github.com/operator-framework/operator-lifecycle-manager@v0.30.0/deploy/upstream/manifests/0.14.1/0000_50_olm_03-clusterserviceversion.crd.yaml (about) 1 --- 2 # Source: olm/templates/0000_50_olm_03-clusterserviceversion.crd.yaml 3 apiVersion: apiextensions.k8s.io/v1beta1 4 kind: CustomResourceDefinition 5 metadata: 6 name: clusterserviceversions.operators.coreos.com 7 annotations: 8 displayName: Operator Version 9 description: Represents an Operator that should be running on the cluster, including 10 requirements and install strategy. 11 spec: 12 names: 13 plural: clusterserviceversions 14 singular: clusterserviceversion 15 kind: ClusterServiceVersion 16 listKind: ClusterServiceVersionList 17 shortNames: 18 - csv 19 - csvs 20 categories: 21 - olm 22 additionalPrinterColumns: 23 - name: Display 24 type: string 25 description: The name of the CSV 26 JSONPath: .spec.displayName 27 - name: Version 28 type: string 29 description: The version of the CSV 30 JSONPath: .spec.version 31 - name: Replaces 32 type: string 33 description: The name of a CSV that this one replaces 34 JSONPath: .spec.replaces 35 - name: Phase 36 type: string 37 JSONPath: .status.phase 38 group: operators.coreos.com 39 version: v1alpha1 40 versions: 41 - name: v1alpha1 42 served: true 43 storage: true 44 scope: Namespaced 45 preserveUnknownFields: false 46 subresources: 47 status: {} 48 validation: 49 openAPIV3Schema: 50 description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. 51 type: object 52 required: 53 - metadata 54 - spec 55 properties: 56 apiVersion: 57 description: 'APIVersion defines the versioned schema of this representation 58 of an object. Servers should convert recognized schemas to the latest 59 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 60 type: string 61 kind: 62 description: 'Kind is a string value representing the REST resource this 63 object represents. Servers may infer this from the endpoint the client 64 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 65 type: string 66 metadata: 67 type: object 68 spec: 69 description: ClusterServiceVersionSpec declarations tell OLM how to install 70 an operator that can manage apps for a given version. 71 type: object 72 required: 73 - displayName 74 - install 75 properties: 76 annotations: 77 description: Annotations is an unstructured key value map stored with 78 a resource that may be set by external tools to store and retrieve 79 arbitrary metadata. 80 type: object 81 additionalProperties: 82 type: string 83 apiservicedefinitions: 84 description: APIServiceDefinitions declares all of the extension apis 85 managed or required by an operator being ran by ClusterServiceVersion. 86 type: object 87 properties: 88 owned: 89 type: array 90 items: 91 description: APIServiceDescription provides details to OLM about 92 apis provided via aggregation 93 type: object 94 required: 95 - group 96 - kind 97 - name 98 - version 99 properties: 100 actionDescriptors: 101 type: array 102 items: 103 description: ActionDescriptor describes a declarative action 104 that can be performed on a custom resource instance 105 type: object 106 required: 107 - path 108 properties: 109 description: 110 type: string 111 displayName: 112 type: string 113 path: 114 type: string 115 value: 116 description: RawMessage is a raw encoded JSON value. 117 It implements Marshaler and Unmarshaler and can be 118 used to delay JSON decoding or precompute a JSON encoding. 119 type: string 120 format: byte 121 x-descriptors: 122 type: array 123 items: 124 type: string 125 containerPort: 126 type: integer 127 format: int32 128 deploymentName: 129 type: string 130 description: 131 type: string 132 displayName: 133 type: string 134 group: 135 type: string 136 kind: 137 type: string 138 name: 139 type: string 140 resources: 141 type: array 142 items: 143 description: APIResourceReference is a Kubernetes resource 144 type used by a custom resource 145 type: object 146 required: 147 - kind 148 - name 149 - version 150 properties: 151 kind: 152 type: string 153 name: 154 type: string 155 version: 156 type: string 157 specDescriptors: 158 type: array 159 items: 160 description: SpecDescriptor describes a field in a spec 161 block of a CRD so that OLM can consume it 162 type: object 163 required: 164 - path 165 properties: 166 description: 167 type: string 168 displayName: 169 type: string 170 path: 171 type: string 172 value: 173 description: RawMessage is a raw encoded JSON value. 174 It implements Marshaler and Unmarshaler and can be 175 used to delay JSON decoding or precompute a JSON encoding. 176 type: string 177 format: byte 178 x-descriptors: 179 type: array 180 items: 181 type: string 182 statusDescriptors: 183 type: array 184 items: 185 description: StatusDescriptor describes a field in a status 186 block of a CRD so that OLM can consume it 187 type: object 188 required: 189 - path 190 properties: 191 description: 192 type: string 193 displayName: 194 type: string 195 path: 196 type: string 197 value: 198 description: RawMessage is a raw encoded JSON value. 199 It implements Marshaler and Unmarshaler and can be 200 used to delay JSON decoding or precompute a JSON encoding. 201 type: string 202 format: byte 203 x-descriptors: 204 type: array 205 items: 206 type: string 207 version: 208 type: string 209 required: 210 type: array 211 items: 212 description: APIServiceDescription provides details to OLM about 213 apis provided via aggregation 214 type: object 215 required: 216 - group 217 - kind 218 - name 219 - version 220 properties: 221 actionDescriptors: 222 type: array 223 items: 224 description: ActionDescriptor describes a declarative action 225 that can be performed on a custom resource instance 226 type: object 227 required: 228 - path 229 properties: 230 description: 231 type: string 232 displayName: 233 type: string 234 path: 235 type: string 236 value: 237 description: RawMessage is a raw encoded JSON value. 238 It implements Marshaler and Unmarshaler and can be 239 used to delay JSON decoding or precompute a JSON encoding. 240 type: string 241 format: byte 242 x-descriptors: 243 type: array 244 items: 245 type: string 246 containerPort: 247 type: integer 248 format: int32 249 deploymentName: 250 type: string 251 description: 252 type: string 253 displayName: 254 type: string 255 group: 256 type: string 257 kind: 258 type: string 259 name: 260 type: string 261 resources: 262 type: array 263 items: 264 description: APIResourceReference is a Kubernetes resource 265 type used by a custom resource 266 type: object 267 required: 268 - kind 269 - name 270 - version 271 properties: 272 kind: 273 type: string 274 name: 275 type: string 276 version: 277 type: string 278 specDescriptors: 279 type: array 280 items: 281 description: SpecDescriptor describes a field in a spec 282 block of a CRD so that OLM can consume it 283 type: object 284 required: 285 - path 286 properties: 287 description: 288 type: string 289 displayName: 290 type: string 291 path: 292 type: string 293 value: 294 description: RawMessage is a raw encoded JSON value. 295 It implements Marshaler and Unmarshaler and can be 296 used to delay JSON decoding or precompute a JSON encoding. 297 type: string 298 format: byte 299 x-descriptors: 300 type: array 301 items: 302 type: string 303 statusDescriptors: 304 type: array 305 items: 306 description: StatusDescriptor describes a field in a status 307 block of a CRD so that OLM can consume it 308 type: object 309 required: 310 - path 311 properties: 312 description: 313 type: string 314 displayName: 315 type: string 316 path: 317 type: string 318 value: 319 description: RawMessage is a raw encoded JSON value. 320 It implements Marshaler and Unmarshaler and can be 321 used to delay JSON decoding or precompute a JSON encoding. 322 type: string 323 format: byte 324 x-descriptors: 325 type: array 326 items: 327 type: string 328 version: 329 type: string 330 customresourcedefinitions: 331 description: "CustomResourceDefinitions declares all of the CRDs managed 332 or required by an operator being ran by ClusterServiceVersion. \n 333 If the CRD is present in the Owned list, it is implicitly required." 334 type: object 335 properties: 336 owned: 337 type: array 338 items: 339 description: CRDDescription provides details to OLM about the 340 CRDs 341 type: object 342 required: 343 - kind 344 - name 345 - version 346 properties: 347 actionDescriptors: 348 type: array 349 items: 350 description: ActionDescriptor describes a declarative action 351 that can be performed on a custom resource instance 352 type: object 353 required: 354 - path 355 properties: 356 description: 357 type: string 358 displayName: 359 type: string 360 path: 361 type: string 362 value: 363 description: RawMessage is a raw encoded JSON value. 364 It implements Marshaler and Unmarshaler and can be 365 used to delay JSON decoding or precompute a JSON encoding. 366 type: string 367 format: byte 368 x-descriptors: 369 type: array 370 items: 371 type: string 372 description: 373 type: string 374 displayName: 375 type: string 376 kind: 377 type: string 378 name: 379 type: string 380 resources: 381 type: array 382 items: 383 description: APIResourceReference is a Kubernetes resource 384 type used by a custom resource 385 type: object 386 required: 387 - kind 388 - name 389 - version 390 properties: 391 kind: 392 type: string 393 name: 394 type: string 395 version: 396 type: string 397 specDescriptors: 398 type: array 399 items: 400 description: SpecDescriptor describes a field in a spec 401 block of a CRD so that OLM can consume it 402 type: object 403 required: 404 - path 405 properties: 406 description: 407 type: string 408 displayName: 409 type: string 410 path: 411 type: string 412 value: 413 description: RawMessage is a raw encoded JSON value. 414 It implements Marshaler and Unmarshaler and can be 415 used to delay JSON decoding or precompute a JSON encoding. 416 type: string 417 format: byte 418 x-descriptors: 419 type: array 420 items: 421 type: string 422 statusDescriptors: 423 type: array 424 items: 425 description: StatusDescriptor describes a field in a status 426 block of a CRD so that OLM can consume it 427 type: object 428 required: 429 - path 430 properties: 431 description: 432 type: string 433 displayName: 434 type: string 435 path: 436 type: string 437 value: 438 description: RawMessage is a raw encoded JSON value. 439 It implements Marshaler and Unmarshaler and can be 440 used to delay JSON decoding or precompute a JSON encoding. 441 type: string 442 format: byte 443 x-descriptors: 444 type: array 445 items: 446 type: string 447 version: 448 type: string 449 required: 450 type: array 451 items: 452 description: CRDDescription provides details to OLM about the 453 CRDs 454 type: object 455 required: 456 - kind 457 - name 458 - version 459 properties: 460 actionDescriptors: 461 type: array 462 items: 463 description: ActionDescriptor describes a declarative action 464 that can be performed on a custom resource instance 465 type: object 466 required: 467 - path 468 properties: 469 description: 470 type: string 471 displayName: 472 type: string 473 path: 474 type: string 475 value: 476 description: RawMessage is a raw encoded JSON value. 477 It implements Marshaler and Unmarshaler and can be 478 used to delay JSON decoding or precompute a JSON encoding. 479 type: string 480 format: byte 481 x-descriptors: 482 type: array 483 items: 484 type: string 485 description: 486 type: string 487 displayName: 488 type: string 489 kind: 490 type: string 491 name: 492 type: string 493 resources: 494 type: array 495 items: 496 description: APIResourceReference is a Kubernetes resource 497 type used by a custom resource 498 type: object 499 required: 500 - kind 501 - name 502 - version 503 properties: 504 kind: 505 type: string 506 name: 507 type: string 508 version: 509 type: string 510 specDescriptors: 511 type: array 512 items: 513 description: SpecDescriptor describes a field in a spec 514 block of a CRD so that OLM can consume it 515 type: object 516 required: 517 - path 518 properties: 519 description: 520 type: string 521 displayName: 522 type: string 523 path: 524 type: string 525 value: 526 description: RawMessage is a raw encoded JSON value. 527 It implements Marshaler and Unmarshaler and can be 528 used to delay JSON decoding or precompute a JSON encoding. 529 type: string 530 format: byte 531 x-descriptors: 532 type: array 533 items: 534 type: string 535 statusDescriptors: 536 type: array 537 items: 538 description: StatusDescriptor describes a field in a status 539 block of a CRD so that OLM can consume it 540 type: object 541 required: 542 - path 543 properties: 544 description: 545 type: string 546 displayName: 547 type: string 548 path: 549 type: string 550 value: 551 description: RawMessage is a raw encoded JSON value. 552 It implements Marshaler and Unmarshaler and can be 553 used to delay JSON decoding or precompute a JSON encoding. 554 type: string 555 format: byte 556 x-descriptors: 557 type: array 558 items: 559 type: string 560 version: 561 type: string 562 description: 563 type: string 564 displayName: 565 type: string 566 icon: 567 type: array 568 items: 569 type: object 570 required: 571 - base64data 572 - mediatype 573 properties: 574 base64data: 575 type: string 576 mediatype: 577 type: string 578 install: 579 description: NamedInstallStrategy represents the block of an ClusterServiceVersion 580 resource where the install strategy is specified. 581 type: object 582 required: 583 - strategy 584 properties: 585 spec: 586 description: StrategyDetailsDeployment represents the parsed details 587 of a Deployment InstallStrategy. 588 type: object 589 required: 590 - deployments 591 properties: 592 clusterPermissions: 593 type: array 594 items: 595 description: StrategyDeploymentPermissions describe the rbac 596 rules and service account needed by the install strategy 597 type: object 598 required: 599 - rules 600 - serviceAccountName 601 properties: 602 rules: 603 type: array 604 items: 605 description: PolicyRule holds information that describes 606 a policy rule, but does not contain information about 607 who the rule applies to or which namespace the rule 608 applies to. 609 type: object 610 required: 611 - verbs 612 properties: 613 apiGroups: 614 description: APIGroups is the name of the APIGroup 615 that contains the resources. If multiple API 616 groups are specified, any action requested against 617 one of the enumerated resources in any API group 618 will be allowed. 619 type: array 620 items: 621 type: string 622 nonResourceURLs: 623 description: NonResourceURLs is a set of partial 624 urls that a user should have access to. *s are 625 allowed, but only as the full, final step in the 626 path Since non-resource URLs are not namespaced, 627 this field is only applicable for ClusterRoles 628 referenced from a ClusterRoleBinding. Rules can 629 either apply to API resources (such as "pods" 630 or "secrets") or non-resource URL paths (such 631 as "/api"), but not both. 632 type: array 633 items: 634 type: string 635 resourceNames: 636 description: ResourceNames is an optional white 637 list of names that the rule applies to. An empty 638 set means that everything is allowed. 639 type: array 640 items: 641 type: string 642 resources: 643 description: Resources is a list of resources this 644 rule applies to. ResourceAll represents all resources. 645 type: array 646 items: 647 type: string 648 verbs: 649 description: Verbs is a list of Verbs that apply 650 to ALL the ResourceKinds and AttributeRestrictions 651 contained in this rule. VerbAll represents all 652 kinds. 653 type: array 654 items: 655 type: string 656 serviceAccountName: 657 type: string 658 deployments: 659 type: array 660 items: 661 description: StrategyDeploymentSpec contains the name and 662 spec for the deployment ALM should create 663 type: object 664 required: 665 - name 666 - spec 667 properties: 668 name: 669 type: string 670 spec: 671 description: DeploymentSpec is the specification of the 672 desired behavior of the Deployment. 673 type: object 674 required: 675 - selector 676 - template 677 properties: 678 minReadySeconds: 679 description: Minimum number of seconds for which a 680 newly created pod should be ready without any of 681 its container crashing, for it to be considered 682 available. Defaults to 0 (pod will be considered 683 available as soon as it is ready) 684 type: integer 685 format: int32 686 paused: 687 description: Indicates that the deployment is paused. 688 type: boolean 689 progressDeadlineSeconds: 690 description: The maximum time in seconds for a deployment 691 to make progress before it is considered to be failed. 692 The deployment controller will continue to process 693 failed deployments and a condition with a ProgressDeadlineExceeded 694 reason will be surfaced in the deployment status. 695 Note that progress will not be estimated during 696 the time a deployment is paused. Defaults to 600s. 697 type: integer 698 format: int32 699 replicas: 700 description: Number of desired pods. This is a pointer 701 to distinguish between explicit zero and not specified. 702 Defaults to 1. 703 type: integer 704 format: int32 705 revisionHistoryLimit: 706 description: The number of old ReplicaSets to retain 707 to allow rollback. This is a pointer to distinguish 708 between explicit zero and not specified. Defaults 709 to 10. 710 type: integer 711 format: int32 712 selector: 713 description: Label selector for pods. Existing ReplicaSets 714 whose pods are selected by this will be the ones 715 affected by this deployment. It must match the pod 716 template's labels. 717 type: object 718 properties: 719 matchExpressions: 720 description: matchExpressions is a list of label 721 selector requirements. The requirements are 722 ANDed. 723 type: array 724 items: 725 description: A label selector requirement is 726 a selector that contains values, a key, and 727 an operator that relates the key and values. 728 type: object 729 required: 730 - key 731 - operator 732 properties: 733 key: 734 description: key is the label key that the 735 selector applies to. 736 type: string 737 operator: 738 description: operator represents a key's 739 relationship to a set of values. Valid 740 operators are In, NotIn, Exists and DoesNotExist. 741 type: string 742 values: 743 description: values is an array of string 744 values. If the operator is In or NotIn, 745 the values array must be non-empty. If 746 the operator is Exists or DoesNotExist, 747 the values array must be empty. This array 748 is replaced during a strategic merge patch. 749 type: array 750 items: 751 type: string 752 matchLabels: 753 description: matchLabels is a map of {key,value} 754 pairs. A single {key,value} in the matchLabels 755 map is equivalent to an element of matchExpressions, 756 whose key field is "key", the operator is "In", 757 and the values array contains only "value". 758 The requirements are ANDed. 759 type: object 760 additionalProperties: 761 type: string 762 strategy: 763 description: The deployment strategy to use to replace 764 existing pods with new ones. 765 type: object 766 properties: 767 rollingUpdate: 768 description: 'Rolling update config params. Present 769 only if DeploymentStrategyType = RollingUpdate. 770 --- TODO: Update this to follow our convention 771 for oneOf, whatever we decide it to be.' 772 type: object 773 properties: 774 maxSurge: 775 description: 'The maximum number of pods that 776 can be scheduled above the desired number 777 of pods. Value can be an absolute number 778 (ex: 5) or a percentage of desired pods 779 (ex: 10%). This can not be 0 if MaxUnavailable 780 is 0. Absolute number is calculated from 781 percentage by rounding up. Defaults to 25%. 782 Example: when this is set to 30%, the new 783 ReplicaSet can be scaled up immediately 784 when the rolling update starts, such that 785 the total number of old and new pods do 786 not exceed 130% of desired pods. Once old 787 pods have been killed, new ReplicaSet can 788 be scaled up further, ensuring that total 789 number of pods running at any time during 790 the update is at most 130% of desired pods.' 791 anyOf: 792 - type: integer 793 - type: string 794 x-kubernetes-int-or-string: true 795 maxUnavailable: 796 description: 'The maximum number of pods that 797 can be unavailable during the update. Value 798 can be an absolute number (ex: 5) or a percentage 799 of desired pods (ex: 10%). Absolute number 800 is calculated from percentage by rounding 801 down. This can not be 0 if MaxSurge is 0. 802 Defaults to 25%. Example: when this is set 803 to 30%, the old ReplicaSet can be scaled 804 down to 70% of desired pods immediately 805 when the rolling update starts. Once new 806 pods are ready, old ReplicaSet can be scaled 807 down further, followed by scaling up the 808 new ReplicaSet, ensuring that the total 809 number of pods available at all times during 810 the update is at least 70% of desired pods.' 811 anyOf: 812 - type: integer 813 - type: string 814 x-kubernetes-int-or-string: true 815 type: 816 description: Type of deployment. Can be "Recreate" 817 or "RollingUpdate". Default is RollingUpdate. 818 type: string 819 template: 820 description: Template describes the pods that will 821 be created. 822 type: object 823 properties: 824 metadata: 825 description: 'Standard object''s metadata. More 826 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 827 type: object 828 x-kubernetes-preserve-unknown-fields: true 829 spec: 830 description: 'Specification of the desired behavior 831 of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 832 type: object 833 required: 834 - containers 835 properties: 836 activeDeadlineSeconds: 837 description: Optional duration in seconds 838 the pod may be active on the node relative 839 to StartTime before the system will actively 840 try to mark it failed and kill associated 841 containers. Value must be a positive integer. 842 type: integer 843 format: int64 844 affinity: 845 description: If specified, the pod's scheduling 846 constraints 847 type: object 848 properties: 849 nodeAffinity: 850 description: Describes node affinity scheduling 851 rules for the pod. 852 type: object 853 properties: 854 preferredDuringSchedulingIgnoredDuringExecution: 855 description: The scheduler will prefer 856 to schedule pods to nodes that satisfy 857 the affinity expressions specified 858 by this field, but it may choose 859 a node that violates one or more 860 of the expressions. The node that 861 is most preferred is the one with 862 the greatest sum of weights, i.e. 863 for each node that meets all of 864 the scheduling requirements (resource 865 request, requiredDuringScheduling 866 affinity expressions, etc.), compute 867 a sum by iterating through the elements 868 of this field and adding "weight" 869 to the sum if the node matches the 870 corresponding matchExpressions; 871 the node(s) with the highest sum 872 are the most preferred. 873 type: array 874 items: 875 description: An empty preferred 876 scheduling term matches all objects 877 with implicit weight 0 (i.e. it's 878 a no-op). A null preferred scheduling 879 term matches no objects (i.e. 880 is also a no-op). 881 type: object 882 required: 883 - preference 884 - weight 885 properties: 886 preference: 887 description: A node selector 888 term, associated with the 889 corresponding weight. 890 type: object 891 properties: 892 matchExpressions: 893 description: A list of node 894 selector requirements 895 by node's labels. 896 type: array 897 items: 898 description: A node selector 899 requirement is a selector 900 that contains values, 901 a key, and an operator 902 that relates the key 903 and values. 904 type: object 905 required: 906 - key 907 - operator 908 properties: 909 key: 910 description: The label 911 key that the selector 912 applies to. 913 type: string 914 operator: 915 description: Represents 916 a key's relationship 917 to a set of values. 918 Valid operators 919 are In, NotIn, Exists, 920 DoesNotExist. Gt, 921 and Lt. 922 type: string 923 values: 924 description: An array 925 of string values. 926 If the operator 927 is In or NotIn, 928 the values array 929 must be non-empty. 930 If the operator 931 is Exists or DoesNotExist, 932 the values array 933 must be empty. If 934 the operator is 935 Gt or Lt, the values 936 array must have 937 a single element, 938 which will be interpreted 939 as an integer. This 940 array is replaced 941 during a strategic 942 merge patch. 943 type: array 944 items: 945 type: string 946 matchFields: 947 description: A list of node 948 selector requirements 949 by node's fields. 950 type: array 951 items: 952 description: A node selector 953 requirement is a selector 954 that contains values, 955 a key, and an operator 956 that relates the key 957 and values. 958 type: object 959 required: 960 - key 961 - operator 962 properties: 963 key: 964 description: The label 965 key that the selector 966 applies to. 967 type: string 968 operator: 969 description: Represents 970 a key's relationship 971 to a set of values. 972 Valid operators 973 are In, NotIn, Exists, 974 DoesNotExist. Gt, 975 and Lt. 976 type: string 977 values: 978 description: An array 979 of string values. 980 If the operator 981 is In or NotIn, 982 the values array 983 must be non-empty. 984 If the operator 985 is Exists or DoesNotExist, 986 the values array 987 must be empty. If 988 the operator is 989 Gt or Lt, the values 990 array must have 991 a single element, 992 which will be interpreted 993 as an integer. This 994 array is replaced 995 during a strategic 996 merge patch. 997 type: array 998 items: 999 type: string 1000 weight: 1001 description: Weight associated 1002 with matching the corresponding 1003 nodeSelectorTerm, in the range 1004 1-100. 1005 type: integer 1006 format: int32 1007 requiredDuringSchedulingIgnoredDuringExecution: 1008 description: If the affinity requirements 1009 specified by this field are not 1010 met at scheduling time, the pod 1011 will not be scheduled onto the node. 1012 If the affinity requirements specified 1013 by this field cease to be met at 1014 some point during pod execution 1015 (e.g. due to an update), the system 1016 may or may not try to eventually 1017 evict the pod from its node. 1018 type: object 1019 required: 1020 - nodeSelectorTerms 1021 properties: 1022 nodeSelectorTerms: 1023 description: Required. A list 1024 of node selector terms. The 1025 terms are ORed. 1026 type: array 1027 items: 1028 description: A null or empty 1029 node selector term matches 1030 no objects. The requirements 1031 of them are ANDed. The TopologySelectorTerm 1032 type implements a subset of 1033 the NodeSelectorTerm. 1034 type: object 1035 properties: 1036 matchExpressions: 1037 description: A list of node 1038 selector requirements 1039 by node's labels. 1040 type: array 1041 items: 1042 description: A node selector 1043 requirement is a selector 1044 that contains values, 1045 a key, and an operator 1046 that relates the key 1047 and values. 1048 type: object 1049 required: 1050 - key 1051 - operator 1052 properties: 1053 key: 1054 description: The label 1055 key that the selector 1056 applies to. 1057 type: string 1058 operator: 1059 description: Represents 1060 a key's relationship 1061 to a set of values. 1062 Valid operators 1063 are In, NotIn, Exists, 1064 DoesNotExist. Gt, 1065 and Lt. 1066 type: string 1067 values: 1068 description: An array 1069 of string values. 1070 If the operator 1071 is In or NotIn, 1072 the values array 1073 must be non-empty. 1074 If the operator 1075 is Exists or DoesNotExist, 1076 the values array 1077 must be empty. If 1078 the operator is 1079 Gt or Lt, the values 1080 array must have 1081 a single element, 1082 which will be interpreted 1083 as an integer. This 1084 array is replaced 1085 during a strategic 1086 merge patch. 1087 type: array 1088 items: 1089 type: string 1090 matchFields: 1091 description: A list of node 1092 selector requirements 1093 by node's fields. 1094 type: array 1095 items: 1096 description: A node selector 1097 requirement is a selector 1098 that contains values, 1099 a key, and an operator 1100 that relates the key 1101 and values. 1102 type: object 1103 required: 1104 - key 1105 - operator 1106 properties: 1107 key: 1108 description: The label 1109 key that the selector 1110 applies to. 1111 type: string 1112 operator: 1113 description: Represents 1114 a key's relationship 1115 to a set of values. 1116 Valid operators 1117 are In, NotIn, Exists, 1118 DoesNotExist. Gt, 1119 and Lt. 1120 type: string 1121 values: 1122 description: An array 1123 of string values. 1124 If the operator 1125 is In or NotIn, 1126 the values array 1127 must be non-empty. 1128 If the operator 1129 is Exists or DoesNotExist, 1130 the values array 1131 must be empty. If 1132 the operator is 1133 Gt or Lt, the values 1134 array must have 1135 a single element, 1136 which will be interpreted 1137 as an integer. This 1138 array is replaced 1139 during a strategic 1140 merge patch. 1141 type: array 1142 items: 1143 type: string 1144 podAffinity: 1145 description: Describes pod affinity scheduling 1146 rules (e.g. co-locate this pod in the 1147 same node, zone, etc. as some other 1148 pod(s)). 1149 type: object 1150 properties: 1151 preferredDuringSchedulingIgnoredDuringExecution: 1152 description: The scheduler will prefer 1153 to schedule pods to nodes that satisfy 1154 the affinity expressions specified 1155 by this field, but it may choose 1156 a node that violates one or more 1157 of the expressions. The node that 1158 is most preferred is the one with 1159 the greatest sum of weights, i.e. 1160 for each node that meets all of 1161 the scheduling requirements (resource 1162 request, requiredDuringScheduling 1163 affinity expressions, etc.), compute 1164 a sum by iterating through the elements 1165 of this field and adding "weight" 1166 to the sum if the node has pods 1167 which matches the corresponding 1168 podAffinityTerm; the node(s) with 1169 the highest sum are the most preferred. 1170 type: array 1171 items: 1172 description: The weights of all 1173 of the matched WeightedPodAffinityTerm 1174 fields are added per-node to find 1175 the most preferred node(s) 1176 type: object 1177 required: 1178 - podAffinityTerm 1179 - weight 1180 properties: 1181 podAffinityTerm: 1182 description: Required. A pod 1183 affinity term, associated 1184 with the corresponding weight. 1185 type: object 1186 required: 1187 - topologyKey 1188 properties: 1189 labelSelector: 1190 description: A label query 1191 over a set of resources, 1192 in this case pods. 1193 type: object 1194 properties: 1195 matchExpressions: 1196 description: matchExpressions 1197 is a list of label 1198 selector requirements. 1199 The requirements are 1200 ANDed. 1201 type: array 1202 items: 1203 description: A label 1204 selector requirement 1205 is a selector that 1206 contains values, 1207 a key, and an operator 1208 that relates the 1209 key and values. 1210 type: object 1211 required: 1212 - key 1213 - operator 1214 properties: 1215 key: 1216 description: key 1217 is the label 1218 key that the 1219 selector applies 1220 to. 1221 type: string 1222 operator: 1223 description: operator 1224 represents a 1225 key's relationship 1226 to a set of 1227 values. Valid 1228 operators are 1229 In, NotIn, Exists 1230 and DoesNotExist. 1231 type: string 1232 values: 1233 description: values 1234 is an array 1235 of string values. 1236 If the operator 1237 is In or NotIn, 1238 the values array 1239 must be non-empty. 1240 If the operator 1241 is Exists or 1242 DoesNotExist, 1243 the values array 1244 must be empty. 1245 This array is 1246 replaced during 1247 a strategic 1248 merge patch. 1249 type: array 1250 items: 1251 type: string 1252 matchLabels: 1253 description: matchLabels 1254 is a map of {key,value} 1255 pairs. A single {key,value} 1256 in the matchLabels 1257 map is equivalent 1258 to an element of matchExpressions, 1259 whose key field is 1260 "key", the operator 1261 is "In", and the values 1262 array contains only 1263 "value". The requirements 1264 are ANDed. 1265 type: object 1266 additionalProperties: 1267 type: string 1268 namespaces: 1269 description: namespaces 1270 specifies which namespaces 1271 the labelSelector applies 1272 to (matches against); 1273 null or empty list means 1274 "this pod's namespace" 1275 type: array 1276 items: 1277 type: string 1278 topologyKey: 1279 description: This pod should 1280 be co-located (affinity) 1281 or not co-located (anti-affinity) 1282 with the pods matching 1283 the labelSelector in the 1284 specified namespaces, 1285 where co-located is defined 1286 as running on a node whose 1287 value of the label with 1288 key topologyKey matches 1289 that of any node on which 1290 any of the selected pods 1291 is running. Empty topologyKey 1292 is not allowed. 1293 type: string 1294 weight: 1295 description: weight associated 1296 with matching the corresponding 1297 podAffinityTerm, in the range 1298 1-100. 1299 type: integer 1300 format: int32 1301 requiredDuringSchedulingIgnoredDuringExecution: 1302 description: If the affinity requirements 1303 specified by this field are not 1304 met at scheduling time, the pod 1305 will not be scheduled onto the node. 1306 If the affinity requirements specified 1307 by this field cease to be met at 1308 some point during pod execution 1309 (e.g. due to a pod label update), 1310 the system may or may not try to 1311 eventually evict the pod from its 1312 node. When there are multiple elements, 1313 the lists of nodes corresponding 1314 to each podAffinityTerm are intersected, 1315 i.e. all terms must be satisfied. 1316 type: array 1317 items: 1318 description: Defines a set of pods 1319 (namely those matching the labelSelector 1320 relative to the given namespace(s)) 1321 that this pod should be co-located 1322 (affinity) or not co-located (anti-affinity) 1323 with, where co-located is defined 1324 as running on a node whose value 1325 of the label with key <topologyKey> 1326 matches that of any node on which 1327 a pod of the set of pods is running 1328 type: object 1329 required: 1330 - topologyKey 1331 properties: 1332 labelSelector: 1333 description: A label query over 1334 a set of resources, in this 1335 case pods. 1336 type: object 1337 properties: 1338 matchExpressions: 1339 description: matchExpressions 1340 is a list of label selector 1341 requirements. The requirements 1342 are ANDed. 1343 type: array 1344 items: 1345 description: A label selector 1346 requirement is a selector 1347 that contains values, 1348 a key, and an operator 1349 that relates the key 1350 and values. 1351 type: object 1352 required: 1353 - key 1354 - operator 1355 properties: 1356 key: 1357 description: key is 1358 the label key that 1359 the selector applies 1360 to. 1361 type: string 1362 operator: 1363 description: operator 1364 represents a key's 1365 relationship to 1366 a set of values. 1367 Valid operators 1368 are In, NotIn, Exists 1369 and DoesNotExist. 1370 type: string 1371 values: 1372 description: values 1373 is an array of string 1374 values. If the operator 1375 is In or NotIn, 1376 the values array 1377 must be non-empty. 1378 If the operator 1379 is Exists or DoesNotExist, 1380 the values array 1381 must be empty. This 1382 array is replaced 1383 during a strategic 1384 merge patch. 1385 type: array 1386 items: 1387 type: string 1388 matchLabels: 1389 description: matchLabels 1390 is a map of {key,value} 1391 pairs. A single {key,value} 1392 in the matchLabels map 1393 is equivalent to an element 1394 of matchExpressions, whose 1395 key field is "key", the 1396 operator is "In", and 1397 the values array contains 1398 only "value". The requirements 1399 are ANDed. 1400 type: object 1401 additionalProperties: 1402 type: string 1403 namespaces: 1404 description: namespaces specifies 1405 which namespaces the labelSelector 1406 applies to (matches against); 1407 null or empty list means "this 1408 pod's namespace" 1409 type: array 1410 items: 1411 type: string 1412 topologyKey: 1413 description: This pod should 1414 be co-located (affinity) or 1415 not co-located (anti-affinity) 1416 with the pods matching the 1417 labelSelector in the specified 1418 namespaces, where co-located 1419 is defined as running on a 1420 node whose value of the label 1421 with key topologyKey matches 1422 that of any node on which 1423 any of the selected pods is 1424 running. Empty topologyKey 1425 is not allowed. 1426 type: string 1427 podAntiAffinity: 1428 description: Describes pod anti-affinity 1429 scheduling rules (e.g. avoid putting 1430 this pod in the same node, zone, etc. 1431 as some other pod(s)). 1432 type: object 1433 properties: 1434 preferredDuringSchedulingIgnoredDuringExecution: 1435 description: The scheduler will prefer 1436 to schedule pods to nodes that satisfy 1437 the anti-affinity expressions specified 1438 by this field, but it may choose 1439 a node that violates one or more 1440 of the expressions. The node that 1441 is most preferred is the one with 1442 the greatest sum of weights, i.e. 1443 for each node that meets all of 1444 the scheduling requirements (resource 1445 request, requiredDuringScheduling 1446 anti-affinity expressions, etc.), 1447 compute a sum by iterating through 1448 the elements of this field and adding 1449 "weight" to the sum if the node 1450 has pods which matches the corresponding 1451 podAffinityTerm; the node(s) with 1452 the highest sum are the most preferred. 1453 type: array 1454 items: 1455 description: The weights of all 1456 of the matched WeightedPodAffinityTerm 1457 fields are added per-node to find 1458 the most preferred node(s) 1459 type: object 1460 required: 1461 - podAffinityTerm 1462 - weight 1463 properties: 1464 podAffinityTerm: 1465 description: Required. A pod 1466 affinity term, associated 1467 with the corresponding weight. 1468 type: object 1469 required: 1470 - topologyKey 1471 properties: 1472 labelSelector: 1473 description: A label query 1474 over a set of resources, 1475 in this case pods. 1476 type: object 1477 properties: 1478 matchExpressions: 1479 description: matchExpressions 1480 is a list of label 1481 selector requirements. 1482 The requirements are 1483 ANDed. 1484 type: array 1485 items: 1486 description: A label 1487 selector requirement 1488 is a selector that 1489 contains values, 1490 a key, and an operator 1491 that relates the 1492 key and values. 1493 type: object 1494 required: 1495 - key 1496 - operator 1497 properties: 1498 key: 1499 description: key 1500 is the label 1501 key that the 1502 selector applies 1503 to. 1504 type: string 1505 operator: 1506 description: operator 1507 represents a 1508 key's relationship 1509 to a set of 1510 values. Valid 1511 operators are 1512 In, NotIn, Exists 1513 and DoesNotExist. 1514 type: string 1515 values: 1516 description: values 1517 is an array 1518 of string values. 1519 If the operator 1520 is In or NotIn, 1521 the values array 1522 must be non-empty. 1523 If the operator 1524 is Exists or 1525 DoesNotExist, 1526 the values array 1527 must be empty. 1528 This array is 1529 replaced during 1530 a strategic 1531 merge patch. 1532 type: array 1533 items: 1534 type: string 1535 matchLabels: 1536 description: matchLabels 1537 is a map of {key,value} 1538 pairs. A single {key,value} 1539 in the matchLabels 1540 map is equivalent 1541 to an element of matchExpressions, 1542 whose key field is 1543 "key", the operator 1544 is "In", and the values 1545 array contains only 1546 "value". The requirements 1547 are ANDed. 1548 type: object 1549 additionalProperties: 1550 type: string 1551 namespaces: 1552 description: namespaces 1553 specifies which namespaces 1554 the labelSelector applies 1555 to (matches against); 1556 null or empty list means 1557 "this pod's namespace" 1558 type: array 1559 items: 1560 type: string 1561 topologyKey: 1562 description: This pod should 1563 be co-located (affinity) 1564 or not co-located (anti-affinity) 1565 with the pods matching 1566 the labelSelector in the 1567 specified namespaces, 1568 where co-located is defined 1569 as running on a node whose 1570 value of the label with 1571 key topologyKey matches 1572 that of any node on which 1573 any of the selected pods 1574 is running. Empty topologyKey 1575 is not allowed. 1576 type: string 1577 weight: 1578 description: weight associated 1579 with matching the corresponding 1580 podAffinityTerm, in the range 1581 1-100. 1582 type: integer 1583 format: int32 1584 requiredDuringSchedulingIgnoredDuringExecution: 1585 description: If the anti-affinity 1586 requirements specified by this field 1587 are not met at scheduling time, 1588 the pod will not be scheduled onto 1589 the node. If the anti-affinity requirements 1590 specified by this field cease to 1591 be met at some point during pod 1592 execution (e.g. due to a pod label 1593 update), the system may or may not 1594 try to eventually evict the pod 1595 from its node. When there are multiple 1596 elements, the lists of nodes corresponding 1597 to each podAffinityTerm are intersected, 1598 i.e. all terms must be satisfied. 1599 type: array 1600 items: 1601 description: Defines a set of pods 1602 (namely those matching the labelSelector 1603 relative to the given namespace(s)) 1604 that this pod should be co-located 1605 (affinity) or not co-located (anti-affinity) 1606 with, where co-located is defined 1607 as running on a node whose value 1608 of the label with key <topologyKey> 1609 matches that of any node on which 1610 a pod of the set of pods is running 1611 type: object 1612 required: 1613 - topologyKey 1614 properties: 1615 labelSelector: 1616 description: A label query over 1617 a set of resources, in this 1618 case pods. 1619 type: object 1620 properties: 1621 matchExpressions: 1622 description: matchExpressions 1623 is a list of label selector 1624 requirements. The requirements 1625 are ANDed. 1626 type: array 1627 items: 1628 description: A label selector 1629 requirement is a selector 1630 that contains values, 1631 a key, and an operator 1632 that relates the key 1633 and values. 1634 type: object 1635 required: 1636 - key 1637 - operator 1638 properties: 1639 key: 1640 description: key is 1641 the label key that 1642 the selector applies 1643 to. 1644 type: string 1645 operator: 1646 description: operator 1647 represents a key's 1648 relationship to 1649 a set of values. 1650 Valid operators 1651 are In, NotIn, Exists 1652 and DoesNotExist. 1653 type: string 1654 values: 1655 description: values 1656 is an array of string 1657 values. If the operator 1658 is In or NotIn, 1659 the values array 1660 must be non-empty. 1661 If the operator 1662 is Exists or DoesNotExist, 1663 the values array 1664 must be empty. This 1665 array is replaced 1666 during a strategic 1667 merge patch. 1668 type: array 1669 items: 1670 type: string 1671 matchLabels: 1672 description: matchLabels 1673 is a map of {key,value} 1674 pairs. A single {key,value} 1675 in the matchLabels map 1676 is equivalent to an element 1677 of matchExpressions, whose 1678 key field is "key", the 1679 operator is "In", and 1680 the values array contains 1681 only "value". The requirements 1682 are ANDed. 1683 type: object 1684 additionalProperties: 1685 type: string 1686 namespaces: 1687 description: namespaces specifies 1688 which namespaces the labelSelector 1689 applies to (matches against); 1690 null or empty list means "this 1691 pod's namespace" 1692 type: array 1693 items: 1694 type: string 1695 topologyKey: 1696 description: This pod should 1697 be co-located (affinity) or 1698 not co-located (anti-affinity) 1699 with the pods matching the 1700 labelSelector in the specified 1701 namespaces, where co-located 1702 is defined as running on a 1703 node whose value of the label 1704 with key topologyKey matches 1705 that of any node on which 1706 any of the selected pods is 1707 running. Empty topologyKey 1708 is not allowed. 1709 type: string 1710 automountServiceAccountToken: 1711 description: AutomountServiceAccountToken 1712 indicates whether a service account token 1713 should be automatically mounted. 1714 type: boolean 1715 containers: 1716 description: List of containers belonging 1717 to the pod. Containers cannot currently 1718 be added or removed. There must be at least 1719 one container in a Pod. Cannot be updated. 1720 type: array 1721 items: 1722 description: A single application container 1723 that you want to run within a pod. 1724 type: object 1725 required: 1726 - name 1727 properties: 1728 args: 1729 description: 'Arguments to the entrypoint. 1730 The docker image''s CMD is used if 1731 this is not provided. Variable references 1732 $(VAR_NAME) are expanded using the 1733 container''s environment. If a variable 1734 cannot be resolved, the reference 1735 in the input string will be unchanged. 1736 The $(VAR_NAME) syntax can be escaped 1737 with a double $$, ie: $$(VAR_NAME). 1738 Escaped references will never be expanded, 1739 regardless of whether the variable 1740 exists or not. Cannot be updated. 1741 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1742 type: array 1743 items: 1744 type: string 1745 command: 1746 description: 'Entrypoint array. Not 1747 executed within a shell. The docker 1748 image''s ENTRYPOINT is used if this 1749 is not provided. Variable references 1750 $(VAR_NAME) are expanded using the 1751 container''s environment. If a variable 1752 cannot be resolved, the reference 1753 in the input string will be unchanged. 1754 The $(VAR_NAME) syntax can be escaped 1755 with a double $$, ie: $$(VAR_NAME). 1756 Escaped references will never be expanded, 1757 regardless of whether the variable 1758 exists or not. Cannot be updated. 1759 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1760 type: array 1761 items: 1762 type: string 1763 env: 1764 description: List of environment variables 1765 to set in the container. Cannot be 1766 updated. 1767 type: array 1768 items: 1769 description: EnvVar represents an 1770 environment variable present in 1771 a Container. 1772 type: object 1773 required: 1774 - name 1775 properties: 1776 name: 1777 description: Name of the environment 1778 variable. Must be a C_IDENTIFIER. 1779 type: string 1780 value: 1781 description: 'Variable references 1782 $(VAR_NAME) are expanded using 1783 the previous defined environment 1784 variables in the container and 1785 any service environment variables. 1786 If a variable cannot be resolved, 1787 the reference in the input string 1788 will be unchanged. The $(VAR_NAME) 1789 syntax can be escaped with a 1790 double $$, ie: $$(VAR_NAME). 1791 Escaped references will never 1792 be expanded, regardless of whether 1793 the variable exists or not. 1794 Defaults to "".' 1795 type: string 1796 valueFrom: 1797 description: Source for the environment 1798 variable's value. Cannot be 1799 used if value is not empty. 1800 type: object 1801 properties: 1802 configMapKeyRef: 1803 description: Selects a key 1804 of a ConfigMap. 1805 type: object 1806 required: 1807 - key 1808 properties: 1809 key: 1810 description: The key to 1811 select. 1812 type: string 1813 name: 1814 description: 'Name of 1815 the referent. More info: 1816 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1817 TODO: Add other useful 1818 fields. apiVersion, 1819 kind, uid?' 1820 type: string 1821 optional: 1822 description: Specify whether 1823 the ConfigMap or its 1824 key must be defined 1825 type: boolean 1826 fieldRef: 1827 description: 'Selects a field 1828 of the pod: supports metadata.name, 1829 metadata.namespace, metadata.labels, 1830 metadata.annotations, spec.nodeName, 1831 spec.serviceAccountName, 1832 status.hostIP, status.podIP.' 1833 type: object 1834 required: 1835 - fieldPath 1836 properties: 1837 apiVersion: 1838 description: Version of 1839 the schema the FieldPath 1840 is written in terms 1841 of, defaults to "v1". 1842 type: string 1843 fieldPath: 1844 description: Path of the 1845 field to select in the 1846 specified API version. 1847 type: string 1848 resourceFieldRef: 1849 description: 'Selects a resource 1850 of the container: only resources 1851 limits and requests (limits.cpu, 1852 limits.memory, limits.ephemeral-storage, 1853 requests.cpu, requests.memory 1854 and requests.ephemeral-storage) 1855 are currently supported.' 1856 type: object 1857 required: 1858 - resource 1859 properties: 1860 containerName: 1861 description: 'Container 1862 name: required for volumes, 1863 optional for env vars' 1864 type: string 1865 divisor: 1866 description: Specifies 1867 the output format of 1868 the exposed resources, 1869 defaults to "1" 1870 type: string 1871 resource: 1872 description: 'Required: 1873 resource to select' 1874 type: string 1875 secretKeyRef: 1876 description: Selects a key 1877 of a secret in the pod's 1878 namespace 1879 type: object 1880 required: 1881 - key 1882 properties: 1883 key: 1884 description: The key of 1885 the secret to select 1886 from. Must be a valid 1887 secret key. 1888 type: string 1889 name: 1890 description: 'Name of 1891 the referent. More info: 1892 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1893 TODO: Add other useful 1894 fields. apiVersion, 1895 kind, uid?' 1896 type: string 1897 optional: 1898 description: Specify whether 1899 the Secret or its key 1900 must be defined 1901 type: boolean 1902 envFrom: 1903 description: List of sources to populate 1904 environment variables in the container. 1905 The keys defined within a source must 1906 be a C_IDENTIFIER. All invalid keys 1907 will be reported as an event when 1908 the container is starting. When a 1909 key exists in multiple sources, the 1910 value associated with the last source 1911 will take precedence. Values defined 1912 by an Env with a duplicate key will 1913 take precedence. Cannot be updated. 1914 type: array 1915 items: 1916 description: EnvFromSource represents 1917 the source of a set of ConfigMaps 1918 type: object 1919 properties: 1920 configMapRef: 1921 description: The ConfigMap to 1922 select from 1923 type: object 1924 properties: 1925 name: 1926 description: 'Name of the 1927 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1928 TODO: Add other useful fields. 1929 apiVersion, kind, uid?' 1930 type: string 1931 optional: 1932 description: Specify whether 1933 the ConfigMap must be defined 1934 type: boolean 1935 prefix: 1936 description: An optional identifier 1937 to prepend to each key in the 1938 ConfigMap. Must be a C_IDENTIFIER. 1939 type: string 1940 secretRef: 1941 description: The Secret to select 1942 from 1943 type: object 1944 properties: 1945 name: 1946 description: 'Name of the 1947 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1948 TODO: Add other useful fields. 1949 apiVersion, kind, uid?' 1950 type: string 1951 optional: 1952 description: Specify whether 1953 the Secret must be defined 1954 type: boolean 1955 image: 1956 description: 'Docker image name. More 1957 info: https://kubernetes.io/docs/concepts/containers/images 1958 This field is optional to allow higher 1959 level config management to default 1960 or override container images in workload 1961 controllers like Deployments and StatefulSets.' 1962 type: string 1963 imagePullPolicy: 1964 description: 'Image pull policy. One 1965 of Always, Never, IfNotPresent. Defaults 1966 to Always if :latest tag is specified, 1967 or IfNotPresent otherwise. Cannot 1968 be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1969 type: string 1970 lifecycle: 1971 description: Actions that the management 1972 system should take in response to 1973 container lifecycle events. Cannot 1974 be updated. 1975 type: object 1976 properties: 1977 postStart: 1978 description: 'PostStart is called 1979 immediately after a container 1980 is created. If the handler fails, 1981 the container is terminated and 1982 restarted according to its restart 1983 policy. Other management of the 1984 container blocks until the hook 1985 completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1986 type: object 1987 properties: 1988 exec: 1989 description: One and only one 1990 of the following should be 1991 specified. Exec specifies 1992 the action to take. 1993 type: object 1994 properties: 1995 command: 1996 description: Command is 1997 the command line to execute 1998 inside the container, 1999 the working directory 2000 for the command is root 2001 ('/') in the container's 2002 filesystem. The command 2003 is simply exec'd, it is 2004 not run inside a shell, 2005 so traditional shell instructions 2006 ('|', etc) won't work. 2007 To use a shell, you need 2008 to explicitly call out 2009 to that shell. Exit status 2010 of 0 is treated as live/healthy 2011 and non-zero is unhealthy. 2012 type: array 2013 items: 2014 type: string 2015 httpGet: 2016 description: HTTPGet specifies 2017 the http request to perform. 2018 type: object 2019 required: 2020 - port 2021 properties: 2022 host: 2023 description: Host name to 2024 connect to, defaults to 2025 the pod IP. You probably 2026 want to set "Host" in 2027 httpHeaders instead. 2028 type: string 2029 httpHeaders: 2030 description: Custom headers 2031 to set in the request. 2032 HTTP allows repeated headers. 2033 type: array 2034 items: 2035 description: HTTPHeader 2036 describes a custom header 2037 to be used in HTTP probes 2038 type: object 2039 required: 2040 - name 2041 - value 2042 properties: 2043 name: 2044 description: The header 2045 field name 2046 type: string 2047 value: 2048 description: The header 2049 field value 2050 type: string 2051 path: 2052 description: Path to access 2053 on the HTTP server. 2054 type: string 2055 port: 2056 description: Name or number 2057 of the port to access 2058 on the container. Number 2059 must be in the range 1 2060 to 65535. Name must be 2061 an IANA_SVC_NAME. 2062 anyOf: 2063 - type: integer 2064 - type: string 2065 x-kubernetes-int-or-string: true 2066 scheme: 2067 description: Scheme to use 2068 for connecting to the 2069 host. Defaults to HTTP. 2070 type: string 2071 tcpSocket: 2072 description: 'TCPSocket specifies 2073 an action involving a TCP 2074 port. TCP hooks not yet supported 2075 TODO: implement a realistic 2076 TCP lifecycle hook' 2077 type: object 2078 required: 2079 - port 2080 properties: 2081 host: 2082 description: 'Optional: 2083 Host name to connect to, 2084 defaults to the pod IP.' 2085 type: string 2086 port: 2087 description: Number or name 2088 of the port to access 2089 on the container. Number 2090 must be in the range 1 2091 to 65535. Name must be 2092 an IANA_SVC_NAME. 2093 anyOf: 2094 - type: integer 2095 - type: string 2096 x-kubernetes-int-or-string: true 2097 preStop: 2098 description: 'PreStop is called 2099 immediately before a container 2100 is terminated due to an API request 2101 or management event such as liveness/startup 2102 probe failure, preemption, resource 2103 contention, etc. The handler is 2104 not called if the container crashes 2105 or exits. The reason for termination 2106 is passed to the handler. The 2107 Pod''s termination grace period 2108 countdown begins before the PreStop 2109 hooked is executed. Regardless 2110 of the outcome of the handler, 2111 the container will eventually 2112 terminate within the Pod''s termination 2113 grace period. Other management 2114 of the container blocks until 2115 the hook completes or until the 2116 termination grace period is reached. 2117 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2118 type: object 2119 properties: 2120 exec: 2121 description: One and only one 2122 of the following should be 2123 specified. Exec specifies 2124 the action to take. 2125 type: object 2126 properties: 2127 command: 2128 description: Command is 2129 the command line to execute 2130 inside the container, 2131 the working directory 2132 for the command is root 2133 ('/') in the container's 2134 filesystem. The command 2135 is simply exec'd, it is 2136 not run inside a shell, 2137 so traditional shell instructions 2138 ('|', etc) won't work. 2139 To use a shell, you need 2140 to explicitly call out 2141 to that shell. Exit status 2142 of 0 is treated as live/healthy 2143 and non-zero is unhealthy. 2144 type: array 2145 items: 2146 type: string 2147 httpGet: 2148 description: HTTPGet specifies 2149 the http request to perform. 2150 type: object 2151 required: 2152 - port 2153 properties: 2154 host: 2155 description: Host name to 2156 connect to, defaults to 2157 the pod IP. You probably 2158 want to set "Host" in 2159 httpHeaders instead. 2160 type: string 2161 httpHeaders: 2162 description: Custom headers 2163 to set in the request. 2164 HTTP allows repeated headers. 2165 type: array 2166 items: 2167 description: HTTPHeader 2168 describes a custom header 2169 to be used in HTTP probes 2170 type: object 2171 required: 2172 - name 2173 - value 2174 properties: 2175 name: 2176 description: The header 2177 field name 2178 type: string 2179 value: 2180 description: The header 2181 field value 2182 type: string 2183 path: 2184 description: Path to access 2185 on the HTTP server. 2186 type: string 2187 port: 2188 description: Name or number 2189 of the port to access 2190 on the container. Number 2191 must be in the range 1 2192 to 65535. Name must be 2193 an IANA_SVC_NAME. 2194 anyOf: 2195 - type: integer 2196 - type: string 2197 x-kubernetes-int-or-string: true 2198 scheme: 2199 description: Scheme to use 2200 for connecting to the 2201 host. Defaults to HTTP. 2202 type: string 2203 tcpSocket: 2204 description: 'TCPSocket specifies 2205 an action involving a TCP 2206 port. TCP hooks not yet supported 2207 TODO: implement a realistic 2208 TCP lifecycle hook' 2209 type: object 2210 required: 2211 - port 2212 properties: 2213 host: 2214 description: 'Optional: 2215 Host name to connect to, 2216 defaults to the pod IP.' 2217 type: string 2218 port: 2219 description: Number or name 2220 of the port to access 2221 on the container. Number 2222 must be in the range 1 2223 to 65535. Name must be 2224 an IANA_SVC_NAME. 2225 anyOf: 2226 - type: integer 2227 - type: string 2228 x-kubernetes-int-or-string: true 2229 livenessProbe: 2230 description: 'Periodic probe of container 2231 liveness. Container will be restarted 2232 if the probe fails. Cannot be updated. 2233 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2234 type: object 2235 properties: 2236 exec: 2237 description: One and only one of 2238 the following should be specified. 2239 Exec specifies the action to take. 2240 type: object 2241 properties: 2242 command: 2243 description: Command is the 2244 command line to execute inside 2245 the container, the working 2246 directory for the command is 2247 root ('/') in the container's 2248 filesystem. The command is 2249 simply exec'd, it is not run 2250 inside a shell, so traditional 2251 shell instructions ('|', etc) 2252 won't work. To use a shell, 2253 you need to explicitly call 2254 out to that shell. Exit status 2255 of 0 is treated as live/healthy 2256 and non-zero is unhealthy. 2257 type: array 2258 items: 2259 type: string 2260 failureThreshold: 2261 description: Minimum consecutive 2262 failures for the probe to be considered 2263 failed after having succeeded. 2264 Defaults to 3. Minimum value is 2265 1. 2266 type: integer 2267 format: int32 2268 httpGet: 2269 description: HTTPGet specifies the 2270 http request to perform. 2271 type: object 2272 required: 2273 - port 2274 properties: 2275 host: 2276 description: Host name to connect 2277 to, defaults to the pod IP. 2278 You probably want to set "Host" 2279 in httpHeaders instead. 2280 type: string 2281 httpHeaders: 2282 description: Custom headers 2283 to set in the request. HTTP 2284 allows repeated headers. 2285 type: array 2286 items: 2287 description: HTTPHeader describes 2288 a custom header to be used 2289 in HTTP probes 2290 type: object 2291 required: 2292 - name 2293 - value 2294 properties: 2295 name: 2296 description: The header 2297 field name 2298 type: string 2299 value: 2300 description: The header 2301 field value 2302 type: string 2303 path: 2304 description: Path to access 2305 on the HTTP server. 2306 type: string 2307 port: 2308 description: Name or number 2309 of the port to access on the 2310 container. Number must be 2311 in the range 1 to 65535. Name 2312 must be an IANA_SVC_NAME. 2313 anyOf: 2314 - type: integer 2315 - type: string 2316 x-kubernetes-int-or-string: true 2317 scheme: 2318 description: Scheme to use for 2319 connecting to the host. Defaults 2320 to HTTP. 2321 type: string 2322 initialDelaySeconds: 2323 description: 'Number of seconds 2324 after the container has started 2325 before liveness probes are initiated. 2326 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2327 type: integer 2328 format: int32 2329 periodSeconds: 2330 description: How often (in seconds) 2331 to perform the probe. Default 2332 to 10 seconds. Minimum value is 2333 1. 2334 type: integer 2335 format: int32 2336 successThreshold: 2337 description: Minimum consecutive 2338 successes for the probe to be 2339 considered successful after having 2340 failed. Defaults to 1. Must be 2341 1 for liveness and startup. Minimum 2342 value is 1. 2343 type: integer 2344 format: int32 2345 tcpSocket: 2346 description: 'TCPSocket specifies 2347 an action involving a TCP port. 2348 TCP hooks not yet supported TODO: 2349 implement a realistic TCP lifecycle 2350 hook' 2351 type: object 2352 required: 2353 - port 2354 properties: 2355 host: 2356 description: 'Optional: Host 2357 name to connect to, defaults 2358 to the pod IP.' 2359 type: string 2360 port: 2361 description: Number or name 2362 of the port to access on the 2363 container. Number must be 2364 in the range 1 to 65535. Name 2365 must be an IANA_SVC_NAME. 2366 anyOf: 2367 - type: integer 2368 - type: string 2369 x-kubernetes-int-or-string: true 2370 timeoutSeconds: 2371 description: 'Number of seconds 2372 after which the probe times out. 2373 Defaults to 1 second. Minimum 2374 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2375 type: integer 2376 format: int32 2377 name: 2378 description: Name of the container specified 2379 as a DNS_LABEL. Each container in 2380 a pod must have a unique name (DNS_LABEL). 2381 Cannot be updated. 2382 type: string 2383 ports: 2384 description: List of ports to expose 2385 from the container. Exposing a port 2386 here gives the system additional information 2387 about the network connections a container 2388 uses, but is primarily informational. 2389 Not specifying a port here DOES NOT 2390 prevent that port from being exposed. 2391 Any port which is listening on the 2392 default "0.0.0.0" address inside a 2393 container will be accessible from 2394 the network. Cannot be updated. 2395 type: array 2396 items: 2397 description: ContainerPort represents 2398 a network port in a single container. 2399 type: object 2400 required: 2401 - containerPort 2402 properties: 2403 containerPort: 2404 description: Number of port to 2405 expose on the pod's IP address. 2406 This must be a valid port number, 2407 0 < x < 65536. 2408 type: integer 2409 format: int32 2410 hostIP: 2411 description: What host IP to bind 2412 the external port to. 2413 type: string 2414 hostPort: 2415 description: Number of port to 2416 expose on the host. If specified, 2417 this must be a valid port number, 2418 0 < x < 65536. If HostNetwork 2419 is specified, this must match 2420 ContainerPort. Most containers 2421 do not need this. 2422 type: integer 2423 format: int32 2424 name: 2425 description: If specified, this 2426 must be an IANA_SVC_NAME and 2427 unique within the pod. Each 2428 named port in a pod must have 2429 a unique name. Name for the 2430 port that can be referred to 2431 by services. 2432 type: string 2433 protocol: 2434 description: Protocol for port. 2435 Must be UDP, TCP, or SCTP. Defaults 2436 to "TCP". 2437 type: string 2438 readinessProbe: 2439 description: 'Periodic probe of container 2440 service readiness. Container will 2441 be removed from service endpoints 2442 if the probe fails. Cannot be updated. 2443 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2444 type: object 2445 properties: 2446 exec: 2447 description: One and only one of 2448 the following should be specified. 2449 Exec specifies the action to take. 2450 type: object 2451 properties: 2452 command: 2453 description: Command is the 2454 command line to execute inside 2455 the container, the working 2456 directory for the command is 2457 root ('/') in the container's 2458 filesystem. The command is 2459 simply exec'd, it is not run 2460 inside a shell, so traditional 2461 shell instructions ('|', etc) 2462 won't work. To use a shell, 2463 you need to explicitly call 2464 out to that shell. Exit status 2465 of 0 is treated as live/healthy 2466 and non-zero is unhealthy. 2467 type: array 2468 items: 2469 type: string 2470 failureThreshold: 2471 description: Minimum consecutive 2472 failures for the probe to be considered 2473 failed after having succeeded. 2474 Defaults to 3. Minimum value is 2475 1. 2476 type: integer 2477 format: int32 2478 httpGet: 2479 description: HTTPGet specifies the 2480 http request to perform. 2481 type: object 2482 required: 2483 - port 2484 properties: 2485 host: 2486 description: Host name to connect 2487 to, defaults to the pod IP. 2488 You probably want to set "Host" 2489 in httpHeaders instead. 2490 type: string 2491 httpHeaders: 2492 description: Custom headers 2493 to set in the request. HTTP 2494 allows repeated headers. 2495 type: array 2496 items: 2497 description: HTTPHeader describes 2498 a custom header to be used 2499 in HTTP probes 2500 type: object 2501 required: 2502 - name 2503 - value 2504 properties: 2505 name: 2506 description: The header 2507 field name 2508 type: string 2509 value: 2510 description: The header 2511 field value 2512 type: string 2513 path: 2514 description: Path to access 2515 on the HTTP server. 2516 type: string 2517 port: 2518 description: Name or number 2519 of the port to access on the 2520 container. Number must be 2521 in the range 1 to 65535. Name 2522 must be an IANA_SVC_NAME. 2523 anyOf: 2524 - type: integer 2525 - type: string 2526 x-kubernetes-int-or-string: true 2527 scheme: 2528 description: Scheme to use for 2529 connecting to the host. Defaults 2530 to HTTP. 2531 type: string 2532 initialDelaySeconds: 2533 description: 'Number of seconds 2534 after the container has started 2535 before liveness probes are initiated. 2536 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2537 type: integer 2538 format: int32 2539 periodSeconds: 2540 description: How often (in seconds) 2541 to perform the probe. Default 2542 to 10 seconds. Minimum value is 2543 1. 2544 type: integer 2545 format: int32 2546 successThreshold: 2547 description: Minimum consecutive 2548 successes for the probe to be 2549 considered successful after having 2550 failed. Defaults to 1. Must be 2551 1 for liveness and startup. Minimum 2552 value is 1. 2553 type: integer 2554 format: int32 2555 tcpSocket: 2556 description: 'TCPSocket specifies 2557 an action involving a TCP port. 2558 TCP hooks not yet supported TODO: 2559 implement a realistic TCP lifecycle 2560 hook' 2561 type: object 2562 required: 2563 - port 2564 properties: 2565 host: 2566 description: 'Optional: Host 2567 name to connect to, defaults 2568 to the pod IP.' 2569 type: string 2570 port: 2571 description: Number or name 2572 of the port to access on the 2573 container. Number must be 2574 in the range 1 to 65535. Name 2575 must be an IANA_SVC_NAME. 2576 anyOf: 2577 - type: integer 2578 - type: string 2579 x-kubernetes-int-or-string: true 2580 timeoutSeconds: 2581 description: 'Number of seconds 2582 after which the probe times out. 2583 Defaults to 1 second. Minimum 2584 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2585 type: integer 2586 format: int32 2587 resources: 2588 description: 'Compute Resources required 2589 by this container. Cannot be updated. 2590 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2591 type: object 2592 properties: 2593 limits: 2594 description: 'Limits describes the 2595 maximum amount of compute resources 2596 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2597 type: object 2598 additionalProperties: 2599 type: string 2600 requests: 2601 description: 'Requests describes 2602 the minimum amount of compute 2603 resources required. If Requests 2604 is omitted for a container, it 2605 defaults to Limits if that is 2606 explicitly specified, otherwise 2607 to an implementation-defined value. 2608 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2609 type: object 2610 additionalProperties: 2611 type: string 2612 securityContext: 2613 description: 'Security options the pod 2614 should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ 2615 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2616 type: object 2617 properties: 2618 allowPrivilegeEscalation: 2619 description: 'AllowPrivilegeEscalation 2620 controls whether a process can 2621 gain more privileges than its 2622 parent process. This bool directly 2623 controls if the no_new_privs flag 2624 will be set on the container process. 2625 AllowPrivilegeEscalation is true 2626 always when the container is: 2627 1) run as Privileged 2) has CAP_SYS_ADMIN' 2628 type: boolean 2629 capabilities: 2630 description: The capabilities to 2631 add/drop when running containers. 2632 Defaults to the default set of 2633 capabilities granted by the container 2634 runtime. 2635 type: object 2636 properties: 2637 add: 2638 description: Added capabilities 2639 type: array 2640 items: 2641 description: Capability represent 2642 POSIX capabilities type 2643 type: string 2644 drop: 2645 description: Removed capabilities 2646 type: array 2647 items: 2648 description: Capability represent 2649 POSIX capabilities type 2650 type: string 2651 privileged: 2652 description: Run container in privileged 2653 mode. Processes in privileged 2654 containers are essentially equivalent 2655 to root on the host. Defaults 2656 to false. 2657 type: boolean 2658 procMount: 2659 description: procMount denotes the 2660 type of proc mount to use for 2661 the containers. The default is 2662 DefaultProcMount which uses the 2663 container runtime defaults for 2664 readonly paths and masked paths. 2665 This requires the ProcMountType 2666 feature flag to be enabled. 2667 type: string 2668 readOnlyRootFilesystem: 2669 description: Whether this container 2670 has a read-only root filesystem. 2671 Default is false. 2672 type: boolean 2673 runAsGroup: 2674 description: The GID to run the 2675 entrypoint of the container process. 2676 Uses runtime default if unset. 2677 May also be set in PodSecurityContext. If 2678 set in both SecurityContext and 2679 PodSecurityContext, the value 2680 specified in SecurityContext takes 2681 precedence. 2682 type: integer 2683 format: int64 2684 runAsNonRoot: 2685 description: Indicates that the 2686 container must run as a non-root 2687 user. If true, the Kubelet will 2688 validate the image at runtime 2689 to ensure that it does not run 2690 as UID 0 (root) and fail to start 2691 the container if it does. If unset 2692 or false, no such validation will 2693 be performed. May also be set 2694 in PodSecurityContext. If set 2695 in both SecurityContext and PodSecurityContext, 2696 the value specified in SecurityContext 2697 takes precedence. 2698 type: boolean 2699 runAsUser: 2700 description: The UID to run the 2701 entrypoint of the container process. 2702 Defaults to user specified in 2703 image metadata if unspecified. 2704 May also be set in PodSecurityContext. If 2705 set in both SecurityContext and 2706 PodSecurityContext, the value 2707 specified in SecurityContext takes 2708 precedence. 2709 type: integer 2710 format: int64 2711 seLinuxOptions: 2712 description: The SELinux context 2713 to be applied to the container. 2714 If unspecified, the container 2715 runtime will allocate a random 2716 SELinux context for each container. May 2717 also be set in PodSecurityContext. If 2718 set in both SecurityContext and 2719 PodSecurityContext, the value 2720 specified in SecurityContext takes 2721 precedence. 2722 type: object 2723 properties: 2724 level: 2725 description: Level is SELinux 2726 level label that applies to 2727 the container. 2728 type: string 2729 role: 2730 description: Role is a SELinux 2731 role label that applies to 2732 the container. 2733 type: string 2734 type: 2735 description: Type is a SELinux 2736 type label that applies to 2737 the container. 2738 type: string 2739 user: 2740 description: User is a SELinux 2741 user label that applies to 2742 the container. 2743 type: string 2744 windowsOptions: 2745 description: The Windows specific 2746 settings applied to all containers. 2747 If unspecified, the options from 2748 the PodSecurityContext will be 2749 used. If set in both SecurityContext 2750 and PodSecurityContext, the value 2751 specified in SecurityContext takes 2752 precedence. 2753 type: object 2754 properties: 2755 gmsaCredentialSpec: 2756 description: GMSACredentialSpec 2757 is where the GMSA admission 2758 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2759 inlines the contents of the 2760 GMSA credential spec named 2761 by the GMSACredentialSpecName 2762 field. This field is alpha-level 2763 and is only honored by servers 2764 that enable the WindowsGMSA 2765 feature flag. 2766 type: string 2767 gmsaCredentialSpecName: 2768 description: GMSACredentialSpecName 2769 is the name of the GMSA credential 2770 spec to use. This field is 2771 alpha-level and is only honored 2772 by servers that enable the 2773 WindowsGMSA feature flag. 2774 type: string 2775 runAsUserName: 2776 description: The UserName in 2777 Windows to run the entrypoint 2778 of the container process. 2779 Defaults to the user specified 2780 in image metadata if unspecified. 2781 May also be set in PodSecurityContext. 2782 If set in both SecurityContext 2783 and PodSecurityContext, the 2784 value specified in SecurityContext 2785 takes precedence. This field 2786 is alpha-level and it is only 2787 honored by servers that enable 2788 the WindowsRunAsUserName feature 2789 flag. 2790 type: string 2791 startupProbe: 2792 description: 'StartupProbe indicates 2793 that the Pod has successfully initialized. 2794 If specified, no other probes are 2795 executed until this completes successfully. 2796 If this probe fails, the Pod will 2797 be restarted, just as if the livenessProbe 2798 failed. This can be used to provide 2799 different probe parameters at the 2800 beginning of a Pod''s lifecycle, when 2801 it might take a long time to load 2802 data or warm a cache, than during 2803 steady-state operation. This cannot 2804 be updated. This is an alpha feature 2805 enabled by the StartupProbe feature 2806 flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2807 type: object 2808 properties: 2809 exec: 2810 description: One and only one of 2811 the following should be specified. 2812 Exec specifies the action to take. 2813 type: object 2814 properties: 2815 command: 2816 description: Command is the 2817 command line to execute inside 2818 the container, the working 2819 directory for the command is 2820 root ('/') in the container's 2821 filesystem. The command is 2822 simply exec'd, it is not run 2823 inside a shell, so traditional 2824 shell instructions ('|', etc) 2825 won't work. To use a shell, 2826 you need to explicitly call 2827 out to that shell. Exit status 2828 of 0 is treated as live/healthy 2829 and non-zero is unhealthy. 2830 type: array 2831 items: 2832 type: string 2833 failureThreshold: 2834 description: Minimum consecutive 2835 failures for the probe to be considered 2836 failed after having succeeded. 2837 Defaults to 3. Minimum value is 2838 1. 2839 type: integer 2840 format: int32 2841 httpGet: 2842 description: HTTPGet specifies the 2843 http request to perform. 2844 type: object 2845 required: 2846 - port 2847 properties: 2848 host: 2849 description: Host name to connect 2850 to, defaults to the pod IP. 2851 You probably want to set "Host" 2852 in httpHeaders instead. 2853 type: string 2854 httpHeaders: 2855 description: Custom headers 2856 to set in the request. HTTP 2857 allows repeated headers. 2858 type: array 2859 items: 2860 description: HTTPHeader describes 2861 a custom header to be used 2862 in HTTP probes 2863 type: object 2864 required: 2865 - name 2866 - value 2867 properties: 2868 name: 2869 description: The header 2870 field name 2871 type: string 2872 value: 2873 description: The header 2874 field value 2875 type: string 2876 path: 2877 description: Path to access 2878 on the HTTP server. 2879 type: string 2880 port: 2881 description: Name or number 2882 of the port to access on the 2883 container. Number must be 2884 in the range 1 to 65535. Name 2885 must be an IANA_SVC_NAME. 2886 anyOf: 2887 - type: integer 2888 - type: string 2889 x-kubernetes-int-or-string: true 2890 scheme: 2891 description: Scheme to use for 2892 connecting to the host. Defaults 2893 to HTTP. 2894 type: string 2895 initialDelaySeconds: 2896 description: 'Number of seconds 2897 after the container has started 2898 before liveness probes are initiated. 2899 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2900 type: integer 2901 format: int32 2902 periodSeconds: 2903 description: How often (in seconds) 2904 to perform the probe. Default 2905 to 10 seconds. Minimum value is 2906 1. 2907 type: integer 2908 format: int32 2909 successThreshold: 2910 description: Minimum consecutive 2911 successes for the probe to be 2912 considered successful after having 2913 failed. Defaults to 1. Must be 2914 1 for liveness and startup. Minimum 2915 value is 1. 2916 type: integer 2917 format: int32 2918 tcpSocket: 2919 description: 'TCPSocket specifies 2920 an action involving a TCP port. 2921 TCP hooks not yet supported TODO: 2922 implement a realistic TCP lifecycle 2923 hook' 2924 type: object 2925 required: 2926 - port 2927 properties: 2928 host: 2929 description: 'Optional: Host 2930 name to connect to, defaults 2931 to the pod IP.' 2932 type: string 2933 port: 2934 description: Number or name 2935 of the port to access on the 2936 container. Number must be 2937 in the range 1 to 65535. Name 2938 must be an IANA_SVC_NAME. 2939 anyOf: 2940 - type: integer 2941 - type: string 2942 x-kubernetes-int-or-string: true 2943 timeoutSeconds: 2944 description: 'Number of seconds 2945 after which the probe times out. 2946 Defaults to 1 second. Minimum 2947 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2948 type: integer 2949 format: int32 2950 stdin: 2951 description: Whether this container 2952 should allocate a buffer for stdin 2953 in the container runtime. If this 2954 is not set, reads from stdin in the 2955 container will always result in EOF. 2956 Default is false. 2957 type: boolean 2958 stdinOnce: 2959 description: Whether the container runtime 2960 should close the stdin channel after 2961 it has been opened by a single attach. 2962 When stdin is true the stdin stream 2963 will remain open across multiple attach 2964 sessions. If stdinOnce is set to true, 2965 stdin is opened on container start, 2966 is empty until the first client attaches 2967 to stdin, and then remains open and 2968 accepts data until the client disconnects, 2969 at which time stdin is closed and 2970 remains closed until the container 2971 is restarted. If this flag is false, 2972 a container processes that reads from 2973 stdin will never receive an EOF. Default 2974 is false 2975 type: boolean 2976 terminationMessagePath: 2977 description: 'Optional: Path at which 2978 the file to which the container''s 2979 termination message will be written 2980 is mounted into the container''s filesystem. 2981 Message written is intended to be 2982 brief final status, such as an assertion 2983 failure message. Will be truncated 2984 by the node if greater than 4096 bytes. 2985 The total message length across all 2986 containers will be limited to 12kb. 2987 Defaults to /dev/termination-log. 2988 Cannot be updated.' 2989 type: string 2990 terminationMessagePolicy: 2991 description: Indicate how the termination 2992 message should be populated. File 2993 will use the contents of terminationMessagePath 2994 to populate the container status message 2995 on both success and failure. FallbackToLogsOnError 2996 will use the last chunk of container 2997 log output if the termination message 2998 file is empty and the container exited 2999 with an error. The log output is limited 3000 to 2048 bytes or 80 lines, whichever 3001 is smaller. Defaults to File. Cannot 3002 be updated. 3003 type: string 3004 tty: 3005 description: Whether this container 3006 should allocate a TTY for itself, 3007 also requires 'stdin' to be true. 3008 Default is false. 3009 type: boolean 3010 volumeDevices: 3011 description: volumeDevices is the list 3012 of block devices to be used by the 3013 container. This is a beta feature. 3014 type: array 3015 items: 3016 description: volumeDevice describes 3017 a mapping of a raw block device 3018 within a container. 3019 type: object 3020 required: 3021 - devicePath 3022 - name 3023 properties: 3024 devicePath: 3025 description: devicePath is the 3026 path inside of the container 3027 that the device will be mapped 3028 to. 3029 type: string 3030 name: 3031 description: name must match the 3032 name of a persistentVolumeClaim 3033 in the pod 3034 type: string 3035 volumeMounts: 3036 description: Pod volumes to mount into 3037 the container's filesystem. Cannot 3038 be updated. 3039 type: array 3040 items: 3041 description: VolumeMount describes 3042 a mounting of a Volume within a 3043 container. 3044 type: object 3045 required: 3046 - mountPath 3047 - name 3048 properties: 3049 mountPath: 3050 description: Path within the container 3051 at which the volume should be 3052 mounted. Must not contain ':'. 3053 type: string 3054 mountPropagation: 3055 description: mountPropagation 3056 determines how mounts are propagated 3057 from the host to container and 3058 the other way around. When not 3059 set, MountPropagationNone is 3060 used. This field is beta in 3061 1.10. 3062 type: string 3063 name: 3064 description: This must match the 3065 Name of a Volume. 3066 type: string 3067 readOnly: 3068 description: Mounted read-only 3069 if true, read-write otherwise 3070 (false or unspecified). Defaults 3071 to false. 3072 type: boolean 3073 subPath: 3074 description: Path within the volume 3075 from which the container's volume 3076 should be mounted. Defaults 3077 to "" (volume's root). 3078 type: string 3079 subPathExpr: 3080 description: Expanded path within 3081 the volume from which the container's 3082 volume should be mounted. Behaves 3083 similarly to SubPath but environment 3084 variable references $(VAR_NAME) 3085 are expanded using the container's 3086 environment. Defaults to "" 3087 (volume's root). SubPathExpr 3088 and SubPath are mutually exclusive. 3089 This field is beta in 1.15. 3090 type: string 3091 workingDir: 3092 description: Container's working directory. 3093 If not specified, the container runtime's 3094 default will be used, which might 3095 be configured in the container image. 3096 Cannot be updated. 3097 type: string 3098 dnsConfig: 3099 description: Specifies the DNS parameters 3100 of a pod. Parameters specified here will 3101 be merged to the generated DNS configuration 3102 based on DNSPolicy. 3103 type: object 3104 properties: 3105 nameservers: 3106 description: A list of DNS name server 3107 IP addresses. This will be appended 3108 to the base nameservers generated from 3109 DNSPolicy. Duplicated nameservers will 3110 be removed. 3111 type: array 3112 items: 3113 type: string 3114 options: 3115 description: A list of DNS resolver options. 3116 This will be merged with the base options 3117 generated from DNSPolicy. Duplicated 3118 entries will be removed. Resolution 3119 options given in Options will override 3120 those that appear in the base DNSPolicy. 3121 type: array 3122 items: 3123 description: PodDNSConfigOption defines 3124 DNS resolver options of a pod. 3125 type: object 3126 properties: 3127 name: 3128 description: Required. 3129 type: string 3130 value: 3131 type: string 3132 searches: 3133 description: A list of DNS search domains 3134 for host-name lookup. This will be appended 3135 to the base search paths generated from 3136 DNSPolicy. Duplicated search paths will 3137 be removed. 3138 type: array 3139 items: 3140 type: string 3141 dnsPolicy: 3142 description: Set DNS policy for the pod. Defaults 3143 to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 3144 'ClusterFirst', 'Default' or 'None'. DNS 3145 parameters given in DNSConfig will be merged 3146 with the policy selected with DNSPolicy. 3147 To have DNS options set along with hostNetwork, 3148 you have to specify DNS policy explicitly 3149 to 'ClusterFirstWithHostNet'. 3150 type: string 3151 enableServiceLinks: 3152 description: 'EnableServiceLinks indicates 3153 whether information about services should 3154 be injected into pod''s environment variables, 3155 matching the syntax of Docker links. Optional: 3156 Defaults to true.' 3157 type: boolean 3158 ephemeralContainers: 3159 description: List of ephemeral containers 3160 run in this pod. Ephemeral containers may 3161 be run in an existing pod to perform user-initiated 3162 actions such as debugging. This list cannot 3163 be specified when creating a pod, and it 3164 cannot be modified by updating the pod spec. 3165 In order to add an ephemeral container to 3166 an existing pod, use the pod's ephemeralcontainers 3167 subresource. This field is alpha-level and 3168 is only honored by servers that enable the 3169 EphemeralContainers feature. 3170 type: array 3171 items: 3172 description: An EphemeralContainer is a 3173 container that may be added temporarily 3174 to an existing pod for user-initiated 3175 activities such as debugging. Ephemeral 3176 containers have no resource or scheduling 3177 guarantees, and they will not be restarted 3178 when they exit or when a pod is removed 3179 or restarted. If an ephemeral container 3180 causes a pod to exceed its resource allocation, 3181 the pod may be evicted. Ephemeral containers 3182 may not be added by directly updating 3183 the pod spec. They must be added via the 3184 pod's ephemeralcontainers subresource, 3185 and they will appear in the pod spec once 3186 added. This is an alpha feature enabled 3187 by the EphemeralContainers feature flag. 3188 type: object 3189 required: 3190 - name 3191 properties: 3192 args: 3193 description: 'Arguments to the entrypoint. 3194 The docker image''s CMD is used if 3195 this is not provided. Variable references 3196 $(VAR_NAME) are expanded using the 3197 container''s environment. If a variable 3198 cannot be resolved, the reference 3199 in the input string will be unchanged. 3200 The $(VAR_NAME) syntax can be escaped 3201 with a double $$, ie: $$(VAR_NAME). 3202 Escaped references will never be expanded, 3203 regardless of whether the variable 3204 exists or not. Cannot be updated. 3205 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 3206 type: array 3207 items: 3208 type: string 3209 command: 3210 description: 'Entrypoint array. Not 3211 executed within a shell. The docker 3212 image''s ENTRYPOINT is used if this 3213 is not provided. Variable references 3214 $(VAR_NAME) are expanded using the 3215 container''s environment. If a variable 3216 cannot be resolved, the reference 3217 in the input string will be unchanged. 3218 The $(VAR_NAME) syntax can be escaped 3219 with a double $$, ie: $$(VAR_NAME). 3220 Escaped references will never be expanded, 3221 regardless of whether the variable 3222 exists or not. Cannot be updated. 3223 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 3224 type: array 3225 items: 3226 type: string 3227 env: 3228 description: List of environment variables 3229 to set in the container. Cannot be 3230 updated. 3231 type: array 3232 items: 3233 description: EnvVar represents an 3234 environment variable present in 3235 a Container. 3236 type: object 3237 required: 3238 - name 3239 properties: 3240 name: 3241 description: Name of the environment 3242 variable. Must be a C_IDENTIFIER. 3243 type: string 3244 value: 3245 description: 'Variable references 3246 $(VAR_NAME) are expanded using 3247 the previous defined environment 3248 variables in the container and 3249 any service environment variables. 3250 If a variable cannot be resolved, 3251 the reference in the input string 3252 will be unchanged. The $(VAR_NAME) 3253 syntax can be escaped with a 3254 double $$, ie: $$(VAR_NAME). 3255 Escaped references will never 3256 be expanded, regardless of whether 3257 the variable exists or not. 3258 Defaults to "".' 3259 type: string 3260 valueFrom: 3261 description: Source for the environment 3262 variable's value. Cannot be 3263 used if value is not empty. 3264 type: object 3265 properties: 3266 configMapKeyRef: 3267 description: Selects a key 3268 of a ConfigMap. 3269 type: object 3270 required: 3271 - key 3272 properties: 3273 key: 3274 description: The key to 3275 select. 3276 type: string 3277 name: 3278 description: 'Name of 3279 the referent. More info: 3280 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3281 TODO: Add other useful 3282 fields. apiVersion, 3283 kind, uid?' 3284 type: string 3285 optional: 3286 description: Specify whether 3287 the ConfigMap or its 3288 key must be defined 3289 type: boolean 3290 fieldRef: 3291 description: 'Selects a field 3292 of the pod: supports metadata.name, 3293 metadata.namespace, metadata.labels, 3294 metadata.annotations, spec.nodeName, 3295 spec.serviceAccountName, 3296 status.hostIP, status.podIP.' 3297 type: object 3298 required: 3299 - fieldPath 3300 properties: 3301 apiVersion: 3302 description: Version of 3303 the schema the FieldPath 3304 is written in terms 3305 of, defaults to "v1". 3306 type: string 3307 fieldPath: 3308 description: Path of the 3309 field to select in the 3310 specified API version. 3311 type: string 3312 resourceFieldRef: 3313 description: 'Selects a resource 3314 of the container: only resources 3315 limits and requests (limits.cpu, 3316 limits.memory, limits.ephemeral-storage, 3317 requests.cpu, requests.memory 3318 and requests.ephemeral-storage) 3319 are currently supported.' 3320 type: object 3321 required: 3322 - resource 3323 properties: 3324 containerName: 3325 description: 'Container 3326 name: required for volumes, 3327 optional for env vars' 3328 type: string 3329 divisor: 3330 description: Specifies 3331 the output format of 3332 the exposed resources, 3333 defaults to "1" 3334 type: string 3335 resource: 3336 description: 'Required: 3337 resource to select' 3338 type: string 3339 secretKeyRef: 3340 description: Selects a key 3341 of a secret in the pod's 3342 namespace 3343 type: object 3344 required: 3345 - key 3346 properties: 3347 key: 3348 description: The key of 3349 the secret to select 3350 from. Must be a valid 3351 secret key. 3352 type: string 3353 name: 3354 description: 'Name of 3355 the referent. More info: 3356 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3357 TODO: Add other useful 3358 fields. apiVersion, 3359 kind, uid?' 3360 type: string 3361 optional: 3362 description: Specify whether 3363 the Secret or its key 3364 must be defined 3365 type: boolean 3366 envFrom: 3367 description: List of sources to populate 3368 environment variables in the container. 3369 The keys defined within a source must 3370 be a C_IDENTIFIER. All invalid keys 3371 will be reported as an event when 3372 the container is starting. When a 3373 key exists in multiple sources, the 3374 value associated with the last source 3375 will take precedence. Values defined 3376 by an Env with a duplicate key will 3377 take precedence. Cannot be updated. 3378 type: array 3379 items: 3380 description: EnvFromSource represents 3381 the source of a set of ConfigMaps 3382 type: object 3383 properties: 3384 configMapRef: 3385 description: The ConfigMap to 3386 select from 3387 type: object 3388 properties: 3389 name: 3390 description: 'Name of the 3391 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3392 TODO: Add other useful fields. 3393 apiVersion, kind, uid?' 3394 type: string 3395 optional: 3396 description: Specify whether 3397 the ConfigMap must be defined 3398 type: boolean 3399 prefix: 3400 description: An optional identifier 3401 to prepend to each key in the 3402 ConfigMap. Must be a C_IDENTIFIER. 3403 type: string 3404 secretRef: 3405 description: The Secret to select 3406 from 3407 type: object 3408 properties: 3409 name: 3410 description: 'Name of the 3411 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3412 TODO: Add other useful fields. 3413 apiVersion, kind, uid?' 3414 type: string 3415 optional: 3416 description: Specify whether 3417 the Secret must be defined 3418 type: boolean 3419 image: 3420 description: 'Docker image name. More 3421 info: https://kubernetes.io/docs/concepts/containers/images' 3422 type: string 3423 imagePullPolicy: 3424 description: 'Image pull policy. One 3425 of Always, Never, IfNotPresent. Defaults 3426 to Always if :latest tag is specified, 3427 or IfNotPresent otherwise. Cannot 3428 be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 3429 type: string 3430 lifecycle: 3431 description: Lifecycle is not allowed 3432 for ephemeral containers. 3433 type: object 3434 properties: 3435 postStart: 3436 description: 'PostStart is called 3437 immediately after a container 3438 is created. If the handler fails, 3439 the container is terminated and 3440 restarted according to its restart 3441 policy. Other management of the 3442 container blocks until the hook 3443 completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3444 type: object 3445 properties: 3446 exec: 3447 description: One and only one 3448 of the following should be 3449 specified. Exec specifies 3450 the action to take. 3451 type: object 3452 properties: 3453 command: 3454 description: Command is 3455 the command line to execute 3456 inside the container, 3457 the working directory 3458 for the command is root 3459 ('/') in the container's 3460 filesystem. The command 3461 is simply exec'd, it is 3462 not run inside a shell, 3463 so traditional shell instructions 3464 ('|', etc) won't work. 3465 To use a shell, you need 3466 to explicitly call out 3467 to that shell. Exit status 3468 of 0 is treated as live/healthy 3469 and non-zero is unhealthy. 3470 type: array 3471 items: 3472 type: string 3473 httpGet: 3474 description: HTTPGet specifies 3475 the http request to perform. 3476 type: object 3477 required: 3478 - port 3479 properties: 3480 host: 3481 description: Host name to 3482 connect to, defaults to 3483 the pod IP. You probably 3484 want to set "Host" in 3485 httpHeaders instead. 3486 type: string 3487 httpHeaders: 3488 description: Custom headers 3489 to set in the request. 3490 HTTP allows repeated headers. 3491 type: array 3492 items: 3493 description: HTTPHeader 3494 describes a custom header 3495 to be used in HTTP probes 3496 type: object 3497 required: 3498 - name 3499 - value 3500 properties: 3501 name: 3502 description: The header 3503 field name 3504 type: string 3505 value: 3506 description: The header 3507 field value 3508 type: string 3509 path: 3510 description: Path to access 3511 on the HTTP server. 3512 type: string 3513 port: 3514 description: Name or number 3515 of the port to access 3516 on the container. Number 3517 must be in the range 1 3518 to 65535. Name must be 3519 an IANA_SVC_NAME. 3520 anyOf: 3521 - type: integer 3522 - type: string 3523 x-kubernetes-int-or-string: true 3524 scheme: 3525 description: Scheme to use 3526 for connecting to the 3527 host. Defaults to HTTP. 3528 type: string 3529 tcpSocket: 3530 description: 'TCPSocket specifies 3531 an action involving a TCP 3532 port. TCP hooks not yet supported 3533 TODO: implement a realistic 3534 TCP lifecycle hook' 3535 type: object 3536 required: 3537 - port 3538 properties: 3539 host: 3540 description: 'Optional: 3541 Host name to connect to, 3542 defaults to the pod IP.' 3543 type: string 3544 port: 3545 description: Number or name 3546 of the port to access 3547 on the container. Number 3548 must be in the range 1 3549 to 65535. Name must be 3550 an IANA_SVC_NAME. 3551 anyOf: 3552 - type: integer 3553 - type: string 3554 x-kubernetes-int-or-string: true 3555 preStop: 3556 description: 'PreStop is called 3557 immediately before a container 3558 is terminated due to an API request 3559 or management event such as liveness/startup 3560 probe failure, preemption, resource 3561 contention, etc. The handler is 3562 not called if the container crashes 3563 or exits. The reason for termination 3564 is passed to the handler. The 3565 Pod''s termination grace period 3566 countdown begins before the PreStop 3567 hooked is executed. Regardless 3568 of the outcome of the handler, 3569 the container will eventually 3570 terminate within the Pod''s termination 3571 grace period. Other management 3572 of the container blocks until 3573 the hook completes or until the 3574 termination grace period is reached. 3575 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3576 type: object 3577 properties: 3578 exec: 3579 description: One and only one 3580 of the following should be 3581 specified. Exec specifies 3582 the action to take. 3583 type: object 3584 properties: 3585 command: 3586 description: Command is 3587 the command line to execute 3588 inside the container, 3589 the working directory 3590 for the command is root 3591 ('/') in the container's 3592 filesystem. The command 3593 is simply exec'd, it is 3594 not run inside a shell, 3595 so traditional shell instructions 3596 ('|', etc) won't work. 3597 To use a shell, you need 3598 to explicitly call out 3599 to that shell. Exit status 3600 of 0 is treated as live/healthy 3601 and non-zero is unhealthy. 3602 type: array 3603 items: 3604 type: string 3605 httpGet: 3606 description: HTTPGet specifies 3607 the http request to perform. 3608 type: object 3609 required: 3610 - port 3611 properties: 3612 host: 3613 description: Host name to 3614 connect to, defaults to 3615 the pod IP. You probably 3616 want to set "Host" in 3617 httpHeaders instead. 3618 type: string 3619 httpHeaders: 3620 description: Custom headers 3621 to set in the request. 3622 HTTP allows repeated headers. 3623 type: array 3624 items: 3625 description: HTTPHeader 3626 describes a custom header 3627 to be used in HTTP probes 3628 type: object 3629 required: 3630 - name 3631 - value 3632 properties: 3633 name: 3634 description: The header 3635 field name 3636 type: string 3637 value: 3638 description: The header 3639 field value 3640 type: string 3641 path: 3642 description: Path to access 3643 on the HTTP server. 3644 type: string 3645 port: 3646 description: Name or number 3647 of the port to access 3648 on the container. Number 3649 must be in the range 1 3650 to 65535. Name must be 3651 an IANA_SVC_NAME. 3652 anyOf: 3653 - type: integer 3654 - type: string 3655 x-kubernetes-int-or-string: true 3656 scheme: 3657 description: Scheme to use 3658 for connecting to the 3659 host. Defaults to HTTP. 3660 type: string 3661 tcpSocket: 3662 description: 'TCPSocket specifies 3663 an action involving a TCP 3664 port. TCP hooks not yet supported 3665 TODO: implement a realistic 3666 TCP lifecycle hook' 3667 type: object 3668 required: 3669 - port 3670 properties: 3671 host: 3672 description: 'Optional: 3673 Host name to connect to, 3674 defaults to the pod IP.' 3675 type: string 3676 port: 3677 description: Number or name 3678 of the port to access 3679 on the container. Number 3680 must be in the range 1 3681 to 65535. Name must be 3682 an IANA_SVC_NAME. 3683 anyOf: 3684 - type: integer 3685 - type: string 3686 x-kubernetes-int-or-string: true 3687 livenessProbe: 3688 description: Probes are not allowed 3689 for ephemeral containers. 3690 type: object 3691 properties: 3692 exec: 3693 description: One and only one of 3694 the following should be specified. 3695 Exec specifies the action to take. 3696 type: object 3697 properties: 3698 command: 3699 description: Command is the 3700 command line to execute inside 3701 the container, the working 3702 directory for the command is 3703 root ('/') in the container's 3704 filesystem. The command is 3705 simply exec'd, it is not run 3706 inside a shell, so traditional 3707 shell instructions ('|', etc) 3708 won't work. To use a shell, 3709 you need to explicitly call 3710 out to that shell. Exit status 3711 of 0 is treated as live/healthy 3712 and non-zero is unhealthy. 3713 type: array 3714 items: 3715 type: string 3716 failureThreshold: 3717 description: Minimum consecutive 3718 failures for the probe to be considered 3719 failed after having succeeded. 3720 Defaults to 3. Minimum value is 3721 1. 3722 type: integer 3723 format: int32 3724 httpGet: 3725 description: HTTPGet specifies the 3726 http request to perform. 3727 type: object 3728 required: 3729 - port 3730 properties: 3731 host: 3732 description: Host name to connect 3733 to, defaults to the pod IP. 3734 You probably want to set "Host" 3735 in httpHeaders instead. 3736 type: string 3737 httpHeaders: 3738 description: Custom headers 3739 to set in the request. HTTP 3740 allows repeated headers. 3741 type: array 3742 items: 3743 description: HTTPHeader describes 3744 a custom header to be used 3745 in HTTP probes 3746 type: object 3747 required: 3748 - name 3749 - value 3750 properties: 3751 name: 3752 description: The header 3753 field name 3754 type: string 3755 value: 3756 description: The header 3757 field value 3758 type: string 3759 path: 3760 description: Path to access 3761 on the HTTP server. 3762 type: string 3763 port: 3764 description: Name or number 3765 of the port to access on the 3766 container. Number must be 3767 in the range 1 to 65535. Name 3768 must be an IANA_SVC_NAME. 3769 anyOf: 3770 - type: integer 3771 - type: string 3772 x-kubernetes-int-or-string: true 3773 scheme: 3774 description: Scheme to use for 3775 connecting to the host. Defaults 3776 to HTTP. 3777 type: string 3778 initialDelaySeconds: 3779 description: 'Number of seconds 3780 after the container has started 3781 before liveness probes are initiated. 3782 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3783 type: integer 3784 format: int32 3785 periodSeconds: 3786 description: How often (in seconds) 3787 to perform the probe. Default 3788 to 10 seconds. Minimum value is 3789 1. 3790 type: integer 3791 format: int32 3792 successThreshold: 3793 description: Minimum consecutive 3794 successes for the probe to be 3795 considered successful after having 3796 failed. Defaults to 1. Must be 3797 1 for liveness and startup. Minimum 3798 value is 1. 3799 type: integer 3800 format: int32 3801 tcpSocket: 3802 description: 'TCPSocket specifies 3803 an action involving a TCP port. 3804 TCP hooks not yet supported TODO: 3805 implement a realistic TCP lifecycle 3806 hook' 3807 type: object 3808 required: 3809 - port 3810 properties: 3811 host: 3812 description: 'Optional: Host 3813 name to connect to, defaults 3814 to the pod IP.' 3815 type: string 3816 port: 3817 description: Number or name 3818 of the port to access on the 3819 container. Number must be 3820 in the range 1 to 65535. Name 3821 must be an IANA_SVC_NAME. 3822 anyOf: 3823 - type: integer 3824 - type: string 3825 x-kubernetes-int-or-string: true 3826 timeoutSeconds: 3827 description: 'Number of seconds 3828 after which the probe times out. 3829 Defaults to 1 second. Minimum 3830 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3831 type: integer 3832 format: int32 3833 name: 3834 description: Name of the ephemeral container 3835 specified as a DNS_LABEL. This name 3836 must be unique among all containers, 3837 init containers and ephemeral containers. 3838 type: string 3839 ports: 3840 description: Ports are not allowed for 3841 ephemeral containers. 3842 type: array 3843 items: 3844 description: ContainerPort represents 3845 a network port in a single container. 3846 type: object 3847 required: 3848 - containerPort 3849 properties: 3850 containerPort: 3851 description: Number of port to 3852 expose on the pod's IP address. 3853 This must be a valid port number, 3854 0 < x < 65536. 3855 type: integer 3856 format: int32 3857 hostIP: 3858 description: What host IP to bind 3859 the external port to. 3860 type: string 3861 hostPort: 3862 description: Number of port to 3863 expose on the host. If specified, 3864 this must be a valid port number, 3865 0 < x < 65536. If HostNetwork 3866 is specified, this must match 3867 ContainerPort. Most containers 3868 do not need this. 3869 type: integer 3870 format: int32 3871 name: 3872 description: If specified, this 3873 must be an IANA_SVC_NAME and 3874 unique within the pod. Each 3875 named port in a pod must have 3876 a unique name. Name for the 3877 port that can be referred to 3878 by services. 3879 type: string 3880 protocol: 3881 description: Protocol for port. 3882 Must be UDP, TCP, or SCTP. Defaults 3883 to "TCP". 3884 type: string 3885 readinessProbe: 3886 description: Probes are not allowed 3887 for ephemeral containers. 3888 type: object 3889 properties: 3890 exec: 3891 description: One and only one of 3892 the following should be specified. 3893 Exec specifies the action to take. 3894 type: object 3895 properties: 3896 command: 3897 description: Command is the 3898 command line to execute inside 3899 the container, the working 3900 directory for the command is 3901 root ('/') in the container's 3902 filesystem. The command is 3903 simply exec'd, it is not run 3904 inside a shell, so traditional 3905 shell instructions ('|', etc) 3906 won't work. To use a shell, 3907 you need to explicitly call 3908 out to that shell. Exit status 3909 of 0 is treated as live/healthy 3910 and non-zero is unhealthy. 3911 type: array 3912 items: 3913 type: string 3914 failureThreshold: 3915 description: Minimum consecutive 3916 failures for the probe to be considered 3917 failed after having succeeded. 3918 Defaults to 3. Minimum value is 3919 1. 3920 type: integer 3921 format: int32 3922 httpGet: 3923 description: HTTPGet specifies the 3924 http request to perform. 3925 type: object 3926 required: 3927 - port 3928 properties: 3929 host: 3930 description: Host name to connect 3931 to, defaults to the pod IP. 3932 You probably want to set "Host" 3933 in httpHeaders instead. 3934 type: string 3935 httpHeaders: 3936 description: Custom headers 3937 to set in the request. HTTP 3938 allows repeated headers. 3939 type: array 3940 items: 3941 description: HTTPHeader describes 3942 a custom header to be used 3943 in HTTP probes 3944 type: object 3945 required: 3946 - name 3947 - value 3948 properties: 3949 name: 3950 description: The header 3951 field name 3952 type: string 3953 value: 3954 description: The header 3955 field value 3956 type: string 3957 path: 3958 description: Path to access 3959 on the HTTP server. 3960 type: string 3961 port: 3962 description: Name or number 3963 of the port to access on the 3964 container. Number must be 3965 in the range 1 to 65535. Name 3966 must be an IANA_SVC_NAME. 3967 anyOf: 3968 - type: integer 3969 - type: string 3970 x-kubernetes-int-or-string: true 3971 scheme: 3972 description: Scheme to use for 3973 connecting to the host. Defaults 3974 to HTTP. 3975 type: string 3976 initialDelaySeconds: 3977 description: 'Number of seconds 3978 after the container has started 3979 before liveness probes are initiated. 3980 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3981 type: integer 3982 format: int32 3983 periodSeconds: 3984 description: How often (in seconds) 3985 to perform the probe. Default 3986 to 10 seconds. Minimum value is 3987 1. 3988 type: integer 3989 format: int32 3990 successThreshold: 3991 description: Minimum consecutive 3992 successes for the probe to be 3993 considered successful after having 3994 failed. Defaults to 1. Must be 3995 1 for liveness and startup. Minimum 3996 value is 1. 3997 type: integer 3998 format: int32 3999 tcpSocket: 4000 description: 'TCPSocket specifies 4001 an action involving a TCP port. 4002 TCP hooks not yet supported TODO: 4003 implement a realistic TCP lifecycle 4004 hook' 4005 type: object 4006 required: 4007 - port 4008 properties: 4009 host: 4010 description: 'Optional: Host 4011 name to connect to, defaults 4012 to the pod IP.' 4013 type: string 4014 port: 4015 description: Number or name 4016 of the port to access on the 4017 container. Number must be 4018 in the range 1 to 65535. Name 4019 must be an IANA_SVC_NAME. 4020 anyOf: 4021 - type: integer 4022 - type: string 4023 x-kubernetes-int-or-string: true 4024 timeoutSeconds: 4025 description: 'Number of seconds 4026 after which the probe times out. 4027 Defaults to 1 second. Minimum 4028 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4029 type: integer 4030 format: int32 4031 resources: 4032 description: Resources are not allowed 4033 for ephemeral containers. Ephemeral 4034 containers use spare resources already 4035 allocated to the pod. 4036 type: object 4037 properties: 4038 limits: 4039 description: 'Limits describes the 4040 maximum amount of compute resources 4041 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 4042 type: object 4043 additionalProperties: 4044 type: string 4045 requests: 4046 description: 'Requests describes 4047 the minimum amount of compute 4048 resources required. If Requests 4049 is omitted for a container, it 4050 defaults to Limits if that is 4051 explicitly specified, otherwise 4052 to an implementation-defined value. 4053 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 4054 type: object 4055 additionalProperties: 4056 type: string 4057 securityContext: 4058 description: SecurityContext is not 4059 allowed for ephemeral containers. 4060 type: object 4061 properties: 4062 allowPrivilegeEscalation: 4063 description: 'AllowPrivilegeEscalation 4064 controls whether a process can 4065 gain more privileges than its 4066 parent process. This bool directly 4067 controls if the no_new_privs flag 4068 will be set on the container process. 4069 AllowPrivilegeEscalation is true 4070 always when the container is: 4071 1) run as Privileged 2) has CAP_SYS_ADMIN' 4072 type: boolean 4073 capabilities: 4074 description: The capabilities to 4075 add/drop when running containers. 4076 Defaults to the default set of 4077 capabilities granted by the container 4078 runtime. 4079 type: object 4080 properties: 4081 add: 4082 description: Added capabilities 4083 type: array 4084 items: 4085 description: Capability represent 4086 POSIX capabilities type 4087 type: string 4088 drop: 4089 description: Removed capabilities 4090 type: array 4091 items: 4092 description: Capability represent 4093 POSIX capabilities type 4094 type: string 4095 privileged: 4096 description: Run container in privileged 4097 mode. Processes in privileged 4098 containers are essentially equivalent 4099 to root on the host. Defaults 4100 to false. 4101 type: boolean 4102 procMount: 4103 description: procMount denotes the 4104 type of proc mount to use for 4105 the containers. The default is 4106 DefaultProcMount which uses the 4107 container runtime defaults for 4108 readonly paths and masked paths. 4109 This requires the ProcMountType 4110 feature flag to be enabled. 4111 type: string 4112 readOnlyRootFilesystem: 4113 description: Whether this container 4114 has a read-only root filesystem. 4115 Default is false. 4116 type: boolean 4117 runAsGroup: 4118 description: The GID to run the 4119 entrypoint of the container process. 4120 Uses runtime default if unset. 4121 May also be set in PodSecurityContext. If 4122 set in both SecurityContext and 4123 PodSecurityContext, the value 4124 specified in SecurityContext takes 4125 precedence. 4126 type: integer 4127 format: int64 4128 runAsNonRoot: 4129 description: Indicates that the 4130 container must run as a non-root 4131 user. If true, the Kubelet will 4132 validate the image at runtime 4133 to ensure that it does not run 4134 as UID 0 (root) and fail to start 4135 the container if it does. If unset 4136 or false, no such validation will 4137 be performed. May also be set 4138 in PodSecurityContext. If set 4139 in both SecurityContext and PodSecurityContext, 4140 the value specified in SecurityContext 4141 takes precedence. 4142 type: boolean 4143 runAsUser: 4144 description: The UID to run the 4145 entrypoint of the container process. 4146 Defaults to user specified in 4147 image metadata if unspecified. 4148 May also be set in PodSecurityContext. If 4149 set in both SecurityContext and 4150 PodSecurityContext, the value 4151 specified in SecurityContext takes 4152 precedence. 4153 type: integer 4154 format: int64 4155 seLinuxOptions: 4156 description: The SELinux context 4157 to be applied to the container. 4158 If unspecified, the container 4159 runtime will allocate a random 4160 SELinux context for each container. May 4161 also be set in PodSecurityContext. If 4162 set in both SecurityContext and 4163 PodSecurityContext, the value 4164 specified in SecurityContext takes 4165 precedence. 4166 type: object 4167 properties: 4168 level: 4169 description: Level is SELinux 4170 level label that applies to 4171 the container. 4172 type: string 4173 role: 4174 description: Role is a SELinux 4175 role label that applies to 4176 the container. 4177 type: string 4178 type: 4179 description: Type is a SELinux 4180 type label that applies to 4181 the container. 4182 type: string 4183 user: 4184 description: User is a SELinux 4185 user label that applies to 4186 the container. 4187 type: string 4188 windowsOptions: 4189 description: The Windows specific 4190 settings applied to all containers. 4191 If unspecified, the options from 4192 the PodSecurityContext will be 4193 used. If set in both SecurityContext 4194 and PodSecurityContext, the value 4195 specified in SecurityContext takes 4196 precedence. 4197 type: object 4198 properties: 4199 gmsaCredentialSpec: 4200 description: GMSACredentialSpec 4201 is where the GMSA admission 4202 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 4203 inlines the contents of the 4204 GMSA credential spec named 4205 by the GMSACredentialSpecName 4206 field. This field is alpha-level 4207 and is only honored by servers 4208 that enable the WindowsGMSA 4209 feature flag. 4210 type: string 4211 gmsaCredentialSpecName: 4212 description: GMSACredentialSpecName 4213 is the name of the GMSA credential 4214 spec to use. This field is 4215 alpha-level and is only honored 4216 by servers that enable the 4217 WindowsGMSA feature flag. 4218 type: string 4219 runAsUserName: 4220 description: The UserName in 4221 Windows to run the entrypoint 4222 of the container process. 4223 Defaults to the user specified 4224 in image metadata if unspecified. 4225 May also be set in PodSecurityContext. 4226 If set in both SecurityContext 4227 and PodSecurityContext, the 4228 value specified in SecurityContext 4229 takes precedence. This field 4230 is alpha-level and it is only 4231 honored by servers that enable 4232 the WindowsRunAsUserName feature 4233 flag. 4234 type: string 4235 startupProbe: 4236 description: Probes are not allowed 4237 for ephemeral containers. 4238 type: object 4239 properties: 4240 exec: 4241 description: One and only one of 4242 the following should be specified. 4243 Exec specifies the action to take. 4244 type: object 4245 properties: 4246 command: 4247 description: Command is the 4248 command line to execute inside 4249 the container, the working 4250 directory for the command is 4251 root ('/') in the container's 4252 filesystem. The command is 4253 simply exec'd, it is not run 4254 inside a shell, so traditional 4255 shell instructions ('|', etc) 4256 won't work. To use a shell, 4257 you need to explicitly call 4258 out to that shell. Exit status 4259 of 0 is treated as live/healthy 4260 and non-zero is unhealthy. 4261 type: array 4262 items: 4263 type: string 4264 failureThreshold: 4265 description: Minimum consecutive 4266 failures for the probe to be considered 4267 failed after having succeeded. 4268 Defaults to 3. Minimum value is 4269 1. 4270 type: integer 4271 format: int32 4272 httpGet: 4273 description: HTTPGet specifies the 4274 http request to perform. 4275 type: object 4276 required: 4277 - port 4278 properties: 4279 host: 4280 description: Host name to connect 4281 to, defaults to the pod IP. 4282 You probably want to set "Host" 4283 in httpHeaders instead. 4284 type: string 4285 httpHeaders: 4286 description: Custom headers 4287 to set in the request. HTTP 4288 allows repeated headers. 4289 type: array 4290 items: 4291 description: HTTPHeader describes 4292 a custom header to be used 4293 in HTTP probes 4294 type: object 4295 required: 4296 - name 4297 - value 4298 properties: 4299 name: 4300 description: The header 4301 field name 4302 type: string 4303 value: 4304 description: The header 4305 field value 4306 type: string 4307 path: 4308 description: Path to access 4309 on the HTTP server. 4310 type: string 4311 port: 4312 description: Name or number 4313 of the port to access on the 4314 container. Number must be 4315 in the range 1 to 65535. Name 4316 must be an IANA_SVC_NAME. 4317 anyOf: 4318 - type: integer 4319 - type: string 4320 x-kubernetes-int-or-string: true 4321 scheme: 4322 description: Scheme to use for 4323 connecting to the host. Defaults 4324 to HTTP. 4325 type: string 4326 initialDelaySeconds: 4327 description: 'Number of seconds 4328 after the container has started 4329 before liveness probes are initiated. 4330 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4331 type: integer 4332 format: int32 4333 periodSeconds: 4334 description: How often (in seconds) 4335 to perform the probe. Default 4336 to 10 seconds. Minimum value is 4337 1. 4338 type: integer 4339 format: int32 4340 successThreshold: 4341 description: Minimum consecutive 4342 successes for the probe to be 4343 considered successful after having 4344 failed. Defaults to 1. Must be 4345 1 for liveness and startup. Minimum 4346 value is 1. 4347 type: integer 4348 format: int32 4349 tcpSocket: 4350 description: 'TCPSocket specifies 4351 an action involving a TCP port. 4352 TCP hooks not yet supported TODO: 4353 implement a realistic TCP lifecycle 4354 hook' 4355 type: object 4356 required: 4357 - port 4358 properties: 4359 host: 4360 description: 'Optional: Host 4361 name to connect to, defaults 4362 to the pod IP.' 4363 type: string 4364 port: 4365 description: Number or name 4366 of the port to access on the 4367 container. Number must be 4368 in the range 1 to 65535. Name 4369 must be an IANA_SVC_NAME. 4370 anyOf: 4371 - type: integer 4372 - type: string 4373 x-kubernetes-int-or-string: true 4374 timeoutSeconds: 4375 description: 'Number of seconds 4376 after which the probe times out. 4377 Defaults to 1 second. Minimum 4378 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4379 type: integer 4380 format: int32 4381 stdin: 4382 description: Whether this container 4383 should allocate a buffer for stdin 4384 in the container runtime. If this 4385 is not set, reads from stdin in the 4386 container will always result in EOF. 4387 Default is false. 4388 type: boolean 4389 stdinOnce: 4390 description: Whether the container runtime 4391 should close the stdin channel after 4392 it has been opened by a single attach. 4393 When stdin is true the stdin stream 4394 will remain open across multiple attach 4395 sessions. If stdinOnce is set to true, 4396 stdin is opened on container start, 4397 is empty until the first client attaches 4398 to stdin, and then remains open and 4399 accepts data until the client disconnects, 4400 at which time stdin is closed and 4401 remains closed until the container 4402 is restarted. If this flag is false, 4403 a container processes that reads from 4404 stdin will never receive an EOF. Default 4405 is false 4406 type: boolean 4407 targetContainerName: 4408 description: If set, the name of the 4409 container from PodSpec that this ephemeral 4410 container targets. The ephemeral container 4411 will be run in the namespaces (IPC, 4412 PID, etc) of this container. If not 4413 set then the ephemeral container is 4414 run in whatever namespaces are shared 4415 for the pod. Note that the container 4416 runtime must support this feature. 4417 type: string 4418 terminationMessagePath: 4419 description: 'Optional: Path at which 4420 the file to which the container''s 4421 termination message will be written 4422 is mounted into the container''s filesystem. 4423 Message written is intended to be 4424 brief final status, such as an assertion 4425 failure message. Will be truncated 4426 by the node if greater than 4096 bytes. 4427 The total message length across all 4428 containers will be limited to 12kb. 4429 Defaults to /dev/termination-log. 4430 Cannot be updated.' 4431 type: string 4432 terminationMessagePolicy: 4433 description: Indicate how the termination 4434 message should be populated. File 4435 will use the contents of terminationMessagePath 4436 to populate the container status message 4437 on both success and failure. FallbackToLogsOnError 4438 will use the last chunk of container 4439 log output if the termination message 4440 file is empty and the container exited 4441 with an error. The log output is limited 4442 to 2048 bytes or 80 lines, whichever 4443 is smaller. Defaults to File. Cannot 4444 be updated. 4445 type: string 4446 tty: 4447 description: Whether this container 4448 should allocate a TTY for itself, 4449 also requires 'stdin' to be true. 4450 Default is false. 4451 type: boolean 4452 volumeDevices: 4453 description: volumeDevices is the list 4454 of block devices to be used by the 4455 container. This is a beta feature. 4456 type: array 4457 items: 4458 description: volumeDevice describes 4459 a mapping of a raw block device 4460 within a container. 4461 type: object 4462 required: 4463 - devicePath 4464 - name 4465 properties: 4466 devicePath: 4467 description: devicePath is the 4468 path inside of the container 4469 that the device will be mapped 4470 to. 4471 type: string 4472 name: 4473 description: name must match the 4474 name of a persistentVolumeClaim 4475 in the pod 4476 type: string 4477 volumeMounts: 4478 description: Pod volumes to mount into 4479 the container's filesystem. Cannot 4480 be updated. 4481 type: array 4482 items: 4483 description: VolumeMount describes 4484 a mounting of a Volume within a 4485 container. 4486 type: object 4487 required: 4488 - mountPath 4489 - name 4490 properties: 4491 mountPath: 4492 description: Path within the container 4493 at which the volume should be 4494 mounted. Must not contain ':'. 4495 type: string 4496 mountPropagation: 4497 description: mountPropagation 4498 determines how mounts are propagated 4499 from the host to container and 4500 the other way around. When not 4501 set, MountPropagationNone is 4502 used. This field is beta in 4503 1.10. 4504 type: string 4505 name: 4506 description: This must match the 4507 Name of a Volume. 4508 type: string 4509 readOnly: 4510 description: Mounted read-only 4511 if true, read-write otherwise 4512 (false or unspecified). Defaults 4513 to false. 4514 type: boolean 4515 subPath: 4516 description: Path within the volume 4517 from which the container's volume 4518 should be mounted. Defaults 4519 to "" (volume's root). 4520 type: string 4521 subPathExpr: 4522 description: Expanded path within 4523 the volume from which the container's 4524 volume should be mounted. Behaves 4525 similarly to SubPath but environment 4526 variable references $(VAR_NAME) 4527 are expanded using the container's 4528 environment. Defaults to "" 4529 (volume's root). SubPathExpr 4530 and SubPath are mutually exclusive. 4531 This field is beta in 1.15. 4532 type: string 4533 workingDir: 4534 description: Container's working directory. 4535 If not specified, the container runtime's 4536 default will be used, which might 4537 be configured in the container image. 4538 Cannot be updated. 4539 type: string 4540 hostAliases: 4541 description: HostAliases is an optional list 4542 of hosts and IPs that will be injected into 4543 the pod's hosts file if specified. This 4544 is only valid for non-hostNetwork pods. 4545 type: array 4546 items: 4547 description: HostAlias holds the mapping 4548 between IP and hostnames that will be 4549 injected as an entry in the pod's hosts 4550 file. 4551 type: object 4552 properties: 4553 hostnames: 4554 description: Hostnames for the above 4555 IP address. 4556 type: array 4557 items: 4558 type: string 4559 ip: 4560 description: IP address of the host 4561 file entry. 4562 type: string 4563 hostIPC: 4564 description: 'Use the host''s ipc namespace. 4565 Optional: Default to false.' 4566 type: boolean 4567 hostNetwork: 4568 description: Host networking requested for 4569 this pod. Use the host's network namespace. 4570 If this option is set, the ports that will 4571 be used must be specified. Default to false. 4572 type: boolean 4573 hostPID: 4574 description: 'Use the host''s pid namespace. 4575 Optional: Default to false.' 4576 type: boolean 4577 hostname: 4578 description: Specifies the hostname of the 4579 Pod If not specified, the pod's hostname 4580 will be set to a system-defined value. 4581 type: string 4582 imagePullSecrets: 4583 description: 'ImagePullSecrets is an optional 4584 list of references to secrets in the same 4585 namespace to use for pulling any of the 4586 images used by this PodSpec. If specified, 4587 these secrets will be passed to individual 4588 puller implementations for them to use. 4589 For example, in the case of docker, only 4590 DockerConfig type secrets are honored. More 4591 info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 4592 type: array 4593 items: 4594 description: LocalObjectReference contains 4595 enough information to let you locate the 4596 referenced object inside the same namespace. 4597 type: object 4598 properties: 4599 name: 4600 description: 'Name of the referent. 4601 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4602 TODO: Add other useful fields. apiVersion, 4603 kind, uid?' 4604 type: string 4605 initContainers: 4606 description: 'List of initialization containers 4607 belonging to the pod. Init containers are 4608 executed in order prior to containers being 4609 started. If any init container fails, the 4610 pod is considered to have failed and is 4611 handled according to its restartPolicy. 4612 The name for an init container or normal 4613 container must be unique among all containers. 4614 Init containers may not have Lifecycle actions, 4615 Readiness probes, Liveness probes, or Startup 4616 probes. The resourceRequirements of an init 4617 container are taken into account during 4618 scheduling by finding the highest request/limit 4619 for each resource type, and then using the 4620 max of of that value or the sum of the normal 4621 containers. Limits are applied to init containers 4622 in a similar fashion. Init containers cannot 4623 currently be added or removed. Cannot be 4624 updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' 4625 type: array 4626 items: 4627 description: A single application container 4628 that you want to run within a pod. 4629 type: object 4630 required: 4631 - name 4632 properties: 4633 args: 4634 description: 'Arguments to the entrypoint. 4635 The docker image''s CMD is used if 4636 this is not provided. Variable references 4637 $(VAR_NAME) are expanded using the 4638 container''s environment. If a variable 4639 cannot be resolved, the reference 4640 in the input string will be unchanged. 4641 The $(VAR_NAME) syntax can be escaped 4642 with a double $$, ie: $$(VAR_NAME). 4643 Escaped references will never be expanded, 4644 regardless of whether the variable 4645 exists or not. Cannot be updated. 4646 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4647 type: array 4648 items: 4649 type: string 4650 command: 4651 description: 'Entrypoint array. Not 4652 executed within a shell. The docker 4653 image''s ENTRYPOINT is used if this 4654 is not provided. Variable references 4655 $(VAR_NAME) are expanded using the 4656 container''s environment. If a variable 4657 cannot be resolved, the reference 4658 in the input string will be unchanged. 4659 The $(VAR_NAME) syntax can be escaped 4660 with a double $$, ie: $$(VAR_NAME). 4661 Escaped references will never be expanded, 4662 regardless of whether the variable 4663 exists or not. Cannot be updated. 4664 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4665 type: array 4666 items: 4667 type: string 4668 env: 4669 description: List of environment variables 4670 to set in the container. Cannot be 4671 updated. 4672 type: array 4673 items: 4674 description: EnvVar represents an 4675 environment variable present in 4676 a Container. 4677 type: object 4678 required: 4679 - name 4680 properties: 4681 name: 4682 description: Name of the environment 4683 variable. Must be a C_IDENTIFIER. 4684 type: string 4685 value: 4686 description: 'Variable references 4687 $(VAR_NAME) are expanded using 4688 the previous defined environment 4689 variables in the container and 4690 any service environment variables. 4691 If a variable cannot be resolved, 4692 the reference in the input string 4693 will be unchanged. The $(VAR_NAME) 4694 syntax can be escaped with a 4695 double $$, ie: $$(VAR_NAME). 4696 Escaped references will never 4697 be expanded, regardless of whether 4698 the variable exists or not. 4699 Defaults to "".' 4700 type: string 4701 valueFrom: 4702 description: Source for the environment 4703 variable's value. Cannot be 4704 used if value is not empty. 4705 type: object 4706 properties: 4707 configMapKeyRef: 4708 description: Selects a key 4709 of a ConfigMap. 4710 type: object 4711 required: 4712 - key 4713 properties: 4714 key: 4715 description: The key to 4716 select. 4717 type: string 4718 name: 4719 description: 'Name of 4720 the referent. More info: 4721 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4722 TODO: Add other useful 4723 fields. apiVersion, 4724 kind, uid?' 4725 type: string 4726 optional: 4727 description: Specify whether 4728 the ConfigMap or its 4729 key must be defined 4730 type: boolean 4731 fieldRef: 4732 description: 'Selects a field 4733 of the pod: supports metadata.name, 4734 metadata.namespace, metadata.labels, 4735 metadata.annotations, spec.nodeName, 4736 spec.serviceAccountName, 4737 status.hostIP, status.podIP.' 4738 type: object 4739 required: 4740 - fieldPath 4741 properties: 4742 apiVersion: 4743 description: Version of 4744 the schema the FieldPath 4745 is written in terms 4746 of, defaults to "v1". 4747 type: string 4748 fieldPath: 4749 description: Path of the 4750 field to select in the 4751 specified API version. 4752 type: string 4753 resourceFieldRef: 4754 description: 'Selects a resource 4755 of the container: only resources 4756 limits and requests (limits.cpu, 4757 limits.memory, limits.ephemeral-storage, 4758 requests.cpu, requests.memory 4759 and requests.ephemeral-storage) 4760 are currently supported.' 4761 type: object 4762 required: 4763 - resource 4764 properties: 4765 containerName: 4766 description: 'Container 4767 name: required for volumes, 4768 optional for env vars' 4769 type: string 4770 divisor: 4771 description: Specifies 4772 the output format of 4773 the exposed resources, 4774 defaults to "1" 4775 type: string 4776 resource: 4777 description: 'Required: 4778 resource to select' 4779 type: string 4780 secretKeyRef: 4781 description: Selects a key 4782 of a secret in the pod's 4783 namespace 4784 type: object 4785 required: 4786 - key 4787 properties: 4788 key: 4789 description: The key of 4790 the secret to select 4791 from. Must be a valid 4792 secret key. 4793 type: string 4794 name: 4795 description: 'Name of 4796 the referent. More info: 4797 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4798 TODO: Add other useful 4799 fields. apiVersion, 4800 kind, uid?' 4801 type: string 4802 optional: 4803 description: Specify whether 4804 the Secret or its key 4805 must be defined 4806 type: boolean 4807 envFrom: 4808 description: List of sources to populate 4809 environment variables in the container. 4810 The keys defined within a source must 4811 be a C_IDENTIFIER. All invalid keys 4812 will be reported as an event when 4813 the container is starting. When a 4814 key exists in multiple sources, the 4815 value associated with the last source 4816 will take precedence. Values defined 4817 by an Env with a duplicate key will 4818 take precedence. Cannot be updated. 4819 type: array 4820 items: 4821 description: EnvFromSource represents 4822 the source of a set of ConfigMaps 4823 type: object 4824 properties: 4825 configMapRef: 4826 description: The ConfigMap to 4827 select from 4828 type: object 4829 properties: 4830 name: 4831 description: 'Name of the 4832 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4833 TODO: Add other useful fields. 4834 apiVersion, kind, uid?' 4835 type: string 4836 optional: 4837 description: Specify whether 4838 the ConfigMap must be defined 4839 type: boolean 4840 prefix: 4841 description: An optional identifier 4842 to prepend to each key in the 4843 ConfigMap. Must be a C_IDENTIFIER. 4844 type: string 4845 secretRef: 4846 description: The Secret to select 4847 from 4848 type: object 4849 properties: 4850 name: 4851 description: 'Name of the 4852 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4853 TODO: Add other useful fields. 4854 apiVersion, kind, uid?' 4855 type: string 4856 optional: 4857 description: Specify whether 4858 the Secret must be defined 4859 type: boolean 4860 image: 4861 description: 'Docker image name. More 4862 info: https://kubernetes.io/docs/concepts/containers/images 4863 This field is optional to allow higher 4864 level config management to default 4865 or override container images in workload 4866 controllers like Deployments and StatefulSets.' 4867 type: string 4868 imagePullPolicy: 4869 description: 'Image pull policy. One 4870 of Always, Never, IfNotPresent. Defaults 4871 to Always if :latest tag is specified, 4872 or IfNotPresent otherwise. Cannot 4873 be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 4874 type: string 4875 lifecycle: 4876 description: Actions that the management 4877 system should take in response to 4878 container lifecycle events. Cannot 4879 be updated. 4880 type: object 4881 properties: 4882 postStart: 4883 description: 'PostStart is called 4884 immediately after a container 4885 is created. If the handler fails, 4886 the container is terminated and 4887 restarted according to its restart 4888 policy. Other management of the 4889 container blocks until the hook 4890 completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4891 type: object 4892 properties: 4893 exec: 4894 description: One and only one 4895 of the following should be 4896 specified. Exec specifies 4897 the action to take. 4898 type: object 4899 properties: 4900 command: 4901 description: Command is 4902 the command line to execute 4903 inside the container, 4904 the working directory 4905 for the command is root 4906 ('/') in the container's 4907 filesystem. The command 4908 is simply exec'd, it is 4909 not run inside a shell, 4910 so traditional shell instructions 4911 ('|', etc) won't work. 4912 To use a shell, you need 4913 to explicitly call out 4914 to that shell. Exit status 4915 of 0 is treated as live/healthy 4916 and non-zero is unhealthy. 4917 type: array 4918 items: 4919 type: string 4920 httpGet: 4921 description: HTTPGet specifies 4922 the http request to perform. 4923 type: object 4924 required: 4925 - port 4926 properties: 4927 host: 4928 description: Host name to 4929 connect to, defaults to 4930 the pod IP. You probably 4931 want to set "Host" in 4932 httpHeaders instead. 4933 type: string 4934 httpHeaders: 4935 description: Custom headers 4936 to set in the request. 4937 HTTP allows repeated headers. 4938 type: array 4939 items: 4940 description: HTTPHeader 4941 describes a custom header 4942 to be used in HTTP probes 4943 type: object 4944 required: 4945 - name 4946 - value 4947 properties: 4948 name: 4949 description: The header 4950 field name 4951 type: string 4952 value: 4953 description: The header 4954 field value 4955 type: string 4956 path: 4957 description: Path to access 4958 on the HTTP server. 4959 type: string 4960 port: 4961 description: Name or number 4962 of the port to access 4963 on the container. Number 4964 must be in the range 1 4965 to 65535. Name must be 4966 an IANA_SVC_NAME. 4967 anyOf: 4968 - type: integer 4969 - type: string 4970 x-kubernetes-int-or-string: true 4971 scheme: 4972 description: Scheme to use 4973 for connecting to the 4974 host. Defaults to HTTP. 4975 type: string 4976 tcpSocket: 4977 description: 'TCPSocket specifies 4978 an action involving a TCP 4979 port. TCP hooks not yet supported 4980 TODO: implement a realistic 4981 TCP lifecycle hook' 4982 type: object 4983 required: 4984 - port 4985 properties: 4986 host: 4987 description: 'Optional: 4988 Host name to connect to, 4989 defaults to the pod IP.' 4990 type: string 4991 port: 4992 description: Number or name 4993 of the port to access 4994 on the container. Number 4995 must be in the range 1 4996 to 65535. Name must be 4997 an IANA_SVC_NAME. 4998 anyOf: 4999 - type: integer 5000 - type: string 5001 x-kubernetes-int-or-string: true 5002 preStop: 5003 description: 'PreStop is called 5004 immediately before a container 5005 is terminated due to an API request 5006 or management event such as liveness/startup 5007 probe failure, preemption, resource 5008 contention, etc. The handler is 5009 not called if the container crashes 5010 or exits. The reason for termination 5011 is passed to the handler. The 5012 Pod''s termination grace period 5013 countdown begins before the PreStop 5014 hooked is executed. Regardless 5015 of the outcome of the handler, 5016 the container will eventually 5017 terminate within the Pod''s termination 5018 grace period. Other management 5019 of the container blocks until 5020 the hook completes or until the 5021 termination grace period is reached. 5022 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 5023 type: object 5024 properties: 5025 exec: 5026 description: One and only one 5027 of the following should be 5028 specified. Exec specifies 5029 the action to take. 5030 type: object 5031 properties: 5032 command: 5033 description: Command is 5034 the command line to execute 5035 inside the container, 5036 the working directory 5037 for the command is root 5038 ('/') in the container's 5039 filesystem. The command 5040 is simply exec'd, it is 5041 not run inside a shell, 5042 so traditional shell instructions 5043 ('|', etc) won't work. 5044 To use a shell, you need 5045 to explicitly call out 5046 to that shell. Exit status 5047 of 0 is treated as live/healthy 5048 and non-zero is unhealthy. 5049 type: array 5050 items: 5051 type: string 5052 httpGet: 5053 description: HTTPGet specifies 5054 the http request to perform. 5055 type: object 5056 required: 5057 - port 5058 properties: 5059 host: 5060 description: Host name to 5061 connect to, defaults to 5062 the pod IP. You probably 5063 want to set "Host" in 5064 httpHeaders instead. 5065 type: string 5066 httpHeaders: 5067 description: Custom headers 5068 to set in the request. 5069 HTTP allows repeated headers. 5070 type: array 5071 items: 5072 description: HTTPHeader 5073 describes a custom header 5074 to be used in HTTP probes 5075 type: object 5076 required: 5077 - name 5078 - value 5079 properties: 5080 name: 5081 description: The header 5082 field name 5083 type: string 5084 value: 5085 description: The header 5086 field value 5087 type: string 5088 path: 5089 description: Path to access 5090 on the HTTP server. 5091 type: string 5092 port: 5093 description: Name or number 5094 of the port to access 5095 on the container. Number 5096 must be in the range 1 5097 to 65535. Name must be 5098 an IANA_SVC_NAME. 5099 anyOf: 5100 - type: integer 5101 - type: string 5102 x-kubernetes-int-or-string: true 5103 scheme: 5104 description: Scheme to use 5105 for connecting to the 5106 host. Defaults to HTTP. 5107 type: string 5108 tcpSocket: 5109 description: 'TCPSocket specifies 5110 an action involving a TCP 5111 port. TCP hooks not yet supported 5112 TODO: implement a realistic 5113 TCP lifecycle hook' 5114 type: object 5115 required: 5116 - port 5117 properties: 5118 host: 5119 description: 'Optional: 5120 Host name to connect to, 5121 defaults to the pod IP.' 5122 type: string 5123 port: 5124 description: Number or name 5125 of the port to access 5126 on the container. Number 5127 must be in the range 1 5128 to 65535. Name must be 5129 an IANA_SVC_NAME. 5130 anyOf: 5131 - type: integer 5132 - type: string 5133 x-kubernetes-int-or-string: true 5134 livenessProbe: 5135 description: 'Periodic probe of container 5136 liveness. Container will be restarted 5137 if the probe fails. Cannot be updated. 5138 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5139 type: object 5140 properties: 5141 exec: 5142 description: One and only one of 5143 the following should be specified. 5144 Exec specifies the action to take. 5145 type: object 5146 properties: 5147 command: 5148 description: Command is the 5149 command line to execute inside 5150 the container, the working 5151 directory for the command is 5152 root ('/') in the container's 5153 filesystem. The command is 5154 simply exec'd, it is not run 5155 inside a shell, so traditional 5156 shell instructions ('|', etc) 5157 won't work. To use a shell, 5158 you need to explicitly call 5159 out to that shell. Exit status 5160 of 0 is treated as live/healthy 5161 and non-zero is unhealthy. 5162 type: array 5163 items: 5164 type: string 5165 failureThreshold: 5166 description: Minimum consecutive 5167 failures for the probe to be considered 5168 failed after having succeeded. 5169 Defaults to 3. Minimum value is 5170 1. 5171 type: integer 5172 format: int32 5173 httpGet: 5174 description: HTTPGet specifies the 5175 http request to perform. 5176 type: object 5177 required: 5178 - port 5179 properties: 5180 host: 5181 description: Host name to connect 5182 to, defaults to the pod IP. 5183 You probably want to set "Host" 5184 in httpHeaders instead. 5185 type: string 5186 httpHeaders: 5187 description: Custom headers 5188 to set in the request. HTTP 5189 allows repeated headers. 5190 type: array 5191 items: 5192 description: HTTPHeader describes 5193 a custom header to be used 5194 in HTTP probes 5195 type: object 5196 required: 5197 - name 5198 - value 5199 properties: 5200 name: 5201 description: The header 5202 field name 5203 type: string 5204 value: 5205 description: The header 5206 field value 5207 type: string 5208 path: 5209 description: Path to access 5210 on the HTTP server. 5211 type: string 5212 port: 5213 description: Name or number 5214 of the port to access on the 5215 container. Number must be 5216 in the range 1 to 65535. Name 5217 must be an IANA_SVC_NAME. 5218 anyOf: 5219 - type: integer 5220 - type: string 5221 x-kubernetes-int-or-string: true 5222 scheme: 5223 description: Scheme to use for 5224 connecting to the host. Defaults 5225 to HTTP. 5226 type: string 5227 initialDelaySeconds: 5228 description: 'Number of seconds 5229 after the container has started 5230 before liveness probes are initiated. 5231 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5232 type: integer 5233 format: int32 5234 periodSeconds: 5235 description: How often (in seconds) 5236 to perform the probe. Default 5237 to 10 seconds. Minimum value is 5238 1. 5239 type: integer 5240 format: int32 5241 successThreshold: 5242 description: Minimum consecutive 5243 successes for the probe to be 5244 considered successful after having 5245 failed. Defaults to 1. Must be 5246 1 for liveness and startup. Minimum 5247 value is 1. 5248 type: integer 5249 format: int32 5250 tcpSocket: 5251 description: 'TCPSocket specifies 5252 an action involving a TCP port. 5253 TCP hooks not yet supported TODO: 5254 implement a realistic TCP lifecycle 5255 hook' 5256 type: object 5257 required: 5258 - port 5259 properties: 5260 host: 5261 description: 'Optional: Host 5262 name to connect to, defaults 5263 to the pod IP.' 5264 type: string 5265 port: 5266 description: Number or name 5267 of the port to access on the 5268 container. Number must be 5269 in the range 1 to 65535. Name 5270 must be an IANA_SVC_NAME. 5271 anyOf: 5272 - type: integer 5273 - type: string 5274 x-kubernetes-int-or-string: true 5275 timeoutSeconds: 5276 description: 'Number of seconds 5277 after which the probe times out. 5278 Defaults to 1 second. Minimum 5279 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5280 type: integer 5281 format: int32 5282 name: 5283 description: Name of the container specified 5284 as a DNS_LABEL. Each container in 5285 a pod must have a unique name (DNS_LABEL). 5286 Cannot be updated. 5287 type: string 5288 ports: 5289 description: List of ports to expose 5290 from the container. Exposing a port 5291 here gives the system additional information 5292 about the network connections a container 5293 uses, but is primarily informational. 5294 Not specifying a port here DOES NOT 5295 prevent that port from being exposed. 5296 Any port which is listening on the 5297 default "0.0.0.0" address inside a 5298 container will be accessible from 5299 the network. Cannot be updated. 5300 type: array 5301 items: 5302 description: ContainerPort represents 5303 a network port in a single container. 5304 type: object 5305 required: 5306 - containerPort 5307 properties: 5308 containerPort: 5309 description: Number of port to 5310 expose on the pod's IP address. 5311 This must be a valid port number, 5312 0 < x < 65536. 5313 type: integer 5314 format: int32 5315 hostIP: 5316 description: What host IP to bind 5317 the external port to. 5318 type: string 5319 hostPort: 5320 description: Number of port to 5321 expose on the host. If specified, 5322 this must be a valid port number, 5323 0 < x < 65536. If HostNetwork 5324 is specified, this must match 5325 ContainerPort. Most containers 5326 do not need this. 5327 type: integer 5328 format: int32 5329 name: 5330 description: If specified, this 5331 must be an IANA_SVC_NAME and 5332 unique within the pod. Each 5333 named port in a pod must have 5334 a unique name. Name for the 5335 port that can be referred to 5336 by services. 5337 type: string 5338 protocol: 5339 description: Protocol for port. 5340 Must be UDP, TCP, or SCTP. Defaults 5341 to "TCP". 5342 type: string 5343 readinessProbe: 5344 description: 'Periodic probe of container 5345 service readiness. Container will 5346 be removed from service endpoints 5347 if the probe fails. Cannot be updated. 5348 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5349 type: object 5350 properties: 5351 exec: 5352 description: One and only one of 5353 the following should be specified. 5354 Exec specifies the action to take. 5355 type: object 5356 properties: 5357 command: 5358 description: Command is the 5359 command line to execute inside 5360 the container, the working 5361 directory for the command is 5362 root ('/') in the container's 5363 filesystem. The command is 5364 simply exec'd, it is not run 5365 inside a shell, so traditional 5366 shell instructions ('|', etc) 5367 won't work. To use a shell, 5368 you need to explicitly call 5369 out to that shell. Exit status 5370 of 0 is treated as live/healthy 5371 and non-zero is unhealthy. 5372 type: array 5373 items: 5374 type: string 5375 failureThreshold: 5376 description: Minimum consecutive 5377 failures for the probe to be considered 5378 failed after having succeeded. 5379 Defaults to 3. Minimum value is 5380 1. 5381 type: integer 5382 format: int32 5383 httpGet: 5384 description: HTTPGet specifies the 5385 http request to perform. 5386 type: object 5387 required: 5388 - port 5389 properties: 5390 host: 5391 description: Host name to connect 5392 to, defaults to the pod IP. 5393 You probably want to set "Host" 5394 in httpHeaders instead. 5395 type: string 5396 httpHeaders: 5397 description: Custom headers 5398 to set in the request. HTTP 5399 allows repeated headers. 5400 type: array 5401 items: 5402 description: HTTPHeader describes 5403 a custom header to be used 5404 in HTTP probes 5405 type: object 5406 required: 5407 - name 5408 - value 5409 properties: 5410 name: 5411 description: The header 5412 field name 5413 type: string 5414 value: 5415 description: The header 5416 field value 5417 type: string 5418 path: 5419 description: Path to access 5420 on the HTTP server. 5421 type: string 5422 port: 5423 description: Name or number 5424 of the port to access on the 5425 container. Number must be 5426 in the range 1 to 65535. Name 5427 must be an IANA_SVC_NAME. 5428 anyOf: 5429 - type: integer 5430 - type: string 5431 x-kubernetes-int-or-string: true 5432 scheme: 5433 description: Scheme to use for 5434 connecting to the host. Defaults 5435 to HTTP. 5436 type: string 5437 initialDelaySeconds: 5438 description: 'Number of seconds 5439 after the container has started 5440 before liveness probes are initiated. 5441 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5442 type: integer 5443 format: int32 5444 periodSeconds: 5445 description: How often (in seconds) 5446 to perform the probe. Default 5447 to 10 seconds. Minimum value is 5448 1. 5449 type: integer 5450 format: int32 5451 successThreshold: 5452 description: Minimum consecutive 5453 successes for the probe to be 5454 considered successful after having 5455 failed. Defaults to 1. Must be 5456 1 for liveness and startup. Minimum 5457 value is 1. 5458 type: integer 5459 format: int32 5460 tcpSocket: 5461 description: 'TCPSocket specifies 5462 an action involving a TCP port. 5463 TCP hooks not yet supported TODO: 5464 implement a realistic TCP lifecycle 5465 hook' 5466 type: object 5467 required: 5468 - port 5469 properties: 5470 host: 5471 description: 'Optional: Host 5472 name to connect to, defaults 5473 to the pod IP.' 5474 type: string 5475 port: 5476 description: Number or name 5477 of the port to access on the 5478 container. Number must be 5479 in the range 1 to 65535. Name 5480 must be an IANA_SVC_NAME. 5481 anyOf: 5482 - type: integer 5483 - type: string 5484 x-kubernetes-int-or-string: true 5485 timeoutSeconds: 5486 description: 'Number of seconds 5487 after which the probe times out. 5488 Defaults to 1 second. Minimum 5489 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5490 type: integer 5491 format: int32 5492 resources: 5493 description: 'Compute Resources required 5494 by this container. Cannot be updated. 5495 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5496 type: object 5497 properties: 5498 limits: 5499 description: 'Limits describes the 5500 maximum amount of compute resources 5501 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5502 type: object 5503 additionalProperties: 5504 type: string 5505 requests: 5506 description: 'Requests describes 5507 the minimum amount of compute 5508 resources required. If Requests 5509 is omitted for a container, it 5510 defaults to Limits if that is 5511 explicitly specified, otherwise 5512 to an implementation-defined value. 5513 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5514 type: object 5515 additionalProperties: 5516 type: string 5517 securityContext: 5518 description: 'Security options the pod 5519 should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ 5520 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 5521 type: object 5522 properties: 5523 allowPrivilegeEscalation: 5524 description: 'AllowPrivilegeEscalation 5525 controls whether a process can 5526 gain more privileges than its 5527 parent process. This bool directly 5528 controls if the no_new_privs flag 5529 will be set on the container process. 5530 AllowPrivilegeEscalation is true 5531 always when the container is: 5532 1) run as Privileged 2) has CAP_SYS_ADMIN' 5533 type: boolean 5534 capabilities: 5535 description: The capabilities to 5536 add/drop when running containers. 5537 Defaults to the default set of 5538 capabilities granted by the container 5539 runtime. 5540 type: object 5541 properties: 5542 add: 5543 description: Added capabilities 5544 type: array 5545 items: 5546 description: Capability represent 5547 POSIX capabilities type 5548 type: string 5549 drop: 5550 description: Removed capabilities 5551 type: array 5552 items: 5553 description: Capability represent 5554 POSIX capabilities type 5555 type: string 5556 privileged: 5557 description: Run container in privileged 5558 mode. Processes in privileged 5559 containers are essentially equivalent 5560 to root on the host. Defaults 5561 to false. 5562 type: boolean 5563 procMount: 5564 description: procMount denotes the 5565 type of proc mount to use for 5566 the containers. The default is 5567 DefaultProcMount which uses the 5568 container runtime defaults for 5569 readonly paths and masked paths. 5570 This requires the ProcMountType 5571 feature flag to be enabled. 5572 type: string 5573 readOnlyRootFilesystem: 5574 description: Whether this container 5575 has a read-only root filesystem. 5576 Default is false. 5577 type: boolean 5578 runAsGroup: 5579 description: The GID to run the 5580 entrypoint of the container process. 5581 Uses runtime default if unset. 5582 May also be set in PodSecurityContext. If 5583 set in both SecurityContext and 5584 PodSecurityContext, the value 5585 specified in SecurityContext takes 5586 precedence. 5587 type: integer 5588 format: int64 5589 runAsNonRoot: 5590 description: Indicates that the 5591 container must run as a non-root 5592 user. If true, the Kubelet will 5593 validate the image at runtime 5594 to ensure that it does not run 5595 as UID 0 (root) and fail to start 5596 the container if it does. If unset 5597 or false, no such validation will 5598 be performed. May also be set 5599 in PodSecurityContext. If set 5600 in both SecurityContext and PodSecurityContext, 5601 the value specified in SecurityContext 5602 takes precedence. 5603 type: boolean 5604 runAsUser: 5605 description: The UID to run the 5606 entrypoint of the container process. 5607 Defaults to user specified in 5608 image metadata if unspecified. 5609 May also be set in PodSecurityContext. If 5610 set in both SecurityContext and 5611 PodSecurityContext, the value 5612 specified in SecurityContext takes 5613 precedence. 5614 type: integer 5615 format: int64 5616 seLinuxOptions: 5617 description: The SELinux context 5618 to be applied to the container. 5619 If unspecified, the container 5620 runtime will allocate a random 5621 SELinux context for each container. May 5622 also be set in PodSecurityContext. If 5623 set in both SecurityContext and 5624 PodSecurityContext, the value 5625 specified in SecurityContext takes 5626 precedence. 5627 type: object 5628 properties: 5629 level: 5630 description: Level is SELinux 5631 level label that applies to 5632 the container. 5633 type: string 5634 role: 5635 description: Role is a SELinux 5636 role label that applies to 5637 the container. 5638 type: string 5639 type: 5640 description: Type is a SELinux 5641 type label that applies to 5642 the container. 5643 type: string 5644 user: 5645 description: User is a SELinux 5646 user label that applies to 5647 the container. 5648 type: string 5649 windowsOptions: 5650 description: The Windows specific 5651 settings applied to all containers. 5652 If unspecified, the options from 5653 the PodSecurityContext will be 5654 used. If set in both SecurityContext 5655 and PodSecurityContext, the value 5656 specified in SecurityContext takes 5657 precedence. 5658 type: object 5659 properties: 5660 gmsaCredentialSpec: 5661 description: GMSACredentialSpec 5662 is where the GMSA admission 5663 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5664 inlines the contents of the 5665 GMSA credential spec named 5666 by the GMSACredentialSpecName 5667 field. This field is alpha-level 5668 and is only honored by servers 5669 that enable the WindowsGMSA 5670 feature flag. 5671 type: string 5672 gmsaCredentialSpecName: 5673 description: GMSACredentialSpecName 5674 is the name of the GMSA credential 5675 spec to use. This field is 5676 alpha-level and is only honored 5677 by servers that enable the 5678 WindowsGMSA feature flag. 5679 type: string 5680 runAsUserName: 5681 description: The UserName in 5682 Windows to run the entrypoint 5683 of the container process. 5684 Defaults to the user specified 5685 in image metadata if unspecified. 5686 May also be set in PodSecurityContext. 5687 If set in both SecurityContext 5688 and PodSecurityContext, the 5689 value specified in SecurityContext 5690 takes precedence. This field 5691 is alpha-level and it is only 5692 honored by servers that enable 5693 the WindowsRunAsUserName feature 5694 flag. 5695 type: string 5696 startupProbe: 5697 description: 'StartupProbe indicates 5698 that the Pod has successfully initialized. 5699 If specified, no other probes are 5700 executed until this completes successfully. 5701 If this probe fails, the Pod will 5702 be restarted, just as if the livenessProbe 5703 failed. This can be used to provide 5704 different probe parameters at the 5705 beginning of a Pod''s lifecycle, when 5706 it might take a long time to load 5707 data or warm a cache, than during 5708 steady-state operation. This cannot 5709 be updated. This is an alpha feature 5710 enabled by the StartupProbe feature 5711 flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5712 type: object 5713 properties: 5714 exec: 5715 description: One and only one of 5716 the following should be specified. 5717 Exec specifies the action to take. 5718 type: object 5719 properties: 5720 command: 5721 description: Command is the 5722 command line to execute inside 5723 the container, the working 5724 directory for the command is 5725 root ('/') in the container's 5726 filesystem. The command is 5727 simply exec'd, it is not run 5728 inside a shell, so traditional 5729 shell instructions ('|', etc) 5730 won't work. To use a shell, 5731 you need to explicitly call 5732 out to that shell. Exit status 5733 of 0 is treated as live/healthy 5734 and non-zero is unhealthy. 5735 type: array 5736 items: 5737 type: string 5738 failureThreshold: 5739 description: Minimum consecutive 5740 failures for the probe to be considered 5741 failed after having succeeded. 5742 Defaults to 3. Minimum value is 5743 1. 5744 type: integer 5745 format: int32 5746 httpGet: 5747 description: HTTPGet specifies the 5748 http request to perform. 5749 type: object 5750 required: 5751 - port 5752 properties: 5753 host: 5754 description: Host name to connect 5755 to, defaults to the pod IP. 5756 You probably want to set "Host" 5757 in httpHeaders instead. 5758 type: string 5759 httpHeaders: 5760 description: Custom headers 5761 to set in the request. HTTP 5762 allows repeated headers. 5763 type: array 5764 items: 5765 description: HTTPHeader describes 5766 a custom header to be used 5767 in HTTP probes 5768 type: object 5769 required: 5770 - name 5771 - value 5772 properties: 5773 name: 5774 description: The header 5775 field name 5776 type: string 5777 value: 5778 description: The header 5779 field value 5780 type: string 5781 path: 5782 description: Path to access 5783 on the HTTP server. 5784 type: string 5785 port: 5786 description: Name or number 5787 of the port to access on the 5788 container. Number must be 5789 in the range 1 to 65535. Name 5790 must be an IANA_SVC_NAME. 5791 anyOf: 5792 - type: integer 5793 - type: string 5794 x-kubernetes-int-or-string: true 5795 scheme: 5796 description: Scheme to use for 5797 connecting to the host. Defaults 5798 to HTTP. 5799 type: string 5800 initialDelaySeconds: 5801 description: 'Number of seconds 5802 after the container has started 5803 before liveness probes are initiated. 5804 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5805 type: integer 5806 format: int32 5807 periodSeconds: 5808 description: How often (in seconds) 5809 to perform the probe. Default 5810 to 10 seconds. Minimum value is 5811 1. 5812 type: integer 5813 format: int32 5814 successThreshold: 5815 description: Minimum consecutive 5816 successes for the probe to be 5817 considered successful after having 5818 failed. Defaults to 1. Must be 5819 1 for liveness and startup. Minimum 5820 value is 1. 5821 type: integer 5822 format: int32 5823 tcpSocket: 5824 description: 'TCPSocket specifies 5825 an action involving a TCP port. 5826 TCP hooks not yet supported TODO: 5827 implement a realistic TCP lifecycle 5828 hook' 5829 type: object 5830 required: 5831 - port 5832 properties: 5833 host: 5834 description: 'Optional: Host 5835 name to connect to, defaults 5836 to the pod IP.' 5837 type: string 5838 port: 5839 description: Number or name 5840 of the port to access on the 5841 container. Number must be 5842 in the range 1 to 65535. Name 5843 must be an IANA_SVC_NAME. 5844 anyOf: 5845 - type: integer 5846 - type: string 5847 x-kubernetes-int-or-string: true 5848 timeoutSeconds: 5849 description: 'Number of seconds 5850 after which the probe times out. 5851 Defaults to 1 second. Minimum 5852 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5853 type: integer 5854 format: int32 5855 stdin: 5856 description: Whether this container 5857 should allocate a buffer for stdin 5858 in the container runtime. If this 5859 is not set, reads from stdin in the 5860 container will always result in EOF. 5861 Default is false. 5862 type: boolean 5863 stdinOnce: 5864 description: Whether the container runtime 5865 should close the stdin channel after 5866 it has been opened by a single attach. 5867 When stdin is true the stdin stream 5868 will remain open across multiple attach 5869 sessions. If stdinOnce is set to true, 5870 stdin is opened on container start, 5871 is empty until the first client attaches 5872 to stdin, and then remains open and 5873 accepts data until the client disconnects, 5874 at which time stdin is closed and 5875 remains closed until the container 5876 is restarted. If this flag is false, 5877 a container processes that reads from 5878 stdin will never receive an EOF. Default 5879 is false 5880 type: boolean 5881 terminationMessagePath: 5882 description: 'Optional: Path at which 5883 the file to which the container''s 5884 termination message will be written 5885 is mounted into the container''s filesystem. 5886 Message written is intended to be 5887 brief final status, such as an assertion 5888 failure message. Will be truncated 5889 by the node if greater than 4096 bytes. 5890 The total message length across all 5891 containers will be limited to 12kb. 5892 Defaults to /dev/termination-log. 5893 Cannot be updated.' 5894 type: string 5895 terminationMessagePolicy: 5896 description: Indicate how the termination 5897 message should be populated. File 5898 will use the contents of terminationMessagePath 5899 to populate the container status message 5900 on both success and failure. FallbackToLogsOnError 5901 will use the last chunk of container 5902 log output if the termination message 5903 file is empty and the container exited 5904 with an error. The log output is limited 5905 to 2048 bytes or 80 lines, whichever 5906 is smaller. Defaults to File. Cannot 5907 be updated. 5908 type: string 5909 tty: 5910 description: Whether this container 5911 should allocate a TTY for itself, 5912 also requires 'stdin' to be true. 5913 Default is false. 5914 type: boolean 5915 volumeDevices: 5916 description: volumeDevices is the list 5917 of block devices to be used by the 5918 container. This is a beta feature. 5919 type: array 5920 items: 5921 description: volumeDevice describes 5922 a mapping of a raw block device 5923 within a container. 5924 type: object 5925 required: 5926 - devicePath 5927 - name 5928 properties: 5929 devicePath: 5930 description: devicePath is the 5931 path inside of the container 5932 that the device will be mapped 5933 to. 5934 type: string 5935 name: 5936 description: name must match the 5937 name of a persistentVolumeClaim 5938 in the pod 5939 type: string 5940 volumeMounts: 5941 description: Pod volumes to mount into 5942 the container's filesystem. Cannot 5943 be updated. 5944 type: array 5945 items: 5946 description: VolumeMount describes 5947 a mounting of a Volume within a 5948 container. 5949 type: object 5950 required: 5951 - mountPath 5952 - name 5953 properties: 5954 mountPath: 5955 description: Path within the container 5956 at which the volume should be 5957 mounted. Must not contain ':'. 5958 type: string 5959 mountPropagation: 5960 description: mountPropagation 5961 determines how mounts are propagated 5962 from the host to container and 5963 the other way around. When not 5964 set, MountPropagationNone is 5965 used. This field is beta in 5966 1.10. 5967 type: string 5968 name: 5969 description: This must match the 5970 Name of a Volume. 5971 type: string 5972 readOnly: 5973 description: Mounted read-only 5974 if true, read-write otherwise 5975 (false or unspecified). Defaults 5976 to false. 5977 type: boolean 5978 subPath: 5979 description: Path within the volume 5980 from which the container's volume 5981 should be mounted. Defaults 5982 to "" (volume's root). 5983 type: string 5984 subPathExpr: 5985 description: Expanded path within 5986 the volume from which the container's 5987 volume should be mounted. Behaves 5988 similarly to SubPath but environment 5989 variable references $(VAR_NAME) 5990 are expanded using the container's 5991 environment. Defaults to "" 5992 (volume's root). SubPathExpr 5993 and SubPath are mutually exclusive. 5994 This field is beta in 1.15. 5995 type: string 5996 workingDir: 5997 description: Container's working directory. 5998 If not specified, the container runtime's 5999 default will be used, which might 6000 be configured in the container image. 6001 Cannot be updated. 6002 type: string 6003 nodeName: 6004 description: NodeName is a request to schedule 6005 this pod onto a specific node. If it is 6006 non-empty, the scheduler simply schedules 6007 this pod onto that node, assuming that it 6008 fits resource requirements. 6009 type: string 6010 nodeSelector: 6011 description: 'NodeSelector is a selector which 6012 must be true for the pod to fit on a node. 6013 Selector which must match a node''s labels 6014 for the pod to be scheduled on that node. 6015 More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 6016 type: object 6017 additionalProperties: 6018 type: string 6019 overhead: 6020 description: 'Overhead represents the resource 6021 overhead associated with running a pod for 6022 a given RuntimeClass. This field will be 6023 autopopulated at admission time by the RuntimeClass 6024 admission controller. If the RuntimeClass 6025 admission controller is enabled, overhead 6026 must not be set in Pod create requests. 6027 The RuntimeClass admission controller will 6028 reject Pod create requests which have the 6029 overhead already set. If RuntimeClass is 6030 configured and selected in the PodSpec, 6031 Overhead will be set to the value defined 6032 in the corresponding RuntimeClass, otherwise 6033 it will remain unset and treated as zero. 6034 More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md 6035 This field is alpha-level as of Kubernetes 6036 v1.16, and is only honored by servers that 6037 enable the PodOverhead feature.' 6038 type: object 6039 additionalProperties: 6040 type: string 6041 preemptionPolicy: 6042 description: PreemptionPolicy is the Policy 6043 for preempting pods with lower priority. 6044 One of Never, PreemptLowerPriority. Defaults 6045 to PreemptLowerPriority if unset. This field 6046 is alpha-level and is only honored by servers 6047 that enable the NonPreemptingPriority feature. 6048 type: string 6049 priority: 6050 description: The priority value. Various system 6051 components use this field to find the priority 6052 of the pod. When Priority Admission Controller 6053 is enabled, it prevents users from setting 6054 this field. The admission controller populates 6055 this field from PriorityClassName. The higher 6056 the value, the higher the priority. 6057 type: integer 6058 format: int32 6059 priorityClassName: 6060 description: If specified, indicates the pod's 6061 priority. "system-node-critical" and "system-cluster-critical" 6062 are two special keywords which indicate 6063 the highest priorities with the former being 6064 the highest priority. Any other name must 6065 be defined by creating a PriorityClass object 6066 with that name. If not specified, the pod 6067 priority will be default or zero if there 6068 is no default. 6069 type: string 6070 readinessGates: 6071 description: 'If specified, all readiness 6072 gates will be evaluated for pod readiness. 6073 A pod is ready when all its containers are 6074 ready AND all conditions specified in the 6075 readiness gates have status equal to "True" 6076 More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' 6077 type: array 6078 items: 6079 description: PodReadinessGate contains the 6080 reference to a pod condition 6081 type: object 6082 required: 6083 - conditionType 6084 properties: 6085 conditionType: 6086 description: ConditionType refers to 6087 a condition in the pod's condition 6088 list with matching type. 6089 type: string 6090 restartPolicy: 6091 description: 'Restart policy for all containers 6092 within the pod. One of Always, OnFailure, 6093 Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 6094 type: string 6095 runtimeClassName: 6096 description: 'RuntimeClassName refers to a 6097 RuntimeClass object in the node.k8s.io group, 6098 which should be used to run this pod. If 6099 no RuntimeClass resource matches the named 6100 class, the pod will not be run. If unset 6101 or empty, the "legacy" RuntimeClass will 6102 be used, which is an implicit class with 6103 an empty definition that uses the default 6104 runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md 6105 This is a beta feature as of Kubernetes 6106 v1.14.' 6107 type: string 6108 schedulerName: 6109 description: If specified, the pod will be 6110 dispatched by specified scheduler. If not 6111 specified, the pod will be dispatched by 6112 default scheduler. 6113 type: string 6114 securityContext: 6115 description: 'SecurityContext holds pod-level 6116 security attributes and common container 6117 settings. Optional: Defaults to empty. See 6118 type description for default values of each 6119 field.' 6120 type: object 6121 properties: 6122 fsGroup: 6123 description: "A special supplemental group 6124 that applies to all containers in a 6125 pod. Some volume types allow the Kubelet 6126 to change the ownership of that volume 6127 to be owned by the pod: \n 1. The owning 6128 GID will be the FSGroup 2. The setgid 6129 bit is set (new files created in the 6130 volume will be owned by FSGroup) 3. 6131 The permission bits are OR'd with rw-rw---- 6132 \n If unset, the Kubelet will not modify 6133 the ownership and permissions of any 6134 volume." 6135 type: integer 6136 format: int64 6137 runAsGroup: 6138 description: The GID to run the entrypoint 6139 of the container process. Uses runtime 6140 default if unset. May also be set in 6141 SecurityContext. If set in both SecurityContext 6142 and PodSecurityContext, the value specified 6143 in SecurityContext takes precedence 6144 for that container. 6145 type: integer 6146 format: int64 6147 runAsNonRoot: 6148 description: Indicates that the container 6149 must run as a non-root user. If true, 6150 the Kubelet will validate the image 6151 at runtime to ensure that it does not 6152 run as UID 0 (root) and fail to start 6153 the container if it does. If unset or 6154 false, no such validation will be performed. 6155 May also be set in SecurityContext. If 6156 set in both SecurityContext and PodSecurityContext, 6157 the value specified in SecurityContext 6158 takes precedence. 6159 type: boolean 6160 runAsUser: 6161 description: The UID to run the entrypoint 6162 of the container process. Defaults to 6163 user specified in image metadata if 6164 unspecified. May also be set in SecurityContext. If 6165 set in both SecurityContext and PodSecurityContext, 6166 the value specified in SecurityContext 6167 takes precedence for that container. 6168 type: integer 6169 format: int64 6170 seLinuxOptions: 6171 description: The SELinux context to be 6172 applied to all containers. If unspecified, 6173 the container runtime will allocate 6174 a random SELinux context for each container. May 6175 also be set in SecurityContext. If 6176 set in both SecurityContext and PodSecurityContext, 6177 the value specified in SecurityContext 6178 takes precedence for that container. 6179 type: object 6180 properties: 6181 level: 6182 description: Level is SELinux level 6183 label that applies to the container. 6184 type: string 6185 role: 6186 description: Role is a SELinux role 6187 label that applies to the container. 6188 type: string 6189 type: 6190 description: Type is a SELinux type 6191 label that applies to the container. 6192 type: string 6193 user: 6194 description: User is a SELinux user 6195 label that applies to the container. 6196 type: string 6197 supplementalGroups: 6198 description: A list of groups applied 6199 to the first process run in each container, 6200 in addition to the container's primary 6201 GID. If unspecified, no groups will 6202 be added to any container. 6203 type: array 6204 items: 6205 type: integer 6206 format: int64 6207 sysctls: 6208 description: Sysctls hold a list of namespaced 6209 sysctls used for the pod. Pods with 6210 unsupported sysctls (by the container 6211 runtime) might fail to launch. 6212 type: array 6213 items: 6214 description: Sysctl defines a kernel 6215 parameter to be set 6216 type: object 6217 required: 6218 - name 6219 - value 6220 properties: 6221 name: 6222 description: Name of a property 6223 to set 6224 type: string 6225 value: 6226 description: Value of a property 6227 to set 6228 type: string 6229 windowsOptions: 6230 description: The Windows specific settings 6231 applied to all containers. If unspecified, 6232 the options within a container's SecurityContext 6233 will be used. If set in both SecurityContext 6234 and PodSecurityContext, the value specified 6235 in SecurityContext takes precedence. 6236 type: object 6237 properties: 6238 gmsaCredentialSpec: 6239 description: GMSACredentialSpec is 6240 where the GMSA admission webhook 6241 (https://github.com/kubernetes-sigs/windows-gmsa) 6242 inlines the contents of the GMSA 6243 credential spec named by the GMSACredentialSpecName 6244 field. This field is alpha-level 6245 and is only honored by servers that 6246 enable the WindowsGMSA feature flag. 6247 type: string 6248 gmsaCredentialSpecName: 6249 description: GMSACredentialSpecName 6250 is the name of the GMSA credential 6251 spec to use. This field is alpha-level 6252 and is only honored by servers that 6253 enable the WindowsGMSA feature flag. 6254 type: string 6255 runAsUserName: 6256 description: The UserName in Windows 6257 to run the entrypoint of the container 6258 process. Defaults to the user specified 6259 in image metadata if unspecified. 6260 May also be set in PodSecurityContext. 6261 If set in both SecurityContext and 6262 PodSecurityContext, the value specified 6263 in SecurityContext takes precedence. 6264 This field is alpha-level and it 6265 is only honored by servers that 6266 enable the WindowsRunAsUserName 6267 feature flag. 6268 type: string 6269 serviceAccount: 6270 description: 'DeprecatedServiceAccount is 6271 a depreciated alias for ServiceAccountName. 6272 Deprecated: Use serviceAccountName instead.' 6273 type: string 6274 serviceAccountName: 6275 description: 'ServiceAccountName is the name 6276 of the ServiceAccount to use to run this 6277 pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 6278 type: string 6279 shareProcessNamespace: 6280 description: 'Share a single process namespace 6281 between all of the containers in a pod. 6282 When this is set containers will be able 6283 to view and signal processes from other 6284 containers in the same pod, and the first 6285 process in each container will not be assigned 6286 PID 1. HostPID and ShareProcessNamespace 6287 cannot both be set. Optional: Default to 6288 false. This field is beta-level and may 6289 be disabled with the PodShareProcessNamespace 6290 feature.' 6291 type: boolean 6292 subdomain: 6293 description: If specified, the fully qualified 6294 Pod hostname will be "<hostname>.<subdomain>.<pod 6295 namespace>.svc.<cluster domain>". If not 6296 specified, the pod will not have a domainname 6297 at all. 6298 type: string 6299 terminationGracePeriodSeconds: 6300 description: Optional duration in seconds 6301 the pod needs to terminate gracefully. May 6302 be decreased in delete request. Value must 6303 be non-negative integer. The value zero 6304 indicates delete immediately. If this value 6305 is nil, the default grace period will be 6306 used instead. The grace period is the duration 6307 in seconds after the processes running in 6308 the pod are sent a termination signal and 6309 the time when the processes are forcibly 6310 halted with a kill signal. Set this value 6311 longer than the expected cleanup time for 6312 your process. Defaults to 30 seconds. 6313 type: integer 6314 format: int64 6315 tolerations: 6316 description: If specified, the pod's tolerations. 6317 type: array 6318 items: 6319 description: The pod this Toleration is 6320 attached to tolerates any taint that matches 6321 the triple <key,value,effect> using the 6322 matching operator <operator>. 6323 type: object 6324 properties: 6325 effect: 6326 description: Effect indicates the taint 6327 effect to match. Empty means match 6328 all taint effects. When specified, 6329 allowed values are NoSchedule, PreferNoSchedule 6330 and NoExecute. 6331 type: string 6332 key: 6333 description: Key is the taint key that 6334 the toleration applies to. Empty means 6335 match all taint keys. If the key is 6336 empty, operator must be Exists; this 6337 combination means to match all values 6338 and all keys. 6339 type: string 6340 operator: 6341 description: Operator represents a key's 6342 relationship to the value. Valid operators 6343 are Exists and Equal. Defaults to 6344 Equal. Exists is equivalent to wildcard 6345 for value, so that a pod can tolerate 6346 all taints of a particular category. 6347 type: string 6348 tolerationSeconds: 6349 description: TolerationSeconds represents 6350 the period of time the toleration 6351 (which must be of effect NoExecute, 6352 otherwise this field is ignored) tolerates 6353 the taint. By default, it is not set, 6354 which means tolerate the taint forever 6355 (do not evict). Zero and negative 6356 values will be treated as 0 (evict 6357 immediately) by the system. 6358 type: integer 6359 format: int64 6360 value: 6361 description: Value is the taint value 6362 the toleration matches to. If the 6363 operator is Exists, the value should 6364 be empty, otherwise just a regular 6365 string. 6366 type: string 6367 topologySpreadConstraints: 6368 description: TopologySpreadConstraints describes 6369 how a group of pods ought to spread across 6370 topology domains. Scheduler will schedule 6371 pods in a way which abides by the constraints. 6372 This field is alpha-level and is only honored 6373 by clusters that enables the EvenPodsSpread 6374 feature. All topologySpreadConstraints are 6375 ANDed. 6376 type: array 6377 items: 6378 description: TopologySpreadConstraint specifies 6379 how to spread matching pods among the 6380 given topology. 6381 type: object 6382 required: 6383 - maxSkew 6384 - topologyKey 6385 - whenUnsatisfiable 6386 properties: 6387 labelSelector: 6388 description: LabelSelector is used to 6389 find matching pods. Pods that match 6390 this label selector are counted to 6391 determine the number of pods in their 6392 corresponding topology domain. 6393 type: object 6394 properties: 6395 matchExpressions: 6396 description: matchExpressions is 6397 a list of label selector requirements. 6398 The requirements are ANDed. 6399 type: array 6400 items: 6401 description: A label selector 6402 requirement is a selector that 6403 contains values, a key, and 6404 an operator that relates the 6405 key and values. 6406 type: object 6407 required: 6408 - key 6409 - operator 6410 properties: 6411 key: 6412 description: key is the label 6413 key that the selector applies 6414 to. 6415 type: string 6416 operator: 6417 description: operator represents 6418 a key's relationship to 6419 a set of values. Valid operators 6420 are In, NotIn, Exists and 6421 DoesNotExist. 6422 type: string 6423 values: 6424 description: values is an 6425 array of string values. 6426 If the operator is In or 6427 NotIn, the values array 6428 must be non-empty. If the 6429 operator is Exists or DoesNotExist, 6430 the values array must be 6431 empty. This array is replaced 6432 during a strategic merge 6433 patch. 6434 type: array 6435 items: 6436 type: string 6437 matchLabels: 6438 description: matchLabels is a map 6439 of {key,value} pairs. A single 6440 {key,value} in the matchLabels 6441 map is equivalent to an element 6442 of matchExpressions, whose key 6443 field is "key", the operator is 6444 "In", and the values array contains 6445 only "value". The requirements 6446 are ANDed. 6447 type: object 6448 additionalProperties: 6449 type: string 6450 maxSkew: 6451 description: 'MaxSkew describes the 6452 degree to which pods may be unevenly 6453 distributed. It''s the maximum permitted 6454 difference between the number of matching 6455 pods in any two topology domains of 6456 a given topology type. For example, 6457 in a 3-zone cluster, MaxSkew is set 6458 to 1, and pods with the same labelSelector 6459 spread as 1/1/0: | zone1 | zone2 | 6460 zone3 | | P | P | | 6461 - if MaxSkew is 1, incoming pod can 6462 only be scheduled to zone3 to become 6463 1/1/1; scheduling it onto zone1(zone2) 6464 would make the ActualSkew(2-0) on 6465 zone1(zone2) violate MaxSkew(1). - 6466 if MaxSkew is 2, incoming pod can 6467 be scheduled onto any zone. It''s 6468 a required field. Default value is 6469 1 and 0 is not allowed.' 6470 type: integer 6471 format: int32 6472 topologyKey: 6473 description: TopologyKey is the key 6474 of node labels. Nodes that have a 6475 label with this key and identical 6476 values are considered to be in the 6477 same topology. We consider each <key, 6478 value> as a "bucket", and try to put 6479 balanced number of pods into each 6480 bucket. It's a required field. 6481 type: string 6482 whenUnsatisfiable: 6483 description: 'WhenUnsatisfiable indicates 6484 how to deal with a pod if it doesn''t 6485 satisfy the spread constraint. - DoNotSchedule 6486 (default) tells the scheduler not 6487 to schedule it - ScheduleAnyway tells 6488 the scheduler to still schedule it 6489 It''s considered as "Unsatisfiable" 6490 if and only if placing incoming pod 6491 on any topology violates "MaxSkew". 6492 For example, in a 3-zone cluster, 6493 MaxSkew is set to 1, and pods with 6494 the same labelSelector spread as 3/1/1: 6495 | zone1 | zone2 | zone3 | | P P P 6496 | P | P | If WhenUnsatisfiable 6497 is set to DoNotSchedule, incoming 6498 pod can only be scheduled to zone2(zone3) 6499 to become 3/2/1(3/1/2) as ActualSkew(2-1) 6500 on zone2(zone3) satisfies MaxSkew(1). 6501 In other words, the cluster can still 6502 be imbalanced, but scheduler won''t 6503 make it *more* imbalanced. It''s a 6504 required field.' 6505 type: string 6506 volumes: 6507 description: 'List of volumes that can be 6508 mounted by containers belonging to the pod. 6509 More info: https://kubernetes.io/docs/concepts/storage/volumes' 6510 type: array 6511 items: 6512 description: Volume represents a named volume 6513 in a pod that may be accessed by any container 6514 in the pod. 6515 type: object 6516 required: 6517 - name 6518 properties: 6519 awsElasticBlockStore: 6520 description: 'AWSElasticBlockStore represents 6521 an AWS Disk resource that is attached 6522 to a kubelet''s host machine and then 6523 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6524 type: object 6525 required: 6526 - volumeID 6527 properties: 6528 fsType: 6529 description: 'Filesystem type of 6530 the volume that you want to mount. 6531 Tip: Ensure that the filesystem 6532 type is supported by the host 6533 operating system. Examples: "ext4", 6534 "xfs", "ntfs". Implicitly inferred 6535 to be "ext4" if unspecified. More 6536 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6537 TODO: how do we prevent errors 6538 in the filesystem from compromising 6539 the machine' 6540 type: string 6541 partition: 6542 description: 'The partition in the 6543 volume that you want to mount. 6544 If omitted, the default is to 6545 mount by volume name. Examples: 6546 For volume /dev/sda1, you specify 6547 the partition as "1". Similarly, 6548 the volume partition for /dev/sda 6549 is "0" (or you can leave the property 6550 empty).' 6551 type: integer 6552 format: int32 6553 readOnly: 6554 description: 'Specify "true" to 6555 force and set the ReadOnly property 6556 in VolumeMounts to "true". If 6557 omitted, the default is "false". 6558 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6559 type: boolean 6560 volumeID: 6561 description: 'Unique ID of the persistent 6562 disk resource in AWS (Amazon EBS 6563 volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6564 type: string 6565 azureDisk: 6566 description: AzureDisk represents an 6567 Azure Data Disk mount on the host 6568 and bind mount to the pod. 6569 type: object 6570 required: 6571 - diskName 6572 - diskURI 6573 properties: 6574 cachingMode: 6575 description: 'Host Caching mode: 6576 None, Read Only, Read Write.' 6577 type: string 6578 diskName: 6579 description: The Name of the data 6580 disk in the blob storage 6581 type: string 6582 diskURI: 6583 description: The URI the data disk 6584 in the blob storage 6585 type: string 6586 fsType: 6587 description: Filesystem type to 6588 mount. Must be a filesystem type 6589 supported by the host operating 6590 system. Ex. "ext4", "xfs", "ntfs". 6591 Implicitly inferred to be "ext4" 6592 if unspecified. 6593 type: string 6594 kind: 6595 description: 'Expected values Shared: 6596 multiple blob disks per storage 6597 account Dedicated: single blob 6598 disk per storage account Managed: 6599 azure managed data disk (only 6600 in managed availability set). 6601 defaults to shared' 6602 type: string 6603 readOnly: 6604 description: Defaults to false (read/write). 6605 ReadOnly here will force the ReadOnly 6606 setting in VolumeMounts. 6607 type: boolean 6608 azureFile: 6609 description: AzureFile represents an 6610 Azure File Service mount on the host 6611 and bind mount to the pod. 6612 type: object 6613 required: 6614 - secretName 6615 - shareName 6616 properties: 6617 readOnly: 6618 description: Defaults to false (read/write). 6619 ReadOnly here will force the ReadOnly 6620 setting in VolumeMounts. 6621 type: boolean 6622 secretName: 6623 description: the name of secret 6624 that contains Azure Storage Account 6625 Name and Key 6626 type: string 6627 shareName: 6628 description: Share Name 6629 type: string 6630 cephfs: 6631 description: CephFS represents a Ceph 6632 FS mount on the host that shares a 6633 pod's lifetime 6634 type: object 6635 required: 6636 - monitors 6637 properties: 6638 monitors: 6639 description: 'Required: Monitors 6640 is a collection of Ceph monitors 6641 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6642 type: array 6643 items: 6644 type: string 6645 path: 6646 description: 'Optional: Used as 6647 the mounted root, rather than 6648 the full Ceph tree, default is 6649 /' 6650 type: string 6651 readOnly: 6652 description: 'Optional: Defaults 6653 to false (read/write). ReadOnly 6654 here will force the ReadOnly setting 6655 in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6656 type: boolean 6657 secretFile: 6658 description: 'Optional: SecretFile 6659 is the path to key ring for User, 6660 default is /etc/ceph/user.secret 6661 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6662 type: string 6663 secretRef: 6664 description: 'Optional: SecretRef 6665 is reference to the authentication 6666 secret for User, default is empty. 6667 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6668 type: object 6669 properties: 6670 name: 6671 description: 'Name of the referent. 6672 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6673 TODO: Add other useful fields. 6674 apiVersion, kind, uid?' 6675 type: string 6676 user: 6677 description: 'Optional: User is 6678 the rados user name, default is 6679 admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6680 type: string 6681 cinder: 6682 description: 'Cinder represents a cinder 6683 volume attached and mounted on kubelets 6684 host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6685 type: object 6686 required: 6687 - volumeID 6688 properties: 6689 fsType: 6690 description: 'Filesystem type to 6691 mount. Must be a filesystem type 6692 supported by the host operating 6693 system. Examples: "ext4", "xfs", 6694 "ntfs". Implicitly inferred to 6695 be "ext4" if unspecified. More 6696 info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6697 type: string 6698 readOnly: 6699 description: 'Optional: Defaults 6700 to false (read/write). ReadOnly 6701 here will force the ReadOnly setting 6702 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6703 type: boolean 6704 secretRef: 6705 description: 'Optional: points to 6706 a secret object containing parameters 6707 used to connect to OpenStack.' 6708 type: object 6709 properties: 6710 name: 6711 description: 'Name of the referent. 6712 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6713 TODO: Add other useful fields. 6714 apiVersion, kind, uid?' 6715 type: string 6716 volumeID: 6717 description: 'volume id used to 6718 identify the volume in cinder. 6719 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6720 type: string 6721 configMap: 6722 description: ConfigMap represents a 6723 configMap that should populate this 6724 volume 6725 type: object 6726 properties: 6727 defaultMode: 6728 description: 'Optional: mode bits 6729 to use on created files by default. 6730 Must be a value between 0 and 6731 0777. Defaults to 0644. Directories 6732 within the path are not affected 6733 by this setting. This might be 6734 in conflict with other options 6735 that affect the file mode, like 6736 fsGroup, and the result can be 6737 other mode bits set.' 6738 type: integer 6739 format: int32 6740 items: 6741 description: If unspecified, each 6742 key-value pair in the Data field 6743 of the referenced ConfigMap will 6744 be projected into the volume as 6745 a file whose name is the key and 6746 content is the value. If specified, 6747 the listed keys will be projected 6748 into the specified paths, and 6749 unlisted keys will not be present. 6750 If a key is specified which is 6751 not present in the ConfigMap, 6752 the volume setup will error unless 6753 it is marked optional. Paths must 6754 be relative and may not contain 6755 the '..' path or start with '..'. 6756 type: array 6757 items: 6758 description: Maps a string key 6759 to a path within a volume. 6760 type: object 6761 required: 6762 - key 6763 - path 6764 properties: 6765 key: 6766 description: The key to project. 6767 type: string 6768 mode: 6769 description: 'Optional: mode 6770 bits to use on this file, 6771 must be a value between 6772 0 and 0777. If not specified, 6773 the volume defaultMode will 6774 be used. This might be in 6775 conflict with other options 6776 that affect the file mode, 6777 like fsGroup, and the result 6778 can be other mode bits set.' 6779 type: integer 6780 format: int32 6781 path: 6782 description: The relative 6783 path of the file to map 6784 the key to. May not be an 6785 absolute path. May not contain 6786 the path element '..'. May 6787 not start with the string 6788 '..'. 6789 type: string 6790 name: 6791 description: 'Name of the referent. 6792 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6793 TODO: Add other useful fields. 6794 apiVersion, kind, uid?' 6795 type: string 6796 optional: 6797 description: Specify whether the 6798 ConfigMap or its keys must be 6799 defined 6800 type: boolean 6801 csi: 6802 description: CSI (Container Storage 6803 Interface) represents storage that 6804 is handled by an external CSI driver 6805 (Alpha feature). 6806 type: object 6807 required: 6808 - driver 6809 properties: 6810 driver: 6811 description: Driver is the name 6812 of the CSI driver that handles 6813 this volume. Consult with your 6814 admin for the correct name as 6815 registered in the cluster. 6816 type: string 6817 fsType: 6818 description: Filesystem type to 6819 mount. Ex. "ext4", "xfs", "ntfs". 6820 If not provided, the empty value 6821 is passed to the associated CSI 6822 driver which will determine the 6823 default filesystem to apply. 6824 type: string 6825 nodePublishSecretRef: 6826 description: NodePublishSecretRef 6827 is a reference to the secret object 6828 containing sensitive information 6829 to pass to the CSI driver to complete 6830 the CSI NodePublishVolume and 6831 NodeUnpublishVolume calls. This 6832 field is optional, and may be 6833 empty if no secret is required. 6834 If the secret object contains 6835 more than one secret, all secret 6836 references are passed. 6837 type: object 6838 properties: 6839 name: 6840 description: 'Name of the referent. 6841 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6842 TODO: Add other useful fields. 6843 apiVersion, kind, uid?' 6844 type: string 6845 readOnly: 6846 description: Specifies a read-only 6847 configuration for the volume. 6848 Defaults to false (read/write). 6849 type: boolean 6850 volumeAttributes: 6851 description: VolumeAttributes stores 6852 driver-specific properties that 6853 are passed to the CSI driver. 6854 Consult your driver's documentation 6855 for supported values. 6856 type: object 6857 additionalProperties: 6858 type: string 6859 downwardAPI: 6860 description: DownwardAPI represents 6861 downward API about the pod that should 6862 populate this volume 6863 type: object 6864 properties: 6865 defaultMode: 6866 description: 'Optional: mode bits 6867 to use on created files by default. 6868 Must be a value between 0 and 6869 0777. Defaults to 0644. Directories 6870 within the path are not affected 6871 by this setting. This might be 6872 in conflict with other options 6873 that affect the file mode, like 6874 fsGroup, and the result can be 6875 other mode bits set.' 6876 type: integer 6877 format: int32 6878 items: 6879 description: Items is a list of 6880 downward API volume file 6881 type: array 6882 items: 6883 description: DownwardAPIVolumeFile 6884 represents information to create 6885 the file containing the pod 6886 field 6887 type: object 6888 required: 6889 - path 6890 properties: 6891 fieldRef: 6892 description: 'Required: Selects 6893 a field of the pod: only 6894 annotations, labels, name 6895 and namespace are supported.' 6896 type: object 6897 required: 6898 - fieldPath 6899 properties: 6900 apiVersion: 6901 description: Version of 6902 the schema the FieldPath 6903 is written in terms 6904 of, defaults to "v1". 6905 type: string 6906 fieldPath: 6907 description: Path of the 6908 field to select in the 6909 specified API version. 6910 type: string 6911 mode: 6912 description: 'Optional: mode 6913 bits to use on this file, 6914 must be a value between 6915 0 and 0777. If not specified, 6916 the volume defaultMode will 6917 be used. This might be in 6918 conflict with other options 6919 that affect the file mode, 6920 like fsGroup, and the result 6921 can be other mode bits set.' 6922 type: integer 6923 format: int32 6924 path: 6925 description: 'Required: Path 6926 is the relative path name 6927 of the file to be created. 6928 Must not be absolute or 6929 contain the ''..'' path. 6930 Must be utf-8 encoded. The 6931 first item of the relative 6932 path must not start with 6933 ''..''' 6934 type: string 6935 resourceFieldRef: 6936 description: 'Selects a resource 6937 of the container: only resources 6938 limits and requests (limits.cpu, 6939 limits.memory, requests.cpu 6940 and requests.memory) are 6941 currently supported.' 6942 type: object 6943 required: 6944 - resource 6945 properties: 6946 containerName: 6947 description: 'Container 6948 name: required for volumes, 6949 optional for env vars' 6950 type: string 6951 divisor: 6952 description: Specifies 6953 the output format of 6954 the exposed resources, 6955 defaults to "1" 6956 type: string 6957 resource: 6958 description: 'Required: 6959 resource to select' 6960 type: string 6961 emptyDir: 6962 description: 'EmptyDir represents a 6963 temporary directory that shares a 6964 pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6965 type: object 6966 properties: 6967 medium: 6968 description: 'What type of storage 6969 medium should back this directory. 6970 The default is "" which means 6971 to use the node''s default medium. 6972 Must be an empty string (default) 6973 or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6974 type: string 6975 sizeLimit: 6976 description: 'Total amount of local 6977 storage required for this EmptyDir 6978 volume. The size limit is also 6979 applicable for memory medium. 6980 The maximum usage on memory medium 6981 EmptyDir would be the minimum 6982 value between the SizeLimit specified 6983 here and the sum of memory limits 6984 of all containers in a pod. The 6985 default is nil which means that 6986 the limit is undefined. More info: 6987 http://kubernetes.io/docs/user-guide/volumes#emptydir' 6988 type: string 6989 fc: 6990 description: FC represents a Fibre Channel 6991 resource that is attached to a kubelet's 6992 host machine and then exposed to the 6993 pod. 6994 type: object 6995 properties: 6996 fsType: 6997 description: 'Filesystem type to 6998 mount. Must be a filesystem type 6999 supported by the host operating 7000 system. Ex. "ext4", "xfs", "ntfs". 7001 Implicitly inferred to be "ext4" 7002 if unspecified. TODO: how do we 7003 prevent errors in the filesystem 7004 from compromising the machine' 7005 type: string 7006 lun: 7007 description: 'Optional: FC target 7008 lun number' 7009 type: integer 7010 format: int32 7011 readOnly: 7012 description: 'Optional: Defaults 7013 to false (read/write). ReadOnly 7014 here will force the ReadOnly setting 7015 in VolumeMounts.' 7016 type: boolean 7017 targetWWNs: 7018 description: 'Optional: FC target 7019 worldwide names (WWNs)' 7020 type: array 7021 items: 7022 type: string 7023 wwids: 7024 description: 'Optional: FC volume 7025 world wide identifiers (wwids) 7026 Either wwids or combination of 7027 targetWWNs and lun must be set, 7028 but not both simultaneously.' 7029 type: array 7030 items: 7031 type: string 7032 flexVolume: 7033 description: FlexVolume represents a 7034 generic volume resource that is provisioned/attached 7035 using an exec based plugin. 7036 type: object 7037 required: 7038 - driver 7039 properties: 7040 driver: 7041 description: Driver is the name 7042 of the driver to use for this 7043 volume. 7044 type: string 7045 fsType: 7046 description: Filesystem type to 7047 mount. Must be a filesystem type 7048 supported by the host operating 7049 system. Ex. "ext4", "xfs", "ntfs". 7050 The default filesystem depends 7051 on FlexVolume script. 7052 type: string 7053 options: 7054 description: 'Optional: Extra command 7055 options if any.' 7056 type: object 7057 additionalProperties: 7058 type: string 7059 readOnly: 7060 description: 'Optional: Defaults 7061 to false (read/write). ReadOnly 7062 here will force the ReadOnly setting 7063 in VolumeMounts.' 7064 type: boolean 7065 secretRef: 7066 description: 'Optional: SecretRef 7067 is reference to the secret object 7068 containing sensitive information 7069 to pass to the plugin scripts. 7070 This may be empty if no secret 7071 object is specified. If the secret 7072 object contains more than one 7073 secret, all secrets are passed 7074 to the plugin scripts.' 7075 type: object 7076 properties: 7077 name: 7078 description: 'Name of the referent. 7079 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7080 TODO: Add other useful fields. 7081 apiVersion, kind, uid?' 7082 type: string 7083 flocker: 7084 description: Flocker represents a Flocker 7085 volume attached to a kubelet's host 7086 machine. This depends on the Flocker 7087 control service being running 7088 type: object 7089 properties: 7090 datasetName: 7091 description: Name of the dataset 7092 stored as metadata -> name on 7093 the dataset for Flocker should 7094 be considered as deprecated 7095 type: string 7096 datasetUUID: 7097 description: UUID of the dataset. 7098 This is unique identifier of a 7099 Flocker dataset 7100 type: string 7101 gcePersistentDisk: 7102 description: 'GCEPersistentDisk represents 7103 a GCE Disk resource that is attached 7104 to a kubelet''s host machine and then 7105 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7106 type: object 7107 required: 7108 - pdName 7109 properties: 7110 fsType: 7111 description: 'Filesystem type of 7112 the volume that you want to mount. 7113 Tip: Ensure that the filesystem 7114 type is supported by the host 7115 operating system. Examples: "ext4", 7116 "xfs", "ntfs". Implicitly inferred 7117 to be "ext4" if unspecified. More 7118 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 7119 TODO: how do we prevent errors 7120 in the filesystem from compromising 7121 the machine' 7122 type: string 7123 partition: 7124 description: 'The partition in the 7125 volume that you want to mount. 7126 If omitted, the default is to 7127 mount by volume name. Examples: 7128 For volume /dev/sda1, you specify 7129 the partition as "1". Similarly, 7130 the volume partition for /dev/sda 7131 is "0" (or you can leave the property 7132 empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7133 type: integer 7134 format: int32 7135 pdName: 7136 description: 'Unique name of the 7137 PD resource in GCE. Used to identify 7138 the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7139 type: string 7140 readOnly: 7141 description: 'ReadOnly here will 7142 force the ReadOnly setting in 7143 VolumeMounts. Defaults to false. 7144 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7145 type: boolean 7146 gitRepo: 7147 description: 'GitRepo represents a git 7148 repository at a particular revision. 7149 DEPRECATED: GitRepo is deprecated. 7150 To provision a container with a git 7151 repo, mount an EmptyDir into an InitContainer 7152 that clones the repo using git, then 7153 mount the EmptyDir into the Pod''s 7154 container.' 7155 type: object 7156 required: 7157 - repository 7158 properties: 7159 directory: 7160 description: Target directory name. 7161 Must not contain or start with 7162 '..'. If '.' is supplied, the 7163 volume directory will be the git 7164 repository. Otherwise, if specified, 7165 the volume will contain the git 7166 repository in the subdirectory 7167 with the given name. 7168 type: string 7169 repository: 7170 description: Repository URL 7171 type: string 7172 revision: 7173 description: Commit hash for the 7174 specified revision. 7175 type: string 7176 glusterfs: 7177 description: 'Glusterfs represents a 7178 Glusterfs mount on the host that shares 7179 a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 7180 type: object 7181 required: 7182 - endpoints 7183 - path 7184 properties: 7185 endpoints: 7186 description: 'EndpointsName is the 7187 endpoint name that details Glusterfs 7188 topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7189 type: string 7190 path: 7191 description: 'Path is the Glusterfs 7192 volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7193 type: string 7194 readOnly: 7195 description: 'ReadOnly here will 7196 force the Glusterfs volume to 7197 be mounted with read-only permissions. 7198 Defaults to false. More info: 7199 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7200 type: boolean 7201 hostPath: 7202 description: 'HostPath represents a 7203 pre-existing file or directory on 7204 the host machine that is directly 7205 exposed to the container. This is 7206 generally used for system agents or 7207 other privileged things that are allowed 7208 to see the host machine. Most containers 7209 will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 7210 --- TODO(jonesdl) We need to restrict 7211 who can use host directory mounts 7212 and who can/can not mount host directories 7213 as read/write.' 7214 type: object 7215 required: 7216 - path 7217 properties: 7218 path: 7219 description: 'Path of the directory 7220 on the host. If the path is a 7221 symlink, it will follow the link 7222 to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 7223 type: string 7224 type: 7225 description: 'Type for HostPath 7226 Volume Defaults to "" More info: 7227 https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 7228 type: string 7229 iscsi: 7230 description: 'ISCSI represents an ISCSI 7231 Disk resource that is attached to 7232 a kubelet''s host machine and then 7233 exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 7234 type: object 7235 required: 7236 - iqn 7237 - lun 7238 - targetPortal 7239 properties: 7240 chapAuthDiscovery: 7241 description: whether support iSCSI 7242 Discovery CHAP authentication 7243 type: boolean 7244 chapAuthSession: 7245 description: whether support iSCSI 7246 Session CHAP authentication 7247 type: boolean 7248 fsType: 7249 description: 'Filesystem type of 7250 the volume that you want to mount. 7251 Tip: Ensure that the filesystem 7252 type is supported by the host 7253 operating system. Examples: "ext4", 7254 "xfs", "ntfs". Implicitly inferred 7255 to be "ext4" if unspecified. More 7256 info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 7257 TODO: how do we prevent errors 7258 in the filesystem from compromising 7259 the machine' 7260 type: string 7261 initiatorName: 7262 description: Custom iSCSI Initiator 7263 Name. If initiatorName is specified 7264 with iscsiInterface simultaneously, 7265 new iSCSI interface <target portal>:<volume 7266 name> will be created for the 7267 connection. 7268 type: string 7269 iqn: 7270 description: Target iSCSI Qualified 7271 Name. 7272 type: string 7273 iscsiInterface: 7274 description: iSCSI Interface Name 7275 that uses an iSCSI transport. 7276 Defaults to 'default' (tcp). 7277 type: string 7278 lun: 7279 description: iSCSI Target Lun number. 7280 type: integer 7281 format: int32 7282 portals: 7283 description: iSCSI Target Portal 7284 List. The portal is either an 7285 IP or ip_addr:port if the port 7286 is other than default (typically 7287 TCP ports 860 and 3260). 7288 type: array 7289 items: 7290 type: string 7291 readOnly: 7292 description: ReadOnly here will 7293 force the ReadOnly setting in 7294 VolumeMounts. Defaults to false. 7295 type: boolean 7296 secretRef: 7297 description: CHAP Secret for iSCSI 7298 target and initiator authentication 7299 type: object 7300 properties: 7301 name: 7302 description: 'Name of the referent. 7303 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7304 TODO: Add other useful fields. 7305 apiVersion, kind, uid?' 7306 type: string 7307 targetPortal: 7308 description: iSCSI Target Portal. 7309 The Portal is either an IP or 7310 ip_addr:port if the port is other 7311 than default (typically TCP ports 7312 860 and 3260). 7313 type: string 7314 name: 7315 description: 'Volume''s name. Must be 7316 a DNS_LABEL and unique within the 7317 pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 7318 type: string 7319 nfs: 7320 description: 'NFS represents an NFS 7321 mount on the host that shares a pod''s 7322 lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7323 type: object 7324 required: 7325 - path 7326 - server 7327 properties: 7328 path: 7329 description: 'Path that is exported 7330 by the NFS server. More info: 7331 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7332 type: string 7333 readOnly: 7334 description: 'ReadOnly here will 7335 force the NFS export to be mounted 7336 with read-only permissions. Defaults 7337 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7338 type: boolean 7339 server: 7340 description: 'Server is the hostname 7341 or IP address of the NFS server. 7342 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7343 type: string 7344 persistentVolumeClaim: 7345 description: 'PersistentVolumeClaimVolumeSource 7346 represents a reference to a PersistentVolumeClaim 7347 in the same namespace. More info: 7348 https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7349 type: object 7350 required: 7351 - claimName 7352 properties: 7353 claimName: 7354 description: 'ClaimName is the name 7355 of a PersistentVolumeClaim in 7356 the same namespace as the pod 7357 using this volume. More info: 7358 https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7359 type: string 7360 readOnly: 7361 description: Will force the ReadOnly 7362 setting in VolumeMounts. Default 7363 false. 7364 type: boolean 7365 photonPersistentDisk: 7366 description: PhotonPersistentDisk represents 7367 a PhotonController persistent disk 7368 attached and mounted on kubelets host 7369 machine 7370 type: object 7371 required: 7372 - pdID 7373 properties: 7374 fsType: 7375 description: Filesystem type to 7376 mount. Must be a filesystem type 7377 supported by the host operating 7378 system. Ex. "ext4", "xfs", "ntfs". 7379 Implicitly inferred to be "ext4" 7380 if unspecified. 7381 type: string 7382 pdID: 7383 description: ID that identifies 7384 Photon Controller persistent disk 7385 type: string 7386 portworxVolume: 7387 description: PortworxVolume represents 7388 a portworx volume attached and mounted 7389 on kubelets host machine 7390 type: object 7391 required: 7392 - volumeID 7393 properties: 7394 fsType: 7395 description: FSType represents the 7396 filesystem type to mount Must 7397 be a filesystem type supported 7398 by the host operating system. 7399 Ex. "ext4", "xfs". Implicitly 7400 inferred to be "ext4" if unspecified. 7401 type: string 7402 readOnly: 7403 description: Defaults to false (read/write). 7404 ReadOnly here will force the ReadOnly 7405 setting in VolumeMounts. 7406 type: boolean 7407 volumeID: 7408 description: VolumeID uniquely identifies 7409 a Portworx volume 7410 type: string 7411 projected: 7412 description: Items for all in one resources 7413 secrets, configmaps, and downward 7414 API 7415 type: object 7416 required: 7417 - sources 7418 properties: 7419 defaultMode: 7420 description: Mode bits to use on 7421 created files by default. Must 7422 be a value between 0 and 0777. 7423 Directories within the path are 7424 not affected by this setting. 7425 This might be in conflict with 7426 other options that affect the 7427 file mode, like fsGroup, and the 7428 result can be other mode bits 7429 set. 7430 type: integer 7431 format: int32 7432 sources: 7433 description: list of volume projections 7434 type: array 7435 items: 7436 description: Projection that may 7437 be projected along with other 7438 supported volume types 7439 type: object 7440 properties: 7441 configMap: 7442 description: information about 7443 the configMap data to project 7444 type: object 7445 properties: 7446 items: 7447 description: If unspecified, 7448 each key-value pair 7449 in the Data field of 7450 the referenced ConfigMap 7451 will be projected into 7452 the volume as a file 7453 whose name is the key 7454 and content is the value. 7455 If specified, the listed 7456 keys will be projected 7457 into the specified paths, 7458 and unlisted keys will 7459 not be present. If a 7460 key is specified which 7461 is not present in the 7462 ConfigMap, the volume 7463 setup will error unless 7464 it is marked optional. 7465 Paths must be relative 7466 and may not contain 7467 the '..' path or start 7468 with '..'. 7469 type: array 7470 items: 7471 description: Maps a 7472 string key to a path 7473 within a volume. 7474 type: object 7475 required: 7476 - key 7477 - path 7478 properties: 7479 key: 7480 description: The 7481 key to project. 7482 type: string 7483 mode: 7484 description: 'Optional: 7485 mode bits to use 7486 on this file, 7487 must be a value 7488 between 0 and 7489 0777. If not specified, 7490 the volume defaultMode 7491 will be used. 7492 This might be 7493 in conflict with 7494 other options 7495 that affect the 7496 file mode, like 7497 fsGroup, and the 7498 result can be 7499 other mode bits 7500 set.' 7501 type: integer 7502 format: int32 7503 path: 7504 description: The 7505 relative path 7506 of the file to 7507 map the key to. 7508 May not be an 7509 absolute path. 7510 May not contain 7511 the path element 7512 '..'. May not 7513 start with the 7514 string '..'. 7515 type: string 7516 name: 7517 description: 'Name of 7518 the referent. More info: 7519 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7520 TODO: Add other useful 7521 fields. apiVersion, 7522 kind, uid?' 7523 type: string 7524 optional: 7525 description: Specify whether 7526 the ConfigMap or its 7527 keys must be defined 7528 type: boolean 7529 downwardAPI: 7530 description: information about 7531 the downwardAPI data to 7532 project 7533 type: object 7534 properties: 7535 items: 7536 description: Items is 7537 a list of DownwardAPIVolume 7538 file 7539 type: array 7540 items: 7541 description: DownwardAPIVolumeFile 7542 represents information 7543 to create the file 7544 containing the pod 7545 field 7546 type: object 7547 required: 7548 - path 7549 properties: 7550 fieldRef: 7551 description: 'Required: 7552 Selects a field 7553 of the pod: only 7554 annotations, labels, 7555 name and namespace 7556 are supported.' 7557 type: object 7558 required: 7559 - fieldPath 7560 properties: 7561 apiVersion: 7562 description: Version 7563 of the schema 7564 the FieldPath 7565 is written 7566 in terms of, 7567 defaults to 7568 "v1". 7569 type: string 7570 fieldPath: 7571 description: Path 7572 of the field 7573 to select 7574 in the specified 7575 API version. 7576 type: string 7577 mode: 7578 description: 'Optional: 7579 mode bits to use 7580 on this file, 7581 must be a value 7582 between 0 and 7583 0777. If not specified, 7584 the volume defaultMode 7585 will be used. 7586 This might be 7587 in conflict with 7588 other options 7589 that affect the 7590 file mode, like 7591 fsGroup, and the 7592 result can be 7593 other mode bits 7594 set.' 7595 type: integer 7596 format: int32 7597 path: 7598 description: 'Required: 7599 Path is the relative 7600 path name of the 7601 file to be created. 7602 Must not be absolute 7603 or contain the 7604 ''..'' path. Must 7605 be utf-8 encoded. 7606 The first item 7607 of the relative 7608 path must not 7609 start with ''..''' 7610 type: string 7611 resourceFieldRef: 7612 description: 'Selects 7613 a resource of 7614 the container: 7615 only resources 7616 limits and requests 7617 (limits.cpu, limits.memory, 7618 requests.cpu and 7619 requests.memory) 7620 are currently 7621 supported.' 7622 type: object 7623 required: 7624 - resource 7625 properties: 7626 containerName: 7627 description: 'Container 7628 name: required 7629 for volumes, 7630 optional for 7631 env vars' 7632 type: string 7633 divisor: 7634 description: Specifies 7635 the output 7636 format of 7637 the exposed 7638 resources, 7639 defaults to 7640 "1" 7641 type: string 7642 resource: 7643 description: 'Required: 7644 resource to 7645 select' 7646 type: string 7647 secret: 7648 description: information about 7649 the secret data to project 7650 type: object 7651 properties: 7652 items: 7653 description: If unspecified, 7654 each key-value pair 7655 in the Data field of 7656 the referenced Secret 7657 will be projected into 7658 the volume as a file 7659 whose name is the key 7660 and content is the value. 7661 If specified, the listed 7662 keys will be projected 7663 into the specified paths, 7664 and unlisted keys will 7665 not be present. If a 7666 key is specified which 7667 is not present in the 7668 Secret, the volume setup 7669 will error unless it 7670 is marked optional. 7671 Paths must be relative 7672 and may not contain 7673 the '..' path or start 7674 with '..'. 7675 type: array 7676 items: 7677 description: Maps a 7678 string key to a path 7679 within a volume. 7680 type: object 7681 required: 7682 - key 7683 - path 7684 properties: 7685 key: 7686 description: The 7687 key to project. 7688 type: string 7689 mode: 7690 description: 'Optional: 7691 mode bits to use 7692 on this file, 7693 must be a value 7694 between 0 and 7695 0777. If not specified, 7696 the volume defaultMode 7697 will be used. 7698 This might be 7699 in conflict with 7700 other options 7701 that affect the 7702 file mode, like 7703 fsGroup, and the 7704 result can be 7705 other mode bits 7706 set.' 7707 type: integer 7708 format: int32 7709 path: 7710 description: The 7711 relative path 7712 of the file to 7713 map the key to. 7714 May not be an 7715 absolute path. 7716 May not contain 7717 the path element 7718 '..'. May not 7719 start with the 7720 string '..'. 7721 type: string 7722 name: 7723 description: 'Name of 7724 the referent. More info: 7725 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7726 TODO: Add other useful 7727 fields. apiVersion, 7728 kind, uid?' 7729 type: string 7730 optional: 7731 description: Specify whether 7732 the Secret or its key 7733 must be defined 7734 type: boolean 7735 serviceAccountToken: 7736 description: information about 7737 the serviceAccountToken 7738 data to project 7739 type: object 7740 required: 7741 - path 7742 properties: 7743 audience: 7744 description: Audience 7745 is the intended audience 7746 of the token. A recipient 7747 of a token must identify 7748 itself with an identifier 7749 specified in the audience 7750 of the token, and otherwise 7751 should reject the token. 7752 The audience defaults 7753 to the identifier of 7754 the apiserver. 7755 type: string 7756 expirationSeconds: 7757 description: ExpirationSeconds 7758 is the requested duration 7759 of validity of the service 7760 account token. As the 7761 token approaches expiration, 7762 the kubelet volume plugin 7763 will proactively rotate 7764 the service account 7765 token. The kubelet will 7766 start trying to rotate 7767 the token if the token 7768 is older than 80 percent 7769 of its time to live 7770 or if the token is older 7771 than 24 hours.Defaults 7772 to 1 hour and must be 7773 at least 10 minutes. 7774 type: integer 7775 format: int64 7776 path: 7777 description: Path is the 7778 path relative to the 7779 mount point of the file 7780 to project the token 7781 into. 7782 type: string 7783 quobyte: 7784 description: Quobyte represents a Quobyte 7785 mount on the host that shares a pod's 7786 lifetime 7787 type: object 7788 required: 7789 - registry 7790 - volume 7791 properties: 7792 group: 7793 description: Group to map volume 7794 access to Default is no group 7795 type: string 7796 readOnly: 7797 description: ReadOnly here will 7798 force the Quobyte volume to be 7799 mounted with read-only permissions. 7800 Defaults to false. 7801 type: boolean 7802 registry: 7803 description: Registry represents 7804 a single or multiple Quobyte Registry 7805 services specified as a string 7806 as host:port pair (multiple entries 7807 are separated with commas) which 7808 acts as the central registry for 7809 volumes 7810 type: string 7811 tenant: 7812 description: Tenant owning the given 7813 Quobyte volume in the Backend 7814 Used with dynamically provisioned 7815 Quobyte volumes, value is set 7816 by the plugin 7817 type: string 7818 user: 7819 description: User to map volume 7820 access to Defaults to serivceaccount 7821 user 7822 type: string 7823 volume: 7824 description: Volume is a string 7825 that references an already created 7826 Quobyte volume by name. 7827 type: string 7828 rbd: 7829 description: 'RBD represents a Rados 7830 Block Device mount on the host that 7831 shares a pod''s lifetime. More info: 7832 https://examples.k8s.io/volumes/rbd/README.md' 7833 type: object 7834 required: 7835 - image 7836 - monitors 7837 properties: 7838 fsType: 7839 description: 'Filesystem type of 7840 the volume that you want to mount. 7841 Tip: Ensure that the filesystem 7842 type is supported by the host 7843 operating system. Examples: "ext4", 7844 "xfs", "ntfs". Implicitly inferred 7845 to be "ext4" if unspecified. More 7846 info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 7847 TODO: how do we prevent errors 7848 in the filesystem from compromising 7849 the machine' 7850 type: string 7851 image: 7852 description: 'The rados image name. 7853 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7854 type: string 7855 keyring: 7856 description: 'Keyring is the path 7857 to key ring for RBDUser. Default 7858 is /etc/ceph/keyring. More info: 7859 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7860 type: string 7861 monitors: 7862 description: 'A collection of Ceph 7863 monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7864 type: array 7865 items: 7866 type: string 7867 pool: 7868 description: 'The rados pool name. 7869 Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7870 type: string 7871 readOnly: 7872 description: 'ReadOnly here will 7873 force the ReadOnly setting in 7874 VolumeMounts. Defaults to false. 7875 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7876 type: boolean 7877 secretRef: 7878 description: 'SecretRef is name 7879 of the authentication secret for 7880 RBDUser. If provided overrides 7881 keyring. Default is nil. More 7882 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7883 type: object 7884 properties: 7885 name: 7886 description: 'Name of the referent. 7887 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7888 TODO: Add other useful fields. 7889 apiVersion, kind, uid?' 7890 type: string 7891 user: 7892 description: 'The rados user name. 7893 Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7894 type: string 7895 scaleIO: 7896 description: ScaleIO represents a ScaleIO 7897 persistent volume attached and mounted 7898 on Kubernetes nodes. 7899 type: object 7900 required: 7901 - gateway 7902 - secretRef 7903 - system 7904 properties: 7905 fsType: 7906 description: Filesystem type to 7907 mount. Must be a filesystem type 7908 supported by the host operating 7909 system. Ex. "ext4", "xfs", "ntfs". 7910 Default is "xfs". 7911 type: string 7912 gateway: 7913 description: The host address of 7914 the ScaleIO API Gateway. 7915 type: string 7916 protectionDomain: 7917 description: The name of the ScaleIO 7918 Protection Domain for the configured 7919 storage. 7920 type: string 7921 readOnly: 7922 description: Defaults to false (read/write). 7923 ReadOnly here will force the ReadOnly 7924 setting in VolumeMounts. 7925 type: boolean 7926 secretRef: 7927 description: SecretRef references 7928 to the secret for ScaleIO user 7929 and other sensitive information. 7930 If this is not provided, Login 7931 operation will fail. 7932 type: object 7933 properties: 7934 name: 7935 description: 'Name of the referent. 7936 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7937 TODO: Add other useful fields. 7938 apiVersion, kind, uid?' 7939 type: string 7940 sslEnabled: 7941 description: Flag to enable/disable 7942 SSL communication with Gateway, 7943 default false 7944 type: boolean 7945 storageMode: 7946 description: Indicates whether the 7947 storage for a volume should be 7948 ThickProvisioned or ThinProvisioned. 7949 Default is ThinProvisioned. 7950 type: string 7951 storagePool: 7952 description: The ScaleIO Storage 7953 Pool associated with the protection 7954 domain. 7955 type: string 7956 system: 7957 description: The name of the storage 7958 system as configured in ScaleIO. 7959 type: string 7960 volumeName: 7961 description: The name of a volume 7962 already created in the ScaleIO 7963 system that is associated with 7964 this volume source. 7965 type: string 7966 secret: 7967 description: 'Secret represents a secret 7968 that should populate this volume. 7969 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 7970 type: object 7971 properties: 7972 defaultMode: 7973 description: 'Optional: mode bits 7974 to use on created files by default. 7975 Must be a value between 0 and 7976 0777. Defaults to 0644. Directories 7977 within the path are not affected 7978 by this setting. This might be 7979 in conflict with other options 7980 that affect the file mode, like 7981 fsGroup, and the result can be 7982 other mode bits set.' 7983 type: integer 7984 format: int32 7985 items: 7986 description: If unspecified, each 7987 key-value pair in the Data field 7988 of the referenced Secret will 7989 be projected into the volume as 7990 a file whose name is the key and 7991 content is the value. If specified, 7992 the listed keys will be projected 7993 into the specified paths, and 7994 unlisted keys will not be present. 7995 If a key is specified which is 7996 not present in the Secret, the 7997 volume setup will error unless 7998 it is marked optional. Paths must 7999 be relative and may not contain 8000 the '..' path or start with '..'. 8001 type: array 8002 items: 8003 description: Maps a string key 8004 to a path within a volume. 8005 type: object 8006 required: 8007 - key 8008 - path 8009 properties: 8010 key: 8011 description: The key to project. 8012 type: string 8013 mode: 8014 description: 'Optional: mode 8015 bits to use on this file, 8016 must be a value between 8017 0 and 0777. If not specified, 8018 the volume defaultMode will 8019 be used. This might be in 8020 conflict with other options 8021 that affect the file mode, 8022 like fsGroup, and the result 8023 can be other mode bits set.' 8024 type: integer 8025 format: int32 8026 path: 8027 description: The relative 8028 path of the file to map 8029 the key to. May not be an 8030 absolute path. May not contain 8031 the path element '..'. May 8032 not start with the string 8033 '..'. 8034 type: string 8035 optional: 8036 description: Specify whether the 8037 Secret or its keys must be defined 8038 type: boolean 8039 secretName: 8040 description: 'Name of the secret 8041 in the pod''s namespace to use. 8042 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 8043 type: string 8044 storageos: 8045 description: StorageOS represents a 8046 StorageOS volume attached and mounted 8047 on Kubernetes nodes. 8048 type: object 8049 properties: 8050 fsType: 8051 description: Filesystem type to 8052 mount. Must be a filesystem type 8053 supported by the host operating 8054 system. Ex. "ext4", "xfs", "ntfs". 8055 Implicitly inferred to be "ext4" 8056 if unspecified. 8057 type: string 8058 readOnly: 8059 description: Defaults to false (read/write). 8060 ReadOnly here will force the ReadOnly 8061 setting in VolumeMounts. 8062 type: boolean 8063 secretRef: 8064 description: SecretRef specifies 8065 the secret to use for obtaining 8066 the StorageOS API credentials. If 8067 not specified, default values 8068 will be attempted. 8069 type: object 8070 properties: 8071 name: 8072 description: 'Name of the referent. 8073 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8074 TODO: Add other useful fields. 8075 apiVersion, kind, uid?' 8076 type: string 8077 volumeName: 8078 description: VolumeName is the human-readable 8079 name of the StorageOS volume. Volume 8080 names are only unique within a 8081 namespace. 8082 type: string 8083 volumeNamespace: 8084 description: VolumeNamespace specifies 8085 the scope of the volume within 8086 StorageOS. If no namespace is 8087 specified then the Pod's namespace 8088 will be used. This allows the 8089 Kubernetes name scoping to be 8090 mirrored within StorageOS for 8091 tighter integration. Set VolumeName 8092 to any name to override the default 8093 behaviour. Set to "default" if 8094 you are not using namespaces within 8095 StorageOS. Namespaces that do 8096 not pre-exist within StorageOS 8097 will be created. 8098 type: string 8099 vsphereVolume: 8100 description: VsphereVolume represents 8101 a vSphere volume attached and mounted 8102 on kubelets host machine 8103 type: object 8104 required: 8105 - volumePath 8106 properties: 8107 fsType: 8108 description: Filesystem type to 8109 mount. Must be a filesystem type 8110 supported by the host operating 8111 system. Ex. "ext4", "xfs", "ntfs". 8112 Implicitly inferred to be "ext4" 8113 if unspecified. 8114 type: string 8115 storagePolicyID: 8116 description: Storage Policy Based 8117 Management (SPBM) profile ID associated 8118 with the StoragePolicyName. 8119 type: string 8120 storagePolicyName: 8121 description: Storage Policy Based 8122 Management (SPBM) profile name. 8123 type: string 8124 volumePath: 8125 description: Path that identifies 8126 vSphere volume vmdk 8127 type: string 8128 permissions: 8129 type: array 8130 items: 8131 description: StrategyDeploymentPermissions describe the rbac 8132 rules and service account needed by the install strategy 8133 type: object 8134 required: 8135 - rules 8136 - serviceAccountName 8137 properties: 8138 rules: 8139 type: array 8140 items: 8141 description: PolicyRule holds information that describes 8142 a policy rule, but does not contain information about 8143 who the rule applies to or which namespace the rule 8144 applies to. 8145 type: object 8146 required: 8147 - verbs 8148 properties: 8149 apiGroups: 8150 description: APIGroups is the name of the APIGroup 8151 that contains the resources. If multiple API 8152 groups are specified, any action requested against 8153 one of the enumerated resources in any API group 8154 will be allowed. 8155 type: array 8156 items: 8157 type: string 8158 nonResourceURLs: 8159 description: NonResourceURLs is a set of partial 8160 urls that a user should have access to. *s are 8161 allowed, but only as the full, final step in the 8162 path Since non-resource URLs are not namespaced, 8163 this field is only applicable for ClusterRoles 8164 referenced from a ClusterRoleBinding. Rules can 8165 either apply to API resources (such as "pods" 8166 or "secrets") or non-resource URL paths (such 8167 as "/api"), but not both. 8168 type: array 8169 items: 8170 type: string 8171 resourceNames: 8172 description: ResourceNames is an optional white 8173 list of names that the rule applies to. An empty 8174 set means that everything is allowed. 8175 type: array 8176 items: 8177 type: string 8178 resources: 8179 description: Resources is a list of resources this 8180 rule applies to. ResourceAll represents all resources. 8181 type: array 8182 items: 8183 type: string 8184 verbs: 8185 description: Verbs is a list of Verbs that apply 8186 to ALL the ResourceKinds and AttributeRestrictions 8187 contained in this rule. VerbAll represents all 8188 kinds. 8189 type: array 8190 items: 8191 type: string 8192 serviceAccountName: 8193 type: string 8194 strategy: 8195 type: string 8196 installModes: 8197 description: InstallModes specify supported installation types 8198 type: array 8199 items: 8200 description: InstallMode associates an InstallModeType with a flag 8201 representing if the CSV supports it 8202 type: object 8203 required: 8204 - supported 8205 - type 8206 properties: 8207 supported: 8208 type: boolean 8209 type: 8210 description: InstallModeType is a supported type of install mode 8211 for CSV installation 8212 type: string 8213 keywords: 8214 type: array 8215 items: 8216 type: string 8217 labels: 8218 description: Map of string keys and values that can be used to organize 8219 and categorize (scope and select) objects. 8220 type: object 8221 additionalProperties: 8222 type: string 8223 links: 8224 type: array 8225 items: 8226 type: object 8227 properties: 8228 name: 8229 type: string 8230 url: 8231 type: string 8232 maintainers: 8233 type: array 8234 items: 8235 type: object 8236 properties: 8237 email: 8238 type: string 8239 name: 8240 type: string 8241 maturity: 8242 type: string 8243 minKubeVersion: 8244 type: string 8245 nativeAPIs: 8246 type: array 8247 items: 8248 description: GroupVersionKind unambiguously identifies a kind. It 8249 doesn't anonymously include GroupVersion to avoid automatic coersion. It 8250 doesn't use a GroupVersion to avoid custom marshalling 8251 type: object 8252 required: 8253 - group 8254 - kind 8255 - version 8256 properties: 8257 group: 8258 type: string 8259 kind: 8260 type: string 8261 version: 8262 type: string 8263 provider: 8264 type: object 8265 properties: 8266 name: 8267 type: string 8268 url: 8269 type: string 8270 replaces: 8271 description: The name of a CSV this one replaces. Should match the `metadata.Name` 8272 field of the old CSV. 8273 type: string 8274 selector: 8275 description: Label selector for related resources. 8276 type: object 8277 properties: 8278 matchExpressions: 8279 description: matchExpressions is a list of label selector requirements. 8280 The requirements are ANDed. 8281 type: array 8282 items: 8283 description: A label selector requirement is a selector that contains 8284 values, a key, and an operator that relates the key and values. 8285 type: object 8286 required: 8287 - key 8288 - operator 8289 properties: 8290 key: 8291 description: key is the label key that the selector applies 8292 to. 8293 type: string 8294 operator: 8295 description: operator represents a key's relationship to a 8296 set of values. Valid operators are In, NotIn, Exists and 8297 DoesNotExist. 8298 type: string 8299 values: 8300 description: values is an array of string values. If the operator 8301 is In or NotIn, the values array must be non-empty. If the 8302 operator is Exists or DoesNotExist, the values array must 8303 be empty. This array is replaced during a strategic merge 8304 patch. 8305 type: array 8306 items: 8307 type: string 8308 matchLabels: 8309 description: matchLabels is a map of {key,value} pairs. A single 8310 {key,value} in the matchLabels map is equivalent to an element 8311 of matchExpressions, whose key field is "key", the operator is 8312 "In", and the values array contains only "value". The requirements 8313 are ANDed. 8314 type: object 8315 additionalProperties: 8316 type: string 8317 version: 8318 description: OperatorVersion is a wrapper around semver.Version which 8319 supports correct marshaling to YAML and JSON. 8320 type: string 8321 status: 8322 description: ClusterServiceVersionStatus represents information about the 8323 status of a pod. Status may trail the actual state of a system. 8324 type: object 8325 properties: 8326 certsLastUpdated: 8327 description: Last time the owned APIService certs were updated 8328 type: string 8329 format: date-time 8330 certsRotateAt: 8331 description: Time the owned APIService certs will rotate next 8332 type: string 8333 format: date-time 8334 conditions: 8335 description: List of conditions, a history of state transitions 8336 type: array 8337 items: 8338 description: Conditions appear in the status as a record of state 8339 transitions on the ClusterServiceVersion 8340 type: object 8341 properties: 8342 lastTransitionTime: 8343 description: Last time the status transitioned from one status 8344 to another. 8345 type: string 8346 format: date-time 8347 lastUpdateTime: 8348 description: Last time we updated the status 8349 type: string 8350 format: date-time 8351 message: 8352 description: A human readable message indicating details about 8353 why the ClusterServiceVersion is in this condition. 8354 type: string 8355 phase: 8356 description: Condition of the ClusterServiceVersion 8357 type: string 8358 reason: 8359 description: A brief CamelCase message indicating details about 8360 why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' 8361 type: string 8362 lastTransitionTime: 8363 description: Last time the status transitioned from one status to another. 8364 type: string 8365 format: date-time 8366 lastUpdateTime: 8367 description: Last time we updated the status 8368 type: string 8369 format: date-time 8370 message: 8371 description: A human readable message indicating details about why the 8372 ClusterServiceVersion is in this condition. 8373 type: string 8374 phase: 8375 description: Current condition of the ClusterServiceVersion 8376 type: string 8377 reason: 8378 description: A brief CamelCase message indicating details about why 8379 the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' 8380 type: string 8381 requirementStatus: 8382 description: The status of each requirement for this CSV 8383 type: array 8384 items: 8385 type: object 8386 required: 8387 - group 8388 - kind 8389 - message 8390 - name 8391 - status 8392 - version 8393 properties: 8394 dependents: 8395 type: array 8396 items: 8397 description: DependentStatus is the status for a dependent requirement 8398 (to prevent infinite nesting) 8399 type: object 8400 required: 8401 - group 8402 - kind 8403 - status 8404 - version 8405 properties: 8406 group: 8407 type: string 8408 kind: 8409 type: string 8410 message: 8411 type: string 8412 status: 8413 description: StatusReason is a camelcased reason for the 8414 status of a RequirementStatus or DependentStatus 8415 type: string 8416 uuid: 8417 type: string 8418 version: 8419 type: string 8420 group: 8421 type: string 8422 kind: 8423 type: string 8424 message: 8425 type: string 8426 name: 8427 type: string 8428 status: 8429 description: StatusReason is a camelcased reason for the status 8430 of a RequirementStatus or DependentStatus 8431 type: string 8432 uuid: 8433 type: string 8434 version: 8435 type: string