PodSecurityContext, the value specified in SecurityContext takes precedence. 5604 Note that this field cannot be set when spec.os.name is windows. 5605 type: object 5606 properties: 5607 level: 5608 description: Level is SELinux level label that applies to the container. 5609 type: string 5610 role: 5611 description: Role is a SELinux role label that applies to the container. 5612 type: string 5613 type: 5614 description: Type is a SELinux type label that applies to the container. 5615 type: string 5616 user: 5617 description: User is a SELinux user label that applies to the container. 5618 type: string 5619 seccompProfile: 5620 description: |- 5621 The seccomp options to use by this container. If seccomp options are 5622 provided at both the pod & container level, the container options 5623 override the pod options. 5624 Note that this field cannot be set when spec.os.name is windows. 5625 type: object 5626 required: 5627 - type 5628 properties: 5629 localhostProfile: 5630 description: |- 5631 localhostProfile indicates a profile defined in a file on the node should be used. 5632 The profile must be preconfigured on the node to work. 5633 Must be a descending path, relative to the kubelet's configured seccomp profile location. 5634 Must be set if type is "Localhost". Must NOT be set for any other type. 5635 type: string 5636 type: 5637 description: |- 5638 type indicates which kind of seccomp profile will be applied. 5639 Valid options are: 5640 5641 Localhost - a profile defined in a file on the node should be used. 5642 RuntimeDefault - the container runtime default profile should be used. 5643 Unconfined - no profile should be applied. 5644 type: string 5645 windowsOptions: 5646 description: |- 5647 The Windows specific settings applied to all containers. 5648 If unspecified, the options from the PodSecurityContext will be used. 5649 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 5650 Note that this field cannot be set when spec.os.name is linux. 5651 type: object 5652 properties: 5653 gmsaCredentialSpec: 5654 description: |- 5655 GMSACredentialSpec is where the GMSA admission webhook 5656 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 5657 GMSA credential spec named by the GMSACredentialSpecName field. 5658 type: string 5659 gmsaCredentialSpecName: 5660 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 5661 type: string 5662 hostProcess: 5663 description: |- 5664 HostProcess determines if a container should be run as a 'Host Process' container. 5665 All of a Pod's containers must have the same effective HostProcess value 5666 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 5667 In addition, if HostProcess is true then HostNetwork must also be set to true. 5668 type: boolean 5669 runAsUserName: 5670 description: |- 5671 The UserName in Windows to run the entrypoint of the container process. 5672 Defaults to the user specified in image metadata if unspecified. 5673 May also be set in PodSecurityContext. If set in both SecurityContext and 5674 PodSecurityContext, the value specified in SecurityContext takes precedence. 5675 type: string 5676 startupProbe: 5677 description: |- 5678 StartupProbe indicates that the Pod has successfully initialized. 5679 If specified, no other probes are executed until this completes successfully. 5680 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. 5681 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, 5682 when it might take a long time to load data or warm a cache, than during steady-state operation. 5683 This cannot be updated. 5684 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5685 type: object 5686 properties: 5687 exec: 5688 description: Exec specifies the action to take. 5689 type: object 5690 properties: 5691 command: 5692 description: |- 5693 Command is the command line to execute inside the container, the working directory for the 5694 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 5695 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 5696 a shell, you need to explicitly call out to that shell. 5697 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 5698 type: array 5699 items: 5700 type: string 5701 x-kubernetes-list-type: atomic 5702 failureThreshold: 5703 description: |- 5704 Minimum consecutive failures for the probe to be considered failed after having succeeded. 5705 Defaults to 3. Minimum value is 1. 5706 type: integer 5707 format: int32 5708 grpc: 5709 description: GRPC specifies an action involving a GRPC port. 5710 type: object 5711 required: 5712 - port 5713 properties: 5714 port: 5715 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 5716 type: integer 5717 format: int32 5718 service: 5719 description: |- 5720 Service is the name of the service to place in the gRPC HealthCheckRequest 5721 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5722 5723 If this is not specified, the default behavior is defined by gRPC. 5724 type: string 5725 default: "" 5726 httpGet: 5727 description: HTTPGet specifies the http request to perform. 5728 type: object 5729 required: 5730 - port 5731 properties: 5732 host: 5733 description: |- 5734 Host name to connect to, defaults to the pod IP. You probably want to set 5735 "Host" in httpHeaders instead. 5736 type: string 5737 httpHeaders: 5738 description: Custom headers to set in the request. HTTP allows repeated headers. 5739 type: array 5740 items: 5741 description: HTTPHeader describes a custom header to be used in HTTP probes 5742 type: object 5743 required: 5744 - name 5745 - value 5746 properties: 5747 name: 5748 description: |- 5749 The header field name. 5750 This will be canonicalized upon output, so case-variant names will be understood as the same header. 5751 type: string 5752 value: 5753 description: The header field value 5754 type: string 5755 x-kubernetes-list-type: atomic 5756 path: 5757 description: Path to access on the HTTP server. 5758 type: string 5759 port: 5760 description: |- 5761 Name or number of the port to access on the container. 5762 Number must be in the range 1 to 65535. 5763 Name must be an IANA_SVC_NAME. 5764 anyOf: 5765 - type: integer 5766 - type: string 5767 x-kubernetes-int-or-string: true 5768 scheme: 5769 description: |- 5770 Scheme to use for connecting to the host. 5771 Defaults to HTTP. 5772 type: string 5773 initialDelaySeconds: 5774 description: |- 5775 Number of seconds after the container has started before liveness probes are initiated. 5776 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5777 type: integer 5778 format: int32 5779 periodSeconds: 5780 description: |- 5781 How often (in seconds) to perform the probe. 5782 Default to 10 seconds. Minimum value is 1. 5783 type: integer 5784 format: int32 5785 successThreshold: 5786 description: |- 5787 Minimum consecutive successes for the probe to be considered successful after having failed. 5788 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 5789 type: integer 5790 format: int32 5791 tcpSocket: 5792 description: TCPSocket specifies an action involving a TCP port. 5793 type: object 5794 required: 5795 - port 5796 properties: 5797 host: 5798 description: 'Optional: Host name to connect to, defaults to the pod IP.' 5799 type: string 5800 port: 5801 description: |- 5802 Number or name of the port to access on the container. 5803 Number must be in the range 1 to 65535. 5804 Name must be an IANA_SVC_NAME. 5805 anyOf: 5806 - type: integer 5807 - type: string 5808 x-kubernetes-int-or-string: true 5809 terminationGracePeriodSeconds: 5810 description: |- 5811 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 5812 The grace period is the duration in seconds after the processes running in the pod are sent 5813 a termination signal and the time when the processes are forcibly halted with a kill signal. 5814 Set this value longer than the expected cleanup time for your process. 5815 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 5816 value overrides the value provided by the pod spec. 5817 Value must be non-negative integer. The value zero indicates stop immediately via 5818 the kill signal (no opportunity to shut down). 5819 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 5820 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 5821 type: integer 5822 format: int64 5823 timeoutSeconds: 5824 description: |- 5825 Number of seconds after which the probe times out. 5826 Defaults to 1 second. Minimum value is 1. 5827 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5828 type: integer 5829 format: int32 5830 stdin: 5831 description: |- 5832 Whether this container should allocate a buffer for stdin in the container runtime. If this 5833 is not set, reads from stdin in the container will always result in EOF. 5834 Default is false. 5835 type: boolean 5836 stdinOnce: 5837 description: |- 5838 Whether the container runtime should close the stdin channel after it has been opened by 5839 a single attach. When stdin is true the stdin stream will remain open across multiple attach 5840 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 5841 first client attaches to stdin, and then remains open and accepts data until the client disconnects, 5842 at which time stdin is closed and remains closed until the container is restarted. If this 5843 flag is false, a container processes that reads from stdin will never receive an EOF. 5844 Default is false 5845 type: boolean 5846 terminationMessagePath: 5847 description: |- 5848 Optional: Path at which the file to which the container's termination message 5849 will be written is mounted into the container's filesystem. 5850 Message written is intended to be brief final status, such as an assertion failure message. 5851 Will be truncated by the node if greater than 4096 bytes. The total message length across 5852 all containers will be limited to 12kb. 5853 Defaults to /dev/termination-log. 5854 Cannot be updated. 5855 type: string 5856 terminationMessagePolicy: 5857 description: |- 5858 Indicate how the termination message should be populated. File will use the contents of 5859 terminationMessagePath to populate the container status message on both success and failure. 5860 FallbackToLogsOnError will use the last chunk of container log output if the termination 5861 message file is empty and the container exited with an error. 5862 The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 5863 Defaults to File. 5864 Cannot be updated. 5865 type: string 5866 tty: 5867 description: |- 5868 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 5869 Default is false. 5870 type: boolean 5871 volumeDevices: 5872 description: volumeDevices is the list of block devices to be used by the container. 5873 type: array 5874 items: 5875 description: volumeDevice describes a mapping of a raw block device within a container. 5876 type: object 5877 required: 5878 - devicePath 5879 - name 5880 properties: 5881 devicePath: 5882 description: devicePath is the path inside of the container that the device will be mapped to. 5883 type: string 5884 name: 5885 description: name must match the name of a persistentVolumeClaim in the pod 5886 type: string 5887 x-kubernetes-list-map-keys: 5888 - devicePath 5889 x-kubernetes-list-type: map 5890 volumeMounts: 5891 description: |- 5892 Pod volumes to mount into the container's filesystem. 5893 Cannot be updated. 5894 type: array 5895 items: 5896 description: VolumeMount describes a mounting of a Volume within a container. 5897 type: object 5898 required: 5899 - mountPath 5900 - name 5901 properties: 5902 mountPath: 5903 description: |- 5904 Path within the container at which the volume should be mounted. Must 5905 not contain ':'. 5906 type: string 5907 mountPropagation: 5908 description: |- 5909 mountPropagation determines how mounts are propagated from the host 5910 to container and the other way around. 5911 When not set, MountPropagationNone is used. 5912 This field is beta in 1.10. 5913 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified 5914 (which defaults to None). 5915 type: string 5916 name: 5917 description: This must match the Name of a Volume. 5918 type: string 5919 readOnly: 5920 description: |- 5921 Mounted read-only if true, read-write otherwise (false or unspecified). 5922 Defaults to false. 5923 type: boolean 5924 recursiveReadOnly: 5925 description: |- 5926 RecursiveReadOnly specifies whether read-only mounts should be handled 5927 recursively. 5928 5929 If ReadOnly is false, this field has no meaning and must be unspecified. 5930 5931 If ReadOnly is true, and this field is set to Disabled, the mount is not made 5932 recursively read-only. If this field is set to IfPossible, the mount is made 5933 recursively read-only, if it is supported by the container runtime. If this 5934 field is set to Enabled, the mount is made recursively read-only if it is 5935 supported by the container runtime, otherwise the pod will not be started and 5936 an error will be generated to indicate the reason. 5937 5938 If this field is set to IfPossible or Enabled, MountPropagation must be set to 5939 None (or be unspecified, which defaults to None). 5940 5941 If this field is not specified, it is treated as an equivalent of Disabled. 5942 type: string 5943 subPath: 5944 description: |- 5945 Path within the volume from which the container's volume should be mounted. 5946 Defaults to "" (volume's root). 5947 type: string 5948 subPathExpr: 5949 description: |- 5950 Expanded path within the volume from which the container's volume should be mounted. 5951 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. 5952 Defaults to "" (volume's root). 5953 SubPathExpr and SubPath are mutually exclusive. 5954 type: string 5955 x-kubernetes-list-map-keys: 5956 - mountPath 5957 x-kubernetes-list-type: map 5958 workingDir: 5959 description: |- 5960 Container's working directory. 5961 If not specified, the container runtime's default will be used, which 5962 might be configured in the container image. 5963 Cannot be updated. 5964 type: string 5965 x-kubernetes-list-map-keys: 5966 - name 5967 x-kubernetes-list-type: map 5968 nodeName: 5969 description: |- 5970 NodeName indicates in which node this pod is scheduled. 5971 If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. 5972 Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. 5973 This field should not be used to express a desire for the pod to be scheduled on a specific node. 5974 https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename 5975 type: string 5976 nodeSelector: 5977 description: |- 5978 NodeSelector is a selector which must be true for the pod to fit on a node. 5979 Selector which must match a node's labels for the pod to be scheduled on that node. 5980 More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ 5981 type: object 5982 additionalProperties: 5983 type: string 5984 x-kubernetes-map-type: atomic 5985 os: 5986 description: |- 5987 Specifies the OS of the containers in the pod. 5988 Some pod and container fields are restricted if this is set. 5989 5990 If the OS field is set to linux, the following fields must be unset: 5991 -securityContext.windowsOptions 5992 5993 If the OS field is set to windows, following fields must be unset: 5994 - spec.hostPID 5995 - spec.hostIPC 5996 - spec.hostUsers 5997 - spec.securityContext.appArmorProfile 5998 - spec.securityContext.seLinuxOptions 5999 - spec.securityContext.seccompProfile 6000 - spec.securityContext.fsGroup 6001 - spec.securityContext.fsGroupChangePolicy 6002 - spec.securityContext.sysctls 6003 - spec.shareProcessNamespace 6004 - spec.securityContext.runAsUser 6005 - spec.securityContext.runAsGroup 6006 - spec.securityContext.supplementalGroups 6007 - spec.securityContext.supplementalGroupsPolicy 6008 - spec.containers[*].securityContext.appArmorProfile 6009 - spec.containers[*].securityContext.seLinuxOptions 6010 - spec.containers[*].securityContext.seccompProfile 6011 - spec.containers[*].securityContext.capabilities 6012 - spec.containers[*].securityContext.readOnlyRootFilesystem 6013 - spec.containers[*].securityContext.privileged 6014 - spec.containers[*].securityContext.allowPrivilegeEscalation 6015 - spec.containers[*].securityContext.procMount 6016 - spec.containers[*].securityContext.runAsUser 6017 - spec.containers[*].securityContext.runAsGroup 6018 type: object 6019 required: 6020 - name 6021 properties: 6022 name: 6023 description: |- 6024 Name is the name of the operating system. The currently supported values are linux and windows. 6025 Additional value may be defined in future and can be one of: 6026 https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration 6027 Clients should expect to handle additional values and treat unrecognized values in this field as os: null 6028 type: string 6029 overhead: 6030 description: |- 6031 Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. 6032 This field will be autopopulated at admission time by the RuntimeClass admission controller. If 6033 the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. 6034 The RuntimeClass admission controller will reject Pod create requests which have the overhead already 6035 set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value 6036 defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. 6037 More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md 6038 type: object 6039 additionalProperties: 6040 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6041 anyOf: 6042 - type: integer 6043 - type: string 6044 x-kubernetes-int-or-string: true 6045 preemptionPolicy: 6046 description: |- 6047 PreemptionPolicy is the Policy for preempting pods with lower priority. 6048 One of Never, PreemptLowerPriority. 6049 Defaults to PreemptLowerPriority if unset. 6050 type: string 6051 priority: 6052 description: |- 6053 The priority value. Various system components use this field to find the 6054 priority of the pod. When Priority Admission Controller is enabled, it 6055 prevents users from setting this field. The admission controller populates 6056 this field from PriorityClassName. 6057 The higher the value, the higher the priority. 6058 type: integer 6059 format: int32 6060 priorityClassName: 6061 description: |- 6062 If specified, indicates the pod's priority. "system-node-critical" and 6063 "system-cluster-critical" are two special keywords which indicate the 6064 highest priorities with the former being the highest priority. Any other 6065 name must be defined by creating a PriorityClass object with that name. 6066 If not specified, the pod priority will be default or zero if there is no 6067 default. 6068 type: string 6069 readinessGates: 6070 description: |- 6071 If specified, all readiness gates will be evaluated for pod readiness. 6072 A pod is ready when all its containers are ready AND 6073 all conditions specified in the readiness gates have status equal to "True" 6074 More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates 6075 type: array 6076 items: 6077 description: PodReadinessGate contains the reference to a pod condition 6078 type: object 6079 required: 6080 - conditionType 6081 properties: 6082 conditionType: 6083 description: ConditionType refers to a condition in the pod's condition list with matching type. 6084 type: string 6085 x-kubernetes-list-type: atomic 6086 resourceClaims: 6087 description: |- 6088 ResourceClaims defines which ResourceClaims must be allocated 6089 and reserved before the Pod is allowed to start. The resources 6090 will be made available to those containers which consume them 6091 by name. 6092 6093 This is an alpha field and requires enabling the 6094 DynamicResourceAllocation feature gate. 6095 6096 This field is immutable. 6097 type: array 6098 items: 6099 description: |- 6100 PodResourceClaim references exactly one ResourceClaim, either directly 6101 or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim 6102 for the pod. 6103 6104 It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. 6105 Containers that need access to the ResourceClaim reference it with this name. 6106 type: object 6107 required: 6108 - name 6109 properties: 6110 name: 6111 description: |- 6112 Name uniquely identifies this resource claim inside the pod. 6113 This must be a DNS_LABEL. 6114 type: string 6115 resourceClaimName: 6116 description: |- 6117 ResourceClaimName is the name of a ResourceClaim object in the same 6118 namespace as this pod. 6119 6120 Exactly one of ResourceClaimName and ResourceClaimTemplateName must 6121 be set. 6122 type: string 6123 resourceClaimTemplateName: 6124 description: |- 6125 ResourceClaimTemplateName is the name of a ResourceClaimTemplate 6126 object in the same namespace as this pod. 6127 6128 The template will be used to create a new ResourceClaim, which will 6129 be bound to this pod. When this pod is deleted, the ResourceClaim 6130 will also be deleted. The pod name and resource name, along with a 6131 generated component, will be used to form a unique name for the 6132 ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 6133 6134 This field is immutable and no changes will be made to the 6135 corresponding ResourceClaim by the control plane after creating the 6136 ResourceClaim. 6137 6138 Exactly one of ResourceClaimName and ResourceClaimTemplateName must 6139 be set. 6140 type: string 6141 x-kubernetes-list-map-keys: 6142 - name 6143 x-kubernetes-list-type: map 6144 restartPolicy: 6145 description: |- 6146 Restart policy for all containers within the pod. 6147 One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. 6148 Default to Always. 6149 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 6150 type: string 6151 runtimeClassName: 6152 description: |- 6153 RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used 6154 to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. 6155 If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an 6156 empty definition that uses the default runtime handler. 6157 More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class 6158 type: string 6159 schedulerName: 6160 description: |- 6161 If specified, the pod will be dispatched by specified scheduler. 6162 If not specified, the pod will be dispatched by default scheduler. 6163 type: string 6164 schedulingGates: 6165 description: |- 6166 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. 6167 If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the 6168 scheduler will not attempt to schedule the pod. 6169 6170 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 6171 type: array 6172 items: 6173 description: PodSchedulingGate is associated to a Pod to guard its scheduling. 6174 type: object 6175 required: 6176 - name 6177 properties: 6178 name: 6179 description: |- 6180 Name of the scheduling gate. 6181 Each scheduling gate must have a unique name field. 6182 type: string 6183 x-kubernetes-list-map-keys: 6184 - name 6185 x-kubernetes-list-type: map 6186 securityContext: 6187 description: |- 6188 SecurityContext holds pod-level security attributes and common container settings. 6189 Optional: Defaults to empty. See type description for default values of each field. 6190 type: object 6191 properties: 6192 appArmorProfile: 6193 description: |- 6194 appArmorProfile is the AppArmor options to use by the containers in this pod. 6195 Note that this field cannot be set when spec.os.name is windows. 6196 type: object 6197 required: 6198 - type 6199 properties: 6200 localhostProfile: 6201 description: |- 6202 localhostProfile indicates a profile loaded on the node that should be used. 6203 The profile must be preconfigured on the node to work. 6204 Must match the loaded name of the profile. 6205 Must be set if and only if type is "Localhost". 6206 type: string 6207 type: 6208 description: |- 6209 type indicates which kind of AppArmor profile will be applied. 6210 Valid options are: 6211 Localhost - a profile pre-loaded on the node. 6212 RuntimeDefault - the container runtime's default profile. 6213 Unconfined - no AppArmor enforcement. 6214 type: string 6215 fsGroup: 6216 description: |- 6217 A special supplemental group that applies to all containers in a pod. 6218 Some volume types allow the Kubelet to change the ownership of that volume 6219 to be owned by the pod: 6220 6221 1. The owning GID will be the FSGroup 6222 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 6223 3. The permission bits are OR'd with rw-rw---- 6224 6225 If unset, the Kubelet will not modify the ownership and permissions of any volume. 6226 Note that this field cannot be set when spec.os.name is windows. 6227 type: integer 6228 format: int64 6229 fsGroupChangePolicy: 6230 description: |- 6231 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume 6232 before being exposed inside Pod. This field will only apply to 6233 volume types which support fsGroup based ownership(and permissions). 6234 It will have no effect on ephemeral volume types such as: secret, configmaps 6235 and emptydir. 6236 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. 6237 Note that this field cannot be set when spec.os.name is windows. 6238 type: string 6239 runAsGroup: 6240 description: |- 6241 The GID to run the entrypoint of the container process. 6242 Uses runtime default if unset. 6243 May also be set in SecurityContext. If set in both SecurityContext and 6244 PodSecurityContext, the value specified in SecurityContext takes precedence 6245 for that container. 6246 Note that this field cannot be set when spec.os.name is windows. 6247 type: integer 6248 format: int64 6249 runAsNonRoot: 6250 description: |- 6251 Indicates that the container must run as a non-root user. 6252 If true, the Kubelet will validate the image at runtime to ensure that it 6253 does not run as UID 0 (root) and fail to start the container if it does. 6254 If unset or false, no such validation will be performed. 6255 May also be set in SecurityContext. If set in both SecurityContext and 6256 PodSecurityContext, the value specified in SecurityContext takes precedence. 6257 type: boolean 6258 runAsUser: 6259 description: |- 6260 The UID to run the entrypoint of the container process. 6261 Defaults to user specified in image metadata if unspecified. 6262 May also be set in SecurityContext. If set in both SecurityContext and 6263 PodSecurityContext, the value specified in SecurityContext takes precedence 6264 for that container. 6265 Note that this field cannot be set when spec.os.name is windows. 6266 type: integer 6267 format: int64 6268 seLinuxOptions: 6269 description: |- 6270 The SELinux context to be applied to all containers. 6271 If unspecified, the container runtime will allocate a random SELinux context for each 6272 container. May also be set in SecurityContext. If set in 6273 both SecurityContext and PodSecurityContext, the value specified in SecurityContext 6274 takes precedence for that container. 6275 Note that this field cannot be set when spec.os.name is windows. 6276 type: object 6277 properties: 6278 level: 6279 description: Level is SELinux level label that applies to the container. 6280 type: string 6281 role: 6282 description: Role is a SELinux role label that applies to the container. 6283 type: string 6284 type: 6285 description: Type is a SELinux type label that applies to the container. 6286 type: string 6287 user: 6288 description: User is a SELinux user label that applies to the container. 6289 type: string 6290 seccompProfile: 6291 description: |- 6292 The seccomp options to use by the containers in this pod. 6293 Note that this field cannot be set when spec.os.name is windows. 6294 type: object 6295 required: 6296 - type 6297 properties: 6298 localhostProfile: 6299 description: |- 6300 localhostProfile indicates a profile defined in a file on the node should be used. 6301 The profile must be preconfigured on the node to work. 6302 Must be a descending path, relative to the kubelet's configured seccomp profile location. 6303 Must be set if type is "Localhost". Must NOT be set for any other type. 6304 type: string 6305 type: 6306 description: |- 6307 type indicates which kind of seccomp profile will be applied. 6308 Valid options are: 6309 6310 Localhost - a profile defined in a file on the node should be used. 6311 RuntimeDefault - the container runtime default profile should be used. 6312 Unconfined - no profile should be applied. 6313 type: string 6314 supplementalGroups: 6315 description: |- 6316 A list of groups applied to the first process run in each container, in 6317 addition to the container's primary GID and fsGroup (if specified). If 6318 the SupplementalGroupsPolicy feature is enabled, the 6319 supplementalGroupsPolicy field determines whether these are in addition 6320 to or instead of any group memberships defined in the container image. 6321 If unspecified, no additional groups are added, though group memberships 6322 defined in the container image may still be used, depending on the 6323 supplementalGroupsPolicy field. 6324 Note that this field cannot be set when spec.os.name is windows. 6325 type: array 6326 items: 6327 type: integer 6328 format: int64 6329 x-kubernetes-list-type: atomic 6330 supplementalGroupsPolicy: 6331 description: |- 6332 Defines how supplemental groups of the first container processes are calculated. 6333 Valid values are "Merge" and "Strict". If not specified, "Merge" is used. 6334 (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled 6335 and the container runtime must implement support for this feature. 6336 Note that this field cannot be set when spec.os.name is windows. 6337 type: string 6338 sysctls: 6339 description: |- 6340 Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported 6341 sysctls (by the container runtime) might fail to launch. 6342 Note that this field cannot be set when spec.os.name is windows. 6343 type: array 6344 items: 6345 description: Sysctl defines a kernel parameter to be set 6346 type: object 6347 required: 6348 - name 6349 - value 6350 properties: 6351 name: 6352 description: Name of a property to set 6353 type: string 6354 value: 6355 description: Value of a property to set 6356 type: string 6357 x-kubernetes-list-type: atomic 6358 windowsOptions: 6359 description: |- 6360 The Windows specific settings applied to all containers. 6361 If unspecified, the options within a container's SecurityContext will be used. 6362 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 6363 Note that this field cannot be set when spec.os.name is linux. 6364 type: object 6365 properties: 6366 gmsaCredentialSpec: 6367 description: |- 6368 GMSACredentialSpec is where the GMSA admission webhook 6369 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 6370 GMSA credential spec named by the GMSACredentialSpecName field. 6371 type: string 6372 gmsaCredentialSpecName: 6373 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 6374 type: string 6375 hostProcess: 6376 description: |- 6377 HostProcess determines if a container should be run as a 'Host Process' container. 6378 All of a Pod's containers must have the same effective HostProcess value 6379 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 6380 In addition, if HostProcess is true then HostNetwork must also be set to true. 6381 type: boolean 6382 runAsUserName: 6383 description: |- 6384 The UserName in Windows to run the entrypoint of the container process. 6385 Defaults to the user specified in image metadata if unspecified. 6386 May also be set in PodSecurityContext. If set in both SecurityContext and 6387 PodSecurityContext, the value specified in SecurityContext takes precedence. 6388 type: string 6389 serviceAccount: 6390 description: |- 6391 DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. 6392 Deprecated: Use serviceAccountName instead. 6393 type: string 6394 serviceAccountName: 6395 description: |- 6396 ServiceAccountName is the name of the ServiceAccount to use to run this pod. 6397 More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 6398 type: string 6399 setHostnameAsFQDN: 6400 description: |- 6401 If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). 6402 In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). 6403 In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. 6404 If a pod does not have FQDN, this has no effect. 6405 Default to false. 6406 type: boolean 6407 shareProcessNamespace: 6408 description: |- 6409 Share a single process namespace between all of the containers in a pod. 6410 When this is set containers will be able to view and signal processes from other containers 6411 in the same pod, and the first process in each container will not be assigned PID 1. 6412 HostPID and ShareProcessNamespace cannot both be set. 6413 Optional: Default to false. 6414 type: boolean 6415 subdomain: 6416 description: |- 6417 If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". 6418 If not specified, the pod will not have a domainname at all. 6419 type: string 6420 terminationGracePeriodSeconds: 6421 description: |- 6422 Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. 6423 Value must be non-negative integer. The value zero indicates stop immediately via 6424 the kill signal (no opportunity to shut down). 6425 If this value is nil, the default grace period will be used instead. 6426 The grace period is the duration in seconds after the processes running in the pod are sent 6427 a termination signal and the time when the processes are forcibly halted with a kill signal. 6428 Set this value longer than the expected cleanup time for your process. 6429 Defaults to 30 seconds. 6430 type: integer 6431 format: int64 6432 tolerations: 6433 description: If specified, the pod's tolerations. 6434 type: array 6435 items: 6436 description: |- 6437 The pod this Toleration is attached to tolerates any taint that matches 6438 the triple <key,value,effect> using the matching operator <operator>. 6439 type: object 6440 properties: 6441 effect: 6442 description: |- 6443 Effect indicates the taint effect to match. Empty means match all taint effects. 6444 When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 6445 type: string 6446 key: 6447 description: |- 6448 Key is the taint key that the toleration applies to. Empty means match all taint keys. 6449 If the key is empty, operator must be Exists; this combination means to match all values and all keys. 6450 type: string 6451 operator: 6452 description: |- 6453 Operator represents a key's relationship to the value. 6454 Valid operators are Exists and Equal. Defaults to Equal. 6455 Exists is equivalent to wildcard for value, so that a pod can 6456 tolerate all taints of a particular category. 6457 type: string 6458 tolerationSeconds: 6459 description: |- 6460 TolerationSeconds represents the period of time the toleration (which must be 6461 of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, 6462 it is not set, which means tolerate the taint forever (do not evict). Zero and 6463 negative values will be treated as 0 (evict immediately) by the system. 6464 type: integer 6465 format: int64 6466 value: 6467 description: |- 6468 Value is the taint value the toleration matches to. 6469 If the operator is Exists, the value should be empty, otherwise just a regular string. 6470 type: string 6471 x-kubernetes-list-type: atomic 6472 topologySpreadConstraints: 6473 description: |- 6474 TopologySpreadConstraints describes how a group of pods ought to spread across topology 6475 domains. Scheduler will schedule pods in a way which abides by the constraints. 6476 All topologySpreadConstraints are ANDed. 6477 type: array 6478 items: 6479 description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. 6480 type: object 6481 required: 6482 - maxSkew 6483 - topologyKey 6484 - whenUnsatisfiable 6485 properties: 6486 labelSelector: 6487 description: |- 6488 LabelSelector is used to find matching pods. 6489 Pods that match this label selector are counted to determine the number of pods 6490 in their corresponding topology domain. 6491 type: object 6492 properties: 6493 matchExpressions: 6494 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 6495 type: array 6496 items: 6497 description: |- 6498 A label selector requirement is a selector that contains values, a key, and an operator that 6499 relates the key and values. 6500 type: object 6501 required: 6502 - key 6503 - operator 6504 properties: 6505 key: 6506 description: key is the label key that the selector applies to. 6507 type: string 6508 operator: 6509 description: |- 6510 operator represents a key's relationship to a set of values. 6511 Valid operators are In, NotIn, Exists and DoesNotExist. 6512 type: string 6513 values: 6514 description: |- 6515 values is an array of string values. If the operator is In or NotIn, 6516 the values array must be non-empty. If the operator is Exists or DoesNotExist, 6517 the values array must be empty. This array is replaced during a strategic 6518 merge patch. 6519 type: array 6520 items: 6521 type: string 6522 x-kubernetes-list-type: atomic 6523 x-kubernetes-list-type: atomic 6524 matchLabels: 6525 description: |- 6526 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 6527 map is equivalent to an element of matchExpressions, whose key field is "key", the 6528 operator is "In", and the values array contains only "value". The requirements are ANDed. 6529 type: object 6530 additionalProperties: 6531 type: string 6532 x-kubernetes-map-type: atomic 6533 matchLabelKeys: 6534 description: |- 6535 MatchLabelKeys is a set of pod label keys to select the pods over which 6536 spreading will be calculated. The keys are used to lookup values from the 6537 incoming pod labels, those key-value labels are ANDed with labelSelector 6538 to select the group of existing pods over which spreading will be calculated 6539 for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 6540 MatchLabelKeys cannot be set when LabelSelector isn't set. 6541 Keys that don't exist in the incoming pod labels will 6542 be ignored. A null or empty list means only match against labelSelector. 6543 6544 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 6545 type: array 6546 items: 6547 type: string 6548 x-kubernetes-list-type: atomic 6549 maxSkew: 6550 description: |- 6551 MaxSkew describes the degree to which pods may be unevenly distributed. 6552 When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference 6553 between the number of matching pods in the target topology and the global minimum. 6554 The global minimum is the minimum number of matching pods in an eligible domain 6555 or zero if the number of eligible domains is less than MinDomains. 6556 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same 6557 labelSelector spread as 2/2/1: 6558 In this case, the global minimum is 1. 6559 | zone1 | zone2 | zone3 | 6560 | P P | P P | P | 6561 - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; 6562 scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) 6563 violate MaxSkew(1). 6564 - if MaxSkew is 2, incoming pod can be scheduled onto any zone. 6565 When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence 6566 to topologies that satisfy it. 6567 It's a required field. Default value is 1 and 0 is not allowed. 6568 type: integer 6569 format: int32 6570 minDomains: 6571 description: |- 6572 MinDomains indicates a minimum number of eligible domains. 6573 When the number of eligible domains with matching topology keys is less than minDomains, 6574 Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. 6575 And when the number of eligible domains with matching topology keys equals or greater than minDomains, 6576 this value has no effect on scheduling. 6577 As a result, when the number of eligible domains is less than minDomains, 6578 scheduler won't schedule more than maxSkew Pods to those domains. 6579 If value is nil, the constraint behaves as if MinDomains is equal to 1. 6580 Valid values are integers greater than 0. 6581 When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 6582 6583 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same 6584 labelSelector spread as 2/2/2: 6585 | zone1 | zone2 | zone3 | 6586 | P P | P P | P P | 6587 The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. 6588 In this situation, new pod with the same labelSelector cannot be scheduled, 6589 because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, 6590 it will violate MaxSkew. 6591 type: integer 6592 format: int32 6593 nodeAffinityPolicy: 6594 description: |- 6595 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector 6596 when calculating pod topology spread skew. Options are: 6597 - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. 6598 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 6599 6600 If this value is nil, the behavior is equivalent to the Honor policy. 6601 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 6602 type: string 6603 nodeTaintsPolicy: 6604 description: |- 6605 NodeTaintsPolicy indicates how we will treat node taints when calculating 6606 pod topology spread skew. Options are: 6607 - Honor: nodes without taints, along with tainted nodes for which the incoming pod 6608 has a toleration, are included. 6609 - Ignore: node taints are ignored. All nodes are included. 6610 6611 If this value is nil, the behavior is equivalent to the Ignore policy. 6612 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 6613 type: string 6614 topologyKey: 6615 description: |- 6616 TopologyKey is the key of node labels. Nodes that have a label with this key 6617 and identical values are considered to be in the same topology. 6618 We consider each <key, value> as a "bucket", and try to put balanced number 6619 of pods into each bucket. 6620 We define a domain as a particular instance of a topology. 6621 Also, we define an eligible domain as a domain whose nodes meet the requirements of 6622 nodeAffinityPolicy and nodeTaintsPolicy. 6623 e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. 6624 And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. 6625 It's a required field. 6626 type: string 6627 whenUnsatisfiable: 6628 description: |- 6629 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy 6630 the spread constraint. 6631 - DoNotSchedule (default) tells the scheduler not to schedule it. 6632 - ScheduleAnyway tells the scheduler to schedule the pod in any location, 6633 but giving higher precedence to topologies that would help reduce the 6634 skew. 6635 A constraint is considered "Unsatisfiable" for an incoming pod 6636 if and only if every possible node assignment for that pod would violate 6637 "MaxSkew" on some topology. 6638 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same 6639 labelSelector spread as 3/1/1: 6640 | zone1 | zone2 | zone3 | 6641 | P P P | P | P | 6642 If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled 6643 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies 6644 MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler 6645 won't make it *more* imbalanced. 6646 It's a required field. 6647 type: string 6648 x-kubernetes-list-map-keys: 6649 - topologyKey 6650 - whenUnsatisfiable 6651 x-kubernetes-list-type: map 6652 volumes: 6653 description: |- 6654 List of volumes that can be mounted by containers belonging to the pod. 6655 More info: https://kubernetes.io/docs/concepts/storage/volumes 6656 type: array 6657 items: 6658 description: Volume represents a named volume in a pod that may be accessed by any container in the pod. 6659 type: object 6660 required: 6661 - name 6662 properties: 6663 awsElasticBlockStore: 6664 description: |- 6665 awsElasticBlockStore represents an AWS Disk resource that is attached to a 6666 kubelet's host machine and then exposed to the pod. 6667 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6668 type: object 6669 required: 6670 - volumeID 6671 properties: 6672 fsType: 6673 description: |- 6674 fsType is the filesystem type of the volume that you want to mount. 6675 Tip: Ensure that the filesystem type is supported by the host operating system. 6676 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6677 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6678 type: string 6679 partition: 6680 description: |- 6681 partition is the partition in the volume that you want to mount. 6682 If omitted, the default is to mount by volume name. 6683 Examples: For volume /dev/sda1, you specify the partition as "1". 6684 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). 6685 type: integer 6686 format: int32 6687 readOnly: 6688 description: |- 6689 readOnly value true will force the readOnly setting in VolumeMounts. 6690 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6691 type: boolean 6692 volumeID: 6693 description: |- 6694 volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). 6695 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6696 type: string 6697 azureDisk: 6698 description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 6699 type: object 6700 required: 6701 - diskName 6702 - diskURI 6703 properties: 6704 cachingMode: 6705 description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.' 6706 type: string 6707 diskName: 6708 description: diskName is the Name of the data disk in the blob storage 6709 type: string 6710 diskURI: 6711 description: diskURI is the URI of data disk in the blob storage 6712 type: string 6713 fsType: 6714 description: |- 6715 fsType is Filesystem type to mount. 6716 Must be a filesystem type supported by the host operating system. 6717 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6718 type: string 6719 default: ext4 6720 kind: 6721 description: 'kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' 6722 type: string 6723 readOnly: 6724 description: |- 6725 readOnly Defaults to false (read/write). ReadOnly here will force 6726 the ReadOnly setting in VolumeMounts. 6727 type: boolean 6728 default: false 6729 azureFile: 6730 description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. 6731 type: object 6732 required: 6733 - secretName 6734 - shareName 6735 properties: 6736 readOnly: 6737 description: |- 6738 readOnly defaults to false (read/write). ReadOnly here will force 6739 the ReadOnly setting in VolumeMounts. 6740 type: boolean 6741 secretName: 6742 description: secretName is the name of secret that contains Azure Storage Account Name and Key 6743 type: string 6744 shareName: 6745 description: shareName is the azure share Name 6746 type: string 6747 cephfs: 6748 description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime 6749 type: object 6750 required: 6751 - monitors 6752 properties: 6753 monitors: 6754 description: |- 6755 monitors is Required: Monitors is a collection of Ceph monitors 6756 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6757 type: array 6758 items: 6759 type: string 6760 x-kubernetes-list-type: atomic 6761 path: 6762 description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' 6763 type: string 6764 readOnly: 6765 description: |- 6766 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force 6767 the ReadOnly setting in VolumeMounts. 6768 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6769 type: boolean 6770 secretFile: 6771 description: |- 6772 secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret 6773 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6774 type: string 6775 secretRef: 6776 description: |- 6777 secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. 6778 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6779 type: object 6780 properties: 6781 name: 6782 description: |- 6783 Name of the referent. 6784 This field is effectively required, but due to backwards compatibility is 6785 allowed to be empty. Instances of this type with an empty value here are 6786 almost certainly wrong. 6787 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6788 type: string 6789 default: "" 6790 x-kubernetes-map-type: atomic 6791 user: 6792 description: |- 6793 user is optional: User is the rados user name, default is admin 6794 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6795 type: string 6796 cinder: 6797 description: |- 6798 cinder represents a cinder volume attached and mounted on kubelets host machine. 6799 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6800 type: object 6801 required: 6802 - volumeID 6803 properties: 6804 fsType: 6805 description: |- 6806 fsType is the filesystem type to mount. 6807 Must be a filesystem type supported by the host operating system. 6808 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6809 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6810 type: string 6811 readOnly: 6812 description: |- 6813 readOnly defaults to false (read/write). ReadOnly here will force 6814 the ReadOnly setting in VolumeMounts. 6815 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6816 type: boolean 6817 secretRef: 6818 description: |- 6819 secretRef is optional: points to a secret object containing parameters used to connect 6820 to OpenStack. 6821 type: object 6822 properties: 6823 name: 6824 description: |- 6825 Name of the referent. 6826 This field is effectively required, but due to backwards compatibility is 6827 allowed to be empty. Instances of this type with an empty value here are 6828 almost certainly wrong. 6829 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6830 type: string 6831 default: "" 6832 x-kubernetes-map-type: atomic 6833 volumeID: 6834 description: |- 6835 volumeID used to identify the volume in cinder. 6836 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6837 type: string 6838 configMap: 6839 description: configMap represents a configMap that should populate this volume 6840 type: object 6841 properties: 6842 defaultMode: 6843 description: |- 6844 defaultMode is optional: mode bits used to set permissions on created files by default. 6845 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 6846 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6847 Defaults to 0644. 6848 Directories within the path are not affected by this setting. 6849 This might be in conflict with other options that affect the file 6850 mode, like fsGroup, and the result can be other mode bits set. 6851 type: integer 6852 format: int32 6853 items: 6854 description: |- 6855 items if unspecified, each key-value pair in the Data field of the referenced 6856 ConfigMap will be projected into the volume as a file whose name is the 6857 key and content is the value. If specified, the listed keys will be 6858 projected into the specified paths, and unlisted keys will not be 6859 present. If a key is specified which is not present in the ConfigMap, 6860 the volume setup will error unless it is marked optional. Paths must be 6861 relative and may not contain the '..' path or start with '..'. 6862 type: array 6863 items: 6864 description: Maps a string key to a path within a volume. 6865 type: object 6866 required: 6867 - key 6868 - path 6869 properties: 6870 key: 6871 description: key is the key to project. 6872 type: string 6873 mode: 6874 description: |- 6875 mode is Optional: mode bits used to set permissions on this file. 6876 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 6877 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6878 If not specified, the volume defaultMode will be used. 6879 This might be in conflict with other options that affect the file 6880 mode, like fsGroup, and the result can be other mode bits set. 6881 type: integer 6882 format: int32 6883 path: 6884 description: |- 6885 path is the relative path of the file to map the key to. 6886 May not be an absolute path. 6887 May not contain the path element '..'. 6888 May not start with the string '..'. 6889 type: string 6890 x-kubernetes-list-type: atomic 6891 name: 6892 description: |- 6893 Name of the referent. 6894 This field is effectively required, but due to backwards compatibility is 6895 allowed to be empty. Instances of this type with an empty value here are 6896 almost certainly wrong. 6897 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6898 type: string 6899 default: "" 6900 optional: 6901 description: optional specify whether the ConfigMap or its keys must be defined 6902 type: boolean 6903 x-kubernetes-map-type: atomic 6904 csi: 6905 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). 6906 type: object 6907 required: 6908 - driver 6909 properties: 6910 driver: 6911 description: |- 6912 driver is the name of the CSI driver that handles this volume. 6913 Consult with your admin for the correct name as registered in the cluster. 6914 type: string 6915 fsType: 6916 description: |- 6917 fsType to mount. Ex. "ext4", "xfs", "ntfs". 6918 If not provided, the empty value is passed to the associated CSI driver 6919 which will determine the default filesystem to apply. 6920 type: string 6921 nodePublishSecretRef: 6922 description: |- 6923 nodePublishSecretRef is a reference to the secret object containing 6924 sensitive information to pass to the CSI driver to complete the CSI 6925 NodePublishVolume and NodeUnpublishVolume calls. 6926 This field is optional, and may be empty if no secret is required. If the 6927 secret object contains more than one secret, all secret references are passed. 6928 type: object 6929 properties: 6930 name: 6931 description: |- 6932 Name of the referent. 6933 This field is effectively required, but due to backwards compatibility is 6934 allowed to be empty. Instances of this type with an empty value here are 6935 almost certainly wrong. 6936 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6937 type: string 6938 default: "" 6939 x-kubernetes-map-type: atomic 6940 readOnly: 6941 description: |- 6942 readOnly specifies a read-only configuration for the volume. 6943 Defaults to false (read/write). 6944 type: boolean 6945 volumeAttributes: 6946 description: |- 6947 volumeAttributes stores driver-specific properties that are passed to the CSI 6948 driver. Consult your driver's documentation for supported values. 6949 type: object 6950 additionalProperties: 6951 type: string 6952 downwardAPI: 6953 description: downwardAPI represents downward API about the pod that should populate this volume 6954 type: object 6955 properties: 6956 defaultMode: 6957 description: |- 6958 Optional: mode bits to use on created files by default. Must be a 6959 Optional: mode bits used to set permissions on created files by default. 6960 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 6961 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6962 Defaults to 0644. 6963 Directories within the path are not affected by this setting. 6964 This might be in conflict with other options that affect the file 6965 mode, like fsGroup, and the result can be other mode bits set. 6966 type: integer 6967 format: int32 6968 items: 6969 description: Items is a list of downward API volume file 6970 type: array 6971 items: 6972 description: DownwardAPIVolumeFile represents information to create the file containing the pod field 6973 type: object 6974 required: 6975 - path 6976 properties: 6977 fieldRef: 6978 description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' 6979 type: object 6980 required: 6981 - fieldPath 6982 properties: 6983 apiVersion: 6984 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 6985 type: string 6986 fieldPath: 6987 description: Path of the field to select in the specified API version. 6988 type: string 6989 x-kubernetes-map-type: atomic 6990 mode: 6991 description: |- 6992 Optional: mode bits used to set permissions on this file, must be an octal value 6993 between 0000 and 0777 or a decimal value between 0 and 511. 6994 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6995 If not specified, the volume defaultMode will be used. 6996 This might be in conflict with other options that affect the file 6997 mode, like fsGroup, and the result can be other mode bits set. 6998 type: integer 6999 format: int32 7000 path: 7001 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' 7002 type: string 7003 resourceFieldRef: 7004 description: |- 7005 Selects a resource of the container: only resources limits and requests 7006 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. 7007 type: object 7008 required: 7009 - resource 7010 properties: 7011 containerName: 7012 description: 'Container name: required for volumes, optional for env vars' 7013 type: string 7014 divisor: 7015 description: Specifies the output format of the exposed resources, defaults to "1" 7016 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7017 anyOf: 7018 - type: integer 7019 - type: string 7020 x-kubernetes-int-or-string: true 7021 resource: 7022 description: 'Required: resource to select' 7023 type: string 7024 x-kubernetes-map-type: atomic 7025 x-kubernetes-list-type: atomic 7026 emptyDir: 7027 description: |- 7028 emptyDir represents a temporary directory that shares a pod's lifetime. 7029 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 7030 type: object 7031 properties: 7032 medium: 7033 description: |- 7034 medium represents what type of storage medium should back this directory. 7035 The default is "" which means to use the node's default medium. 7036 Must be an empty string (default) or Memory. 7037 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 7038 type: string 7039 sizeLimit: 7040 description: |- 7041 sizeLimit is the total amount of local storage required for this EmptyDir volume. 7042 The size limit is also applicable for memory medium. 7043 The maximum usage on memory medium EmptyDir would be the minimum value between 7044 the SizeLimit specified here and the sum of memory limits of all containers in a pod. 7045 The default is nil which means that the limit is undefined. 7046 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 7047 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7048 anyOf: 7049 - type: integer 7050 - type: string 7051 x-kubernetes-int-or-string: true 7052 ephemeral: 7053 description: |- 7054 ephemeral represents a volume that is handled by a cluster storage driver. 7055 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, 7056 and deleted when the pod is removed. 7057 7058 Use this if: 7059 a) the volume is only needed while the pod runs, 7060 b) features of normal volumes like restoring from snapshot or capacity 7061 tracking are needed, 7062 c) the storage driver is specified through a storage class, and 7063 d) the storage driver supports dynamic volume provisioning through 7064 a PersistentVolumeClaim (see EphemeralVolumeSource for more 7065 information on the connection between this volume type 7066 and PersistentVolumeClaim). 7067 7068 Use PersistentVolumeClaim or one of the vendor-specific 7069 APIs for volumes that persist for longer than the lifecycle 7070 of an individual pod. 7071 7072 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to 7073 be used that way - see the documentation of the driver for 7074 more information. 7075 7076 A pod can use both types of ephemeral volumes and 7077 persistent volumes at the same time. 7078 type: object 7079 properties: 7080 volumeClaimTemplate: 7081 description: |- 7082 Will be used to create a stand-alone PVC to provision the volume. 7083 The pod in which this EphemeralVolumeSource is embedded will be the 7084 owner of the PVC, i.e. the PVC will be deleted together with the 7085 pod. The name of the PVC will be `<pod name>-<volume name>` where 7086 `<volume name>` is the name from the `PodSpec.Volumes` array 7087 entry. Pod validation will reject the pod if the concatenated name 7088 is not valid for a PVC (for example, too long). 7089 7090 An existing PVC with that name that is not owned by the pod 7091 will *not* be used for the pod to avoid using an unrelated 7092 volume by mistake. Starting the pod is then blocked until 7093 the unrelated PVC is removed. If such a pre-created PVC is 7094 meant to be used by the pod, the PVC has to updated with an 7095 owner reference to the pod once the pod exists. Normally 7096 this should not be necessary, but it may be useful when 7097 manually reconstructing a broken cluster. 7098 7099 This field is read-only and no changes will be made by Kubernetes 7100 to the PVC after it has been created. 7101 7102 Required, must not be nil. 7103 type: object 7104 required: 7105 - spec 7106 properties: 7107 metadata: 7108 description: |- 7109 May contain labels and annotations that will be copied into the PVC 7110 when creating it. No other fields are allowed and will be rejected during 7111 validation. 7112 type: object 7113 spec: 7114 description: |- 7115 The specification for the PersistentVolumeClaim. The entire content is 7116 copied unchanged into the PVC that gets created from this 7117 template. The same fields as in a PersistentVolumeClaim 7118 are also valid here. 7119 type: object 7120 properties: 7121 accessModes: 7122 description: |- 7123 accessModes contains the desired access modes the volume should have. 7124 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 7125 type: array 7126 items: 7127 type: string 7128 x-kubernetes-list-type: atomic 7129 dataSource: 7130 description: |- 7131 dataSource field can be used to specify either: 7132 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 7133 * An existing PVC (PersistentVolumeClaim) 7134 If the provisioner or an external controller can support the specified data source, 7135 it will create a new volume based on the contents of the specified data source. 7136 When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, 7137 and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. 7138 If the namespace is specified, then dataSourceRef will not be copied to dataSource. 7139 type: object 7140 required: 7141 - kind 7142 - name 7143 properties: 7144 apiGroup: 7145 description: |- 7146 APIGroup is the group for the resource being referenced. 7147 If APIGroup is not specified, the specified Kind must be in the core API group. 7148 For any other third-party types, APIGroup is required. 7149 type: string 7150 kind: 7151 description: Kind is the type of resource being referenced 7152 type: string 7153 name: 7154 description: Name is the name of resource being referenced 7155 type: string 7156 x-kubernetes-map-type: atomic 7157 dataSourceRef: 7158 description: |- 7159 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty 7160 volume is desired. This may be any object from a non-empty API group (non 7161 core object) or a PersistentVolumeClaim object. 7162 When this field is specified, volume binding will only succeed if the type of 7163 the specified object matches some installed volume populator or dynamic 7164 provisioner. 7165 This field will replace the functionality of the dataSource field and as such 7166 if both fields are non-empty, they must have the same value. For backwards 7167 compatibility, when namespace isn't specified in dataSourceRef, 7168 both fields (dataSource and dataSourceRef) will be set to the same 7169 value automatically if one of them is empty and the other is non-empty. 7170 When namespace is specified in dataSourceRef, 7171 dataSource isn't set to the same value and must be empty. 7172 There are three important differences between dataSource and dataSourceRef: 7173 * While dataSource only allows two specific types of objects, dataSourceRef 7174 allows any non-core object, as well as PersistentVolumeClaim objects. 7175 * While dataSource ignores disallowed values (dropping them), dataSourceRef 7176 preserves all values, and generates an error if a disallowed value is 7177 specified. 7178 * While dataSource only allows local objects, dataSourceRef allows objects 7179 in any namespaces. 7180 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. 7181 (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 7182 type: object 7183 required: 7184 - kind 7185 - name 7186 properties: 7187 apiGroup: 7188 description: |- 7189 APIGroup is the group for the resource being referenced. 7190 If APIGroup is not specified, the specified Kind must be in the core API group. 7191 For any other third-party types, APIGroup is required. 7192 type: string 7193 kind: 7194 description: Kind is the type of resource being referenced 7195 type: string 7196 name: 7197 description: Name is the name of resource being referenced 7198 type: string 7199 namespace: 7200 description: |- 7201 Namespace is the namespace of resource being referenced 7202 Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. 7203 (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 7204 type: string 7205 resources: 7206 description: |- 7207 resources represents the minimum resources the volume should have. 7208 If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements 7209 that are lower than previous value but must still be higher than capacity recorded in the 7210 status field of the claim. 7211 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources 7212 type: object 7213 properties: 7214 limits: 7215 description: |- 7216 Limits describes the maximum amount of compute resources allowed. 7217 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 7218 type: object 7219 additionalProperties: 7220 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7221 anyOf: 7222 - type: integer 7223 - type: string 7224 x-kubernetes-int-or-string: true 7225 requests: 7226 description: |- 7227 Requests describes the minimum amount of compute resources required. 7228 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 7229 otherwise to an implementation-defined value. Requests cannot exceed Limits. 7230 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 7231 type: object 7232 additionalProperties: 7233 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7234 anyOf: 7235 - type: integer 7236 - type: string 7237 x-kubernetes-int-or-string: true 7238 selector: 7239 description: selector is a label query over volumes to consider for binding. 7240 type: object 7241 properties: 7242 matchExpressions: 7243 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7244 type: array 7245 items: 7246 description: |- 7247 A label selector requirement is a selector that contains values, a key, and an operator that 7248 relates the key and values. 7249 type: object 7250 required: 7251 - key 7252 - operator 7253 properties: 7254 key: 7255 description: key is the label key that the selector applies to. 7256 type: string 7257 operator: 7258 description: |- 7259 operator represents a key's relationship to a set of values. 7260 Valid operators are In, NotIn, Exists and DoesNotExist. 7261 type: string 7262 values: 7263 description: |- 7264 values is an array of string values. If the operator is In or NotIn, 7265 the values array must be non-empty. If the operator is Exists or DoesNotExist, 7266 the values array must be empty. This array is replaced during a strategic 7267 merge patch. 7268 type: array 7269 items: 7270 type: string 7271 x-kubernetes-list-type: atomic 7272 x-kubernetes-list-type: atomic 7273 matchLabels: 7274 description: |- 7275 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 7276 map is equivalent to an element of matchExpressions, whose key field is "key", the 7277 operator is "In", and the values array contains only "value". The requirements are ANDed. 7278 type: object 7279 additionalProperties: 7280 type: string 7281 x-kubernetes-map-type: atomic 7282 storageClassName: 7283 description: |- 7284 storageClassName is the name of the StorageClass required by the claim. 7285 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 7286 type: string 7287 volumeAttributesClassName: 7288 description: |- 7289 volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. 7290 If specified, the CSI driver will create or update the volume with the attributes defined 7291 in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, 7292 it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass 7293 will be applied to the claim but it's not allowed to reset this field to empty string once it is set. 7294 If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass 7295 will be set by the persistentvolume controller if it exists. 7296 If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be 7297 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource 7298 exists. 7299 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ 7300 (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). 7301 type: string 7302 volumeMode: 7303 description: |- 7304 volumeMode defines what type of volume is required by the claim. 7305 Value of Filesystem is implied when not included in claim spec. 7306 type: string 7307 volumeName: 7308 description: volumeName is the binding reference to the PersistentVolume backing this claim. 7309 type: string 7310 fc: 7311 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 7312 type: object 7313 properties: 7314 fsType: 7315 description: |- 7316 fsType is the filesystem type to mount. 7317 Must be a filesystem type supported by the host operating system. 7318 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7319 type: string 7320 lun: 7321 description: 'lun is Optional: FC target lun number' 7322 type: integer 7323 format: int32 7324 readOnly: 7325 description: |- 7326 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force 7327 the ReadOnly setting in VolumeMounts. 7328 type: boolean 7329 targetWWNs: 7330 description: 'targetWWNs is Optional: FC target worldwide names (WWNs)' 7331 type: array 7332 items: 7333 type: string 7334 x-kubernetes-list-type: atomic 7335 wwids: 7336 description: |- 7337 wwids Optional: FC volume world wide identifiers (wwids) 7338 Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. 7339 type: array 7340 items: 7341 type: string 7342 x-kubernetes-list-type: atomic 7343 flexVolume: 7344 description: |- 7345 flexVolume represents a generic volume resource that is 7346 provisioned/attached using an exec based plugin. 7347 type: object 7348 required: 7349 - driver 7350 properties: 7351 driver: 7352 description: driver is the name of the driver to use for this volume. 7353 type: string 7354 fsType: 7355 description: |- 7356 fsType is the filesystem type to mount. 7357 Must be a filesystem type supported by the host operating system. 7358 Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 7359 type: string 7360 options: 7361 description: 'options is Optional: this field holds extra command options if any.' 7362 type: object 7363 additionalProperties: 7364 type: string 7365 readOnly: 7366 description: |- 7367 readOnly is Optional: defaults to false (read/write). ReadOnly here will force 7368 the ReadOnly setting in VolumeMounts. 7369 type: boolean 7370 secretRef: 7371 description: |- 7372 secretRef is Optional: secretRef is reference to the secret object containing 7373 sensitive information to pass to the plugin scripts. This may be 7374 empty if no secret object is specified. If the secret object 7375 contains more than one secret, all secrets are passed to the plugin 7376 scripts. 7377 type: object 7378 properties: 7379 name: 7380 description: |- 7381 Name of the referent. 7382 This field is effectively required, but due to backwards compatibility is 7383 allowed to be empty. Instances of this type with an empty value here are 7384 almost certainly wrong. 7385 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7386 type: string 7387 default: "" 7388 x-kubernetes-map-type: atomic 7389 flocker: 7390 description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running 7391 type: object 7392 properties: 7393 datasetName: 7394 description: |- 7395 datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker 7396 should be considered as deprecated 7397 type: string 7398 datasetUUID: 7399 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset 7400 type: string 7401 gcePersistentDisk: 7402 description: |- 7403 gcePersistentDisk represents a GCE Disk resource that is attached to a 7404 kubelet's host machine and then exposed to the pod. 7405 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 7406 type: object 7407 required: 7408 - pdName 7409 properties: 7410 fsType: 7411 description: |- 7412 fsType is filesystem type of the volume that you want to mount. 7413 Tip: Ensure that the filesystem type is supported by the host operating system. 7414 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7415 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 7416 type: string 7417 partition: 7418 description: |- 7419 partition is the partition in the volume that you want to mount. 7420 If omitted, the default is to mount by volume name. 7421 Examples: For volume /dev/sda1, you specify the partition as "1". 7422 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). 7423 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 7424 type: integer 7425 format: int32 7426 pdName: 7427 description: |- 7428 pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. 7429 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 7430 type: string 7431 readOnly: 7432 description: |- 7433 readOnly here will force the ReadOnly setting in VolumeMounts. 7434 Defaults to false. 7435 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 7436 type: boolean 7437 gitRepo: 7438 description: |- 7439 gitRepo represents a git repository at a particular revision. 7440 DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an 7441 EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir 7442 into the Pod's container. 7443 type: object 7444 required: 7445 - repository 7446 properties: 7447 directory: 7448 description: |- 7449 directory is the target directory name. 7450 Must not contain or start with '..'. If '.' is supplied, the volume directory will be the 7451 git repository. Otherwise, if specified, the volume will contain the git repository in 7452 the subdirectory with the given name. 7453 type: string 7454 repository: 7455 description: repository is the URL 7456 type: string 7457 revision: 7458 description: revision is the commit hash for the specified revision. 7459 type: string 7460 glusterfs: 7461 description: |- 7462 glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. 7463 More info: https://examples.k8s.io/volumes/glusterfs/README.md 7464 type: object 7465 required: 7466 - endpoints 7467 - path 7468 properties: 7469 endpoints: 7470 description: |- 7471 endpoints is the endpoint name that details Glusterfs topology. 7472 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 7473 type: string 7474 path: 7475 description: |- 7476 path is the Glusterfs volume path. 7477 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 7478 type: string 7479 readOnly: 7480 description: |- 7481 readOnly here will force the Glusterfs volume to be mounted with read-only permissions. 7482 Defaults to false. 7483 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 7484 type: boolean 7485 hostPath: 7486 description: |- 7487 hostPath represents a pre-existing file or directory on the host 7488 machine that is directly exposed to the container. This is generally 7489 used for system agents or other privileged things that are allowed 7490 to see the host machine. Most containers will NOT need this. 7491 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 7492 type: object 7493 required: 7494 - path 7495 properties: 7496 path: 7497 description: |- 7498 path of the directory on the host. 7499 If the path is a symlink, it will follow the link to the real path. 7500 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 7501 type: string 7502 type: 7503 description: |- 7504 type for HostPath Volume 7505 Defaults to "" 7506 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 7507 type: string 7508 image: 7509 description: |- 7510 image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. 7511 The volume is resolved at pod startup depending on which PullPolicy value is provided: 7512 7513 - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. 7514 - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. 7515 - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. 7516 7517 The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. 7518 A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. 7519 The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. 7520 The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. 7521 The volume will be mounted read-only (ro) and non-executable files (noexec). 7522 Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). 7523 The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. 7524 type: object 7525 properties: 7526 pullPolicy: 7527 description: |- 7528 Policy for pulling OCI objects. Possible values are: 7529 Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. 7530 Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. 7531 IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. 7532 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 7533 type: string 7534 reference: 7535 description: |- 7536 Required: Image or artifact reference to be used. 7537 Behaves in the same way as pod.spec.containers[*].image. 7538 Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. 7539 More info: https://kubernetes.io/docs/concepts/containers/images 7540 This field is optional to allow higher level config management to default or override 7541 container images in workload controllers like Deployments and StatefulSets. 7542 type: string 7543 iscsi: 7544 description: |- 7545 iscsi represents an ISCSI Disk resource that is attached to a 7546 kubelet's host machine and then exposed to the pod. 7547 More info: https://examples.k8s.io/volumes/iscsi/README.md 7548 type: object 7549 required: 7550 - iqn 7551 - lun 7552 - targetPortal 7553 properties: 7554 chapAuthDiscovery: 7555 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication 7556 type: boolean 7557 chapAuthSession: 7558 description: chapAuthSession defines whether support iSCSI Session CHAP authentication 7559 type: boolean 7560 fsType: 7561 description: |- 7562 fsType is the filesystem type of the volume that you want to mount. 7563 Tip: Ensure that the filesystem type is supported by the host operating system. 7564 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7565 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 7566 type: string 7567 initiatorName: 7568 description: |- 7569 initiatorName is the custom iSCSI Initiator Name. 7570 If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface 7571 <target portal>:<volume name> will be created for the connection. 7572 type: string 7573 iqn: 7574 description: iqn is the target iSCSI Qualified Name. 7575 type: string 7576 iscsiInterface: 7577 description: |- 7578 iscsiInterface is the interface Name that uses an iSCSI transport. 7579 Defaults to 'default' (tcp). 7580 type: string 7581 default: default 7582 lun: 7583 description: lun represents iSCSI Target Lun number. 7584 type: integer 7585 format: int32 7586 portals: 7587 description: |- 7588 portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port 7589 is other than default (typically TCP ports 860 and 3260). 7590 type: array 7591 items: 7592 type: string 7593 x-kubernetes-list-type: atomic 7594 readOnly: 7595 description: |- 7596 readOnly here will force the ReadOnly setting in VolumeMounts. 7597 Defaults to false. 7598 type: boolean 7599 secretRef: 7600 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication 7601 type: object 7602 properties: 7603 name: 7604 description: |- 7605 Name of the referent. 7606 This field is effectively required, but due to backwards compatibility is 7607 allowed to be empty. Instances of this type with an empty value here are 7608 almost certainly wrong. 7609 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7610 type: string 7611 default: "" 7612 x-kubernetes-map-type: atomic 7613 targetPortal: 7614 description: |- 7615 targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port 7616 is other than default (typically TCP ports 860 and 3260). 7617 type: string 7618 name: 7619 description: |- 7620 name of the volume. 7621 Must be a DNS_LABEL and unique within the pod. 7622 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7623 type: string 7624 nfs: 7625 description: |- 7626 nfs represents an NFS mount on the host that shares a pod's lifetime 7627 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7628 type: object 7629 required: 7630 - path 7631 - server 7632 properties: 7633 path: 7634 description: |- 7635 path that is exported by the NFS server. 7636 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7637 type: string 7638 readOnly: 7639 description: |- 7640 readOnly here will force the NFS export to be mounted with read-only permissions. 7641 Defaults to false. 7642 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7643 type: boolean 7644 server: 7645 description: |- 7646 server is the hostname or IP address of the NFS server. 7647 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7648 type: string 7649 persistentVolumeClaim: 7650 description: |- 7651 persistentVolumeClaimVolumeSource represents a reference to a 7652 PersistentVolumeClaim in the same namespace. 7653 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 7654 type: object 7655 required: 7656 - claimName 7657 properties: 7658 claimName: 7659 description: |- 7660 claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. 7661 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 7662 type: string 7663 readOnly: 7664 description: |- 7665 readOnly Will force the ReadOnly setting in VolumeMounts. 7666 Default false. 7667 type: boolean 7668 photonPersistentDisk: 7669 description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine 7670 type: object 7671 required: 7672 - pdID 7673 properties: 7674 fsType: 7675 description: |- 7676 fsType is the filesystem type to mount. 7677 Must be a filesystem type supported by the host operating system. 7678 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7679 type: string 7680 pdID: 7681 description: pdID is the ID that identifies Photon Controller persistent disk 7682 type: string 7683 portworxVolume: 7684 description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine 7685 type: object 7686 required: 7687 - volumeID 7688 properties: 7689 fsType: 7690 description: |- 7691 fSType represents the filesystem type to mount 7692 Must be a filesystem type supported by the host operating system. 7693 Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 7694 type: string 7695 readOnly: 7696 description: |- 7697 readOnly defaults to false (read/write). ReadOnly here will force 7698 the ReadOnly setting in VolumeMounts. 7699 type: boolean 7700 volumeID: 7701 description: volumeID uniquely identifies a Portworx volume 7702 type: string 7703 projected: 7704 description: projected items for all in one resources secrets, configmaps, and downward API 7705 type: object 7706 properties: 7707 defaultMode: 7708 description: |- 7709 defaultMode are the mode bits used to set permissions on created files by default. 7710 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7711 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7712 Directories within the path are not affected by this setting. 7713 This might be in conflict with other options that affect the file 7714 mode, like fsGroup, and the result can be other mode bits set. 7715 type: integer 7716 format: int32 7717 sources: 7718 description: |- 7719 sources is the list of volume projections. Each entry in this list 7720 handles one source. 7721 type: array 7722 items: 7723 description: |- 7724 Projection that may be projected along with other supported volume types. 7725 Exactly one of these fields must be set. 7726 type: object 7727 properties: 7728 clusterTrustBundle: 7729 description: |- 7730 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field 7731 of ClusterTrustBundle objects in an auto-updating file. 7732 7733 Alpha, gated by the ClusterTrustBundleProjection feature gate. 7734 7735 ClusterTrustBundle objects can either be selected by name, or by the 7736 combination of signer name and a label selector. 7737 7738 Kubelet performs aggressive normalization of the PEM contents written 7739 into the pod filesystem. Esoteric PEM features such as inter-block 7740 comments and block headers are stripped. Certificates are deduplicated. 7741 The ordering of certificates within the file is arbitrary, and Kubelet 7742 may change the order over time. 7743 type: object 7744 required: 7745 - path 7746 properties: 7747 labelSelector: 7748 description: |- 7749 Select all ClusterTrustBundles that match this label selector. Only has 7750 effect if signerName is set. Mutually-exclusive with name. If unset, 7751 interpreted as "match nothing". If set but empty, interpreted as "match 7752 everything". 7753 type: object 7754 properties: 7755 matchExpressions: 7756 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 7757 type: array 7758 items: 7759 description: |- 7760 A label selector requirement is a selector that contains values, a key, and an operator that 7761 relates the key and values. 7762 type: object 7763 required: 7764 - key 7765 - operator 7766 properties: 7767 key: 7768 description: key is the label key that the selector applies to. 7769 type: string 7770 operator: 7771 description: |- 7772 operator represents a key's relationship to a set of values. 7773 Valid operators are In, NotIn, Exists and DoesNotExist. 7774 type: string 7775 values: 7776 description: |- 7777 values is an array of string values. If the operator is In or NotIn, 7778 the values array must be non-empty. If the operator is Exists or DoesNotExist, 7779 the values array must be empty. This array is replaced during a strategic 7780 merge patch. 7781 type: array 7782 items: 7783 type: string 7784 x-kubernetes-list-type: atomic 7785 x-kubernetes-list-type: atomic 7786 matchLabels: 7787 description: |- 7788 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 7789 map is equivalent to an element of matchExpressions, whose key field is "key", the 7790 operator is "In", and the values array contains only "value". The requirements are ANDed. 7791 type: object 7792 additionalProperties: 7793 type: string 7794 x-kubernetes-map-type: atomic 7795 name: 7796 description: |- 7797 Select a single ClusterTrustBundle by object name. Mutually-exclusive 7798 with signerName and labelSelector. 7799 type: string 7800 optional: 7801 description: |- 7802 If true, don't block pod startup if the referenced ClusterTrustBundle(s) 7803 aren't available. If using name, then the named ClusterTrustBundle is 7804 allowed not to exist. If using signerName, then the combination of 7805 signerName and labelSelector is allowed to match zero 7806 ClusterTrustBundles. 7807 type: boolean 7808 path: 7809 description: Relative path from the volume root to write the bundle. 7810 type: string 7811 signerName: 7812 description: |- 7813 Select all ClusterTrustBundles that match this signer name. 7814 Mutually-exclusive with name. The contents of all selected 7815 ClusterTrustBundles will be unified and deduplicated. 7816 type: string 7817 configMap: 7818 description: configMap information about the configMap data to project 7819 type: object 7820 properties: 7821 items: 7822 description: |- 7823 items if unspecified, each key-value pair in the Data field of the referenced 7824 ConfigMap will be projected into the volume as a file whose name is the 7825 key and content is the value. If specified, the listed keys will be 7826 projected into the specified paths, and unlisted keys will not be 7827 present. If a key is specified which is not present in the ConfigMap, 7828 the volume setup will error unless it is marked optional. Paths must be 7829 relative and may not contain the '..' path or start with '..'. 7830 type: array 7831 items: 7832 description: Maps a string key to a path within a volume. 7833 type: object 7834 required: 7835 - key 7836 - path 7837 properties: 7838 key: 7839 description: key is the key to project. 7840 type: string 7841 mode: 7842 description: |- 7843 mode is Optional: mode bits used to set permissions on this file. 7844 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7845 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7846 If not specified, the volume defaultMode will be used. 7847 This might be in conflict with other options that affect the file 7848 mode, like fsGroup, and the result can be other mode bits set. 7849 type: integer 7850 format: int32 7851 path: 7852 description: |- 7853 path is the relative path of the file to map the key to. 7854 May not be an absolute path. 7855 May not contain the path element '..'. 7856 May not start with the string '..'. 7857 type: string 7858 x-kubernetes-list-type: atomic 7859 name: 7860 description: |- 7861 Name of the referent. 7862 This field is effectively required, but due to backwards compatibility is 7863 allowed to be empty. Instances of this type with an empty value here are 7864 almost certainly wrong. 7865 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7866 type: string 7867 default: "" 7868 optional: 7869 description: optional specify whether the ConfigMap or its keys must be defined 7870 type: boolean 7871 x-kubernetes-map-type: atomic 7872 downwardAPI: 7873 description: downwardAPI information about the downwardAPI data to project 7874 type: object 7875 properties: 7876 items: 7877 description: Items is a list of DownwardAPIVolume file 7878 type: array 7879 items: 7880 description: DownwardAPIVolumeFile represents information to create the file containing the pod field 7881 type: object 7882 required: 7883 - path 7884 properties: 7885 fieldRef: 7886 description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' 7887 type: object 7888 required: 7889 - fieldPath 7890 properties: 7891 apiVersion: 7892 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 7893 type: string 7894 fieldPath: 7895 description: Path of the field to select in the specified API version. 7896 type: string 7897 x-kubernetes-map-type: atomic 7898 mode: 7899 description: |- 7900 Optional: mode bits used to set permissions on this file, must be an octal value 7901 between 0000 and 0777 or a decimal value between 0 and 511. 7902 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7903 If not specified, the volume defaultMode will be used. 7904 This might be in conflict with other options that affect the file 7905 mode, like fsGroup, and the result can be other mode bits set. 7906 type: integer 7907 format: int32 7908 path: 7909 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' 7910 type: string 7911 resourceFieldRef: 7912 description: |- 7913 Selects a resource of the container: only resources limits and requests 7914 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. 7915 type: object 7916 required: 7917 - resource 7918 properties: 7919 containerName: 7920 description: 'Container name: required for volumes, optional for env vars' 7921 type: string 7922 divisor: 7923 description: Specifies the output format of the exposed resources, defaults to "1" 7924 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7925 anyOf: 7926 - type: integer 7927 - type: string 7928 x-kubernetes-int-or-string: true 7929 resource: 7930 description: 'Required: resource to select' 7931 type: string 7932 x-kubernetes-map-type: atomic 7933 x-kubernetes-list-type: atomic 7934 secret: 7935 description: secret information about the secret data to project 7936 type: object 7937 properties: 7938 items: 7939 description: |- 7940 items if unspecified, each key-value pair in the Data field of the referenced 7941 Secret will be projected into the volume as a file whose name is the 7942 key and content is the value. If specified, the listed keys will be 7943 projected into the specified paths, and unlisted keys will not be 7944 present. If a key is specified which is not present in the Secret, 7945 the volume setup will error unless it is marked optional. Paths must be 7946 relative and may not contain the '..' path or start with '..'. 7947 type: array 7948 items: 7949 description: Maps a string key to a path within a volume. 7950 type: object 7951 required: 7952 - key 7953 - path 7954 properties: 7955 key: 7956 description: key is the key to project. 7957 type: string 7958 mode: 7959 description: |- 7960 mode is Optional: mode bits used to set permissions on this file. 7961 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7962 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7963 If not specified, the volume defaultMode will be used. 7964 This might be in conflict with other options that affect the file 7965 mode, like fsGroup, and the result can be other mode bits set. 7966 type: integer 7967 format: int32 7968 path: 7969 description: |- 7970 path is the relative path of the file to map the key to. 7971 May not be an absolute path. 7972 May not contain the path element '..'. 7973 May not start with the string '..'. 7974 type: string 7975 x-kubernetes-list-type: atomic 7976 name: 7977 description: |- 7978 Name of the referent. 7979 This field is effectively required, but due to backwards compatibility is 7980 allowed to be empty. Instances of this type with an empty value here are 7981 almost certainly wrong. 7982 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7983 type: string 7984 default: "" 7985 optional: 7986 description: optional field specify whether the Secret or its key must be defined 7987 type: boolean 7988 x-kubernetes-map-type: atomic 7989 serviceAccountToken: 7990 description: serviceAccountToken is information about the serviceAccountToken data to project 7991 type: object 7992 required: 7993 - path 7994 properties: 7995 audience: 7996 description: |- 7997 audience is the intended audience of the token. A recipient of a token 7998 must identify itself with an identifier specified in the audience of the 7999 token, and otherwise should reject the token. The audience defaults to the 8000 identifier of the apiserver. 8001 type: string 8002 expirationSeconds: 8003 description: |- 8004 expirationSeconds is the requested duration of validity of the service 8005 account token. As the token approaches expiration, the kubelet volume 8006 plugin will proactively rotate the service account token. The kubelet will 8007 start trying to rotate the token if the token is older than 80 percent of 8008 its time to live or if the token is older than 24 hours.Defaults to 1 hour 8009 and must be at least 10 minutes. 8010 type: integer 8011 format: int64 8012 path: 8013 description: |- 8014 path is the path relative to the mount point of the file to project the 8015 token into. 8016 type: string 8017 x-kubernetes-list-type: atomic 8018 quobyte: 8019 description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime 8020 type: object 8021 required: 8022 - registry 8023 - volume 8024 properties: 8025 group: 8026 description: |- 8027 group to map volume access to 8028 Default is no group 8029 type: string 8030 readOnly: 8031 description: |- 8032 readOnly here will force the Quobyte volume to be mounted with read-only permissions. 8033 Defaults to false. 8034 type: boolean 8035 registry: 8036 description: |- 8037 registry represents a single or multiple Quobyte Registry services 8038 specified as a string as host:port pair (multiple entries are separated with commas) 8039 which acts as the central registry for volumes 8040 type: string 8041 tenant: 8042 description: |- 8043 tenant owning the given Quobyte volume in the Backend 8044 Used with dynamically provisioned Quobyte volumes, value is set by the plugin 8045 type: string 8046 user: 8047 description: |- 8048 user to map volume access to 8049 Defaults to serivceaccount user 8050 type: string 8051 volume: 8052 description: volume is a string that references an already created Quobyte volume by name. 8053 type: string 8054 rbd: 8055 description: |- 8056 rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. 8057 More info: https://examples.k8s.io/volumes/rbd/README.md 8058 type: object 8059 required: 8060 - image 8061 - monitors 8062 properties: 8063 fsType: 8064 description: |- 8065 fsType is the filesystem type of the volume that you want to mount. 8066 Tip: Ensure that the filesystem type is supported by the host operating system. 8067 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 8068 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 8069 type: string 8070 image: 8071 description: |- 8072 image is the rados image name. 8073 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 8074 type: string 8075 keyring: 8076 description: |- 8077 keyring is the path to key ring for RBDUser. 8078 Default is /etc/ceph/keyring. 8079 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 8080 type: string 8081 default: /etc/ceph/keyring 8082 monitors: 8083 description: |- 8084 monitors is a collection of Ceph monitors. 8085 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 8086 type: array 8087 items: 8088 type: string 8089 x-kubernetes-list-type: atomic 8090 pool: 8091 description: |- 8092 pool is the rados pool name. 8093 Default is rbd. 8094 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 8095 type: string 8096 default: rbd 8097 readOnly: 8098 description: |- 8099 readOnly here will force the ReadOnly setting in VolumeMounts. 8100 Defaults to false. 8101 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 8102 type: boolean 8103 secretRef: 8104 description: |- 8105 secretRef is name of the authentication secret for RBDUser. If provided 8106 overrides keyring. 8107 Default is nil. 8108 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 8109 type: object 8110 properties: 8111 name: 8112 description: |- 8113 Name of the referent. 8114 This field is effectively required, but due to backwards compatibility is 8115 allowed to be empty. Instances of this type with an empty value here are 8116 almost certainly wrong. 8117 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8118 type: string 8119 default: "" 8120 x-kubernetes-map-type: atomic 8121 user: 8122 description: |- 8123 user is the rados user name. 8124 Default is admin. 8125 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 8126 type: string 8127 default: admin 8128 scaleIO: 8129 description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. 8130 type: object 8131 required: 8132 - gateway 8133 - secretRef 8134 - system 8135 properties: 8136 fsType: 8137 description: |- 8138 fsType is the filesystem type to mount. 8139 Must be a filesystem type supported by the host operating system. 8140 Ex. "ext4", "xfs", "ntfs". 8141 Default is "xfs". 8142 type: string 8143 default: xfs 8144 gateway: 8145 description: gateway is the host address of the ScaleIO API Gateway. 8146 type: string 8147 protectionDomain: 8148 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. 8149 type: string 8150 readOnly: 8151 description: |- 8152 readOnly Defaults to false (read/write). ReadOnly here will force 8153 the ReadOnly setting in VolumeMounts. 8154 type: boolean 8155 secretRef: 8156 description: |- 8157 secretRef references to the secret for ScaleIO user and other 8158 sensitive information. If this is not provided, Login operation will fail. 8159 type: object 8160 properties: 8161 name: 8162 description: |- 8163 Name of the referent. 8164 This field is effectively required, but due to backwards compatibility is 8165 allowed to be empty. Instances of this type with an empty value here are 8166 almost certainly wrong. 8167 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8168 type: string 8169 default: "" 8170 x-kubernetes-map-type: atomic 8171 sslEnabled: 8172 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false 8173 type: boolean 8174 storageMode: 8175 description: |- 8176 storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. 8177 Default is ThinProvisioned. 8178 type: string 8179 default: ThinProvisioned 8180 storagePool: 8181 description: storagePool is the ScaleIO Storage Pool associated with the protection domain. 8182 type: string 8183 system: 8184 description: system is the name of the storage system as configured in ScaleIO. 8185 type: string 8186 volumeName: 8187 description: |- 8188 volumeName is the name of a volume already created in the ScaleIO system 8189 that is associated with this volume source. 8190 type: string 8191 secret: 8192 description: |- 8193 secret represents a secret that should populate this volume. 8194 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret 8195 type: object 8196 properties: 8197 defaultMode: 8198 description: |- 8199 defaultMode is Optional: mode bits used to set permissions on created files by default. 8200 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 8201 YAML accepts both octal and decimal values, JSON requires decimal values 8202 for mode bits. Defaults to 0644. 8203 Directories within the path are not affected by this setting. 8204 This might be in conflict with other options that affect the file 8205 mode, like fsGroup, and the result can be other mode bits set. 8206 type: integer 8207 format: int32 8208 items: 8209 description: |- 8210 items If unspecified, each key-value pair in the Data field of the referenced 8211 Secret will be projected into the volume as a file whose name is the 8212 key and content is the value. If specified, the listed keys will be 8213 projected into the specified paths, and unlisted keys will not be 8214 present. If a key is specified which is not present in the Secret, 8215 the volume setup will error unless it is marked optional. Paths must be 8216 relative and may not contain the '..' path or start with '..'. 8217 type: array 8218 items: 8219 description: Maps a string key to a path within a volume. 8220 type: object 8221 required: 8222 - key 8223 - path 8224 properties: 8225 key: 8226 description: key is the key to project. 8227 type: string 8228 mode: 8229 description: |- 8230 mode is Optional: mode bits used to set permissions on this file. 8231 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 8232 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 8233 If not specified, the volume defaultMode will be used. 8234 This might be in conflict with other options that affect the file 8235 mode, like fsGroup, and the result can be other mode bits set. 8236 type: integer 8237 format: int32 8238 path: 8239 description: |- 8240 path is the relative path of the file to map the key to. 8241 May not be an absolute path. 8242 May not contain the path element '..'. 8243 May not start with the string '..'. 8244 type: string 8245 x-kubernetes-list-type: atomic 8246 optional: 8247 description: optional field specify whether the Secret or its keys must be defined 8248 type: boolean 8249 secretName: 8250 description: |- 8251 secretName is the name of the secret in the pod's namespace to use. 8252 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret 8253 type: string 8254 storageos: 8255 description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. 8256 type: object 8257 properties: 8258 fsType: 8259 description: |- 8260 fsType is the filesystem type to mount. 8261 Must be a filesystem type supported by the host operating system. 8262 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 8263 type: string 8264 readOnly: 8265 description: |- 8266 readOnly defaults to false (read/write). ReadOnly here will force 8267 the ReadOnly setting in VolumeMounts. 8268 type: boolean 8269 secretRef: 8270 description: |- 8271 secretRef specifies the secret to use for obtaining the StorageOS API 8272 credentials. If not specified, default values will be attempted. 8273 type: object 8274 properties: 8275 name: 8276 description: |- 8277 Name of the referent. 8278 This field is effectively required, but due to backwards compatibility is 8279 allowed to be empty. Instances of this type with an empty value here are 8280 almost certainly wrong. 8281 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8282 type: string 8283 default: "" 8284 x-kubernetes-map-type: atomic 8285 volumeName: 8286 description: |- 8287 volumeName is the human-readable name of the StorageOS volume. Volume 8288 names are only unique within a namespace. 8289 type: string 8290 volumeNamespace: 8291 description: |- 8292 volumeNamespace specifies the scope of the volume within StorageOS. If no 8293 namespace is specified then the Pod's namespace will be used. This allows the 8294 Kubernetes name scoping to be mirrored within StorageOS for tighter integration. 8295 Set VolumeName to any name to override the default behaviour. 8296 Set to "default" if you are not using namespaces within StorageOS. 8297 Namespaces that do not pre-exist within StorageOS will be created. 8298 type: string 8299 vsphereVolume: 8300 description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine 8301 type: object 8302 required: 8303 - volumePath 8304 properties: 8305 fsType: 8306 description: |- 8307 fsType is filesystem type to mount. 8308 Must be a filesystem type supported by the host operating system. 8309 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 8310 type: string 8311 storagePolicyID: 8312 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 8313 type: string 8314 storagePolicyName: 8315 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. 8316 type: string 8317 volumePath: 8318 description: volumePath is the path that identifies vSphere volume vmdk 8319 type: string 8320 x-kubernetes-list-map-keys: 8321 - name 8322 x-kubernetes-list-type: map 8323 permissions: 8324 type: array 8325 items: 8326 description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy 8327 type: object 8328 required: 8329 - rules 8330 - serviceAccountName 8331 properties: 8332 rules: 8333 type: array 8334 items: 8335 description: |- 8336 PolicyRule holds information that describes a policy rule, but does not contain information 8337 about who the rule applies to or which namespace the rule applies to. 8338 type: object 8339 required: 8340 - verbs 8341 properties: 8342 apiGroups: 8343 description: |- 8344 APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of 8345 the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. 8346 type: array 8347 items: 8348 type: string 8349 x-kubernetes-list-type: atomic 8350 nonResourceURLs: 8351 description: |- 8352 NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path 8353 Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. 8354 Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. 8355 type: array 8356 items: 8357 type: string 8358 x-kubernetes-list-type: atomic 8359 resourceNames: 8360 description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. 8361 type: array 8362 items: 8363 type: string 8364 x-kubernetes-list-type: atomic 8365 resources: 8366 description: Resources is a list of resources this rule applies to. '*' represents all resources. 8367 type: array 8368 items: 8369 type: string 8370 x-kubernetes-list-type: atomic 8371 verbs: 8372 description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. 8373 type: array 8374 items: 8375 type: string 8376 x-kubernetes-list-type: atomic 8377 serviceAccountName: 8378 type: string 8379 strategy: 8380 type: string 8381 installModes: 8382 description: InstallModes specify supported installation types 8383 type: array 8384 items: 8385 description: InstallMode associates an InstallModeType with a flag representing if the CSV supports it 8386 type: object 8387 required: 8388 - supported 8389 - type 8390 properties: 8391 supported: 8392 type: boolean 8393 type: 8394 description: InstallModeType is a supported type of install mode for CSV installation 8395 type: string 8396 keywords: 8397 description: A list of keywords describing the operator. 8398 type: array 8399 items: 8400 type: string 8401 labels: 8402 description: |- 8403 Map of string keys and values that can be used to organize and categorize 8404 (scope and select) objects. 8405 type: object 8406 additionalProperties: 8407 type: string 8408 links: 8409 description: A list of links related to the operator. 8410 type: array 8411 items: 8412 type: object 8413 properties: 8414 name: 8415 type: string 8416 url: 8417 type: string 8418 maintainers: 8419 description: A list of organizational entities maintaining the operator. 8420 type: array 8421 items: 8422 type: object 8423 properties: 8424 email: 8425 type: string 8426 name: 8427 type: string 8428 maturity: 8429 type: string 8430 minKubeVersion: 8431 type: string 8432 nativeAPIs: 8433 type: array 8434 items: 8435 description: |- 8436 GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion 8437 to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling 8438 type: object 8439 required: 8440 - group 8441 - kind 8442 - version 8443 properties: 8444 group: 8445 type: string 8446 kind: 8447 type: string 8448 version: 8449 type: string 8450 provider: 8451 description: The publishing entity behind the operator. 8452 type: object 8453 properties: 8454 name: 8455 type: string 8456 url: 8457 type: string 8458 relatedImages: 8459 description: |- 8460 List any related images, or other container images that your Operator might require to perform their functions. 8461 This list should also include operand images as well. All image references should be specified by 8462 digest (SHA) and not by tag. This field is only used during catalog creation and plays no part in cluster runtime. 8463 type: array 8464 items: 8465 type: object 8466 required: 8467 - image 8468 - name 8469 properties: 8470 image: 8471 type: string 8472 name: 8473 type: string 8474 replaces: 8475 description: The name of a CSV this one replaces. Should match the `metadata.Name` field of the old CSV. 8476 type: string 8477 selector: 8478 description: Label selector for related resources. 8479 type: object 8480 properties: 8481 matchExpressions: 8482 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 8483 type: array 8484 items: 8485 description: |- 8486 A label selector requirement is a selector that contains values, a key, and an operator that 8487 relates the key and values. 8488 type: object 8489 required: 8490 - key 8491 - operator 8492 properties: 8493 key: 8494 description: key is the label key that the selector applies to. 8495 type: string 8496 operator: 8497 description: |- 8498 operator represents a key's relationship to a set of values. 8499 Valid operators are In, NotIn, Exists and DoesNotExist. 8500 type: string 8501 values: 8502 description: |- 8503 values is an array of string values. If the operator is In or NotIn, 8504 the values array must be non-empty. If the operator is Exists or DoesNotExist, 8505 the values array must be empty. This array is replaced during a strategic 8506 merge patch. 8507 type: array 8508 items: 8509 type: string 8510 x-kubernetes-list-type: atomic 8511 x-kubernetes-list-type: atomic 8512 matchLabels: 8513 description: |- 8514 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 8515 map is equivalent to an element of matchExpressions, whose key field is "key", the 8516 operator is "In", and the values array contains only "value". The requirements are ANDed. 8517 type: object 8518 additionalProperties: 8519 type: string 8520 x-kubernetes-map-type: atomic 8521 skips: 8522 description: |- 8523 The name(s) of one or more CSV(s) that should be skipped in the upgrade graph. 8524 Should match the `metadata.Name` field of the CSV that should be skipped. 8525 This field is only used during catalog creation and plays no part in cluster runtime. 8526 type: array 8527 items: 8528 type: string 8529 version: 8530 type: string 8531 webhookdefinitions: 8532 type: array 8533 items: 8534 description: WebhookDescription provides details to OLM about required webhooks 8535 type: object 8536 required: 8537 - admissionReviewVersions 8538 - generateName 8539 - sideEffects 8540 - type 8541 properties: 8542 admissionReviewVersions: 8543 type: array 8544 items: 8545 type: string 8546 containerPort: 8547 type: integer 8548 format: int32 8549 default: 443 8550 maximum: 65535 8551 minimum: 1 8552 conversionCRDs: 8553 type: array 8554 items: 8555 type: string 8556 deploymentName: 8557 type: string 8558 failurePolicy: 8559 description: FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled. 8560 type: string 8561 generateName: 8562 type: string 8563 matchPolicy: 8564 description: MatchPolicyType specifies the type of match policy. 8565 type: string 8566 objectSelector: 8567 description: |- 8568 A label selector is a label query over a set of resources. The result of matchLabels and 8569 matchExpressions are ANDed. An empty label selector matches all objects. A null 8570 label selector matches no objects. 8571 type: object 8572 properties: 8573 matchExpressions: 8574 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 8575 type: array 8576 items: 8577 description: |- 8578 A label selector requirement is a selector that contains values, a key, and an operator that 8579 relates the key and values. 8580 type: object 8581 required: 8582 - key 8583 - operator 8584 properties: 8585 key: 8586 description: key is the label key that the selector applies to. 8587 type: string 8588 operator: 8589 description: |- 8590 operator represents a key's relationship to a set of values. 8591 Valid operators are In, NotIn, Exists and DoesNotExist. 8592 type: string 8593 values: 8594 description: |- 8595 values is an array of string values. If the operator is In or NotIn, 8596 the values array must be non-empty. If the operator is Exists or DoesNotExist, 8597 the values array must be empty. This array is replaced during a strategic 8598 merge patch. 8599 type: array 8600 items: 8601 type: string 8602 x-kubernetes-list-type: atomic 8603 x-kubernetes-list-type: atomic 8604 matchLabels: 8605 description: |- 8606 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 8607 map is equivalent to an element of matchExpressions, whose key field is "key", the 8608 operator is "In", and the values array contains only "value". The requirements are ANDed. 8609 type: object 8610 additionalProperties: 8611 type: string 8612 x-kubernetes-map-type: atomic 8613 reinvocationPolicy: 8614 description: ReinvocationPolicyType specifies what type of policy the admission hook uses. 8615 type: string 8616 rules: 8617 type: array 8618 items: 8619 description: |- 8620 RuleWithOperations is a tuple of Operations and Resources. It is recommended to make 8621 sure that all the tuple expansions are valid. 8622 type: object 8623 properties: 8624 apiGroups: 8625 description: |- 8626 APIGroups is the API groups the resources belong to. '*' is all groups. 8627 If '*' is present, the length of the slice must be one. 8628 Required. 8629 type: array 8630 items: 8631 type: string 8632 x-kubernetes-list-type: atomic 8633 apiVersions: 8634 description: |- 8635 APIVersions is the API versions the resources belong to. '*' is all versions. 8636 If '*' is present, the length of the slice must be one. 8637 Required. 8638 type: array 8639 items: 8640 type: string 8641 x-kubernetes-list-type: atomic 8642 operations: 8643 description: |- 8644 Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * 8645 for all of those operations and any future admission operations that are added. 8646 If '*' is present, the length of the slice must be one. 8647 Required. 8648 type: array 8649 items: 8650 description: OperationType specifies an operation for a request. 8651 type: string 8652 x-kubernetes-list-type: atomic 8653 resources: 8654 description: |- 8655 Resources is a list of resources this rule applies to. 8656 8657 For example: 8658 'pods' means pods. 8659 'pods/log' means the log subresource of pods. 8660 '*' means all resources, but not subresources. 8661 'pods/*' means all subresources of pods. 8662 '*/scale' means all scale subresources. 8663 '*/*' means all resources and their subresources. 8664 8665 If wildcard is present, the validation rule will ensure resources do not 8666 overlap with each other. 8667 8668 Depending on the enclosing object, subresources might not be allowed. 8669 Required. 8670 type: array 8671 items: 8672 type: string 8673 x-kubernetes-list-type: atomic 8674 scope: 8675 description: |- 8676 scope specifies the scope of this rule. 8677 Valid values are "Cluster", "Namespaced", and "*" 8678 "Cluster" means that only cluster-scoped resources will match this rule. 8679 Namespace API objects are cluster-scoped. 8680 "Namespaced" means that only namespaced resources will match this rule. 8681 "*" means that there are no scope restrictions. 8682 Subresources match the scope of their parent resource. 8683 Default is "*". 8684 type: string 8685 sideEffects: 8686 description: SideEffectClass specifies the types of side effects a webhook may have. 8687 type: string 8688 targetPort: 8689 anyOf: 8690 - type: integer 8691 - type: string 8692 x-kubernetes-int-or-string: true 8693 timeoutSeconds: 8694 type: integer 8695 format: int32 8696 type: 8697 description: WebhookAdmissionType is the type of admission webhooks supported by OLM 8698 type: string 8699 enum: 8700 - ValidatingAdmissionWebhook 8701 - MutatingAdmissionWebhook 8702 - ConversionWebhook 8703 webhookPath: 8704 type: string 8705 status: 8706 description: |- 8707 ClusterServiceVersionStatus represents information about the status of a CSV. Status may trail the actual 8708 state of a system. 8709 type: object 8710 properties: 8711 certsLastUpdated: 8712 description: Last time the owned APIService certs were updated 8713 type: string 8714 format: date-time 8715 certsRotateAt: 8716 description: Time the owned APIService certs will rotate next 8717 type: string 8718 format: date-time 8719 cleanup: 8720 description: CleanupStatus represents information about the status of cleanup while a CSV is pending deletion 8721 type: object 8722 properties: 8723 pendingDeletion: 8724 description: |- 8725 PendingDeletion is the list of custom resource objects that are pending deletion and blocked on finalizers. 8726 This indicates the progress of cleanup that is blocking CSV deletion or operator uninstall. 8727 type: array 8728 items: 8729 description: ResourceList represents a list of resources which are of the same Group/Kind 8730 type: object 8731 required: 8732 - group 8733 - instances 8734 - kind 8735 properties: 8736 group: 8737 type: string 8738 instances: 8739 type: array 8740 items: 8741 type: object 8742 required: 8743 - name 8744 properties: 8745 name: 8746 type: string 8747 namespace: 8748 description: Namespace can be empty for cluster-scoped resources 8749 type: string 8750 kind: 8751 type: string 8752 conditions: 8753 description: List of conditions, a history of state transitions 8754 type: array 8755 items: 8756 description: Conditions appear in the status as a record of state transitions on the ClusterServiceVersion 8757 type: object 8758 properties: 8759 lastTransitionTime: 8760 description: Last time the status transitioned from one status to another. 8761 type: string 8762 format: date-time 8763 lastUpdateTime: 8764 description: Last time we updated the status 8765 type: string 8766 format: date-time 8767 message: 8768 description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. 8769 type: string 8770 phase: 8771 description: Condition of the ClusterServiceVersion 8772 type: string 8773 reason: 8774 description: |- 8775 A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. 8776 e.g. 'RequirementsNotMet' 8777 type: string 8778 lastTransitionTime: 8779 description: Last time the status transitioned from one status to another. 8780 type: string 8781 format: date-time 8782 lastUpdateTime: 8783 description: Last time we updated the status 8784 type: string 8785 format: date-time 8786 message: 8787 description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. 8788 type: string 8789 phase: 8790 description: Current condition of the ClusterServiceVersion 8791 type: string 8792 reason: 8793 description: |- 8794 A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. 8795 e.g. 'RequirementsNotMet' 8796 type: string 8797 requirementStatus: 8798 description: The status of each requirement for this CSV 8799 type: array 8800 items: 8801 type: object 8802 required: 8803 - group 8804 - kind 8805 - message 8806 - name 8807 - status 8808 - version 8809 properties: 8810 dependents: 8811 type: array 8812 items: 8813 description: DependentStatus is the status for a dependent requirement (to prevent infinite nesting) 8814 type: object 8815 required: 8816 - group 8817 - kind 8818 - status 8819 - version 8820 properties: 8821 group: 8822 type: string 8823 kind: 8824 type: string 8825 message: 8826 type: string 8827 status: 8828 description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus 8829 type: string 8830 uuid: 8831 type: string 8832 version: 8833 type: string 8834 group: 8835 type: string 8836 kind: 8837 type: string 8838 message: 8839 type: string 8840 name: 8841 type: string 8842 status: 8843 description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus 8844 type: string 8845 uuid: 8846 type: string 8847 version: 8848 type: string 8849 served: true 8850 storage: true 8851 subresources: 8852 status: {}