github.com/operator-framework/operator-lifecycle-manager@v0.30.0/deploy/upstream/manifests/0.15.1/0000_50_olm_00-clusterserviceversions.crd.yaml (about) 1 --- 2 # Source: olm/crds/0000_50_olm_00-clusterserviceversions.crd.yaml 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.3.0 8 creationTimestamp: null 9 name: clusterserviceversions.operators.coreos.com 10 spec: 11 group: operators.coreos.com 12 names: 13 categories: 14 - olm 15 kind: ClusterServiceVersion 16 listKind: ClusterServiceVersionList 17 plural: clusterserviceversions 18 shortNames: 19 - csv 20 - csvs 21 singular: clusterserviceversion 22 scope: Namespaced 23 versions: 24 - additionalPrinterColumns: 25 - description: The name of the CSV 26 jsonPath: .spec.displayName 27 name: Display 28 type: string 29 - description: The version of the CSV 30 jsonPath: .spec.version 31 name: Version 32 type: string 33 - description: The name of a CSV that this one replaces 34 jsonPath: .spec.replaces 35 name: Replaces 36 type: string 37 - jsonPath: .status.phase 38 name: Phase 39 type: string 40 name: v1alpha1 41 schema: 42 openAPIV3Schema: 43 description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. 44 type: object 45 required: 46 - metadata 47 - spec 48 properties: 49 apiVersion: 50 description: 'APIVersion defines the versioned schema of this representation 51 of an object. Servers should convert recognized schemas to the latest 52 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 53 type: string 54 kind: 55 description: 'Kind is a string value representing the REST resource this 56 object represents. Servers may infer this from the endpoint the client 57 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 58 type: string 59 metadata: 60 type: object 61 spec: 62 description: ClusterServiceVersionSpec declarations tell OLM how to install 63 an operator that can manage apps for a given version. 64 type: object 65 required: 66 - displayName 67 - install 68 properties: 69 annotations: 70 description: Annotations is an unstructured key value map stored with 71 a resource that may be set by external tools to store and retrieve 72 arbitrary metadata. 73 type: object 74 additionalProperties: 75 type: string 76 apiservicedefinitions: 77 description: APIServiceDefinitions declares all of the extension apis 78 managed or required by an operator being ran by ClusterServiceVersion. 79 type: object 80 properties: 81 owned: 82 type: array 83 items: 84 description: APIServiceDescription provides details to OLM about 85 apis provided via aggregation 86 type: object 87 required: 88 - group 89 - kind 90 - name 91 - version 92 properties: 93 actionDescriptors: 94 type: array 95 items: 96 description: ActionDescriptor describes a declarative 97 action that can be performed on a custom resource instance 98 type: object 99 required: 100 - path 101 properties: 102 description: 103 type: string 104 displayName: 105 type: string 106 path: 107 type: string 108 value: 109 description: RawMessage is a raw encoded JSON value. 110 It implements Marshaler and Unmarshaler and can 111 be used to delay JSON decoding or precompute a JSON 112 encoding. 113 type: string 114 format: byte 115 x-descriptors: 116 type: array 117 items: 118 type: string 119 containerPort: 120 type: integer 121 format: int32 122 deploymentName: 123 type: string 124 description: 125 type: string 126 displayName: 127 type: string 128 group: 129 type: string 130 kind: 131 type: string 132 name: 133 type: string 134 resources: 135 type: array 136 items: 137 description: APIResourceReference is a Kubernetes resource 138 type used by a custom resource 139 type: object 140 required: 141 - kind 142 - name 143 - version 144 properties: 145 kind: 146 type: string 147 name: 148 type: string 149 version: 150 type: string 151 specDescriptors: 152 type: array 153 items: 154 description: SpecDescriptor describes a field in a spec 155 block of a CRD so that OLM can consume it 156 type: object 157 required: 158 - path 159 properties: 160 description: 161 type: string 162 displayName: 163 type: string 164 path: 165 type: string 166 value: 167 description: RawMessage is a raw encoded JSON value. 168 It implements Marshaler and Unmarshaler and can 169 be used to delay JSON decoding or precompute a JSON 170 encoding. 171 type: string 172 format: byte 173 x-descriptors: 174 type: array 175 items: 176 type: string 177 statusDescriptors: 178 type: array 179 items: 180 description: StatusDescriptor describes a field in a status 181 block of a CRD so that OLM can consume it 182 type: object 183 required: 184 - path 185 properties: 186 description: 187 type: string 188 displayName: 189 type: string 190 path: 191 type: string 192 value: 193 description: RawMessage is a raw encoded JSON value. 194 It implements Marshaler and Unmarshaler and can 195 be used to delay JSON decoding or precompute a JSON 196 encoding. 197 type: string 198 format: byte 199 x-descriptors: 200 type: array 201 items: 202 type: string 203 version: 204 type: string 205 required: 206 type: array 207 items: 208 description: APIServiceDescription provides details to OLM about 209 apis provided via aggregation 210 type: object 211 required: 212 - group 213 - kind 214 - name 215 - version 216 properties: 217 actionDescriptors: 218 type: array 219 items: 220 description: ActionDescriptor describes a declarative 221 action that can be performed on a custom resource instance 222 type: object 223 required: 224 - path 225 properties: 226 description: 227 type: string 228 displayName: 229 type: string 230 path: 231 type: string 232 value: 233 description: RawMessage is a raw encoded JSON value. 234 It implements Marshaler and Unmarshaler and can 235 be used to delay JSON decoding or precompute a JSON 236 encoding. 237 type: string 238 format: byte 239 x-descriptors: 240 type: array 241 items: 242 type: string 243 containerPort: 244 type: integer 245 format: int32 246 deploymentName: 247 type: string 248 description: 249 type: string 250 displayName: 251 type: string 252 group: 253 type: string 254 kind: 255 type: string 256 name: 257 type: string 258 resources: 259 type: array 260 items: 261 description: APIResourceReference is a Kubernetes resource 262 type used by a custom resource 263 type: object 264 required: 265 - kind 266 - name 267 - version 268 properties: 269 kind: 270 type: string 271 name: 272 type: string 273 version: 274 type: string 275 specDescriptors: 276 type: array 277 items: 278 description: SpecDescriptor describes a field in a spec 279 block of a CRD so that OLM can consume it 280 type: object 281 required: 282 - path 283 properties: 284 description: 285 type: string 286 displayName: 287 type: string 288 path: 289 type: string 290 value: 291 description: RawMessage is a raw encoded JSON value. 292 It implements Marshaler and Unmarshaler and can 293 be used to delay JSON decoding or precompute a JSON 294 encoding. 295 type: string 296 format: byte 297 x-descriptors: 298 type: array 299 items: 300 type: string 301 statusDescriptors: 302 type: array 303 items: 304 description: StatusDescriptor describes a field in a status 305 block of a CRD so that OLM can consume it 306 type: object 307 required: 308 - path 309 properties: 310 description: 311 type: string 312 displayName: 313 type: string 314 path: 315 type: string 316 value: 317 description: RawMessage is a raw encoded JSON value. 318 It implements Marshaler and Unmarshaler and can 319 be used to delay JSON decoding or precompute a JSON 320 encoding. 321 type: string 322 format: byte 323 x-descriptors: 324 type: array 325 items: 326 type: string 327 version: 328 type: string 329 customresourcedefinitions: 330 description: "CustomResourceDefinitions declares all of the CRDs managed 331 or required by an operator being ran by ClusterServiceVersion. \n 332 If the CRD is present in the Owned list, it is implicitly required." 333 type: object 334 properties: 335 owned: 336 type: array 337 items: 338 description: CRDDescription provides details to OLM about the 339 CRDs 340 type: object 341 required: 342 - kind 343 - name 344 - version 345 properties: 346 actionDescriptors: 347 type: array 348 items: 349 description: ActionDescriptor describes a declarative 350 action that can be performed on a custom resource instance 351 type: object 352 required: 353 - path 354 properties: 355 description: 356 type: string 357 displayName: 358 type: string 359 path: 360 type: string 361 value: 362 description: RawMessage is a raw encoded JSON value. 363 It implements Marshaler and Unmarshaler and can 364 be used to delay JSON decoding or precompute a JSON 365 encoding. 366 type: string 367 format: byte 368 x-descriptors: 369 type: array 370 items: 371 type: string 372 description: 373 type: string 374 displayName: 375 type: string 376 kind: 377 type: string 378 name: 379 type: string 380 resources: 381 type: array 382 items: 383 description: APIResourceReference is a Kubernetes resource 384 type used by a custom resource 385 type: object 386 required: 387 - kind 388 - name 389 - version 390 properties: 391 kind: 392 type: string 393 name: 394 type: string 395 version: 396 type: string 397 specDescriptors: 398 type: array 399 items: 400 description: SpecDescriptor describes a field in a spec 401 block of a CRD so that OLM can consume it 402 type: object 403 required: 404 - path 405 properties: 406 description: 407 type: string 408 displayName: 409 type: string 410 path: 411 type: string 412 value: 413 description: RawMessage is a raw encoded JSON value. 414 It implements Marshaler and Unmarshaler and can 415 be used to delay JSON decoding or precompute a JSON 416 encoding. 417 type: string 418 format: byte 419 x-descriptors: 420 type: array 421 items: 422 type: string 423 statusDescriptors: 424 type: array 425 items: 426 description: StatusDescriptor describes a field in a status 427 block of a CRD so that OLM can consume it 428 type: object 429 required: 430 - path 431 properties: 432 description: 433 type: string 434 displayName: 435 type: string 436 path: 437 type: string 438 value: 439 description: RawMessage is a raw encoded JSON value. 440 It implements Marshaler and Unmarshaler and can 441 be used to delay JSON decoding or precompute a JSON 442 encoding. 443 type: string 444 format: byte 445 x-descriptors: 446 type: array 447 items: 448 type: string 449 version: 450 type: string 451 required: 452 type: array 453 items: 454 description: CRDDescription provides details to OLM about the 455 CRDs 456 type: object 457 required: 458 - kind 459 - name 460 - version 461 properties: 462 actionDescriptors: 463 type: array 464 items: 465 description: ActionDescriptor describes a declarative 466 action that can be performed on a custom resource instance 467 type: object 468 required: 469 - path 470 properties: 471 description: 472 type: string 473 displayName: 474 type: string 475 path: 476 type: string 477 value: 478 description: RawMessage is a raw encoded JSON value. 479 It implements Marshaler and Unmarshaler and can 480 be used to delay JSON decoding or precompute a JSON 481 encoding. 482 type: string 483 format: byte 484 x-descriptors: 485 type: array 486 items: 487 type: string 488 description: 489 type: string 490 displayName: 491 type: string 492 kind: 493 type: string 494 name: 495 type: string 496 resources: 497 type: array 498 items: 499 description: APIResourceReference is a Kubernetes resource 500 type used by a custom resource 501 type: object 502 required: 503 - kind 504 - name 505 - version 506 properties: 507 kind: 508 type: string 509 name: 510 type: string 511 version: 512 type: string 513 specDescriptors: 514 type: array 515 items: 516 description: SpecDescriptor describes a field in a spec 517 block of a CRD so that OLM can consume it 518 type: object 519 required: 520 - path 521 properties: 522 description: 523 type: string 524 displayName: 525 type: string 526 path: 527 type: string 528 value: 529 description: RawMessage is a raw encoded JSON value. 530 It implements Marshaler and Unmarshaler and can 531 be used to delay JSON decoding or precompute a JSON 532 encoding. 533 type: string 534 format: byte 535 x-descriptors: 536 type: array 537 items: 538 type: string 539 statusDescriptors: 540 type: array 541 items: 542 description: StatusDescriptor describes a field in a status 543 block of a CRD so that OLM can consume it 544 type: object 545 required: 546 - path 547 properties: 548 description: 549 type: string 550 displayName: 551 type: string 552 path: 553 type: string 554 value: 555 description: RawMessage is a raw encoded JSON value. 556 It implements Marshaler and Unmarshaler and can 557 be used to delay JSON decoding or precompute a JSON 558 encoding. 559 type: string 560 format: byte 561 x-descriptors: 562 type: array 563 items: 564 type: string 565 version: 566 type: string 567 description: 568 type: string 569 displayName: 570 type: string 571 icon: 572 type: array 573 items: 574 type: object 575 required: 576 - base64data 577 - mediatype 578 properties: 579 base64data: 580 type: string 581 mediatype: 582 type: string 583 install: 584 description: NamedInstallStrategy represents the block of an ClusterServiceVersion 585 resource where the install strategy is specified. 586 type: object 587 required: 588 - strategy 589 properties: 590 spec: 591 description: StrategyDetailsDeployment represents the parsed details 592 of a Deployment InstallStrategy. 593 type: object 594 required: 595 - deployments 596 properties: 597 clusterPermissions: 598 type: array 599 items: 600 description: StrategyDeploymentPermissions describe the 601 rbac rules and service account needed by the install strategy 602 type: object 603 required: 604 - rules 605 - serviceAccountName 606 properties: 607 rules: 608 type: array 609 items: 610 description: PolicyRule holds information that describes 611 a policy rule, but does not contain information 612 about who the rule applies to or which namespace 613 the rule applies to. 614 type: object 615 required: 616 - verbs 617 properties: 618 apiGroups: 619 description: APIGroups is the name of the APIGroup 620 that contains the resources. If multiple API 621 groups are specified, any action requested against 622 one of the enumerated resources in any API group 623 will be allowed. 624 type: array 625 items: 626 type: string 627 nonResourceURLs: 628 description: NonResourceURLs is a set of partial 629 urls that a user should have access to. *s 630 are allowed, but only as the full, final step 631 in the path Since non-resource URLs are not 632 namespaced, this field is only applicable for 633 ClusterRoles referenced from a ClusterRoleBinding. 634 Rules can either apply to API resources (such 635 as "pods" or "secrets") or non-resource URL 636 paths (such as "/api"), but not both. 637 type: array 638 items: 639 type: string 640 resourceNames: 641 description: ResourceNames is an optional white 642 list of names that the rule applies to. An 643 empty set means that everything is allowed. 644 type: array 645 items: 646 type: string 647 resources: 648 description: Resources is a list of resources 649 this rule applies to. ResourceAll represents 650 all resources. 651 type: array 652 items: 653 type: string 654 verbs: 655 description: Verbs is a list of Verbs that apply 656 to ALL the ResourceKinds and AttributeRestrictions 657 contained in this rule. VerbAll represents 658 all kinds. 659 type: array 660 items: 661 type: string 662 serviceAccountName: 663 type: string 664 deployments: 665 type: array 666 items: 667 description: StrategyDeploymentSpec contains the name and 668 spec for the deployment ALM should create 669 type: object 670 required: 671 - name 672 - spec 673 properties: 674 name: 675 type: string 676 spec: 677 description: DeploymentSpec is the specification of 678 the desired behavior of the Deployment. 679 type: object 680 required: 681 - selector 682 - template 683 properties: 684 minReadySeconds: 685 description: Minimum number of seconds for which 686 a newly created pod should be ready without any 687 of its container crashing, for it to be considered 688 available. Defaults to 0 (pod will be considered 689 available as soon as it is ready) 690 type: integer 691 format: int32 692 paused: 693 description: Indicates that the deployment is paused. 694 type: boolean 695 progressDeadlineSeconds: 696 description: The maximum time in seconds for a deployment 697 to make progress before it is considered to be 698 failed. The deployment controller will continue 699 to process failed deployments and a condition 700 with a ProgressDeadlineExceeded reason will be 701 surfaced in the deployment status. Note that progress 702 will not be estimated during the time a deployment 703 is paused. Defaults to 600s. 704 type: integer 705 format: int32 706 replicas: 707 description: Number of desired pods. This is a pointer 708 to distinguish between explicit zero and not specified. 709 Defaults to 1. 710 type: integer 711 format: int32 712 revisionHistoryLimit: 713 description: The number of old ReplicaSets to retain 714 to allow rollback. This is a pointer to distinguish 715 between explicit zero and not specified. Defaults 716 to 10. 717 type: integer 718 format: int32 719 selector: 720 description: Label selector for pods. Existing ReplicaSets 721 whose pods are selected by this will be the ones 722 affected by this deployment. It must match the 723 pod template's labels. 724 type: object 725 properties: 726 matchExpressions: 727 description: matchExpressions is a list of label 728 selector requirements. The requirements are 729 ANDed. 730 type: array 731 items: 732 description: A label selector requirement 733 is a selector that contains values, a key, 734 and an operator that relates the key and 735 values. 736 type: object 737 required: 738 - key 739 - operator 740 properties: 741 key: 742 description: key is the label key that 743 the selector applies to. 744 type: string 745 operator: 746 description: operator represents a key's 747 relationship to a set of values. Valid 748 operators are In, NotIn, Exists and 749 DoesNotExist. 750 type: string 751 values: 752 description: values is an array of string 753 values. If the operator is In or NotIn, 754 the values array must be non-empty. 755 If the operator is Exists or DoesNotExist, 756 the values array must be empty. This 757 array is replaced during a strategic 758 merge patch. 759 type: array 760 items: 761 type: string 762 matchLabels: 763 description: matchLabels is a map of {key,value} 764 pairs. A single {key,value} in the matchLabels 765 map is equivalent to an element of matchExpressions, 766 whose key field is "key", the operator is 767 "In", and the values array contains only "value". 768 The requirements are ANDed. 769 type: object 770 additionalProperties: 771 type: string 772 strategy: 773 description: The deployment strategy to use to replace 774 existing pods with new ones. 775 type: object 776 properties: 777 rollingUpdate: 778 description: 'Rolling update config params. 779 Present only if DeploymentStrategyType = RollingUpdate. 780 --- TODO: Update this to follow our convention 781 for oneOf, whatever we decide it to be.' 782 type: object 783 properties: 784 maxSurge: 785 description: 'The maximum number of pods 786 that can be scheduled above the desired 787 number of pods. Value can be an absolute 788 number (ex: 5) or a percentage of desired 789 pods (ex: 10%). This can not be 0 if MaxUnavailable 790 is 0. Absolute number is calculated from 791 percentage by rounding up. Defaults to 792 25%. Example: when this is set to 30%, 793 the new ReplicaSet can be scaled up immediately 794 when the rolling update starts, such that 795 the total number of old and new pods do 796 not exceed 130% of desired pods. Once 797 old pods have been killed, new ReplicaSet 798 can be scaled up further, ensuring that 799 total number of pods running at any time 800 during the update is at most 130% of desired 801 pods.' 802 anyOf: 803 - type: integer 804 - type: string 805 x-kubernetes-int-or-string: true 806 maxUnavailable: 807 description: 'The maximum number of pods 808 that can be unavailable during the update. 809 Value can be an absolute number (ex: 5) 810 or a percentage of desired pods (ex: 10%). 811 Absolute number is calculated from percentage 812 by rounding down. This can not be 0 if 813 MaxSurge is 0. Defaults to 25%. Example: 814 when this is set to 30%, the old ReplicaSet 815 can be scaled down to 70% of desired pods 816 immediately when the rolling update starts. 817 Once new pods are ready, old ReplicaSet 818 can be scaled down further, followed by 819 scaling up the new ReplicaSet, ensuring 820 that the total number of pods available 821 at all times during the update is at least 822 70% of desired pods.' 823 anyOf: 824 - type: integer 825 - type: string 826 x-kubernetes-int-or-string: true 827 type: 828 description: Type of deployment. Can be "Recreate" 829 or "RollingUpdate". Default is RollingUpdate. 830 type: string 831 template: 832 description: Template describes the pods that will 833 be created. 834 type: object 835 properties: 836 metadata: 837 description: 'Standard object''s metadata. More 838 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 839 type: object 840 x-kubernetes-preserve-unknown-fields: true 841 spec: 842 description: 'Specification of the desired behavior 843 of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 844 type: object 845 required: 846 - containers 847 properties: 848 activeDeadlineSeconds: 849 description: Optional duration in seconds 850 the pod may be active on the node relative 851 to StartTime before the system will actively 852 try to mark it failed and kill associated 853 containers. Value must be a positive integer. 854 type: integer 855 format: int64 856 affinity: 857 description: If specified, the pod's scheduling 858 constraints 859 type: object 860 properties: 861 nodeAffinity: 862 description: Describes node affinity 863 scheduling rules for the pod. 864 type: object 865 properties: 866 preferredDuringSchedulingIgnoredDuringExecution: 867 description: The scheduler will 868 prefer to schedule pods to nodes 869 that satisfy the affinity expressions 870 specified by this field, but it 871 may choose a node that violates 872 one or more of the expressions. 873 The node that is most preferred 874 is the one with the greatest sum 875 of weights, i.e. for each node 876 that meets all of the scheduling 877 requirements (resource request, 878 requiredDuringScheduling affinity 879 expressions, etc.), compute a 880 sum by iterating through the elements 881 of this field and adding "weight" 882 to the sum if the node matches 883 the corresponding matchExpressions; 884 the node(s) with the highest sum 885 are the most preferred. 886 type: array 887 items: 888 description: An empty preferred 889 scheduling term matches all 890 objects with implicit weight 891 0 (i.e. it's a no-op). A null 892 preferred scheduling term matches 893 no objects (i.e. is also a no-op). 894 type: object 895 required: 896 - preference 897 - weight 898 properties: 899 preference: 900 description: A node selector 901 term, associated with the 902 corresponding weight. 903 type: object 904 properties: 905 matchExpressions: 906 description: A list of 907 node selector requirements 908 by node's labels. 909 type: array 910 items: 911 description: A node 912 selector requirement 913 is a selector that 914 contains values, a 915 key, and an operator 916 that relates the key 917 and values. 918 type: object 919 required: 920 - key 921 - operator 922 properties: 923 key: 924 description: The 925 label key that 926 the selector applies 927 to. 928 type: string 929 operator: 930 description: Represents 931 a key's relationship 932 to a set of values. 933 Valid operators 934 are In, NotIn, 935 Exists, DoesNotExist. 936 Gt, and Lt. 937 type: string 938 values: 939 description: An 940 array of string 941 values. If the 942 operator is In 943 or NotIn, the 944 values array must 945 be non-empty. 946 If the operator 947 is Exists or DoesNotExist, 948 the values array 949 must be empty. 950 If the operator 951 is Gt or Lt, the 952 values array must 953 have a single 954 element, which 955 will be interpreted 956 as an integer. 957 This array is 958 replaced during 959 a strategic merge 960 patch. 961 type: array 962 items: 963 type: string 964 matchFields: 965 description: A list of 966 node selector requirements 967 by node's fields. 968 type: array 969 items: 970 description: A node 971 selector requirement 972 is a selector that 973 contains values, a 974 key, and an operator 975 that relates the key 976 and values. 977 type: object 978 required: 979 - key 980 - operator 981 properties: 982 key: 983 description: The 984 label key that 985 the selector applies 986 to. 987 type: string 988 operator: 989 description: Represents 990 a key's relationship 991 to a set of values. 992 Valid operators 993 are In, NotIn, 994 Exists, DoesNotExist. 995 Gt, and Lt. 996 type: string 997 values: 998 description: An 999 array of string 1000 values. If the 1001 operator is In 1002 or NotIn, the 1003 values array must 1004 be non-empty. 1005 If the operator 1006 is Exists or DoesNotExist, 1007 the values array 1008 must be empty. 1009 If the operator 1010 is Gt or Lt, the 1011 values array must 1012 have a single 1013 element, which 1014 will be interpreted 1015 as an integer. 1016 This array is 1017 replaced during 1018 a strategic merge 1019 patch. 1020 type: array 1021 items: 1022 type: string 1023 weight: 1024 description: Weight associated 1025 with matching the corresponding 1026 nodeSelectorTerm, in the 1027 range 1-100. 1028 type: integer 1029 format: int32 1030 requiredDuringSchedulingIgnoredDuringExecution: 1031 description: If the affinity requirements 1032 specified by this field are not 1033 met at scheduling time, the pod 1034 will not be scheduled onto the 1035 node. If the affinity requirements 1036 specified by this field cease 1037 to be met at some point during 1038 pod execution (e.g. due to an 1039 update), the system may or may 1040 not try to eventually evict the 1041 pod from its node. 1042 type: object 1043 required: 1044 - nodeSelectorTerms 1045 properties: 1046 nodeSelectorTerms: 1047 description: Required. A list 1048 of node selector terms. The 1049 terms are ORed. 1050 type: array 1051 items: 1052 description: A null or empty 1053 node selector term matches 1054 no objects. The requirements 1055 of them are ANDed. The TopologySelectorTerm 1056 type implements a subset 1057 of the NodeSelectorTerm. 1058 type: object 1059 properties: 1060 matchExpressions: 1061 description: A list of 1062 node selector requirements 1063 by node's labels. 1064 type: array 1065 items: 1066 description: A node 1067 selector requirement 1068 is a selector that 1069 contains values, a 1070 key, and an operator 1071 that relates the key 1072 and values. 1073 type: object 1074 required: 1075 - key 1076 - operator 1077 properties: 1078 key: 1079 description: The 1080 label key that 1081 the selector applies 1082 to. 1083 type: string 1084 operator: 1085 description: Represents 1086 a key's relationship 1087 to a set of values. 1088 Valid operators 1089 are In, NotIn, 1090 Exists, DoesNotExist. 1091 Gt, and Lt. 1092 type: string 1093 values: 1094 description: An 1095 array of string 1096 values. If the 1097 operator is In 1098 or NotIn, the 1099 values array must 1100 be non-empty. 1101 If the operator 1102 is Exists or DoesNotExist, 1103 the values array 1104 must be empty. 1105 If the operator 1106 is Gt or Lt, the 1107 values array must 1108 have a single 1109 element, which 1110 will be interpreted 1111 as an integer. 1112 This array is 1113 replaced during 1114 a strategic merge 1115 patch. 1116 type: array 1117 items: 1118 type: string 1119 matchFields: 1120 description: A list of 1121 node selector requirements 1122 by node's fields. 1123 type: array 1124 items: 1125 description: A node 1126 selector requirement 1127 is a selector that 1128 contains values, a 1129 key, and an operator 1130 that relates the key 1131 and values. 1132 type: object 1133 required: 1134 - key 1135 - operator 1136 properties: 1137 key: 1138 description: The 1139 label key that 1140 the selector applies 1141 to. 1142 type: string 1143 operator: 1144 description: Represents 1145 a key's relationship 1146 to a set of values. 1147 Valid operators 1148 are In, NotIn, 1149 Exists, DoesNotExist. 1150 Gt, and Lt. 1151 type: string 1152 values: 1153 description: An 1154 array of string 1155 values. If the 1156 operator is In 1157 or NotIn, the 1158 values array must 1159 be non-empty. 1160 If the operator 1161 is Exists or DoesNotExist, 1162 the values array 1163 must be empty. 1164 If the operator 1165 is Gt or Lt, the 1166 values array must 1167 have a single 1168 element, which 1169 will be interpreted 1170 as an integer. 1171 This array is 1172 replaced during 1173 a strategic merge 1174 patch. 1175 type: array 1176 items: 1177 type: string 1178 podAffinity: 1179 description: Describes pod affinity 1180 scheduling rules (e.g. co-locate this 1181 pod in the same node, zone, etc. as 1182 some other pod(s)). 1183 type: object 1184 properties: 1185 preferredDuringSchedulingIgnoredDuringExecution: 1186 description: The scheduler will 1187 prefer to schedule pods to nodes 1188 that satisfy the affinity expressions 1189 specified by this field, but it 1190 may choose a node that violates 1191 one or more of the expressions. 1192 The node that is most preferred 1193 is the one with the greatest sum 1194 of weights, i.e. for each node 1195 that meets all of the scheduling 1196 requirements (resource request, 1197 requiredDuringScheduling affinity 1198 expressions, etc.), compute a 1199 sum by iterating through the elements 1200 of this field and adding "weight" 1201 to the sum if the node has pods 1202 which matches the corresponding 1203 podAffinityTerm; the node(s) with 1204 the highest sum are the most preferred. 1205 type: array 1206 items: 1207 description: The weights of all 1208 of the matched WeightedPodAffinityTerm 1209 fields are added per-node to 1210 find the most preferred node(s) 1211 type: object 1212 required: 1213 - podAffinityTerm 1214 - weight 1215 properties: 1216 podAffinityTerm: 1217 description: Required. A pod 1218 affinity term, associated 1219 with the corresponding weight. 1220 type: object 1221 required: 1222 - topologyKey 1223 properties: 1224 labelSelector: 1225 description: A label query 1226 over a set of resources, 1227 in this case pods. 1228 type: object 1229 properties: 1230 matchExpressions: 1231 description: matchExpressions 1232 is a list of label 1233 selector requirements. 1234 The requirements 1235 are ANDed. 1236 type: array 1237 items: 1238 description: A label 1239 selector requirement 1240 is a selector 1241 that contains 1242 values, a key, 1243 and an operator 1244 that relates the 1245 key and values. 1246 type: object 1247 required: 1248 - key 1249 - operator 1250 properties: 1251 key: 1252 description: key 1253 is the label 1254 key that the 1255 selector applies 1256 to. 1257 type: string 1258 operator: 1259 description: operator 1260 represents 1261 a key's relationship 1262 to a set of 1263 values. Valid 1264 operators 1265 are In, NotIn, 1266 Exists and 1267 DoesNotExist. 1268 type: string 1269 values: 1270 description: values 1271 is an array 1272 of string 1273 values. If 1274 the operator 1275 is In or NotIn, 1276 the values 1277 array must 1278 be non-empty. 1279 If the operator 1280 is Exists 1281 or DoesNotExist, 1282 the values 1283 array must 1284 be empty. 1285 This array 1286 is replaced 1287 during a strategic 1288 merge patch. 1289 type: array 1290 items: 1291 type: string 1292 matchLabels: 1293 description: matchLabels 1294 is a map of {key,value} 1295 pairs. A single 1296 {key,value} in the 1297 matchLabels map 1298 is equivalent to 1299 an element of matchExpressions, 1300 whose key field 1301 is "key", the operator 1302 is "In", and the 1303 values array contains 1304 only "value". The 1305 requirements are 1306 ANDed. 1307 type: object 1308 additionalProperties: 1309 type: string 1310 namespaces: 1311 description: namespaces 1312 specifies which namespaces 1313 the labelSelector applies 1314 to (matches against); 1315 null or empty list means 1316 "this pod's namespace" 1317 type: array 1318 items: 1319 type: string 1320 topologyKey: 1321 description: This pod 1322 should be co-located 1323 (affinity) or not co-located 1324 (anti-affinity) with 1325 the pods matching the 1326 labelSelector in the 1327 specified namespaces, 1328 where co-located is 1329 defined as running on 1330 a node whose value of 1331 the label with key topologyKey 1332 matches that of any 1333 node on which any of 1334 the selected pods is 1335 running. Empty topologyKey 1336 is not allowed. 1337 type: string 1338 weight: 1339 description: weight associated 1340 with matching the corresponding 1341 podAffinityTerm, in the 1342 range 1-100. 1343 type: integer 1344 format: int32 1345 requiredDuringSchedulingIgnoredDuringExecution: 1346 description: If the affinity requirements 1347 specified by this field are not 1348 met at scheduling time, the pod 1349 will not be scheduled onto the 1350 node. If the affinity requirements 1351 specified by this field cease 1352 to be met at some point during 1353 pod execution (e.g. due to a pod 1354 label update), the system may 1355 or may not try to eventually evict 1356 the pod from its node. When there 1357 are multiple elements, the lists 1358 of nodes corresponding to each 1359 podAffinityTerm are intersected, 1360 i.e. all terms must be satisfied. 1361 type: array 1362 items: 1363 description: Defines a set of 1364 pods (namely those matching 1365 the labelSelector relative to 1366 the given namespace(s)) that 1367 this pod should be co-located 1368 (affinity) or not co-located 1369 (anti-affinity) with, where 1370 co-located is defined as running 1371 on a node whose value of the 1372 label with key <topologyKey> 1373 matches that of any node on 1374 which a pod of the set of pods 1375 is running 1376 type: object 1377 required: 1378 - topologyKey 1379 properties: 1380 labelSelector: 1381 description: A label query 1382 over a set of resources, 1383 in this case pods. 1384 type: object 1385 properties: 1386 matchExpressions: 1387 description: matchExpressions 1388 is a list of label selector 1389 requirements. The requirements 1390 are ANDed. 1391 type: array 1392 items: 1393 description: A label 1394 selector requirement 1395 is a selector that 1396 contains values, a 1397 key, and an operator 1398 that relates the key 1399 and values. 1400 type: object 1401 required: 1402 - key 1403 - operator 1404 properties: 1405 key: 1406 description: key 1407 is the label key 1408 that the selector 1409 applies to. 1410 type: string 1411 operator: 1412 description: operator 1413 represents a key's 1414 relationship to 1415 a set of values. 1416 Valid operators 1417 are In, NotIn, 1418 Exists and DoesNotExist. 1419 type: string 1420 values: 1421 description: values 1422 is an array of 1423 string values. 1424 If the operator 1425 is In or NotIn, 1426 the values array 1427 must be non-empty. 1428 If the operator 1429 is Exists or DoesNotExist, 1430 the values array 1431 must be empty. 1432 This array is 1433 replaced during 1434 a strategic merge 1435 patch. 1436 type: array 1437 items: 1438 type: string 1439 matchLabels: 1440 description: matchLabels 1441 is a map of {key,value} 1442 pairs. A single {key,value} 1443 in the matchLabels map 1444 is equivalent to an 1445 element of matchExpressions, 1446 whose key field is "key", 1447 the operator is "In", 1448 and the values array 1449 contains only "value". 1450 The requirements are 1451 ANDed. 1452 type: object 1453 additionalProperties: 1454 type: string 1455 namespaces: 1456 description: namespaces specifies 1457 which namespaces the labelSelector 1458 applies to (matches against); 1459 null or empty list means 1460 "this pod's namespace" 1461 type: array 1462 items: 1463 type: string 1464 topologyKey: 1465 description: This pod should 1466 be co-located (affinity) 1467 or not co-located (anti-affinity) 1468 with the pods matching the 1469 labelSelector in the specified 1470 namespaces, where co-located 1471 is defined as running on 1472 a node whose value of the 1473 label with key topologyKey 1474 matches that of any node 1475 on which any of the selected 1476 pods is running. Empty topologyKey 1477 is not allowed. 1478 type: string 1479 podAntiAffinity: 1480 description: Describes pod anti-affinity 1481 scheduling rules (e.g. avoid putting 1482 this pod in the same node, zone, etc. 1483 as some other pod(s)). 1484 type: object 1485 properties: 1486 preferredDuringSchedulingIgnoredDuringExecution: 1487 description: The scheduler will 1488 prefer to schedule pods to nodes 1489 that satisfy the anti-affinity 1490 expressions specified by this 1491 field, but it may choose a node 1492 that violates one or more of the 1493 expressions. The node that is 1494 most preferred is the one with 1495 the greatest sum of weights, i.e. 1496 for each node that meets all of 1497 the scheduling requirements (resource 1498 request, requiredDuringScheduling 1499 anti-affinity expressions, etc.), 1500 compute a sum by iterating through 1501 the elements of this field and 1502 adding "weight" to the sum if 1503 the node has pods which matches 1504 the corresponding podAffinityTerm; 1505 the node(s) with the highest sum 1506 are the most preferred. 1507 type: array 1508 items: 1509 description: The weights of all 1510 of the matched WeightedPodAffinityTerm 1511 fields are added per-node to 1512 find the most preferred node(s) 1513 type: object 1514 required: 1515 - podAffinityTerm 1516 - weight 1517 properties: 1518 podAffinityTerm: 1519 description: Required. A pod 1520 affinity term, associated 1521 with the corresponding weight. 1522 type: object 1523 required: 1524 - topologyKey 1525 properties: 1526 labelSelector: 1527 description: A label query 1528 over a set of resources, 1529 in this case pods. 1530 type: object 1531 properties: 1532 matchExpressions: 1533 description: matchExpressions 1534 is a list of label 1535 selector requirements. 1536 The requirements 1537 are ANDed. 1538 type: array 1539 items: 1540 description: A label 1541 selector requirement 1542 is a selector 1543 that contains 1544 values, a key, 1545 and an operator 1546 that relates the 1547 key and values. 1548 type: object 1549 required: 1550 - key 1551 - operator 1552 properties: 1553 key: 1554 description: key 1555 is the label 1556 key that the 1557 selector applies 1558 to. 1559 type: string 1560 operator: 1561 description: operator 1562 represents 1563 a key's relationship 1564 to a set of 1565 values. Valid 1566 operators 1567 are In, NotIn, 1568 Exists and 1569 DoesNotExist. 1570 type: string 1571 values: 1572 description: values 1573 is an array 1574 of string 1575 values. If 1576 the operator 1577 is In or NotIn, 1578 the values 1579 array must 1580 be non-empty. 1581 If the operator 1582 is Exists 1583 or DoesNotExist, 1584 the values 1585 array must 1586 be empty. 1587 This array 1588 is replaced 1589 during a strategic 1590 merge patch. 1591 type: array 1592 items: 1593 type: string 1594 matchLabels: 1595 description: matchLabels 1596 is a map of {key,value} 1597 pairs. A single 1598 {key,value} in the 1599 matchLabels map 1600 is equivalent to 1601 an element of matchExpressions, 1602 whose key field 1603 is "key", the operator 1604 is "In", and the 1605 values array contains 1606 only "value". The 1607 requirements are 1608 ANDed. 1609 type: object 1610 additionalProperties: 1611 type: string 1612 namespaces: 1613 description: namespaces 1614 specifies which namespaces 1615 the labelSelector applies 1616 to (matches against); 1617 null or empty list means 1618 "this pod's namespace" 1619 type: array 1620 items: 1621 type: string 1622 topologyKey: 1623 description: This pod 1624 should be co-located 1625 (affinity) or not co-located 1626 (anti-affinity) with 1627 the pods matching the 1628 labelSelector in the 1629 specified namespaces, 1630 where co-located is 1631 defined as running on 1632 a node whose value of 1633 the label with key topologyKey 1634 matches that of any 1635 node on which any of 1636 the selected pods is 1637 running. Empty topologyKey 1638 is not allowed. 1639 type: string 1640 weight: 1641 description: weight associated 1642 with matching the corresponding 1643 podAffinityTerm, in the 1644 range 1-100. 1645 type: integer 1646 format: int32 1647 requiredDuringSchedulingIgnoredDuringExecution: 1648 description: If the anti-affinity 1649 requirements specified by this 1650 field are not met at scheduling 1651 time, the pod will not be scheduled 1652 onto the node. If the anti-affinity 1653 requirements specified by this 1654 field cease to be met at some 1655 point during pod execution (e.g. 1656 due to a pod label update), the 1657 system may or may not try to eventually 1658 evict the pod from its node. When 1659 there are multiple elements, the 1660 lists of nodes corresponding to 1661 each podAffinityTerm are intersected, 1662 i.e. all terms must be satisfied. 1663 type: array 1664 items: 1665 description: Defines a set of 1666 pods (namely those matching 1667 the labelSelector relative to 1668 the given namespace(s)) that 1669 this pod should be co-located 1670 (affinity) or not co-located 1671 (anti-affinity) with, where 1672 co-located is defined as running 1673 on a node whose value of the 1674 label with key <topologyKey> 1675 matches that of any node on 1676 which a pod of the set of pods 1677 is running 1678 type: object 1679 required: 1680 - topologyKey 1681 properties: 1682 labelSelector: 1683 description: A label query 1684 over a set of resources, 1685 in this case pods. 1686 type: object 1687 properties: 1688 matchExpressions: 1689 description: matchExpressions 1690 is a list of label selector 1691 requirements. The requirements 1692 are ANDed. 1693 type: array 1694 items: 1695 description: A label 1696 selector requirement 1697 is a selector that 1698 contains values, a 1699 key, and an operator 1700 that relates the key 1701 and values. 1702 type: object 1703 required: 1704 - key 1705 - operator 1706 properties: 1707 key: 1708 description: key 1709 is the label key 1710 that the selector 1711 applies to. 1712 type: string 1713 operator: 1714 description: operator 1715 represents a key's 1716 relationship to 1717 a set of values. 1718 Valid operators 1719 are In, NotIn, 1720 Exists and DoesNotExist. 1721 type: string 1722 values: 1723 description: values 1724 is an array of 1725 string values. 1726 If the operator 1727 is In or NotIn, 1728 the values array 1729 must be non-empty. 1730 If the operator 1731 is Exists or DoesNotExist, 1732 the values array 1733 must be empty. 1734 This array is 1735 replaced during 1736 a strategic merge 1737 patch. 1738 type: array 1739 items: 1740 type: string 1741 matchLabels: 1742 description: matchLabels 1743 is a map of {key,value} 1744 pairs. A single {key,value} 1745 in the matchLabels map 1746 is equivalent to an 1747 element of matchExpressions, 1748 whose key field is "key", 1749 the operator is "In", 1750 and the values array 1751 contains only "value". 1752 The requirements are 1753 ANDed. 1754 type: object 1755 additionalProperties: 1756 type: string 1757 namespaces: 1758 description: namespaces specifies 1759 which namespaces the labelSelector 1760 applies to (matches against); 1761 null or empty list means 1762 "this pod's namespace" 1763 type: array 1764 items: 1765 type: string 1766 topologyKey: 1767 description: This pod should 1768 be co-located (affinity) 1769 or not co-located (anti-affinity) 1770 with the pods matching the 1771 labelSelector in the specified 1772 namespaces, where co-located 1773 is defined as running on 1774 a node whose value of the 1775 label with key topologyKey 1776 matches that of any node 1777 on which any of the selected 1778 pods is running. Empty topologyKey 1779 is not allowed. 1780 type: string 1781 automountServiceAccountToken: 1782 description: AutomountServiceAccountToken 1783 indicates whether a service account token 1784 should be automatically mounted. 1785 type: boolean 1786 containers: 1787 description: List of containers belonging 1788 to the pod. Containers cannot currently 1789 be added or removed. There must be at 1790 least one container in a Pod. Cannot be 1791 updated. 1792 type: array 1793 items: 1794 description: A single application container 1795 that you want to run within a pod. 1796 type: object 1797 required: 1798 - name 1799 properties: 1800 args: 1801 description: 'Arguments to the entrypoint. 1802 The docker image''s CMD is used 1803 if this is not provided. Variable 1804 references $(VAR_NAME) are expanded 1805 using the container''s environment. 1806 If a variable cannot be resolved, 1807 the reference in the input string 1808 will be unchanged. The $(VAR_NAME) 1809 syntax can be escaped with a double 1810 $$, ie: $$(VAR_NAME). Escaped references 1811 will never be expanded, regardless 1812 of whether the variable exists or 1813 not. Cannot be updated. More info: 1814 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1815 type: array 1816 items: 1817 type: string 1818 command: 1819 description: 'Entrypoint array. Not 1820 executed within a shell. The docker 1821 image''s ENTRYPOINT is used if this 1822 is not provided. Variable references 1823 $(VAR_NAME) are expanded using the 1824 container''s environment. If a variable 1825 cannot be resolved, the reference 1826 in the input string will be unchanged. 1827 The $(VAR_NAME) syntax can be escaped 1828 with a double $$, ie: $$(VAR_NAME). 1829 Escaped references will never be 1830 expanded, regardless of whether 1831 the variable exists or not. Cannot 1832 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1833 type: array 1834 items: 1835 type: string 1836 env: 1837 description: List of environment variables 1838 to set in the container. Cannot 1839 be updated. 1840 type: array 1841 items: 1842 description: EnvVar represents an 1843 environment variable present in 1844 a Container. 1845 type: object 1846 required: 1847 - name 1848 properties: 1849 name: 1850 description: Name of the environment 1851 variable. Must be a C_IDENTIFIER. 1852 type: string 1853 value: 1854 description: 'Variable references 1855 $(VAR_NAME) are expanded using 1856 the previous defined environment 1857 variables in the container 1858 and any service environment 1859 variables. If a variable cannot 1860 be resolved, the reference 1861 in the input string will be 1862 unchanged. The $(VAR_NAME) 1863 syntax can be escaped with 1864 a double $$, ie: $$(VAR_NAME). 1865 Escaped references will never 1866 be expanded, regardless of 1867 whether the variable exists 1868 or not. Defaults to "".' 1869 type: string 1870 valueFrom: 1871 description: Source for the 1872 environment variable's value. 1873 Cannot be used if value is 1874 not empty. 1875 type: object 1876 properties: 1877 configMapKeyRef: 1878 description: Selects a key 1879 of a ConfigMap. 1880 type: object 1881 required: 1882 - key 1883 properties: 1884 key: 1885 description: The key 1886 to select. 1887 type: string 1888 name: 1889 description: 'Name of 1890 the referent. More 1891 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1892 TODO: Add other useful 1893 fields. apiVersion, 1894 kind, uid?' 1895 type: string 1896 optional: 1897 description: Specify 1898 whether the ConfigMap 1899 or its key must be 1900 defined 1901 type: boolean 1902 fieldRef: 1903 description: 'Selects a 1904 field of the pod: supports 1905 metadata.name, metadata.namespace, 1906 metadata.labels, metadata.annotations, 1907 spec.nodeName, spec.serviceAccountName, 1908 status.hostIP, status.podIP, 1909 status.podIPs.' 1910 type: object 1911 required: 1912 - fieldPath 1913 properties: 1914 apiVersion: 1915 description: Version 1916 of the schema the 1917 FieldPath is written 1918 in terms of, defaults 1919 to "v1". 1920 type: string 1921 fieldPath: 1922 description: Path of 1923 the field to select 1924 in the specified API 1925 version. 1926 type: string 1927 resourceFieldRef: 1928 description: 'Selects a 1929 resource of the container: 1930 only resources limits 1931 and requests (limits.cpu, 1932 limits.memory, limits.ephemeral-storage, 1933 requests.cpu, requests.memory 1934 and requests.ephemeral-storage) 1935 are currently supported.' 1936 type: object 1937 required: 1938 - resource 1939 properties: 1940 containerName: 1941 description: 'Container 1942 name: required for 1943 volumes, optional 1944 for env vars' 1945 type: string 1946 divisor: 1947 description: Specifies 1948 the output format 1949 of the exposed resources, 1950 defaults to "1" 1951 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1952 anyOf: 1953 - type: integer 1954 - type: string 1955 x-kubernetes-int-or-string: true 1956 resource: 1957 description: 'Required: 1958 resource to select' 1959 type: string 1960 secretKeyRef: 1961 description: Selects a key 1962 of a secret in the pod's 1963 namespace 1964 type: object 1965 required: 1966 - key 1967 properties: 1968 key: 1969 description: The key 1970 of the secret to select 1971 from. Must be a valid 1972 secret key. 1973 type: string 1974 name: 1975 description: 'Name of 1976 the referent. More 1977 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1978 TODO: Add other useful 1979 fields. apiVersion, 1980 kind, uid?' 1981 type: string 1982 optional: 1983 description: Specify 1984 whether the Secret 1985 or its key must be 1986 defined 1987 type: boolean 1988 envFrom: 1989 description: List of sources to populate 1990 environment variables in the container. 1991 The keys defined within a source 1992 must be a C_IDENTIFIER. All invalid 1993 keys will be reported as an event 1994 when the container is starting. 1995 When a key exists in multiple sources, 1996 the value associated with the last 1997 source will take precedence. Values 1998 defined by an Env with a duplicate 1999 key will take precedence. Cannot 2000 be updated. 2001 type: array 2002 items: 2003 description: EnvFromSource represents 2004 the source of a set of ConfigMaps 2005 type: object 2006 properties: 2007 configMapRef: 2008 description: The ConfigMap to 2009 select from 2010 type: object 2011 properties: 2012 name: 2013 description: 'Name of the 2014 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2015 TODO: Add other useful 2016 fields. apiVersion, kind, 2017 uid?' 2018 type: string 2019 optional: 2020 description: Specify whether 2021 the ConfigMap must be 2022 defined 2023 type: boolean 2024 prefix: 2025 description: An optional identifier 2026 to prepend to each key in 2027 the ConfigMap. Must be a C_IDENTIFIER. 2028 type: string 2029 secretRef: 2030 description: The Secret to select 2031 from 2032 type: object 2033 properties: 2034 name: 2035 description: 'Name of the 2036 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2037 TODO: Add other useful 2038 fields. apiVersion, kind, 2039 uid?' 2040 type: string 2041 optional: 2042 description: Specify whether 2043 the Secret must be defined 2044 type: boolean 2045 image: 2046 description: 'Docker image name. More 2047 info: https://kubernetes.io/docs/concepts/containers/images 2048 This field is optional to allow 2049 higher level config management to 2050 default or override container images 2051 in workload controllers like Deployments 2052 and StatefulSets.' 2053 type: string 2054 imagePullPolicy: 2055 description: 'Image pull policy. One 2056 of Always, Never, IfNotPresent. 2057 Defaults to Always if :latest tag 2058 is specified, or IfNotPresent otherwise. 2059 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2060 type: string 2061 lifecycle: 2062 description: Actions that the management 2063 system should take in response to 2064 container lifecycle events. Cannot 2065 be updated. 2066 type: object 2067 properties: 2068 postStart: 2069 description: 'PostStart is called 2070 immediately after a container 2071 is created. If the handler fails, 2072 the container is terminated 2073 and restarted according to its 2074 restart policy. Other management 2075 of the container blocks until 2076 the hook completes. More info: 2077 https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2078 type: object 2079 properties: 2080 exec: 2081 description: One and only 2082 one of the following should 2083 be specified. Exec specifies 2084 the action to take. 2085 type: object 2086 properties: 2087 command: 2088 description: Command is 2089 the command line to 2090 execute inside the container, 2091 the working directory 2092 for the command is 2093 root ('/') in the container's 2094 filesystem. The command 2095 is simply exec'd, it 2096 is not run inside a 2097 shell, so traditional 2098 shell instructions ('|', 2099 etc) won't work. To 2100 use a shell, you need 2101 to explicitly call out 2102 to that shell. Exit 2103 status of 0 is treated 2104 as live/healthy and 2105 non-zero is unhealthy. 2106 type: array 2107 items: 2108 type: string 2109 httpGet: 2110 description: HTTPGet specifies 2111 the http request to perform. 2112 type: object 2113 required: 2114 - port 2115 properties: 2116 host: 2117 description: Host name 2118 to connect to, defaults 2119 to the pod IP. You probably 2120 want to set "Host" in 2121 httpHeaders instead. 2122 type: string 2123 httpHeaders: 2124 description: Custom headers 2125 to set in the request. 2126 HTTP allows repeated 2127 headers. 2128 type: array 2129 items: 2130 description: HTTPHeader 2131 describes a custom 2132 header to be used 2133 in HTTP probes 2134 type: object 2135 required: 2136 - name 2137 - value 2138 properties: 2139 name: 2140 description: The 2141 header field name 2142 type: string 2143 value: 2144 description: The 2145 header field value 2146 type: string 2147 path: 2148 description: Path to access 2149 on the HTTP server. 2150 type: string 2151 port: 2152 description: Name or number 2153 of the port to access 2154 on the container. Number 2155 must be in the range 2156 1 to 65535. Name must 2157 be an IANA_SVC_NAME. 2158 anyOf: 2159 - type: integer 2160 - type: string 2161 x-kubernetes-int-or-string: true 2162 scheme: 2163 description: Scheme to 2164 use for connecting to 2165 the host. Defaults to 2166 HTTP. 2167 type: string 2168 tcpSocket: 2169 description: 'TCPSocket specifies 2170 an action involving a TCP 2171 port. TCP hooks not yet 2172 supported TODO: implement 2173 a realistic TCP lifecycle 2174 hook' 2175 type: object 2176 required: 2177 - port 2178 properties: 2179 host: 2180 description: 'Optional: 2181 Host name to connect 2182 to, defaults to the 2183 pod IP.' 2184 type: string 2185 port: 2186 description: Number or 2187 name of the port to 2188 access on the container. 2189 Number must be in the 2190 range 1 to 65535. Name 2191 must be an IANA_SVC_NAME. 2192 anyOf: 2193 - type: integer 2194 - type: string 2195 x-kubernetes-int-or-string: true 2196 preStop: 2197 description: 'PreStop is called 2198 immediately before a container 2199 is terminated due to an API 2200 request or management event 2201 such as liveness/startup probe 2202 failure, preemption, resource 2203 contention, etc. The handler 2204 is not called if the container 2205 crashes or exits. The reason 2206 for termination is passed to 2207 the handler. The Pod''s termination 2208 grace period countdown begins 2209 before the PreStop hooked is 2210 executed. Regardless of the 2211 outcome of the handler, the 2212 container will eventually terminate 2213 within the Pod''s termination 2214 grace period. Other management 2215 of the container blocks until 2216 the hook completes or until 2217 the termination grace period 2218 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2219 type: object 2220 properties: 2221 exec: 2222 description: One and only 2223 one of the following should 2224 be specified. Exec specifies 2225 the action to take. 2226 type: object 2227 properties: 2228 command: 2229 description: Command is 2230 the command line to 2231 execute inside the container, 2232 the working directory 2233 for the command is 2234 root ('/') in the container's 2235 filesystem. The command 2236 is simply exec'd, it 2237 is not run inside a 2238 shell, so traditional 2239 shell instructions ('|', 2240 etc) won't work. To 2241 use a shell, you need 2242 to explicitly call out 2243 to that shell. Exit 2244 status of 0 is treated 2245 as live/healthy and 2246 non-zero is unhealthy. 2247 type: array 2248 items: 2249 type: string 2250 httpGet: 2251 description: HTTPGet specifies 2252 the http request to perform. 2253 type: object 2254 required: 2255 - port 2256 properties: 2257 host: 2258 description: Host name 2259 to connect to, defaults 2260 to the pod IP. You probably 2261 want to set "Host" in 2262 httpHeaders instead. 2263 type: string 2264 httpHeaders: 2265 description: Custom headers 2266 to set in the request. 2267 HTTP allows repeated 2268 headers. 2269 type: array 2270 items: 2271 description: HTTPHeader 2272 describes a custom 2273 header to be used 2274 in HTTP probes 2275 type: object 2276 required: 2277 - name 2278 - value 2279 properties: 2280 name: 2281 description: The 2282 header field name 2283 type: string 2284 value: 2285 description: The 2286 header field value 2287 type: string 2288 path: 2289 description: Path to access 2290 on the HTTP server. 2291 type: string 2292 port: 2293 description: Name or number 2294 of the port to access 2295 on the container. Number 2296 must be in the range 2297 1 to 65535. Name must 2298 be an IANA_SVC_NAME. 2299 anyOf: 2300 - type: integer 2301 - type: string 2302 x-kubernetes-int-or-string: true 2303 scheme: 2304 description: Scheme to 2305 use for connecting to 2306 the host. Defaults to 2307 HTTP. 2308 type: string 2309 tcpSocket: 2310 description: 'TCPSocket specifies 2311 an action involving a TCP 2312 port. TCP hooks not yet 2313 supported TODO: implement 2314 a realistic TCP lifecycle 2315 hook' 2316 type: object 2317 required: 2318 - port 2319 properties: 2320 host: 2321 description: 'Optional: 2322 Host name to connect 2323 to, defaults to the 2324 pod IP.' 2325 type: string 2326 port: 2327 description: Number or 2328 name of the port to 2329 access on the container. 2330 Number must be in the 2331 range 1 to 65535. Name 2332 must be an IANA_SVC_NAME. 2333 anyOf: 2334 - type: integer 2335 - type: string 2336 x-kubernetes-int-or-string: true 2337 livenessProbe: 2338 description: 'Periodic probe of container 2339 liveness. Container will be restarted 2340 if the probe fails. Cannot be updated. 2341 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2342 type: object 2343 properties: 2344 exec: 2345 description: One and only one 2346 of the following should be specified. 2347 Exec specifies the action to 2348 take. 2349 type: object 2350 properties: 2351 command: 2352 description: Command is the 2353 command line to execute 2354 inside the container, the 2355 working directory for the 2356 command is root ('/') in 2357 the container's filesystem. 2358 The command is simply exec'd, 2359 it is not run inside a shell, 2360 so traditional shell instructions 2361 ('|', etc) won't work. To 2362 use a shell, you need to 2363 explicitly call out to that 2364 shell. Exit status of 0 2365 is treated as live/healthy 2366 and non-zero is unhealthy. 2367 type: array 2368 items: 2369 type: string 2370 failureThreshold: 2371 description: Minimum consecutive 2372 failures for the probe to be 2373 considered failed after having 2374 succeeded. Defaults to 3. Minimum 2375 value is 1. 2376 type: integer 2377 format: int32 2378 httpGet: 2379 description: HTTPGet specifies 2380 the http request to perform. 2381 type: object 2382 required: 2383 - port 2384 properties: 2385 host: 2386 description: Host name to 2387 connect to, defaults to 2388 the pod IP. You probably 2389 want to set "Host" in httpHeaders 2390 instead. 2391 type: string 2392 httpHeaders: 2393 description: Custom headers 2394 to set in the request. HTTP 2395 allows repeated headers. 2396 type: array 2397 items: 2398 description: HTTPHeader 2399 describes a custom header 2400 to be used in HTTP probes 2401 type: object 2402 required: 2403 - name 2404 - value 2405 properties: 2406 name: 2407 description: The header 2408 field name 2409 type: string 2410 value: 2411 description: The header 2412 field value 2413 type: string 2414 path: 2415 description: Path to access 2416 on the HTTP server. 2417 type: string 2418 port: 2419 description: Name or number 2420 of the port to access on 2421 the container. Number must 2422 be in the range 1 to 65535. 2423 Name must be an IANA_SVC_NAME. 2424 anyOf: 2425 - type: integer 2426 - type: string 2427 x-kubernetes-int-or-string: true 2428 scheme: 2429 description: Scheme to use 2430 for connecting to the host. 2431 Defaults to HTTP. 2432 type: string 2433 initialDelaySeconds: 2434 description: 'Number of seconds 2435 after the container has started 2436 before liveness probes are initiated. 2437 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2438 type: integer 2439 format: int32 2440 periodSeconds: 2441 description: How often (in seconds) 2442 to perform the probe. Default 2443 to 10 seconds. Minimum value 2444 is 1. 2445 type: integer 2446 format: int32 2447 successThreshold: 2448 description: Minimum consecutive 2449 successes for the probe to be 2450 considered successful after 2451 having failed. Defaults to 1. 2452 Must be 1 for liveness and startup. 2453 Minimum value is 1. 2454 type: integer 2455 format: int32 2456 tcpSocket: 2457 description: 'TCPSocket specifies 2458 an action involving a TCP port. 2459 TCP hooks not yet supported 2460 TODO: implement a realistic 2461 TCP lifecycle hook' 2462 type: object 2463 required: 2464 - port 2465 properties: 2466 host: 2467 description: 'Optional: Host 2468 name to connect to, defaults 2469 to the pod IP.' 2470 type: string 2471 port: 2472 description: Number or name 2473 of the port to access on 2474 the container. Number must 2475 be in the range 1 to 65535. 2476 Name must be an IANA_SVC_NAME. 2477 anyOf: 2478 - type: integer 2479 - type: string 2480 x-kubernetes-int-or-string: true 2481 timeoutSeconds: 2482 description: 'Number of seconds 2483 after which the probe times 2484 out. Defaults to 1 second. Minimum 2485 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2486 type: integer 2487 format: int32 2488 name: 2489 description: Name of the container 2490 specified as a DNS_LABEL. Each container 2491 in a pod must have a unique name 2492 (DNS_LABEL). Cannot be updated. 2493 type: string 2494 ports: 2495 description: List of ports to expose 2496 from the container. Exposing a port 2497 here gives the system additional 2498 information about the network connections 2499 a container uses, but is primarily 2500 informational. Not specifying a 2501 port here DOES NOT prevent that 2502 port from being exposed. Any port 2503 which is listening on the default 2504 "0.0.0.0" address inside a container 2505 will be accessible from the network. 2506 Cannot be updated. 2507 type: array 2508 items: 2509 description: ContainerPort represents 2510 a network port in a single container. 2511 type: object 2512 required: 2513 - containerPort 2514 properties: 2515 containerPort: 2516 description: Number of port 2517 to expose on the pod's IP 2518 address. This must be a valid 2519 port number, 0 < x < 65536. 2520 type: integer 2521 format: int32 2522 hostIP: 2523 description: What host IP to 2524 bind the external port to. 2525 type: string 2526 hostPort: 2527 description: Number of port 2528 to expose on the host. If 2529 specified, this must be a 2530 valid port number, 0 < x < 2531 65536. If HostNetwork is specified, 2532 this must match ContainerPort. 2533 Most containers do not need 2534 this. 2535 type: integer 2536 format: int32 2537 name: 2538 description: If specified, this 2539 must be an IANA_SVC_NAME and 2540 unique within the pod. Each 2541 named port in a pod must have 2542 a unique name. Name for the 2543 port that can be referred 2544 to by services. 2545 type: string 2546 protocol: 2547 description: Protocol for port. 2548 Must be UDP, TCP, or SCTP. 2549 Defaults to "TCP". 2550 type: string 2551 default: TCP 2552 x-kubernetes-list-map-keys: 2553 - containerPort 2554 - protocol 2555 x-kubernetes-list-type: map 2556 readinessProbe: 2557 description: 'Periodic probe of container 2558 service readiness. Container will 2559 be removed from service endpoints 2560 if the probe fails. Cannot be updated. 2561 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2562 type: object 2563 properties: 2564 exec: 2565 description: One and only one 2566 of the following should be specified. 2567 Exec specifies the action to 2568 take. 2569 type: object 2570 properties: 2571 command: 2572 description: Command is the 2573 command line to execute 2574 inside the container, the 2575 working directory for the 2576 command is root ('/') in 2577 the container's filesystem. 2578 The command is simply exec'd, 2579 it is not run inside a shell, 2580 so traditional shell instructions 2581 ('|', etc) won't work. To 2582 use a shell, you need to 2583 explicitly call out to that 2584 shell. Exit status of 0 2585 is treated as live/healthy 2586 and non-zero is unhealthy. 2587 type: array 2588 items: 2589 type: string 2590 failureThreshold: 2591 description: Minimum consecutive 2592 failures for the probe to be 2593 considered failed after having 2594 succeeded. Defaults to 3. Minimum 2595 value is 1. 2596 type: integer 2597 format: int32 2598 httpGet: 2599 description: HTTPGet specifies 2600 the http request to perform. 2601 type: object 2602 required: 2603 - port 2604 properties: 2605 host: 2606 description: Host name to 2607 connect to, defaults to 2608 the pod IP. You probably 2609 want to set "Host" in httpHeaders 2610 instead. 2611 type: string 2612 httpHeaders: 2613 description: Custom headers 2614 to set in the request. HTTP 2615 allows repeated headers. 2616 type: array 2617 items: 2618 description: HTTPHeader 2619 describes a custom header 2620 to be used in HTTP probes 2621 type: object 2622 required: 2623 - name 2624 - value 2625 properties: 2626 name: 2627 description: The header 2628 field name 2629 type: string 2630 value: 2631 description: The header 2632 field value 2633 type: string 2634 path: 2635 description: Path to access 2636 on the HTTP server. 2637 type: string 2638 port: 2639 description: Name or number 2640 of the port to access on 2641 the container. Number must 2642 be in the range 1 to 65535. 2643 Name must be an IANA_SVC_NAME. 2644 anyOf: 2645 - type: integer 2646 - type: string 2647 x-kubernetes-int-or-string: true 2648 scheme: 2649 description: Scheme to use 2650 for connecting to the host. 2651 Defaults to HTTP. 2652 type: string 2653 initialDelaySeconds: 2654 description: 'Number of seconds 2655 after the container has started 2656 before liveness probes are initiated. 2657 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2658 type: integer 2659 format: int32 2660 periodSeconds: 2661 description: How often (in seconds) 2662 to perform the probe. Default 2663 to 10 seconds. Minimum value 2664 is 1. 2665 type: integer 2666 format: int32 2667 successThreshold: 2668 description: Minimum consecutive 2669 successes for the probe to be 2670 considered successful after 2671 having failed. Defaults to 1. 2672 Must be 1 for liveness and startup. 2673 Minimum value is 1. 2674 type: integer 2675 format: int32 2676 tcpSocket: 2677 description: 'TCPSocket specifies 2678 an action involving a TCP port. 2679 TCP hooks not yet supported 2680 TODO: implement a realistic 2681 TCP lifecycle hook' 2682 type: object 2683 required: 2684 - port 2685 properties: 2686 host: 2687 description: 'Optional: Host 2688 name to connect to, defaults 2689 to the pod IP.' 2690 type: string 2691 port: 2692 description: Number or name 2693 of the port to access on 2694 the container. Number must 2695 be in the range 1 to 65535. 2696 Name must be an IANA_SVC_NAME. 2697 anyOf: 2698 - type: integer 2699 - type: string 2700 x-kubernetes-int-or-string: true 2701 timeoutSeconds: 2702 description: 'Number of seconds 2703 after which the probe times 2704 out. Defaults to 1 second. Minimum 2705 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2706 type: integer 2707 format: int32 2708 resources: 2709 description: 'Compute Resources required 2710 by this container. Cannot be updated. 2711 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2712 type: object 2713 properties: 2714 limits: 2715 description: 'Limits describes 2716 the maximum amount of compute 2717 resources allowed. More info: 2718 https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2719 type: object 2720 additionalProperties: 2721 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2722 anyOf: 2723 - type: integer 2724 - type: string 2725 x-kubernetes-int-or-string: true 2726 requests: 2727 description: 'Requests describes 2728 the minimum amount of compute 2729 resources required. If Requests 2730 is omitted for a container, 2731 it defaults to Limits if that 2732 is explicitly specified, otherwise 2733 to an implementation-defined 2734 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2735 type: object 2736 additionalProperties: 2737 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2738 anyOf: 2739 - type: integer 2740 - type: string 2741 x-kubernetes-int-or-string: true 2742 securityContext: 2743 description: 'Security options the 2744 pod should run with. More info: 2745 https://kubernetes.io/docs/concepts/policy/security-context/ 2746 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2747 type: object 2748 properties: 2749 allowPrivilegeEscalation: 2750 description: 'AllowPrivilegeEscalation 2751 controls whether a process can 2752 gain more privileges than its 2753 parent process. This bool directly 2754 controls if the no_new_privs 2755 flag will be set on the container 2756 process. AllowPrivilegeEscalation 2757 is true always when the container 2758 is: 1) run as Privileged 2) 2759 has CAP_SYS_ADMIN' 2760 type: boolean 2761 capabilities: 2762 description: The capabilities 2763 to add/drop when running containers. 2764 Defaults to the default set 2765 of capabilities granted by the 2766 container runtime. 2767 type: object 2768 properties: 2769 add: 2770 description: Added capabilities 2771 type: array 2772 items: 2773 description: Capability 2774 represent POSIX capabilities 2775 type 2776 type: string 2777 drop: 2778 description: Removed capabilities 2779 type: array 2780 items: 2781 description: Capability 2782 represent POSIX capabilities 2783 type 2784 type: string 2785 privileged: 2786 description: Run container in 2787 privileged mode. Processes in 2788 privileged containers are essentially 2789 equivalent to root on the host. 2790 Defaults to false. 2791 type: boolean 2792 procMount: 2793 description: procMount denotes 2794 the type of proc mount to use 2795 for the containers. The default 2796 is DefaultProcMount which uses 2797 the container runtime defaults 2798 for readonly paths and masked 2799 paths. This requires the ProcMountType 2800 feature flag to be enabled. 2801 type: string 2802 readOnlyRootFilesystem: 2803 description: Whether this container 2804 has a read-only root filesystem. 2805 Default is false. 2806 type: boolean 2807 runAsGroup: 2808 description: The GID to run the 2809 entrypoint of the container 2810 process. Uses runtime default 2811 if unset. May also be set in 2812 PodSecurityContext. If set 2813 in both SecurityContext and 2814 PodSecurityContext, the value 2815 specified in SecurityContext 2816 takes precedence. 2817 type: integer 2818 format: int64 2819 runAsNonRoot: 2820 description: Indicates that the 2821 container must run as a non-root 2822 user. If true, the Kubelet will 2823 validate the image at runtime 2824 to ensure that it does not run 2825 as UID 0 (root) and fail to 2826 start the container if it does. 2827 If unset or false, no such validation 2828 will be performed. May also 2829 be set in PodSecurityContext. If 2830 set in both SecurityContext 2831 and PodSecurityContext, the 2832 value specified in SecurityContext 2833 takes precedence. 2834 type: boolean 2835 runAsUser: 2836 description: The UID to run the 2837 entrypoint of the container 2838 process. Defaults to user specified 2839 in image metadata if unspecified. 2840 May also be set in PodSecurityContext. If 2841 set in both SecurityContext 2842 and PodSecurityContext, the 2843 value specified in SecurityContext 2844 takes precedence. 2845 type: integer 2846 format: int64 2847 seLinuxOptions: 2848 description: The SELinux context 2849 to be applied to the container. 2850 If unspecified, the container 2851 runtime will allocate a random 2852 SELinux context for each container. May 2853 also be set in PodSecurityContext. If 2854 set in both SecurityContext 2855 and PodSecurityContext, the 2856 value specified in SecurityContext 2857 takes precedence. 2858 type: object 2859 properties: 2860 level: 2861 description: Level is SELinux 2862 level label that applies 2863 to the container. 2864 type: string 2865 role: 2866 description: Role is a SELinux 2867 role label that applies 2868 to the container. 2869 type: string 2870 type: 2871 description: Type is a SELinux 2872 type label that applies 2873 to the container. 2874 type: string 2875 user: 2876 description: User is a SELinux 2877 user label that applies 2878 to the container. 2879 type: string 2880 windowsOptions: 2881 description: The Windows specific 2882 settings applied to all containers. 2883 If unspecified, the options 2884 from the PodSecurityContext 2885 will be used. If set in both 2886 SecurityContext and PodSecurityContext, 2887 the value specified in SecurityContext 2888 takes precedence. 2889 type: object 2890 properties: 2891 gmsaCredentialSpec: 2892 description: GMSACredentialSpec 2893 is where the GMSA admission 2894 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2895 inlines the contents of 2896 the GMSA credential spec 2897 named by the GMSACredentialSpecName 2898 field. 2899 type: string 2900 gmsaCredentialSpecName: 2901 description: GMSACredentialSpecName 2902 is the name of the GMSA 2903 credential spec to use. 2904 type: string 2905 runAsUserName: 2906 description: The UserName 2907 in Windows to run the entrypoint 2908 of the container process. 2909 Defaults to the user specified 2910 in image metadata if unspecified. 2911 May also be set in PodSecurityContext. 2912 If set in both SecurityContext 2913 and PodSecurityContext, 2914 the value specified in SecurityContext 2915 takes precedence. 2916 type: string 2917 startupProbe: 2918 description: 'StartupProbe indicates 2919 that the Pod has successfully initialized. 2920 If specified, no other probes are 2921 executed until this completes successfully. 2922 If this probe fails, the Pod will 2923 be restarted, just as if the livenessProbe 2924 failed. This can be used to provide 2925 different probe parameters at the 2926 beginning of a Pod''s lifecycle, 2927 when it might take a long time to 2928 load data or warm a cache, than 2929 during steady-state operation. This 2930 cannot be updated. This is a beta 2931 feature enabled by the StartupProbe 2932 feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2933 type: object 2934 properties: 2935 exec: 2936 description: One and only one 2937 of the following should be specified. 2938 Exec specifies the action to 2939 take. 2940 type: object 2941 properties: 2942 command: 2943 description: Command is the 2944 command line to execute 2945 inside the container, the 2946 working directory for the 2947 command is root ('/') in 2948 the container's filesystem. 2949 The command is simply exec'd, 2950 it is not run inside a shell, 2951 so traditional shell instructions 2952 ('|', etc) won't work. To 2953 use a shell, you need to 2954 explicitly call out to that 2955 shell. Exit status of 0 2956 is treated as live/healthy 2957 and non-zero is unhealthy. 2958 type: array 2959 items: 2960 type: string 2961 failureThreshold: 2962 description: Minimum consecutive 2963 failures for the probe to be 2964 considered failed after having 2965 succeeded. Defaults to 3. Minimum 2966 value is 1. 2967 type: integer 2968 format: int32 2969 httpGet: 2970 description: HTTPGet specifies 2971 the http request to perform. 2972 type: object 2973 required: 2974 - port 2975 properties: 2976 host: 2977 description: Host name to 2978 connect to, defaults to 2979 the pod IP. You probably 2980 want to set "Host" in httpHeaders 2981 instead. 2982 type: string 2983 httpHeaders: 2984 description: Custom headers 2985 to set in the request. HTTP 2986 allows repeated headers. 2987 type: array 2988 items: 2989 description: HTTPHeader 2990 describes a custom header 2991 to be used in HTTP probes 2992 type: object 2993 required: 2994 - name 2995 - value 2996 properties: 2997 name: 2998 description: The header 2999 field name 3000 type: string 3001 value: 3002 description: The header 3003 field value 3004 type: string 3005 path: 3006 description: Path to access 3007 on the HTTP server. 3008 type: string 3009 port: 3010 description: Name or number 3011 of the port to access on 3012 the container. Number must 3013 be in the range 1 to 65535. 3014 Name must be an IANA_SVC_NAME. 3015 anyOf: 3016 - type: integer 3017 - type: string 3018 x-kubernetes-int-or-string: true 3019 scheme: 3020 description: Scheme to use 3021 for connecting to the host. 3022 Defaults to HTTP. 3023 type: string 3024 initialDelaySeconds: 3025 description: 'Number of seconds 3026 after the container has started 3027 before liveness probes are initiated. 3028 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3029 type: integer 3030 format: int32 3031 periodSeconds: 3032 description: How often (in seconds) 3033 to perform the probe. Default 3034 to 10 seconds. Minimum value 3035 is 1. 3036 type: integer 3037 format: int32 3038 successThreshold: 3039 description: Minimum consecutive 3040 successes for the probe to be 3041 considered successful after 3042 having failed. Defaults to 1. 3043 Must be 1 for liveness and startup. 3044 Minimum value is 1. 3045 type: integer 3046 format: int32 3047 tcpSocket: 3048 description: 'TCPSocket specifies 3049 an action involving a TCP port. 3050 TCP hooks not yet supported 3051 TODO: implement a realistic 3052 TCP lifecycle hook' 3053 type: object 3054 required: 3055 - port 3056 properties: 3057 host: 3058 description: 'Optional: Host 3059 name to connect to, defaults 3060 to the pod IP.' 3061 type: string 3062 port: 3063 description: Number or name 3064 of the port to access on 3065 the container. Number must 3066 be in the range 1 to 65535. 3067 Name must be an IANA_SVC_NAME. 3068 anyOf: 3069 - type: integer 3070 - type: string 3071 x-kubernetes-int-or-string: true 3072 timeoutSeconds: 3073 description: 'Number of seconds 3074 after which the probe times 3075 out. Defaults to 1 second. Minimum 3076 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3077 type: integer 3078 format: int32 3079 stdin: 3080 description: Whether this container 3081 should allocate a buffer for stdin 3082 in the container runtime. If this 3083 is not set, reads from stdin in 3084 the container will always result 3085 in EOF. Default is false. 3086 type: boolean 3087 stdinOnce: 3088 description: Whether the container 3089 runtime should close the stdin channel 3090 after it has been opened by a single 3091 attach. When stdin is true the stdin 3092 stream will remain open across multiple 3093 attach sessions. If stdinOnce is 3094 set to true, stdin is opened on 3095 container start, is empty until 3096 the first client attaches to stdin, 3097 and then remains open and accepts 3098 data until the client disconnects, 3099 at which time stdin is closed and 3100 remains closed until the container 3101 is restarted. If this flag is false, 3102 a container processes that reads 3103 from stdin will never receive an 3104 EOF. Default is false 3105 type: boolean 3106 terminationMessagePath: 3107 description: 'Optional: Path at which 3108 the file to which the container''s 3109 termination message will be written 3110 is mounted into the container''s 3111 filesystem. Message written is intended 3112 to be brief final status, such as 3113 an assertion failure message. Will 3114 be truncated by the node if greater 3115 than 4096 bytes. The total message 3116 length across all containers will 3117 be limited to 12kb. Defaults to 3118 /dev/termination-log. Cannot be 3119 updated.' 3120 type: string 3121 terminationMessagePolicy: 3122 description: Indicate how the termination 3123 message should be populated. File 3124 will use the contents of terminationMessagePath 3125 to populate the container status 3126 message on both success and failure. 3127 FallbackToLogsOnError will use the 3128 last chunk of container log output 3129 if the termination message file 3130 is empty and the container exited 3131 with an error. The log output is 3132 limited to 2048 bytes or 80 lines, 3133 whichever is smaller. Defaults to 3134 File. Cannot be updated. 3135 type: string 3136 tty: 3137 description: Whether this container 3138 should allocate a TTY for itself, 3139 also requires 'stdin' to be true. 3140 Default is false. 3141 type: boolean 3142 volumeDevices: 3143 description: volumeDevices is the 3144 list of block devices to be used 3145 by the container. 3146 type: array 3147 items: 3148 description: volumeDevice describes 3149 a mapping of a raw block device 3150 within a container. 3151 type: object 3152 required: 3153 - devicePath 3154 - name 3155 properties: 3156 devicePath: 3157 description: devicePath is the 3158 path inside of the container 3159 that the device will be mapped 3160 to. 3161 type: string 3162 name: 3163 description: name must match 3164 the name of a persistentVolumeClaim 3165 in the pod 3166 type: string 3167 volumeMounts: 3168 description: Pod volumes to mount 3169 into the container's filesystem. 3170 Cannot be updated. 3171 type: array 3172 items: 3173 description: VolumeMount describes 3174 a mounting of a Volume within 3175 a container. 3176 type: object 3177 required: 3178 - mountPath 3179 - name 3180 properties: 3181 mountPath: 3182 description: Path within the 3183 container at which the volume 3184 should be mounted. Must not 3185 contain ':'. 3186 type: string 3187 mountPropagation: 3188 description: mountPropagation 3189 determines how mounts are 3190 propagated from the host to 3191 container and the other way 3192 around. When not set, MountPropagationNone 3193 is used. This field is beta 3194 in 1.10. 3195 type: string 3196 name: 3197 description: This must match 3198 the Name of a Volume. 3199 type: string 3200 readOnly: 3201 description: Mounted read-only 3202 if true, read-write otherwise 3203 (false or unspecified). Defaults 3204 to false. 3205 type: boolean 3206 subPath: 3207 description: Path within the 3208 volume from which the container's 3209 volume should be mounted. 3210 Defaults to "" (volume's root). 3211 type: string 3212 subPathExpr: 3213 description: Expanded path within 3214 the volume from which the 3215 container's volume should 3216 be mounted. Behaves similarly 3217 to SubPath but environment 3218 variable references $(VAR_NAME) 3219 are expanded using the container's 3220 environment. Defaults to "" 3221 (volume's root). SubPathExpr 3222 and SubPath are mutually exclusive. 3223 type: string 3224 workingDir: 3225 description: Container's working directory. 3226 If not specified, the container 3227 runtime's default will be used, 3228 which might be configured in the 3229 container image. Cannot be updated. 3230 type: string 3231 dnsConfig: 3232 description: Specifies the DNS parameters 3233 of a pod. Parameters specified here will 3234 be merged to the generated DNS configuration 3235 based on DNSPolicy. 3236 type: object 3237 properties: 3238 nameservers: 3239 description: A list of DNS name server 3240 IP addresses. This will be appended 3241 to the base nameservers generated 3242 from DNSPolicy. Duplicated nameservers 3243 will be removed. 3244 type: array 3245 items: 3246 type: string 3247 options: 3248 description: A list of DNS resolver 3249 options. This will be merged with 3250 the base options generated from DNSPolicy. 3251 Duplicated entries will be removed. 3252 Resolution options given in Options 3253 will override those that appear in 3254 the base DNSPolicy. 3255 type: array 3256 items: 3257 description: PodDNSConfigOption defines 3258 DNS resolver options of a pod. 3259 type: object 3260 properties: 3261 name: 3262 description: Required. 3263 type: string 3264 value: 3265 type: string 3266 searches: 3267 description: A list of DNS search domains 3268 for host-name lookup. This will be 3269 appended to the base search paths 3270 generated from DNSPolicy. Duplicated 3271 search paths will be removed. 3272 type: array 3273 items: 3274 type: string 3275 dnsPolicy: 3276 description: Set DNS policy for the pod. 3277 Defaults to "ClusterFirst". Valid values 3278 are 'ClusterFirstWithHostNet', 'ClusterFirst', 3279 'Default' or 'None'. DNS parameters given 3280 in DNSConfig will be merged with the policy 3281 selected with DNSPolicy. To have DNS options 3282 set along with hostNetwork, you have to 3283 specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 3284 type: string 3285 enableServiceLinks: 3286 description: 'EnableServiceLinks indicates 3287 whether information about services should 3288 be injected into pod''s environment variables, 3289 matching the syntax of Docker links. Optional: 3290 Defaults to true.' 3291 type: boolean 3292 ephemeralContainers: 3293 description: List of ephemeral containers 3294 run in this pod. Ephemeral containers 3295 may be run in an existing pod to perform 3296 user-initiated actions such as debugging. 3297 This list cannot be specified when creating 3298 a pod, and it cannot be modified by updating 3299 the pod spec. In order to add an ephemeral 3300 container to an existing pod, use the 3301 pod's ephemeralcontainers subresource. 3302 This field is alpha-level and is only 3303 honored by servers that enable the EphemeralContainers 3304 feature. 3305 type: array 3306 items: 3307 description: An EphemeralContainer is 3308 a container that may be added temporarily 3309 to an existing pod for user-initiated 3310 activities such as debugging. Ephemeral 3311 containers have no resource or scheduling 3312 guarantees, and they will not be restarted 3313 when they exit or when a pod is removed 3314 or restarted. If an ephemeral container 3315 causes a pod to exceed its resource 3316 allocation, the pod may be evicted. 3317 Ephemeral containers may not be added 3318 by directly updating the pod spec. They 3319 must be added via the pod's ephemeralcontainers 3320 subresource, and they will appear in 3321 the pod spec once added. This is an 3322 alpha feature enabled by the EphemeralContainers 3323 feature flag. 3324 type: object 3325 required: 3326 - name 3327 properties: 3328 args: 3329 description: 'Arguments to the entrypoint. 3330 The docker image''s CMD is used 3331 if this is not provided. Variable 3332 references $(VAR_NAME) are expanded 3333 using the container''s environment. 3334 If a variable cannot be resolved, 3335 the reference in the input string 3336 will be unchanged. The $(VAR_NAME) 3337 syntax can be escaped with a double 3338 $$, ie: $$(VAR_NAME). Escaped references 3339 will never be expanded, regardless 3340 of whether the variable exists or 3341 not. Cannot be updated. More info: 3342 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 3343 type: array 3344 items: 3345 type: string 3346 command: 3347 description: 'Entrypoint array. Not 3348 executed within a shell. The docker 3349 image''s ENTRYPOINT is used if this 3350 is not provided. Variable references 3351 $(VAR_NAME) are expanded using the 3352 container''s environment. If a variable 3353 cannot be resolved, the reference 3354 in the input string will be unchanged. 3355 The $(VAR_NAME) syntax can be escaped 3356 with a double $$, ie: $$(VAR_NAME). 3357 Escaped references will never be 3358 expanded, regardless of whether 3359 the variable exists or not. Cannot 3360 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 3361 type: array 3362 items: 3363 type: string 3364 env: 3365 description: List of environment variables 3366 to set in the container. Cannot 3367 be updated. 3368 type: array 3369 items: 3370 description: EnvVar represents an 3371 environment variable present in 3372 a Container. 3373 type: object 3374 required: 3375 - name 3376 properties: 3377 name: 3378 description: Name of the environment 3379 variable. Must be a C_IDENTIFIER. 3380 type: string 3381 value: 3382 description: 'Variable references 3383 $(VAR_NAME) are expanded using 3384 the previous defined environment 3385 variables in the container 3386 and any service environment 3387 variables. If a variable cannot 3388 be resolved, the reference 3389 in the input string will be 3390 unchanged. The $(VAR_NAME) 3391 syntax can be escaped with 3392 a double $$, ie: $$(VAR_NAME). 3393 Escaped references will never 3394 be expanded, regardless of 3395 whether the variable exists 3396 or not. Defaults to "".' 3397 type: string 3398 valueFrom: 3399 description: Source for the 3400 environment variable's value. 3401 Cannot be used if value is 3402 not empty. 3403 type: object 3404 properties: 3405 configMapKeyRef: 3406 description: Selects a key 3407 of a ConfigMap. 3408 type: object 3409 required: 3410 - key 3411 properties: 3412 key: 3413 description: The key 3414 to select. 3415 type: string 3416 name: 3417 description: 'Name of 3418 the referent. More 3419 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3420 TODO: Add other useful 3421 fields. apiVersion, 3422 kind, uid?' 3423 type: string 3424 optional: 3425 description: Specify 3426 whether the ConfigMap 3427 or its key must be 3428 defined 3429 type: boolean 3430 fieldRef: 3431 description: 'Selects a 3432 field of the pod: supports 3433 metadata.name, metadata.namespace, 3434 metadata.labels, metadata.annotations, 3435 spec.nodeName, spec.serviceAccountName, 3436 status.hostIP, status.podIP, 3437 status.podIPs.' 3438 type: object 3439 required: 3440 - fieldPath 3441 properties: 3442 apiVersion: 3443 description: Version 3444 of the schema the 3445 FieldPath is written 3446 in terms of, defaults 3447 to "v1". 3448 type: string 3449 fieldPath: 3450 description: Path of 3451 the field to select 3452 in the specified API 3453 version. 3454 type: string 3455 resourceFieldRef: 3456 description: 'Selects a 3457 resource of the container: 3458 only resources limits 3459 and requests (limits.cpu, 3460 limits.memory, limits.ephemeral-storage, 3461 requests.cpu, requests.memory 3462 and requests.ephemeral-storage) 3463 are currently supported.' 3464 type: object 3465 required: 3466 - resource 3467 properties: 3468 containerName: 3469 description: 'Container 3470 name: required for 3471 volumes, optional 3472 for env vars' 3473 type: string 3474 divisor: 3475 description: Specifies 3476 the output format 3477 of the exposed resources, 3478 defaults to "1" 3479 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3480 anyOf: 3481 - type: integer 3482 - type: string 3483 x-kubernetes-int-or-string: true 3484 resource: 3485 description: 'Required: 3486 resource to select' 3487 type: string 3488 secretKeyRef: 3489 description: Selects a key 3490 of a secret in the pod's 3491 namespace 3492 type: object 3493 required: 3494 - key 3495 properties: 3496 key: 3497 description: The key 3498 of the secret to select 3499 from. Must be a valid 3500 secret key. 3501 type: string 3502 name: 3503 description: 'Name of 3504 the referent. More 3505 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3506 TODO: Add other useful 3507 fields. apiVersion, 3508 kind, uid?' 3509 type: string 3510 optional: 3511 description: Specify 3512 whether the Secret 3513 or its key must be 3514 defined 3515 type: boolean 3516 envFrom: 3517 description: List of sources to populate 3518 environment variables in the container. 3519 The keys defined within a source 3520 must be a C_IDENTIFIER. All invalid 3521 keys will be reported as an event 3522 when the container is starting. 3523 When a key exists in multiple sources, 3524 the value associated with the last 3525 source will take precedence. Values 3526 defined by an Env with a duplicate 3527 key will take precedence. Cannot 3528 be updated. 3529 type: array 3530 items: 3531 description: EnvFromSource represents 3532 the source of a set of ConfigMaps 3533 type: object 3534 properties: 3535 configMapRef: 3536 description: The ConfigMap to 3537 select from 3538 type: object 3539 properties: 3540 name: 3541 description: 'Name of the 3542 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3543 TODO: Add other useful 3544 fields. apiVersion, kind, 3545 uid?' 3546 type: string 3547 optional: 3548 description: Specify whether 3549 the ConfigMap must be 3550 defined 3551 type: boolean 3552 prefix: 3553 description: An optional identifier 3554 to prepend to each key in 3555 the ConfigMap. Must be a C_IDENTIFIER. 3556 type: string 3557 secretRef: 3558 description: The Secret to select 3559 from 3560 type: object 3561 properties: 3562 name: 3563 description: 'Name of the 3564 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3565 TODO: Add other useful 3566 fields. apiVersion, kind, 3567 uid?' 3568 type: string 3569 optional: 3570 description: Specify whether 3571 the Secret must be defined 3572 type: boolean 3573 image: 3574 description: 'Docker image name. More 3575 info: https://kubernetes.io/docs/concepts/containers/images' 3576 type: string 3577 imagePullPolicy: 3578 description: 'Image pull policy. One 3579 of Always, Never, IfNotPresent. 3580 Defaults to Always if :latest tag 3581 is specified, or IfNotPresent otherwise. 3582 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 3583 type: string 3584 lifecycle: 3585 description: Lifecycle is not allowed 3586 for ephemeral containers. 3587 type: object 3588 properties: 3589 postStart: 3590 description: 'PostStart is called 3591 immediately after a container 3592 is created. If the handler fails, 3593 the container is terminated 3594 and restarted according to its 3595 restart policy. Other management 3596 of the container blocks until 3597 the hook completes. More info: 3598 https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3599 type: object 3600 properties: 3601 exec: 3602 description: One and only 3603 one of the following should 3604 be specified. Exec specifies 3605 the action to take. 3606 type: object 3607 properties: 3608 command: 3609 description: Command is 3610 the command line to 3611 execute inside the container, 3612 the working directory 3613 for the command is 3614 root ('/') in the container's 3615 filesystem. The command 3616 is simply exec'd, it 3617 is not run inside a 3618 shell, so traditional 3619 shell instructions ('|', 3620 etc) won't work. To 3621 use a shell, you need 3622 to explicitly call out 3623 to that shell. Exit 3624 status of 0 is treated 3625 as live/healthy and 3626 non-zero is unhealthy. 3627 type: array 3628 items: 3629 type: string 3630 httpGet: 3631 description: HTTPGet specifies 3632 the http request to perform. 3633 type: object 3634 required: 3635 - port 3636 properties: 3637 host: 3638 description: Host name 3639 to connect to, defaults 3640 to the pod IP. You probably 3641 want to set "Host" in 3642 httpHeaders instead. 3643 type: string 3644 httpHeaders: 3645 description: Custom headers 3646 to set in the request. 3647 HTTP allows repeated 3648 headers. 3649 type: array 3650 items: 3651 description: HTTPHeader 3652 describes a custom 3653 header to be used 3654 in HTTP probes 3655 type: object 3656 required: 3657 - name 3658 - value 3659 properties: 3660 name: 3661 description: The 3662 header field name 3663 type: string 3664 value: 3665 description: The 3666 header field value 3667 type: string 3668 path: 3669 description: Path to access 3670 on the HTTP server. 3671 type: string 3672 port: 3673 description: Name or number 3674 of the port to access 3675 on the container. Number 3676 must be in the range 3677 1 to 65535. Name must 3678 be an IANA_SVC_NAME. 3679 anyOf: 3680 - type: integer 3681 - type: string 3682 x-kubernetes-int-or-string: true 3683 scheme: 3684 description: Scheme to 3685 use for connecting to 3686 the host. Defaults to 3687 HTTP. 3688 type: string 3689 tcpSocket: 3690 description: 'TCPSocket specifies 3691 an action involving a TCP 3692 port. TCP hooks not yet 3693 supported TODO: implement 3694 a realistic TCP lifecycle 3695 hook' 3696 type: object 3697 required: 3698 - port 3699 properties: 3700 host: 3701 description: 'Optional: 3702 Host name to connect 3703 to, defaults to the 3704 pod IP.' 3705 type: string 3706 port: 3707 description: Number or 3708 name of the port to 3709 access on the container. 3710 Number must be in the 3711 range 1 to 65535. Name 3712 must be an IANA_SVC_NAME. 3713 anyOf: 3714 - type: integer 3715 - type: string 3716 x-kubernetes-int-or-string: true 3717 preStop: 3718 description: 'PreStop is called 3719 immediately before a container 3720 is terminated due to an API 3721 request or management event 3722 such as liveness/startup probe 3723 failure, preemption, resource 3724 contention, etc. The handler 3725 is not called if the container 3726 crashes or exits. The reason 3727 for termination is passed to 3728 the handler. The Pod''s termination 3729 grace period countdown begins 3730 before the PreStop hooked is 3731 executed. Regardless of the 3732 outcome of the handler, the 3733 container will eventually terminate 3734 within the Pod''s termination 3735 grace period. Other management 3736 of the container blocks until 3737 the hook completes or until 3738 the termination grace period 3739 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3740 type: object 3741 properties: 3742 exec: 3743 description: One and only 3744 one of the following should 3745 be specified. Exec specifies 3746 the action to take. 3747 type: object 3748 properties: 3749 command: 3750 description: Command is 3751 the command line to 3752 execute inside the container, 3753 the working directory 3754 for the command is 3755 root ('/') in the container's 3756 filesystem. The command 3757 is simply exec'd, it 3758 is not run inside a 3759 shell, so traditional 3760 shell instructions ('|', 3761 etc) won't work. To 3762 use a shell, you need 3763 to explicitly call out 3764 to that shell. Exit 3765 status of 0 is treated 3766 as live/healthy and 3767 non-zero is unhealthy. 3768 type: array 3769 items: 3770 type: string 3771 httpGet: 3772 description: HTTPGet specifies 3773 the http request to perform. 3774 type: object 3775 required: 3776 - port 3777 properties: 3778 host: 3779 description: Host name 3780 to connect to, defaults 3781 to the pod IP. You probably 3782 want to set "Host" in 3783 httpHeaders instead. 3784 type: string 3785 httpHeaders: 3786 description: Custom headers 3787 to set in the request. 3788 HTTP allows repeated 3789 headers. 3790 type: array 3791 items: 3792 description: HTTPHeader 3793 describes a custom 3794 header to be used 3795 in HTTP probes 3796 type: object 3797 required: 3798 - name 3799 - value 3800 properties: 3801 name: 3802 description: The 3803 header field name 3804 type: string 3805 value: 3806 description: The 3807 header field value 3808 type: string 3809 path: 3810 description: Path to access 3811 on the HTTP server. 3812 type: string 3813 port: 3814 description: Name or number 3815 of the port to access 3816 on the container. Number 3817 must be in the range 3818 1 to 65535. Name must 3819 be an IANA_SVC_NAME. 3820 anyOf: 3821 - type: integer 3822 - type: string 3823 x-kubernetes-int-or-string: true 3824 scheme: 3825 description: Scheme to 3826 use for connecting to 3827 the host. Defaults to 3828 HTTP. 3829 type: string 3830 tcpSocket: 3831 description: 'TCPSocket specifies 3832 an action involving a TCP 3833 port. TCP hooks not yet 3834 supported TODO: implement 3835 a realistic TCP lifecycle 3836 hook' 3837 type: object 3838 required: 3839 - port 3840 properties: 3841 host: 3842 description: 'Optional: 3843 Host name to connect 3844 to, defaults to the 3845 pod IP.' 3846 type: string 3847 port: 3848 description: Number or 3849 name of the port to 3850 access on the container. 3851 Number must be in the 3852 range 1 to 65535. Name 3853 must be an IANA_SVC_NAME. 3854 anyOf: 3855 - type: integer 3856 - type: string 3857 x-kubernetes-int-or-string: true 3858 livenessProbe: 3859 description: Probes are not allowed 3860 for ephemeral containers. 3861 type: object 3862 properties: 3863 exec: 3864 description: One and only one 3865 of the following should be specified. 3866 Exec specifies the action to 3867 take. 3868 type: object 3869 properties: 3870 command: 3871 description: Command is the 3872 command line to execute 3873 inside the container, the 3874 working directory for the 3875 command is root ('/') in 3876 the container's filesystem. 3877 The command is simply exec'd, 3878 it is not run inside a shell, 3879 so traditional shell instructions 3880 ('|', etc) won't work. To 3881 use a shell, you need to 3882 explicitly call out to that 3883 shell. Exit status of 0 3884 is treated as live/healthy 3885 and non-zero is unhealthy. 3886 type: array 3887 items: 3888 type: string 3889 failureThreshold: 3890 description: Minimum consecutive 3891 failures for the probe to be 3892 considered failed after having 3893 succeeded. Defaults to 3. Minimum 3894 value is 1. 3895 type: integer 3896 format: int32 3897 httpGet: 3898 description: HTTPGet specifies 3899 the http request to perform. 3900 type: object 3901 required: 3902 - port 3903 properties: 3904 host: 3905 description: Host name to 3906 connect to, defaults to 3907 the pod IP. You probably 3908 want to set "Host" in httpHeaders 3909 instead. 3910 type: string 3911 httpHeaders: 3912 description: Custom headers 3913 to set in the request. HTTP 3914 allows repeated headers. 3915 type: array 3916 items: 3917 description: HTTPHeader 3918 describes a custom header 3919 to be used in HTTP probes 3920 type: object 3921 required: 3922 - name 3923 - value 3924 properties: 3925 name: 3926 description: The header 3927 field name 3928 type: string 3929 value: 3930 description: The header 3931 field value 3932 type: string 3933 path: 3934 description: Path to access 3935 on the HTTP server. 3936 type: string 3937 port: 3938 description: Name or number 3939 of the port to access on 3940 the container. Number must 3941 be in the range 1 to 65535. 3942 Name must be an IANA_SVC_NAME. 3943 anyOf: 3944 - type: integer 3945 - type: string 3946 x-kubernetes-int-or-string: true 3947 scheme: 3948 description: Scheme to use 3949 for connecting to the host. 3950 Defaults to HTTP. 3951 type: string 3952 initialDelaySeconds: 3953 description: 'Number of seconds 3954 after the container has started 3955 before liveness probes are initiated. 3956 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3957 type: integer 3958 format: int32 3959 periodSeconds: 3960 description: How often (in seconds) 3961 to perform the probe. Default 3962 to 10 seconds. Minimum value 3963 is 1. 3964 type: integer 3965 format: int32 3966 successThreshold: 3967 description: Minimum consecutive 3968 successes for the probe to be 3969 considered successful after 3970 having failed. Defaults to 1. 3971 Must be 1 for liveness and startup. 3972 Minimum value is 1. 3973 type: integer 3974 format: int32 3975 tcpSocket: 3976 description: 'TCPSocket specifies 3977 an action involving a TCP port. 3978 TCP hooks not yet supported 3979 TODO: implement a realistic 3980 TCP lifecycle hook' 3981 type: object 3982 required: 3983 - port 3984 properties: 3985 host: 3986 description: 'Optional: Host 3987 name to connect to, defaults 3988 to the pod IP.' 3989 type: string 3990 port: 3991 description: Number or name 3992 of the port to access on 3993 the container. Number must 3994 be in the range 1 to 65535. 3995 Name must be an IANA_SVC_NAME. 3996 anyOf: 3997 - type: integer 3998 - type: string 3999 x-kubernetes-int-or-string: true 4000 timeoutSeconds: 4001 description: 'Number of seconds 4002 after which the probe times 4003 out. Defaults to 1 second. Minimum 4004 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4005 type: integer 4006 format: int32 4007 name: 4008 description: Name of the ephemeral 4009 container specified as a DNS_LABEL. 4010 This name must be unique among all 4011 containers, init containers and 4012 ephemeral containers. 4013 type: string 4014 ports: 4015 description: Ports are not allowed 4016 for ephemeral containers. 4017 type: array 4018 items: 4019 description: ContainerPort represents 4020 a network port in a single container. 4021 type: object 4022 required: 4023 - containerPort 4024 properties: 4025 containerPort: 4026 description: Number of port 4027 to expose on the pod's IP 4028 address. This must be a valid 4029 port number, 0 < x < 65536. 4030 type: integer 4031 format: int32 4032 hostIP: 4033 description: What host IP to 4034 bind the external port to. 4035 type: string 4036 hostPort: 4037 description: Number of port 4038 to expose on the host. If 4039 specified, this must be a 4040 valid port number, 0 < x < 4041 65536. If HostNetwork is specified, 4042 this must match ContainerPort. 4043 Most containers do not need 4044 this. 4045 type: integer 4046 format: int32 4047 name: 4048 description: If specified, this 4049 must be an IANA_SVC_NAME and 4050 unique within the pod. Each 4051 named port in a pod must have 4052 a unique name. Name for the 4053 port that can be referred 4054 to by services. 4055 type: string 4056 protocol: 4057 description: Protocol for port. 4058 Must be UDP, TCP, or SCTP. 4059 Defaults to "TCP". 4060 type: string 4061 readinessProbe: 4062 description: Probes are not allowed 4063 for ephemeral containers. 4064 type: object 4065 properties: 4066 exec: 4067 description: One and only one 4068 of the following should be specified. 4069 Exec specifies the action to 4070 take. 4071 type: object 4072 properties: 4073 command: 4074 description: Command is the 4075 command line to execute 4076 inside the container, the 4077 working directory for the 4078 command is root ('/') in 4079 the container's filesystem. 4080 The command is simply exec'd, 4081 it is not run inside a shell, 4082 so traditional shell instructions 4083 ('|', etc) won't work. To 4084 use a shell, you need to 4085 explicitly call out to that 4086 shell. Exit status of 0 4087 is treated as live/healthy 4088 and non-zero is unhealthy. 4089 type: array 4090 items: 4091 type: string 4092 failureThreshold: 4093 description: Minimum consecutive 4094 failures for the probe to be 4095 considered failed after having 4096 succeeded. Defaults to 3. Minimum 4097 value is 1. 4098 type: integer 4099 format: int32 4100 httpGet: 4101 description: HTTPGet specifies 4102 the http request to perform. 4103 type: object 4104 required: 4105 - port 4106 properties: 4107 host: 4108 description: Host name to 4109 connect to, defaults to 4110 the pod IP. You probably 4111 want to set "Host" in httpHeaders 4112 instead. 4113 type: string 4114 httpHeaders: 4115 description: Custom headers 4116 to set in the request. HTTP 4117 allows repeated headers. 4118 type: array 4119 items: 4120 description: HTTPHeader 4121 describes a custom header 4122 to be used in HTTP probes 4123 type: object 4124 required: 4125 - name 4126 - value 4127 properties: 4128 name: 4129 description: The header 4130 field name 4131 type: string 4132 value: 4133 description: The header 4134 field value 4135 type: string 4136 path: 4137 description: Path to access 4138 on the HTTP server. 4139 type: string 4140 port: 4141 description: Name or number 4142 of the port to access on 4143 the container. Number must 4144 be in the range 1 to 65535. 4145 Name must be an IANA_SVC_NAME. 4146 anyOf: 4147 - type: integer 4148 - type: string 4149 x-kubernetes-int-or-string: true 4150 scheme: 4151 description: Scheme to use 4152 for connecting to the host. 4153 Defaults to HTTP. 4154 type: string 4155 initialDelaySeconds: 4156 description: 'Number of seconds 4157 after the container has started 4158 before liveness probes are initiated. 4159 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4160 type: integer 4161 format: int32 4162 periodSeconds: 4163 description: How often (in seconds) 4164 to perform the probe. Default 4165 to 10 seconds. Minimum value 4166 is 1. 4167 type: integer 4168 format: int32 4169 successThreshold: 4170 description: Minimum consecutive 4171 successes for the probe to be 4172 considered successful after 4173 having failed. Defaults to 1. 4174 Must be 1 for liveness and startup. 4175 Minimum value is 1. 4176 type: integer 4177 format: int32 4178 tcpSocket: 4179 description: 'TCPSocket specifies 4180 an action involving a TCP port. 4181 TCP hooks not yet supported 4182 TODO: implement a realistic 4183 TCP lifecycle hook' 4184 type: object 4185 required: 4186 - port 4187 properties: 4188 host: 4189 description: 'Optional: Host 4190 name to connect to, defaults 4191 to the pod IP.' 4192 type: string 4193 port: 4194 description: Number or name 4195 of the port to access on 4196 the container. Number must 4197 be in the range 1 to 65535. 4198 Name must be an IANA_SVC_NAME. 4199 anyOf: 4200 - type: integer 4201 - type: string 4202 x-kubernetes-int-or-string: true 4203 timeoutSeconds: 4204 description: 'Number of seconds 4205 after which the probe times 4206 out. Defaults to 1 second. Minimum 4207 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4208 type: integer 4209 format: int32 4210 resources: 4211 description: Resources are not allowed 4212 for ephemeral containers. Ephemeral 4213 containers use spare resources already 4214 allocated to the pod. 4215 type: object 4216 properties: 4217 limits: 4218 description: 'Limits describes 4219 the maximum amount of compute 4220 resources allowed. More info: 4221 https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 4222 type: object 4223 additionalProperties: 4224 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4225 anyOf: 4226 - type: integer 4227 - type: string 4228 x-kubernetes-int-or-string: true 4229 requests: 4230 description: 'Requests describes 4231 the minimum amount of compute 4232 resources required. If Requests 4233 is omitted for a container, 4234 it defaults to Limits if that 4235 is explicitly specified, otherwise 4236 to an implementation-defined 4237 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 4238 type: object 4239 additionalProperties: 4240 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4241 anyOf: 4242 - type: integer 4243 - type: string 4244 x-kubernetes-int-or-string: true 4245 securityContext: 4246 description: SecurityContext is not 4247 allowed for ephemeral containers. 4248 type: object 4249 properties: 4250 allowPrivilegeEscalation: 4251 description: 'AllowPrivilegeEscalation 4252 controls whether a process can 4253 gain more privileges than its 4254 parent process. This bool directly 4255 controls if the no_new_privs 4256 flag will be set on the container 4257 process. AllowPrivilegeEscalation 4258 is true always when the container 4259 is: 1) run as Privileged 2) 4260 has CAP_SYS_ADMIN' 4261 type: boolean 4262 capabilities: 4263 description: The capabilities 4264 to add/drop when running containers. 4265 Defaults to the default set 4266 of capabilities granted by the 4267 container runtime. 4268 type: object 4269 properties: 4270 add: 4271 description: Added capabilities 4272 type: array 4273 items: 4274 description: Capability 4275 represent POSIX capabilities 4276 type 4277 type: string 4278 drop: 4279 description: Removed capabilities 4280 type: array 4281 items: 4282 description: Capability 4283 represent POSIX capabilities 4284 type 4285 type: string 4286 privileged: 4287 description: Run container in 4288 privileged mode. Processes in 4289 privileged containers are essentially 4290 equivalent to root on the host. 4291 Defaults to false. 4292 type: boolean 4293 procMount: 4294 description: procMount denotes 4295 the type of proc mount to use 4296 for the containers. The default 4297 is DefaultProcMount which uses 4298 the container runtime defaults 4299 for readonly paths and masked 4300 paths. This requires the ProcMountType 4301 feature flag to be enabled. 4302 type: string 4303 readOnlyRootFilesystem: 4304 description: Whether this container 4305 has a read-only root filesystem. 4306 Default is false. 4307 type: boolean 4308 runAsGroup: 4309 description: The GID to run the 4310 entrypoint of the container 4311 process. Uses runtime default 4312 if unset. May also be set in 4313 PodSecurityContext. If set 4314 in both SecurityContext and 4315 PodSecurityContext, the value 4316 specified in SecurityContext 4317 takes precedence. 4318 type: integer 4319 format: int64 4320 runAsNonRoot: 4321 description: Indicates that the 4322 container must run as a non-root 4323 user. If true, the Kubelet will 4324 validate the image at runtime 4325 to ensure that it does not run 4326 as UID 0 (root) and fail to 4327 start the container if it does. 4328 If unset or false, no such validation 4329 will be performed. May also 4330 be set in PodSecurityContext. If 4331 set in both SecurityContext 4332 and PodSecurityContext, the 4333 value specified in SecurityContext 4334 takes precedence. 4335 type: boolean 4336 runAsUser: 4337 description: The UID to run the 4338 entrypoint of the container 4339 process. Defaults to user specified 4340 in image metadata if unspecified. 4341 May also be set in PodSecurityContext. If 4342 set in both SecurityContext 4343 and PodSecurityContext, the 4344 value specified in SecurityContext 4345 takes precedence. 4346 type: integer 4347 format: int64 4348 seLinuxOptions: 4349 description: The SELinux context 4350 to be applied to the container. 4351 If unspecified, the container 4352 runtime will allocate a random 4353 SELinux context for each container. May 4354 also be set in PodSecurityContext. If 4355 set in both SecurityContext 4356 and PodSecurityContext, the 4357 value specified in SecurityContext 4358 takes precedence. 4359 type: object 4360 properties: 4361 level: 4362 description: Level is SELinux 4363 level label that applies 4364 to the container. 4365 type: string 4366 role: 4367 description: Role is a SELinux 4368 role label that applies 4369 to the container. 4370 type: string 4371 type: 4372 description: Type is a SELinux 4373 type label that applies 4374 to the container. 4375 type: string 4376 user: 4377 description: User is a SELinux 4378 user label that applies 4379 to the container. 4380 type: string 4381 windowsOptions: 4382 description: The Windows specific 4383 settings applied to all containers. 4384 If unspecified, the options 4385 from the PodSecurityContext 4386 will be used. If set in both 4387 SecurityContext and PodSecurityContext, 4388 the value specified in SecurityContext 4389 takes precedence. 4390 type: object 4391 properties: 4392 gmsaCredentialSpec: 4393 description: GMSACredentialSpec 4394 is where the GMSA admission 4395 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 4396 inlines the contents of 4397 the GMSA credential spec 4398 named by the GMSACredentialSpecName 4399 field. 4400 type: string 4401 gmsaCredentialSpecName: 4402 description: GMSACredentialSpecName 4403 is the name of the GMSA 4404 credential spec to use. 4405 type: string 4406 runAsUserName: 4407 description: The UserName 4408 in Windows to run the entrypoint 4409 of the container process. 4410 Defaults to the user specified 4411 in image metadata if unspecified. 4412 May also be set in PodSecurityContext. 4413 If set in both SecurityContext 4414 and PodSecurityContext, 4415 the value specified in SecurityContext 4416 takes precedence. 4417 type: string 4418 startupProbe: 4419 description: Probes are not allowed 4420 for ephemeral containers. 4421 type: object 4422 properties: 4423 exec: 4424 description: One and only one 4425 of the following should be specified. 4426 Exec specifies the action to 4427 take. 4428 type: object 4429 properties: 4430 command: 4431 description: Command is the 4432 command line to execute 4433 inside the container, the 4434 working directory for the 4435 command is root ('/') in 4436 the container's filesystem. 4437 The command is simply exec'd, 4438 it is not run inside a shell, 4439 so traditional shell instructions 4440 ('|', etc) won't work. To 4441 use a shell, you need to 4442 explicitly call out to that 4443 shell. Exit status of 0 4444 is treated as live/healthy 4445 and non-zero is unhealthy. 4446 type: array 4447 items: 4448 type: string 4449 failureThreshold: 4450 description: Minimum consecutive 4451 failures for the probe to be 4452 considered failed after having 4453 succeeded. Defaults to 3. Minimum 4454 value is 1. 4455 type: integer 4456 format: int32 4457 httpGet: 4458 description: HTTPGet specifies 4459 the http request to perform. 4460 type: object 4461 required: 4462 - port 4463 properties: 4464 host: 4465 description: Host name to 4466 connect to, defaults to 4467 the pod IP. You probably 4468 want to set "Host" in httpHeaders 4469 instead. 4470 type: string 4471 httpHeaders: 4472 description: Custom headers 4473 to set in the request. HTTP 4474 allows repeated headers. 4475 type: array 4476 items: 4477 description: HTTPHeader 4478 describes a custom header 4479 to be used in HTTP probes 4480 type: object 4481 required: 4482 - name 4483 - value 4484 properties: 4485 name: 4486 description: The header 4487 field name 4488 type: string 4489 value: 4490 description: The header 4491 field value 4492 type: string 4493 path: 4494 description: Path to access 4495 on the HTTP server. 4496 type: string 4497 port: 4498 description: Name or number 4499 of the port to access on 4500 the container. Number must 4501 be in the range 1 to 65535. 4502 Name must be an IANA_SVC_NAME. 4503 anyOf: 4504 - type: integer 4505 - type: string 4506 x-kubernetes-int-or-string: true 4507 scheme: 4508 description: Scheme to use 4509 for connecting to the host. 4510 Defaults to HTTP. 4511 type: string 4512 initialDelaySeconds: 4513 description: 'Number of seconds 4514 after the container has started 4515 before liveness probes are initiated. 4516 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4517 type: integer 4518 format: int32 4519 periodSeconds: 4520 description: How often (in seconds) 4521 to perform the probe. Default 4522 to 10 seconds. Minimum value 4523 is 1. 4524 type: integer 4525 format: int32 4526 successThreshold: 4527 description: Minimum consecutive 4528 successes for the probe to be 4529 considered successful after 4530 having failed. Defaults to 1. 4531 Must be 1 for liveness and startup. 4532 Minimum value is 1. 4533 type: integer 4534 format: int32 4535 tcpSocket: 4536 description: 'TCPSocket specifies 4537 an action involving a TCP port. 4538 TCP hooks not yet supported 4539 TODO: implement a realistic 4540 TCP lifecycle hook' 4541 type: object 4542 required: 4543 - port 4544 properties: 4545 host: 4546 description: 'Optional: Host 4547 name to connect to, defaults 4548 to the pod IP.' 4549 type: string 4550 port: 4551 description: Number or name 4552 of the port to access on 4553 the container. Number must 4554 be in the range 1 to 65535. 4555 Name must be an IANA_SVC_NAME. 4556 anyOf: 4557 - type: integer 4558 - type: string 4559 x-kubernetes-int-or-string: true 4560 timeoutSeconds: 4561 description: 'Number of seconds 4562 after which the probe times 4563 out. Defaults to 1 second. Minimum 4564 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4565 type: integer 4566 format: int32 4567 stdin: 4568 description: Whether this container 4569 should allocate a buffer for stdin 4570 in the container runtime. If this 4571 is not set, reads from stdin in 4572 the container will always result 4573 in EOF. Default is false. 4574 type: boolean 4575 stdinOnce: 4576 description: Whether the container 4577 runtime should close the stdin channel 4578 after it has been opened by a single 4579 attach. When stdin is true the stdin 4580 stream will remain open across multiple 4581 attach sessions. If stdinOnce is 4582 set to true, stdin is opened on 4583 container start, is empty until 4584 the first client attaches to stdin, 4585 and then remains open and accepts 4586 data until the client disconnects, 4587 at which time stdin is closed and 4588 remains closed until the container 4589 is restarted. If this flag is false, 4590 a container processes that reads 4591 from stdin will never receive an 4592 EOF. Default is false 4593 type: boolean 4594 targetContainerName: 4595 description: If set, the name of the 4596 container from PodSpec that this 4597 ephemeral container targets. The 4598 ephemeral container will be run 4599 in the namespaces (IPC, PID, etc) 4600 of this container. If not set then 4601 the ephemeral container is run in 4602 whatever namespaces are shared for 4603 the pod. Note that the container 4604 runtime must support this feature. 4605 type: string 4606 terminationMessagePath: 4607 description: 'Optional: Path at which 4608 the file to which the container''s 4609 termination message will be written 4610 is mounted into the container''s 4611 filesystem. Message written is intended 4612 to be brief final status, such as 4613 an assertion failure message. Will 4614 be truncated by the node if greater 4615 than 4096 bytes. The total message 4616 length across all containers will 4617 be limited to 12kb. Defaults to 4618 /dev/termination-log. Cannot be 4619 updated.' 4620 type: string 4621 terminationMessagePolicy: 4622 description: Indicate how the termination 4623 message should be populated. File 4624 will use the contents of terminationMessagePath 4625 to populate the container status 4626 message on both success and failure. 4627 FallbackToLogsOnError will use the 4628 last chunk of container log output 4629 if the termination message file 4630 is empty and the container exited 4631 with an error. The log output is 4632 limited to 2048 bytes or 80 lines, 4633 whichever is smaller. Defaults to 4634 File. Cannot be updated. 4635 type: string 4636 tty: 4637 description: Whether this container 4638 should allocate a TTY for itself, 4639 also requires 'stdin' to be true. 4640 Default is false. 4641 type: boolean 4642 volumeDevices: 4643 description: volumeDevices is the 4644 list of block devices to be used 4645 by the container. 4646 type: array 4647 items: 4648 description: volumeDevice describes 4649 a mapping of a raw block device 4650 within a container. 4651 type: object 4652 required: 4653 - devicePath 4654 - name 4655 properties: 4656 devicePath: 4657 description: devicePath is the 4658 path inside of the container 4659 that the device will be mapped 4660 to. 4661 type: string 4662 name: 4663 description: name must match 4664 the name of a persistentVolumeClaim 4665 in the pod 4666 type: string 4667 volumeMounts: 4668 description: Pod volumes to mount 4669 into the container's filesystem. 4670 Cannot be updated. 4671 type: array 4672 items: 4673 description: VolumeMount describes 4674 a mounting of a Volume within 4675 a container. 4676 type: object 4677 required: 4678 - mountPath 4679 - name 4680 properties: 4681 mountPath: 4682 description: Path within the 4683 container at which the volume 4684 should be mounted. Must not 4685 contain ':'. 4686 type: string 4687 mountPropagation: 4688 description: mountPropagation 4689 determines how mounts are 4690 propagated from the host to 4691 container and the other way 4692 around. When not set, MountPropagationNone 4693 is used. This field is beta 4694 in 1.10. 4695 type: string 4696 name: 4697 description: This must match 4698 the Name of a Volume. 4699 type: string 4700 readOnly: 4701 description: Mounted read-only 4702 if true, read-write otherwise 4703 (false or unspecified). Defaults 4704 to false. 4705 type: boolean 4706 subPath: 4707 description: Path within the 4708 volume from which the container's 4709 volume should be mounted. 4710 Defaults to "" (volume's root). 4711 type: string 4712 subPathExpr: 4713 description: Expanded path within 4714 the volume from which the 4715 container's volume should 4716 be mounted. Behaves similarly 4717 to SubPath but environment 4718 variable references $(VAR_NAME) 4719 are expanded using the container's 4720 environment. Defaults to "" 4721 (volume's root). SubPathExpr 4722 and SubPath are mutually exclusive. 4723 type: string 4724 workingDir: 4725 description: Container's working directory. 4726 If not specified, the container 4727 runtime's default will be used, 4728 which might be configured in the 4729 container image. Cannot be updated. 4730 type: string 4731 hostAliases: 4732 description: HostAliases is an optional 4733 list of hosts and IPs that will be injected 4734 into the pod's hosts file if specified. 4735 This is only valid for non-hostNetwork 4736 pods. 4737 type: array 4738 items: 4739 description: HostAlias holds the mapping 4740 between IP and hostnames that will be 4741 injected as an entry in the pod's hosts 4742 file. 4743 type: object 4744 properties: 4745 hostnames: 4746 description: Hostnames for the above 4747 IP address. 4748 type: array 4749 items: 4750 type: string 4751 ip: 4752 description: IP address of the host 4753 file entry. 4754 type: string 4755 hostIPC: 4756 description: 'Use the host''s ipc namespace. 4757 Optional: Default to false.' 4758 type: boolean 4759 hostNetwork: 4760 description: Host networking requested for 4761 this pod. Use the host's network namespace. 4762 If this option is set, the ports that 4763 will be used must be specified. Default 4764 to false. 4765 type: boolean 4766 hostPID: 4767 description: 'Use the host''s pid namespace. 4768 Optional: Default to false.' 4769 type: boolean 4770 hostname: 4771 description: Specifies the hostname of the 4772 Pod If not specified, the pod's hostname 4773 will be set to a system-defined value. 4774 type: string 4775 imagePullSecrets: 4776 description: 'ImagePullSecrets is an optional 4777 list of references to secrets in the same 4778 namespace to use for pulling any of the 4779 images used by this PodSpec. If specified, 4780 these secrets will be passed to individual 4781 puller implementations for them to use. 4782 For example, in the case of docker, only 4783 DockerConfig type secrets are honored. 4784 More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 4785 type: array 4786 items: 4787 description: LocalObjectReference contains 4788 enough information to let you locate 4789 the referenced object inside the same 4790 namespace. 4791 type: object 4792 properties: 4793 name: 4794 description: 'Name of the referent. 4795 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4796 TODO: Add other useful fields. apiVersion, 4797 kind, uid?' 4798 type: string 4799 initContainers: 4800 description: 'List of initialization containers 4801 belonging to the pod. Init containers 4802 are executed in order prior to containers 4803 being started. If any init container fails, 4804 the pod is considered to have failed and 4805 is handled according to its restartPolicy. 4806 The name for an init container or normal 4807 container must be unique among all containers. 4808 Init containers may not have Lifecycle 4809 actions, Readiness probes, Liveness probes, 4810 or Startup probes. The resourceRequirements 4811 of an init container are taken into account 4812 during scheduling by finding the highest 4813 request/limit for each resource type, 4814 and then using the max of of that value 4815 or the sum of the normal containers. Limits 4816 are applied to init containers in a similar 4817 fashion. Init containers cannot currently 4818 be added or removed. Cannot be updated. 4819 More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' 4820 type: array 4821 items: 4822 description: A single application container 4823 that you want to run within a pod. 4824 type: object 4825 required: 4826 - name 4827 properties: 4828 args: 4829 description: 'Arguments to the entrypoint. 4830 The docker image''s CMD is used 4831 if this is not provided. Variable 4832 references $(VAR_NAME) are expanded 4833 using the container''s environment. 4834 If a variable cannot be resolved, 4835 the reference in the input string 4836 will be unchanged. The $(VAR_NAME) 4837 syntax can be escaped with a double 4838 $$, ie: $$(VAR_NAME). Escaped references 4839 will never be expanded, regardless 4840 of whether the variable exists or 4841 not. Cannot be updated. More info: 4842 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4843 type: array 4844 items: 4845 type: string 4846 command: 4847 description: 'Entrypoint array. Not 4848 executed within a shell. The docker 4849 image''s ENTRYPOINT is used if this 4850 is not provided. Variable references 4851 $(VAR_NAME) are expanded using the 4852 container''s environment. If a variable 4853 cannot be resolved, the reference 4854 in the input string will be unchanged. 4855 The $(VAR_NAME) syntax can be escaped 4856 with a double $$, ie: $$(VAR_NAME). 4857 Escaped references will never be 4858 expanded, regardless of whether 4859 the variable exists or not. Cannot 4860 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4861 type: array 4862 items: 4863 type: string 4864 env: 4865 description: List of environment variables 4866 to set in the container. Cannot 4867 be updated. 4868 type: array 4869 items: 4870 description: EnvVar represents an 4871 environment variable present in 4872 a Container. 4873 type: object 4874 required: 4875 - name 4876 properties: 4877 name: 4878 description: Name of the environment 4879 variable. Must be a C_IDENTIFIER. 4880 type: string 4881 value: 4882 description: 'Variable references 4883 $(VAR_NAME) are expanded using 4884 the previous defined environment 4885 variables in the container 4886 and any service environment 4887 variables. If a variable cannot 4888 be resolved, the reference 4889 in the input string will be 4890 unchanged. The $(VAR_NAME) 4891 syntax can be escaped with 4892 a double $$, ie: $$(VAR_NAME). 4893 Escaped references will never 4894 be expanded, regardless of 4895 whether the variable exists 4896 or not. Defaults to "".' 4897 type: string 4898 valueFrom: 4899 description: Source for the 4900 environment variable's value. 4901 Cannot be used if value is 4902 not empty. 4903 type: object 4904 properties: 4905 configMapKeyRef: 4906 description: Selects a key 4907 of a ConfigMap. 4908 type: object 4909 required: 4910 - key 4911 properties: 4912 key: 4913 description: The key 4914 to select. 4915 type: string 4916 name: 4917 description: 'Name of 4918 the referent. More 4919 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4920 TODO: Add other useful 4921 fields. apiVersion, 4922 kind, uid?' 4923 type: string 4924 optional: 4925 description: Specify 4926 whether the ConfigMap 4927 or its key must be 4928 defined 4929 type: boolean 4930 fieldRef: 4931 description: 'Selects a 4932 field of the pod: supports 4933 metadata.name, metadata.namespace, 4934 metadata.labels, metadata.annotations, 4935 spec.nodeName, spec.serviceAccountName, 4936 status.hostIP, status.podIP, 4937 status.podIPs.' 4938 type: object 4939 required: 4940 - fieldPath 4941 properties: 4942 apiVersion: 4943 description: Version 4944 of the schema the 4945 FieldPath is written 4946 in terms of, defaults 4947 to "v1". 4948 type: string 4949 fieldPath: 4950 description: Path of 4951 the field to select 4952 in the specified API 4953 version. 4954 type: string 4955 resourceFieldRef: 4956 description: 'Selects a 4957 resource of the container: 4958 only resources limits 4959 and requests (limits.cpu, 4960 limits.memory, limits.ephemeral-storage, 4961 requests.cpu, requests.memory 4962 and requests.ephemeral-storage) 4963 are currently supported.' 4964 type: object 4965 required: 4966 - resource 4967 properties: 4968 containerName: 4969 description: 'Container 4970 name: required for 4971 volumes, optional 4972 for env vars' 4973 type: string 4974 divisor: 4975 description: Specifies 4976 the output format 4977 of the exposed resources, 4978 defaults to "1" 4979 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4980 anyOf: 4981 - type: integer 4982 - type: string 4983 x-kubernetes-int-or-string: true 4984 resource: 4985 description: 'Required: 4986 resource to select' 4987 type: string 4988 secretKeyRef: 4989 description: Selects a key 4990 of a secret in the pod's 4991 namespace 4992 type: object 4993 required: 4994 - key 4995 properties: 4996 key: 4997 description: The key 4998 of the secret to select 4999 from. Must be a valid 5000 secret key. 5001 type: string 5002 name: 5003 description: 'Name of 5004 the referent. More 5005 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5006 TODO: Add other useful 5007 fields. apiVersion, 5008 kind, uid?' 5009 type: string 5010 optional: 5011 description: Specify 5012 whether the Secret 5013 or its key must be 5014 defined 5015 type: boolean 5016 envFrom: 5017 description: List of sources to populate 5018 environment variables in the container. 5019 The keys defined within a source 5020 must be a C_IDENTIFIER. All invalid 5021 keys will be reported as an event 5022 when the container is starting. 5023 When a key exists in multiple sources, 5024 the value associated with the last 5025 source will take precedence. Values 5026 defined by an Env with a duplicate 5027 key will take precedence. Cannot 5028 be updated. 5029 type: array 5030 items: 5031 description: EnvFromSource represents 5032 the source of a set of ConfigMaps 5033 type: object 5034 properties: 5035 configMapRef: 5036 description: The ConfigMap to 5037 select from 5038 type: object 5039 properties: 5040 name: 5041 description: 'Name of the 5042 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5043 TODO: Add other useful 5044 fields. apiVersion, kind, 5045 uid?' 5046 type: string 5047 optional: 5048 description: Specify whether 5049 the ConfigMap must be 5050 defined 5051 type: boolean 5052 prefix: 5053 description: An optional identifier 5054 to prepend to each key in 5055 the ConfigMap. Must be a C_IDENTIFIER. 5056 type: string 5057 secretRef: 5058 description: The Secret to select 5059 from 5060 type: object 5061 properties: 5062 name: 5063 description: 'Name of the 5064 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5065 TODO: Add other useful 5066 fields. apiVersion, kind, 5067 uid?' 5068 type: string 5069 optional: 5070 description: Specify whether 5071 the Secret must be defined 5072 type: boolean 5073 image: 5074 description: 'Docker image name. More 5075 info: https://kubernetes.io/docs/concepts/containers/images 5076 This field is optional to allow 5077 higher level config management to 5078 default or override container images 5079 in workload controllers like Deployments 5080 and StatefulSets.' 5081 type: string 5082 imagePullPolicy: 5083 description: 'Image pull policy. One 5084 of Always, Never, IfNotPresent. 5085 Defaults to Always if :latest tag 5086 is specified, or IfNotPresent otherwise. 5087 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 5088 type: string 5089 lifecycle: 5090 description: Actions that the management 5091 system should take in response to 5092 container lifecycle events. Cannot 5093 be updated. 5094 type: object 5095 properties: 5096 postStart: 5097 description: 'PostStart is called 5098 immediately after a container 5099 is created. If the handler fails, 5100 the container is terminated 5101 and restarted according to its 5102 restart policy. Other management 5103 of the container blocks until 5104 the hook completes. More info: 5105 https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 5106 type: object 5107 properties: 5108 exec: 5109 description: One and only 5110 one of the following should 5111 be specified. Exec specifies 5112 the action to take. 5113 type: object 5114 properties: 5115 command: 5116 description: Command is 5117 the command line to 5118 execute inside the container, 5119 the working directory 5120 for the command is 5121 root ('/') in the container's 5122 filesystem. The command 5123 is simply exec'd, it 5124 is not run inside a 5125 shell, so traditional 5126 shell instructions ('|', 5127 etc) won't work. To 5128 use a shell, you need 5129 to explicitly call out 5130 to that shell. Exit 5131 status of 0 is treated 5132 as live/healthy and 5133 non-zero is unhealthy. 5134 type: array 5135 items: 5136 type: string 5137 httpGet: 5138 description: HTTPGet specifies 5139 the http request to perform. 5140 type: object 5141 required: 5142 - port 5143 properties: 5144 host: 5145 description: Host name 5146 to connect to, defaults 5147 to the pod IP. You probably 5148 want to set "Host" in 5149 httpHeaders instead. 5150 type: string 5151 httpHeaders: 5152 description: Custom headers 5153 to set in the request. 5154 HTTP allows repeated 5155 headers. 5156 type: array 5157 items: 5158 description: HTTPHeader 5159 describes a custom 5160 header to be used 5161 in HTTP probes 5162 type: object 5163 required: 5164 - name 5165 - value 5166 properties: 5167 name: 5168 description: The 5169 header field name 5170 type: string 5171 value: 5172 description: The 5173 header field value 5174 type: string 5175 path: 5176 description: Path to access 5177 on the HTTP server. 5178 type: string 5179 port: 5180 description: Name or number 5181 of the port to access 5182 on the container. Number 5183 must be in the range 5184 1 to 65535. Name must 5185 be an IANA_SVC_NAME. 5186 anyOf: 5187 - type: integer 5188 - type: string 5189 x-kubernetes-int-or-string: true 5190 scheme: 5191 description: Scheme to 5192 use for connecting to 5193 the host. Defaults to 5194 HTTP. 5195 type: string 5196 tcpSocket: 5197 description: 'TCPSocket specifies 5198 an action involving a TCP 5199 port. TCP hooks not yet 5200 supported TODO: implement 5201 a realistic TCP lifecycle 5202 hook' 5203 type: object 5204 required: 5205 - port 5206 properties: 5207 host: 5208 description: 'Optional: 5209 Host name to connect 5210 to, defaults to the 5211 pod IP.' 5212 type: string 5213 port: 5214 description: Number or 5215 name of the port to 5216 access on the container. 5217 Number must be in the 5218 range 1 to 65535. Name 5219 must be an IANA_SVC_NAME. 5220 anyOf: 5221 - type: integer 5222 - type: string 5223 x-kubernetes-int-or-string: true 5224 preStop: 5225 description: 'PreStop is called 5226 immediately before a container 5227 is terminated due to an API 5228 request or management event 5229 such as liveness/startup probe 5230 failure, preemption, resource 5231 contention, etc. The handler 5232 is not called if the container 5233 crashes or exits. The reason 5234 for termination is passed to 5235 the handler. The Pod''s termination 5236 grace period countdown begins 5237 before the PreStop hooked is 5238 executed. Regardless of the 5239 outcome of the handler, the 5240 container will eventually terminate 5241 within the Pod''s termination 5242 grace period. Other management 5243 of the container blocks until 5244 the hook completes or until 5245 the termination grace period 5246 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 5247 type: object 5248 properties: 5249 exec: 5250 description: One and only 5251 one of the following should 5252 be specified. Exec specifies 5253 the action to take. 5254 type: object 5255 properties: 5256 command: 5257 description: Command is 5258 the command line to 5259 execute inside the container, 5260 the working directory 5261 for the command is 5262 root ('/') in the container's 5263 filesystem. The command 5264 is simply exec'd, it 5265 is not run inside a 5266 shell, so traditional 5267 shell instructions ('|', 5268 etc) won't work. To 5269 use a shell, you need 5270 to explicitly call out 5271 to that shell. Exit 5272 status of 0 is treated 5273 as live/healthy and 5274 non-zero is unhealthy. 5275 type: array 5276 items: 5277 type: string 5278 httpGet: 5279 description: HTTPGet specifies 5280 the http request to perform. 5281 type: object 5282 required: 5283 - port 5284 properties: 5285 host: 5286 description: Host name 5287 to connect to, defaults 5288 to the pod IP. You probably 5289 want to set "Host" in 5290 httpHeaders instead. 5291 type: string 5292 httpHeaders: 5293 description: Custom headers 5294 to set in the request. 5295 HTTP allows repeated 5296 headers. 5297 type: array 5298 items: 5299 description: HTTPHeader 5300 describes a custom 5301 header to be used 5302 in HTTP probes 5303 type: object 5304 required: 5305 - name 5306 - value 5307 properties: 5308 name: 5309 description: The 5310 header field name 5311 type: string 5312 value: 5313 description: The 5314 header field value 5315 type: string 5316 path: 5317 description: Path to access 5318 on the HTTP server. 5319 type: string 5320 port: 5321 description: Name or number 5322 of the port to access 5323 on the container. Number 5324 must be in the range 5325 1 to 65535. Name must 5326 be an IANA_SVC_NAME. 5327 anyOf: 5328 - type: integer 5329 - type: string 5330 x-kubernetes-int-or-string: true 5331 scheme: 5332 description: Scheme to 5333 use for connecting to 5334 the host. Defaults to 5335 HTTP. 5336 type: string 5337 tcpSocket: 5338 description: 'TCPSocket specifies 5339 an action involving a TCP 5340 port. TCP hooks not yet 5341 supported TODO: implement 5342 a realistic TCP lifecycle 5343 hook' 5344 type: object 5345 required: 5346 - port 5347 properties: 5348 host: 5349 description: 'Optional: 5350 Host name to connect 5351 to, defaults to the 5352 pod IP.' 5353 type: string 5354 port: 5355 description: Number or 5356 name of the port to 5357 access on the container. 5358 Number must be in the 5359 range 1 to 65535. Name 5360 must be an IANA_SVC_NAME. 5361 anyOf: 5362 - type: integer 5363 - type: string 5364 x-kubernetes-int-or-string: true 5365 livenessProbe: 5366 description: 'Periodic probe of container 5367 liveness. Container will be restarted 5368 if the probe fails. Cannot be updated. 5369 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5370 type: object 5371 properties: 5372 exec: 5373 description: One and only one 5374 of the following should be specified. 5375 Exec specifies the action to 5376 take. 5377 type: object 5378 properties: 5379 command: 5380 description: Command is the 5381 command line to execute 5382 inside the container, the 5383 working directory for the 5384 command is root ('/') in 5385 the container's filesystem. 5386 The command is simply exec'd, 5387 it is not run inside a shell, 5388 so traditional shell instructions 5389 ('|', etc) won't work. To 5390 use a shell, you need to 5391 explicitly call out to that 5392 shell. Exit status of 0 5393 is treated as live/healthy 5394 and non-zero is unhealthy. 5395 type: array 5396 items: 5397 type: string 5398 failureThreshold: 5399 description: Minimum consecutive 5400 failures for the probe to be 5401 considered failed after having 5402 succeeded. Defaults to 3. Minimum 5403 value is 1. 5404 type: integer 5405 format: int32 5406 httpGet: 5407 description: HTTPGet specifies 5408 the http request to perform. 5409 type: object 5410 required: 5411 - port 5412 properties: 5413 host: 5414 description: Host name to 5415 connect to, defaults to 5416 the pod IP. You probably 5417 want to set "Host" in httpHeaders 5418 instead. 5419 type: string 5420 httpHeaders: 5421 description: Custom headers 5422 to set in the request. HTTP 5423 allows repeated headers. 5424 type: array 5425 items: 5426 description: HTTPHeader 5427 describes a custom header 5428 to be used in HTTP probes 5429 type: object 5430 required: 5431 - name 5432 - value 5433 properties: 5434 name: 5435 description: The header 5436 field name 5437 type: string 5438 value: 5439 description: The header 5440 field value 5441 type: string 5442 path: 5443 description: Path to access 5444 on the HTTP server. 5445 type: string 5446 port: 5447 description: Name or number 5448 of the port to access on 5449 the container. Number must 5450 be in the range 1 to 65535. 5451 Name must be an IANA_SVC_NAME. 5452 anyOf: 5453 - type: integer 5454 - type: string 5455 x-kubernetes-int-or-string: true 5456 scheme: 5457 description: Scheme to use 5458 for connecting to the host. 5459 Defaults to HTTP. 5460 type: string 5461 initialDelaySeconds: 5462 description: 'Number of seconds 5463 after the container has started 5464 before liveness probes are initiated. 5465 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5466 type: integer 5467 format: int32 5468 periodSeconds: 5469 description: How often (in seconds) 5470 to perform the probe. Default 5471 to 10 seconds. Minimum value 5472 is 1. 5473 type: integer 5474 format: int32 5475 successThreshold: 5476 description: Minimum consecutive 5477 successes for the probe to be 5478 considered successful after 5479 having failed. Defaults to 1. 5480 Must be 1 for liveness and startup. 5481 Minimum value is 1. 5482 type: integer 5483 format: int32 5484 tcpSocket: 5485 description: 'TCPSocket specifies 5486 an action involving a TCP port. 5487 TCP hooks not yet supported 5488 TODO: implement a realistic 5489 TCP lifecycle hook' 5490 type: object 5491 required: 5492 - port 5493 properties: 5494 host: 5495 description: 'Optional: Host 5496 name to connect to, defaults 5497 to the pod IP.' 5498 type: string 5499 port: 5500 description: Number or name 5501 of the port to access on 5502 the container. Number must 5503 be in the range 1 to 65535. 5504 Name must be an IANA_SVC_NAME. 5505 anyOf: 5506 - type: integer 5507 - type: string 5508 x-kubernetes-int-or-string: true 5509 timeoutSeconds: 5510 description: 'Number of seconds 5511 after which the probe times 5512 out. Defaults to 1 second. Minimum 5513 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5514 type: integer 5515 format: int32 5516 name: 5517 description: Name of the container 5518 specified as a DNS_LABEL. Each container 5519 in a pod must have a unique name 5520 (DNS_LABEL). Cannot be updated. 5521 type: string 5522 ports: 5523 description: List of ports to expose 5524 from the container. Exposing a port 5525 here gives the system additional 5526 information about the network connections 5527 a container uses, but is primarily 5528 informational. Not specifying a 5529 port here DOES NOT prevent that 5530 port from being exposed. Any port 5531 which is listening on the default 5532 "0.0.0.0" address inside a container 5533 will be accessible from the network. 5534 Cannot be updated. 5535 type: array 5536 items: 5537 description: ContainerPort represents 5538 a network port in a single container. 5539 type: object 5540 required: 5541 - containerPort 5542 properties: 5543 containerPort: 5544 description: Number of port 5545 to expose on the pod's IP 5546 address. This must be a valid 5547 port number, 0 < x < 65536. 5548 type: integer 5549 format: int32 5550 hostIP: 5551 description: What host IP to 5552 bind the external port to. 5553 type: string 5554 hostPort: 5555 description: Number of port 5556 to expose on the host. If 5557 specified, this must be a 5558 valid port number, 0 < x < 5559 65536. If HostNetwork is specified, 5560 this must match ContainerPort. 5561 Most containers do not need 5562 this. 5563 type: integer 5564 format: int32 5565 name: 5566 description: If specified, this 5567 must be an IANA_SVC_NAME and 5568 unique within the pod. Each 5569 named port in a pod must have 5570 a unique name. Name for the 5571 port that can be referred 5572 to by services. 5573 type: string 5574 protocol: 5575 description: Protocol for port. 5576 Must be UDP, TCP, or SCTP. 5577 Defaults to "TCP". 5578 type: string 5579 default: TCP 5580 x-kubernetes-list-map-keys: 5581 - containerPort 5582 - protocol 5583 x-kubernetes-list-type: map 5584 readinessProbe: 5585 description: 'Periodic probe of container 5586 service readiness. Container will 5587 be removed from service endpoints 5588 if the probe fails. Cannot be updated. 5589 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5590 type: object 5591 properties: 5592 exec: 5593 description: One and only one 5594 of the following should be specified. 5595 Exec specifies the action to 5596 take. 5597 type: object 5598 properties: 5599 command: 5600 description: Command is the 5601 command line to execute 5602 inside the container, the 5603 working directory for the 5604 command is root ('/') in 5605 the container's filesystem. 5606 The command is simply exec'd, 5607 it is not run inside a shell, 5608 so traditional shell instructions 5609 ('|', etc) won't work. To 5610 use a shell, you need to 5611 explicitly call out to that 5612 shell. Exit status of 0 5613 is treated as live/healthy 5614 and non-zero is unhealthy. 5615 type: array 5616 items: 5617 type: string 5618 failureThreshold: 5619 description: Minimum consecutive 5620 failures for the probe to be 5621 considered failed after having 5622 succeeded. Defaults to 3. Minimum 5623 value is 1. 5624 type: integer 5625 format: int32 5626 httpGet: 5627 description: HTTPGet specifies 5628 the http request to perform. 5629 type: object 5630 required: 5631 - port 5632 properties: 5633 host: 5634 description: Host name to 5635 connect to, defaults to 5636 the pod IP. You probably 5637 want to set "Host" in httpHeaders 5638 instead. 5639 type: string 5640 httpHeaders: 5641 description: Custom headers 5642 to set in the request. HTTP 5643 allows repeated headers. 5644 type: array 5645 items: 5646 description: HTTPHeader 5647 describes a custom header 5648 to be used in HTTP probes 5649 type: object 5650 required: 5651 - name 5652 - value 5653 properties: 5654 name: 5655 description: The header 5656 field name 5657 type: string 5658 value: 5659 description: The header 5660 field value 5661 type: string 5662 path: 5663 description: Path to access 5664 on the HTTP server. 5665 type: string 5666 port: 5667 description: Name or number 5668 of the port to access on 5669 the container. Number must 5670 be in the range 1 to 65535. 5671 Name must be an IANA_SVC_NAME. 5672 anyOf: 5673 - type: integer 5674 - type: string 5675 x-kubernetes-int-or-string: true 5676 scheme: 5677 description: Scheme to use 5678 for connecting to the host. 5679 Defaults to HTTP. 5680 type: string 5681 initialDelaySeconds: 5682 description: 'Number of seconds 5683 after the container has started 5684 before liveness probes are initiated. 5685 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5686 type: integer 5687 format: int32 5688 periodSeconds: 5689 description: How often (in seconds) 5690 to perform the probe. Default 5691 to 10 seconds. Minimum value 5692 is 1. 5693 type: integer 5694 format: int32 5695 successThreshold: 5696 description: Minimum consecutive 5697 successes for the probe to be 5698 considered successful after 5699 having failed. Defaults to 1. 5700 Must be 1 for liveness and startup. 5701 Minimum value is 1. 5702 type: integer 5703 format: int32 5704 tcpSocket: 5705 description: 'TCPSocket specifies 5706 an action involving a TCP port. 5707 TCP hooks not yet supported 5708 TODO: implement a realistic 5709 TCP lifecycle hook' 5710 type: object 5711 required: 5712 - port 5713 properties: 5714 host: 5715 description: 'Optional: Host 5716 name to connect to, defaults 5717 to the pod IP.' 5718 type: string 5719 port: 5720 description: Number or name 5721 of the port to access on 5722 the container. Number must 5723 be in the range 1 to 65535. 5724 Name must be an IANA_SVC_NAME. 5725 anyOf: 5726 - type: integer 5727 - type: string 5728 x-kubernetes-int-or-string: true 5729 timeoutSeconds: 5730 description: 'Number of seconds 5731 after which the probe times 5732 out. Defaults to 1 second. Minimum 5733 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5734 type: integer 5735 format: int32 5736 resources: 5737 description: 'Compute Resources required 5738 by this container. Cannot be updated. 5739 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5740 type: object 5741 properties: 5742 limits: 5743 description: 'Limits describes 5744 the maximum amount of compute 5745 resources allowed. More info: 5746 https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5747 type: object 5748 additionalProperties: 5749 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5750 anyOf: 5751 - type: integer 5752 - type: string 5753 x-kubernetes-int-or-string: true 5754 requests: 5755 description: 'Requests describes 5756 the minimum amount of compute 5757 resources required. If Requests 5758 is omitted for a container, 5759 it defaults to Limits if that 5760 is explicitly specified, otherwise 5761 to an implementation-defined 5762 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5763 type: object 5764 additionalProperties: 5765 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5766 anyOf: 5767 - type: integer 5768 - type: string 5769 x-kubernetes-int-or-string: true 5770 securityContext: 5771 description: 'Security options the 5772 pod should run with. More info: 5773 https://kubernetes.io/docs/concepts/policy/security-context/ 5774 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 5775 type: object 5776 properties: 5777 allowPrivilegeEscalation: 5778 description: 'AllowPrivilegeEscalation 5779 controls whether a process can 5780 gain more privileges than its 5781 parent process. This bool directly 5782 controls if the no_new_privs 5783 flag will be set on the container 5784 process. AllowPrivilegeEscalation 5785 is true always when the container 5786 is: 1) run as Privileged 2) 5787 has CAP_SYS_ADMIN' 5788 type: boolean 5789 capabilities: 5790 description: The capabilities 5791 to add/drop when running containers. 5792 Defaults to the default set 5793 of capabilities granted by the 5794 container runtime. 5795 type: object 5796 properties: 5797 add: 5798 description: Added capabilities 5799 type: array 5800 items: 5801 description: Capability 5802 represent POSIX capabilities 5803 type 5804 type: string 5805 drop: 5806 description: Removed capabilities 5807 type: array 5808 items: 5809 description: Capability 5810 represent POSIX capabilities 5811 type 5812 type: string 5813 privileged: 5814 description: Run container in 5815 privileged mode. Processes in 5816 privileged containers are essentially 5817 equivalent to root on the host. 5818 Defaults to false. 5819 type: boolean 5820 procMount: 5821 description: procMount denotes 5822 the type of proc mount to use 5823 for the containers. The default 5824 is DefaultProcMount which uses 5825 the container runtime defaults 5826 for readonly paths and masked 5827 paths. This requires the ProcMountType 5828 feature flag to be enabled. 5829 type: string 5830 readOnlyRootFilesystem: 5831 description: Whether this container 5832 has a read-only root filesystem. 5833 Default is false. 5834 type: boolean 5835 runAsGroup: 5836 description: The GID to run the 5837 entrypoint of the container 5838 process. Uses runtime default 5839 if unset. May also be set in 5840 PodSecurityContext. If set 5841 in both SecurityContext and 5842 PodSecurityContext, the value 5843 specified in SecurityContext 5844 takes precedence. 5845 type: integer 5846 format: int64 5847 runAsNonRoot: 5848 description: Indicates that the 5849 container must run as a non-root 5850 user. If true, the Kubelet will 5851 validate the image at runtime 5852 to ensure that it does not run 5853 as UID 0 (root) and fail to 5854 start the container if it does. 5855 If unset or false, no such validation 5856 will be performed. May also 5857 be set in PodSecurityContext. If 5858 set in both SecurityContext 5859 and PodSecurityContext, the 5860 value specified in SecurityContext 5861 takes precedence. 5862 type: boolean 5863 runAsUser: 5864 description: The UID to run the 5865 entrypoint of the container 5866 process. Defaults to user specified 5867 in image metadata if unspecified. 5868 May also be set in PodSecurityContext. If 5869 set in both SecurityContext 5870 and PodSecurityContext, the 5871 value specified in SecurityContext 5872 takes precedence. 5873 type: integer 5874 format: int64 5875 seLinuxOptions: 5876 description: The SELinux context 5877 to be applied to the container. 5878 If unspecified, the container 5879 runtime will allocate a random 5880 SELinux context for each container. May 5881 also be set in PodSecurityContext. If 5882 set in both SecurityContext 5883 and PodSecurityContext, the 5884 value specified in SecurityContext 5885 takes precedence. 5886 type: object 5887 properties: 5888 level: 5889 description: Level is SELinux 5890 level label that applies 5891 to the container. 5892 type: string 5893 role: 5894 description: Role is a SELinux 5895 role label that applies 5896 to the container. 5897 type: string 5898 type: 5899 description: Type is a SELinux 5900 type label that applies 5901 to the container. 5902 type: string 5903 user: 5904 description: User is a SELinux 5905 user label that applies 5906 to the container. 5907 type: string 5908 windowsOptions: 5909 description: The Windows specific 5910 settings applied to all containers. 5911 If unspecified, the options 5912 from the PodSecurityContext 5913 will be used. If set in both 5914 SecurityContext and PodSecurityContext, 5915 the value specified in SecurityContext 5916 takes precedence. 5917 type: object 5918 properties: 5919 gmsaCredentialSpec: 5920 description: GMSACredentialSpec 5921 is where the GMSA admission 5922 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5923 inlines the contents of 5924 the GMSA credential spec 5925 named by the GMSACredentialSpecName 5926 field. 5927 type: string 5928 gmsaCredentialSpecName: 5929 description: GMSACredentialSpecName 5930 is the name of the GMSA 5931 credential spec to use. 5932 type: string 5933 runAsUserName: 5934 description: The UserName 5935 in Windows to run the entrypoint 5936 of the container process. 5937 Defaults to the user specified 5938 in image metadata if unspecified. 5939 May also be set in PodSecurityContext. 5940 If set in both SecurityContext 5941 and PodSecurityContext, 5942 the value specified in SecurityContext 5943 takes precedence. 5944 type: string 5945 startupProbe: 5946 description: 'StartupProbe indicates 5947 that the Pod has successfully initialized. 5948 If specified, no other probes are 5949 executed until this completes successfully. 5950 If this probe fails, the Pod will 5951 be restarted, just as if the livenessProbe 5952 failed. This can be used to provide 5953 different probe parameters at the 5954 beginning of a Pod''s lifecycle, 5955 when it might take a long time to 5956 load data or warm a cache, than 5957 during steady-state operation. This 5958 cannot be updated. This is a beta 5959 feature enabled by the StartupProbe 5960 feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5961 type: object 5962 properties: 5963 exec: 5964 description: One and only one 5965 of the following should be specified. 5966 Exec specifies the action to 5967 take. 5968 type: object 5969 properties: 5970 command: 5971 description: Command is the 5972 command line to execute 5973 inside the container, the 5974 working directory for the 5975 command is root ('/') in 5976 the container's filesystem. 5977 The command is simply exec'd, 5978 it is not run inside a shell, 5979 so traditional shell instructions 5980 ('|', etc) won't work. To 5981 use a shell, you need to 5982 explicitly call out to that 5983 shell. Exit status of 0 5984 is treated as live/healthy 5985 and non-zero is unhealthy. 5986 type: array 5987 items: 5988 type: string 5989 failureThreshold: 5990 description: Minimum consecutive 5991 failures for the probe to be 5992 considered failed after having 5993 succeeded. Defaults to 3. Minimum 5994 value is 1. 5995 type: integer 5996 format: int32 5997 httpGet: 5998 description: HTTPGet specifies 5999 the http request to perform. 6000 type: object 6001 required: 6002 - port 6003 properties: 6004 host: 6005 description: Host name to 6006 connect to, defaults to 6007 the pod IP. You probably 6008 want to set "Host" in httpHeaders 6009 instead. 6010 type: string 6011 httpHeaders: 6012 description: Custom headers 6013 to set in the request. HTTP 6014 allows repeated headers. 6015 type: array 6016 items: 6017 description: HTTPHeader 6018 describes a custom header 6019 to be used in HTTP probes 6020 type: object 6021 required: 6022 - name 6023 - value 6024 properties: 6025 name: 6026 description: The header 6027 field name 6028 type: string 6029 value: 6030 description: The header 6031 field value 6032 type: string 6033 path: 6034 description: Path to access 6035 on the HTTP server. 6036 type: string 6037 port: 6038 description: Name or number 6039 of the port to access on 6040 the container. Number must 6041 be in the range 1 to 65535. 6042 Name must be an IANA_SVC_NAME. 6043 anyOf: 6044 - type: integer 6045 - type: string 6046 x-kubernetes-int-or-string: true 6047 scheme: 6048 description: Scheme to use 6049 for connecting to the host. 6050 Defaults to HTTP. 6051 type: string 6052 initialDelaySeconds: 6053 description: 'Number of seconds 6054 after the container has started 6055 before liveness probes are initiated. 6056 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6057 type: integer 6058 format: int32 6059 periodSeconds: 6060 description: How often (in seconds) 6061 to perform the probe. Default 6062 to 10 seconds. Minimum value 6063 is 1. 6064 type: integer 6065 format: int32 6066 successThreshold: 6067 description: Minimum consecutive 6068 successes for the probe to be 6069 considered successful after 6070 having failed. Defaults to 1. 6071 Must be 1 for liveness and startup. 6072 Minimum value is 1. 6073 type: integer 6074 format: int32 6075 tcpSocket: 6076 description: 'TCPSocket specifies 6077 an action involving a TCP port. 6078 TCP hooks not yet supported 6079 TODO: implement a realistic 6080 TCP lifecycle hook' 6081 type: object 6082 required: 6083 - port 6084 properties: 6085 host: 6086 description: 'Optional: Host 6087 name to connect to, defaults 6088 to the pod IP.' 6089 type: string 6090 port: 6091 description: Number or name 6092 of the port to access on 6093 the container. Number must 6094 be in the range 1 to 65535. 6095 Name must be an IANA_SVC_NAME. 6096 anyOf: 6097 - type: integer 6098 - type: string 6099 x-kubernetes-int-or-string: true 6100 timeoutSeconds: 6101 description: 'Number of seconds 6102 after which the probe times 6103 out. Defaults to 1 second. Minimum 6104 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6105 type: integer 6106 format: int32 6107 stdin: 6108 description: Whether this container 6109 should allocate a buffer for stdin 6110 in the container runtime. If this 6111 is not set, reads from stdin in 6112 the container will always result 6113 in EOF. Default is false. 6114 type: boolean 6115 stdinOnce: 6116 description: Whether the container 6117 runtime should close the stdin channel 6118 after it has been opened by a single 6119 attach. When stdin is true the stdin 6120 stream will remain open across multiple 6121 attach sessions. If stdinOnce is 6122 set to true, stdin is opened on 6123 container start, is empty until 6124 the first client attaches to stdin, 6125 and then remains open and accepts 6126 data until the client disconnects, 6127 at which time stdin is closed and 6128 remains closed until the container 6129 is restarted. If this flag is false, 6130 a container processes that reads 6131 from stdin will never receive an 6132 EOF. Default is false 6133 type: boolean 6134 terminationMessagePath: 6135 description: 'Optional: Path at which 6136 the file to which the container''s 6137 termination message will be written 6138 is mounted into the container''s 6139 filesystem. Message written is intended 6140 to be brief final status, such as 6141 an assertion failure message. Will 6142 be truncated by the node if greater 6143 than 4096 bytes. The total message 6144 length across all containers will 6145 be limited to 12kb. Defaults to 6146 /dev/termination-log. Cannot be 6147 updated.' 6148 type: string 6149 terminationMessagePolicy: 6150 description: Indicate how the termination 6151 message should be populated. File 6152 will use the contents of terminationMessagePath 6153 to populate the container status 6154 message on both success and failure. 6155 FallbackToLogsOnError will use the 6156 last chunk of container log output 6157 if the termination message file 6158 is empty and the container exited 6159 with an error. The log output is 6160 limited to 2048 bytes or 80 lines, 6161 whichever is smaller. Defaults to 6162 File. Cannot be updated. 6163 type: string 6164 tty: 6165 description: Whether this container 6166 should allocate a TTY for itself, 6167 also requires 'stdin' to be true. 6168 Default is false. 6169 type: boolean 6170 volumeDevices: 6171 description: volumeDevices is the 6172 list of block devices to be used 6173 by the container. 6174 type: array 6175 items: 6176 description: volumeDevice describes 6177 a mapping of a raw block device 6178 within a container. 6179 type: object 6180 required: 6181 - devicePath 6182 - name 6183 properties: 6184 devicePath: 6185 description: devicePath is the 6186 path inside of the container 6187 that the device will be mapped 6188 to. 6189 type: string 6190 name: 6191 description: name must match 6192 the name of a persistentVolumeClaim 6193 in the pod 6194 type: string 6195 volumeMounts: 6196 description: Pod volumes to mount 6197 into the container's filesystem. 6198 Cannot be updated. 6199 type: array 6200 items: 6201 description: VolumeMount describes 6202 a mounting of a Volume within 6203 a container. 6204 type: object 6205 required: 6206 - mountPath 6207 - name 6208 properties: 6209 mountPath: 6210 description: Path within the 6211 container at which the volume 6212 should be mounted. Must not 6213 contain ':'. 6214 type: string 6215 mountPropagation: 6216 description: mountPropagation 6217 determines how mounts are 6218 propagated from the host to 6219 container and the other way 6220 around. When not set, MountPropagationNone 6221 is used. This field is beta 6222 in 1.10. 6223 type: string 6224 name: 6225 description: This must match 6226 the Name of a Volume. 6227 type: string 6228 readOnly: 6229 description: Mounted read-only 6230 if true, read-write otherwise 6231 (false or unspecified). Defaults 6232 to false. 6233 type: boolean 6234 subPath: 6235 description: Path within the 6236 volume from which the container's 6237 volume should be mounted. 6238 Defaults to "" (volume's root). 6239 type: string 6240 subPathExpr: 6241 description: Expanded path within 6242 the volume from which the 6243 container's volume should 6244 be mounted. Behaves similarly 6245 to SubPath but environment 6246 variable references $(VAR_NAME) 6247 are expanded using the container's 6248 environment. Defaults to "" 6249 (volume's root). SubPathExpr 6250 and SubPath are mutually exclusive. 6251 type: string 6252 workingDir: 6253 description: Container's working directory. 6254 If not specified, the container 6255 runtime's default will be used, 6256 which might be configured in the 6257 container image. Cannot be updated. 6258 type: string 6259 nodeName: 6260 description: NodeName is a request to schedule 6261 this pod onto a specific node. If it is 6262 non-empty, the scheduler simply schedules 6263 this pod onto that node, assuming that 6264 it fits resource requirements. 6265 type: string 6266 nodeSelector: 6267 description: 'NodeSelector is a selector 6268 which must be true for the pod to fit 6269 on a node. Selector which must match a 6270 node''s labels for the pod to be scheduled 6271 on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 6272 type: object 6273 additionalProperties: 6274 type: string 6275 overhead: 6276 description: 'Overhead represents the resource 6277 overhead associated with running a pod 6278 for a given RuntimeClass. This field will 6279 be autopopulated at admission time by 6280 the RuntimeClass admission controller. 6281 If the RuntimeClass admission controller 6282 is enabled, overhead must not be set in 6283 Pod create requests. The RuntimeClass 6284 admission controller will reject Pod create 6285 requests which have the overhead already 6286 set. If RuntimeClass is configured and 6287 selected in the PodSpec, Overhead will 6288 be set to the value defined in the corresponding 6289 RuntimeClass, otherwise it will remain 6290 unset and treated as zero. More info: 6291 https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md 6292 This field is alpha-level as of Kubernetes 6293 v1.16, and is only honored by servers 6294 that enable the PodOverhead feature.' 6295 type: object 6296 additionalProperties: 6297 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6298 anyOf: 6299 - type: integer 6300 - type: string 6301 x-kubernetes-int-or-string: true 6302 preemptionPolicy: 6303 description: PreemptionPolicy is the Policy 6304 for preempting pods with lower priority. 6305 One of Never, PreemptLowerPriority. Defaults 6306 to PreemptLowerPriority if unset. This 6307 field is alpha-level and is only honored 6308 by servers that enable the NonPreemptingPriority 6309 feature. 6310 type: string 6311 priority: 6312 description: The priority value. Various 6313 system components use this field to find 6314 the priority of the pod. When Priority 6315 Admission Controller is enabled, it prevents 6316 users from setting this field. The admission 6317 controller populates this field from PriorityClassName. 6318 The higher the value, the higher the priority. 6319 type: integer 6320 format: int32 6321 priorityClassName: 6322 description: If specified, indicates the 6323 pod's priority. "system-node-critical" 6324 and "system-cluster-critical" are two 6325 special keywords which indicate the highest 6326 priorities with the former being the highest 6327 priority. Any other name must be defined 6328 by creating a PriorityClass object with 6329 that name. If not specified, the pod priority 6330 will be default or zero if there is no 6331 default. 6332 type: string 6333 readinessGates: 6334 description: 'If specified, all readiness 6335 gates will be evaluated for pod readiness. 6336 A pod is ready when all its containers 6337 are ready AND all conditions specified 6338 in the readiness gates have status equal 6339 to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' 6340 type: array 6341 items: 6342 description: PodReadinessGate contains 6343 the reference to a pod condition 6344 type: object 6345 required: 6346 - conditionType 6347 properties: 6348 conditionType: 6349 description: ConditionType refers 6350 to a condition in the pod's condition 6351 list with matching type. 6352 type: string 6353 restartPolicy: 6354 description: 'Restart policy for all containers 6355 within the pod. One of Always, OnFailure, 6356 Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 6357 type: string 6358 runtimeClassName: 6359 description: 'RuntimeClassName refers to 6360 a RuntimeClass object in the node.k8s.io 6361 group, which should be used to run this 6362 pod. If no RuntimeClass resource matches 6363 the named class, the pod will not be run. 6364 If unset or empty, the "legacy" RuntimeClass 6365 will be used, which is an implicit class 6366 with an empty definition that uses the 6367 default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md 6368 This is a beta feature as of Kubernetes 6369 v1.14.' 6370 type: string 6371 schedulerName: 6372 description: If specified, the pod will 6373 be dispatched by specified scheduler. 6374 If not specified, the pod will be dispatched 6375 by default scheduler. 6376 type: string 6377 securityContext: 6378 description: 'SecurityContext holds pod-level 6379 security attributes and common container 6380 settings. Optional: Defaults to empty. See 6381 type description for default values of 6382 each field.' 6383 type: object 6384 properties: 6385 fsGroup: 6386 description: "A special supplemental 6387 group that applies to all containers 6388 in a pod. Some volume types allow 6389 the Kubelet to change the ownership 6390 of that volume to be owned by the 6391 pod: \n 1. The owning GID will be 6392 the FSGroup 2. The setgid bit is set 6393 (new files created in the volume will 6394 be owned by FSGroup) 3. The permission 6395 bits are OR'd with rw-rw---- \n If 6396 unset, the Kubelet will not modify 6397 the ownership and permissions of any 6398 volume." 6399 type: integer 6400 format: int64 6401 fsGroupChangePolicy: 6402 description: 'fsGroupChangePolicy defines 6403 behavior of changing ownership and 6404 permission of the volume before being 6405 exposed inside Pod. This field will 6406 only apply to volume types which support 6407 fsGroup based ownership(and permissions). 6408 It will have no effect on ephemeral 6409 volume types such as: secret, configmaps 6410 and emptydir. Valid values are "OnRootMismatch" 6411 and "Always". If not specified defaults 6412 to "Always".' 6413 type: string 6414 runAsGroup: 6415 description: The GID to run the entrypoint 6416 of the container process. Uses runtime 6417 default if unset. May also be set 6418 in SecurityContext. If set in both 6419 SecurityContext and PodSecurityContext, 6420 the value specified in SecurityContext 6421 takes precedence for that container. 6422 type: integer 6423 format: int64 6424 runAsNonRoot: 6425 description: Indicates that the container 6426 must run as a non-root user. If true, 6427 the Kubelet will validate the image 6428 at runtime to ensure that it does 6429 not run as UID 0 (root) and fail to 6430 start the container if it does. If 6431 unset or false, no such validation 6432 will be performed. May also be set 6433 in SecurityContext. If set in both 6434 SecurityContext and PodSecurityContext, 6435 the value specified in SecurityContext 6436 takes precedence. 6437 type: boolean 6438 runAsUser: 6439 description: The UID to run the entrypoint 6440 of the container process. Defaults 6441 to user specified in image metadata 6442 if unspecified. May also be set in 6443 SecurityContext. If set in both SecurityContext 6444 and PodSecurityContext, the value 6445 specified in SecurityContext takes 6446 precedence for that container. 6447 type: integer 6448 format: int64 6449 seLinuxOptions: 6450 description: The SELinux context to 6451 be applied to all containers. If unspecified, 6452 the container runtime will allocate 6453 a random SELinux context for each 6454 container. May also be set in SecurityContext. If 6455 set in both SecurityContext and PodSecurityContext, 6456 the value specified in SecurityContext 6457 takes precedence for that container. 6458 type: object 6459 properties: 6460 level: 6461 description: Level is SELinux level 6462 label that applies to the container. 6463 type: string 6464 role: 6465 description: Role is a SELinux role 6466 label that applies to the container. 6467 type: string 6468 type: 6469 description: Type is a SELinux type 6470 label that applies to the container. 6471 type: string 6472 user: 6473 description: User is a SELinux user 6474 label that applies to the container. 6475 type: string 6476 supplementalGroups: 6477 description: A list of groups applied 6478 to the first process run in each container, 6479 in addition to the container's primary 6480 GID. If unspecified, no groups will 6481 be added to any container. 6482 type: array 6483 items: 6484 type: integer 6485 format: int64 6486 sysctls: 6487 description: Sysctls hold a list of 6488 namespaced sysctls used for the pod. 6489 Pods with unsupported sysctls (by 6490 the container runtime) might fail 6491 to launch. 6492 type: array 6493 items: 6494 description: Sysctl defines a kernel 6495 parameter to be set 6496 type: object 6497 required: 6498 - name 6499 - value 6500 properties: 6501 name: 6502 description: Name of a property 6503 to set 6504 type: string 6505 value: 6506 description: Value of a property 6507 to set 6508 type: string 6509 windowsOptions: 6510 description: The Windows specific settings 6511 applied to all containers. If unspecified, 6512 the options within a container's SecurityContext 6513 will be used. If set in both SecurityContext 6514 and PodSecurityContext, the value 6515 specified in SecurityContext takes 6516 precedence. 6517 type: object 6518 properties: 6519 gmsaCredentialSpec: 6520 description: GMSACredentialSpec 6521 is where the GMSA admission webhook 6522 (https://github.com/kubernetes-sigs/windows-gmsa) 6523 inlines the contents of the GMSA 6524 credential spec named by the GMSACredentialSpecName 6525 field. 6526 type: string 6527 gmsaCredentialSpecName: 6528 description: GMSACredentialSpecName 6529 is the name of the GMSA credential 6530 spec to use. 6531 type: string 6532 runAsUserName: 6533 description: The UserName in Windows 6534 to run the entrypoint of the container 6535 process. Defaults to the user 6536 specified in image metadata if 6537 unspecified. May also be set in 6538 PodSecurityContext. If set in 6539 both SecurityContext and PodSecurityContext, 6540 the value specified in SecurityContext 6541 takes precedence. 6542 type: string 6543 serviceAccount: 6544 description: 'DeprecatedServiceAccount is 6545 a depreciated alias for ServiceAccountName. 6546 Deprecated: Use serviceAccountName instead.' 6547 type: string 6548 serviceAccountName: 6549 description: 'ServiceAccountName is the 6550 name of the ServiceAccount to use to run 6551 this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 6552 type: string 6553 shareProcessNamespace: 6554 description: 'Share a single process namespace 6555 between all of the containers in a pod. 6556 When this is set containers will be able 6557 to view and signal processes from other 6558 containers in the same pod, and the first 6559 process in each container will not be 6560 assigned PID 1. HostPID and ShareProcessNamespace 6561 cannot both be set. Optional: Default 6562 to false.' 6563 type: boolean 6564 subdomain: 6565 description: If specified, the fully qualified 6566 Pod hostname will be "<hostname>.<subdomain>.<pod 6567 namespace>.svc.<cluster domain>". If not 6568 specified, the pod will not have a domainname 6569 at all. 6570 type: string 6571 terminationGracePeriodSeconds: 6572 description: Optional duration in seconds 6573 the pod needs to terminate gracefully. 6574 May be decreased in delete request. Value 6575 must be non-negative integer. The value 6576 zero indicates delete immediately. If 6577 this value is nil, the default grace period 6578 will be used instead. The grace period 6579 is the duration in seconds after the processes 6580 running in the pod are sent a termination 6581 signal and the time when the processes 6582 are forcibly halted with a kill signal. 6583 Set this value longer than the expected 6584 cleanup time for your process. Defaults 6585 to 30 seconds. 6586 type: integer 6587 format: int64 6588 tolerations: 6589 description: If specified, the pod's tolerations. 6590 type: array 6591 items: 6592 description: The pod this Toleration is 6593 attached to tolerates any taint that 6594 matches the triple <key,value,effect> 6595 using the matching operator <operator>. 6596 type: object 6597 properties: 6598 effect: 6599 description: Effect indicates the 6600 taint effect to match. Empty means 6601 match all taint effects. When specified, 6602 allowed values are NoSchedule, PreferNoSchedule 6603 and NoExecute. 6604 type: string 6605 key: 6606 description: Key is the taint key 6607 that the toleration applies to. 6608 Empty means match all taint keys. 6609 If the key is empty, operator must 6610 be Exists; this combination means 6611 to match all values and all keys. 6612 type: string 6613 operator: 6614 description: Operator represents a 6615 key's relationship to the value. 6616 Valid operators are Exists and Equal. 6617 Defaults to Equal. Exists is equivalent 6618 to wildcard for value, so that a 6619 pod can tolerate all taints of a 6620 particular category. 6621 type: string 6622 tolerationSeconds: 6623 description: TolerationSeconds represents 6624 the period of time the toleration 6625 (which must be of effect NoExecute, 6626 otherwise this field is ignored) 6627 tolerates the taint. By default, 6628 it is not set, which means tolerate 6629 the taint forever (do not evict). 6630 Zero and negative values will be 6631 treated as 0 (evict immediately) 6632 by the system. 6633 type: integer 6634 format: int64 6635 value: 6636 description: Value is the taint value 6637 the toleration matches to. If the 6638 operator is Exists, the value should 6639 be empty, otherwise just a regular 6640 string. 6641 type: string 6642 topologySpreadConstraints: 6643 description: TopologySpreadConstraints describes 6644 how a group of pods ought to spread across 6645 topology domains. Scheduler will schedule 6646 pods in a way which abides by the constraints. 6647 This field is only honored by clusters 6648 that enable the EvenPodsSpread feature. 6649 All topologySpreadConstraints are ANDed. 6650 type: array 6651 items: 6652 description: TopologySpreadConstraint 6653 specifies how to spread matching pods 6654 among the given topology. 6655 type: object 6656 required: 6657 - maxSkew 6658 - topologyKey 6659 - whenUnsatisfiable 6660 properties: 6661 labelSelector: 6662 description: LabelSelector is used 6663 to find matching pods. Pods that 6664 match this label selector are counted 6665 to determine the number of pods 6666 in their corresponding topology 6667 domain. 6668 type: object 6669 properties: 6670 matchExpressions: 6671 description: matchExpressions 6672 is a list of label selector 6673 requirements. The requirements 6674 are ANDed. 6675 type: array 6676 items: 6677 description: A label selector 6678 requirement is a selector 6679 that contains values, a key, 6680 and an operator that relates 6681 the key and values. 6682 type: object 6683 required: 6684 - key 6685 - operator 6686 properties: 6687 key: 6688 description: key is the 6689 label key that the selector 6690 applies to. 6691 type: string 6692 operator: 6693 description: operator represents 6694 a key's relationship to 6695 a set of values. Valid 6696 operators are In, NotIn, 6697 Exists and DoesNotExist. 6698 type: string 6699 values: 6700 description: values is an 6701 array of string values. 6702 If the operator is In 6703 or NotIn, the values array 6704 must be non-empty. If 6705 the operator is Exists 6706 or DoesNotExist, the values 6707 array must be empty. This 6708 array is replaced during 6709 a strategic merge patch. 6710 type: array 6711 items: 6712 type: string 6713 matchLabels: 6714 description: matchLabels is a 6715 map of {key,value} pairs. A 6716 single {key,value} in the matchLabels 6717 map is equivalent to an element 6718 of matchExpressions, whose key 6719 field is "key", the operator 6720 is "In", and the values array 6721 contains only "value". The requirements 6722 are ANDed. 6723 type: object 6724 additionalProperties: 6725 type: string 6726 maxSkew: 6727 description: 'MaxSkew describes the 6728 degree to which pods may be unevenly 6729 distributed. It''s the maximum permitted 6730 difference between the number of 6731 matching pods in any two topology 6732 domains of a given topology type. 6733 For example, in a 3-zone cluster, 6734 MaxSkew is set to 1, and pods with 6735 the same labelSelector spread as 6736 1/1/0: | zone1 | zone2 | zone3 | 6737 | P | P | | - if MaxSkew 6738 is 1, incoming pod can only be scheduled 6739 to zone3 to become 1/1/1; scheduling 6740 it onto zone1(zone2) would make 6741 the ActualSkew(2-0) on zone1(zone2) 6742 violate MaxSkew(1). - if MaxSkew 6743 is 2, incoming pod can be scheduled 6744 onto any zone. It''s a required 6745 field. Default value is 1 and 0 6746 is not allowed.' 6747 type: integer 6748 format: int32 6749 topologyKey: 6750 description: TopologyKey is the key 6751 of node labels. Nodes that have 6752 a label with this key and identical 6753 values are considered to be in the 6754 same topology. We consider each 6755 <key, value> as a "bucket", and 6756 try to put balanced number of pods 6757 into each bucket. It's a required 6758 field. 6759 type: string 6760 whenUnsatisfiable: 6761 description: 'WhenUnsatisfiable indicates 6762 how to deal with a pod if it doesn''t 6763 satisfy the spread constraint. - 6764 DoNotSchedule (default) tells the 6765 scheduler not to schedule it - ScheduleAnyway 6766 tells the scheduler to still schedule 6767 it It''s considered as "Unsatisfiable" 6768 if and only if placing incoming 6769 pod on any topology violates "MaxSkew". 6770 For example, in a 3-zone cluster, 6771 MaxSkew is set to 1, and pods with 6772 the same labelSelector spread as 6773 3/1/1: | zone1 | zone2 | zone3 | 6774 | P P P | P | P | If WhenUnsatisfiable 6775 is set to DoNotSchedule, incoming 6776 pod can only be scheduled to zone2(zone3) 6777 to become 3/2/1(3/1/2) as ActualSkew(2-1) 6778 on zone2(zone3) satisfies MaxSkew(1). 6779 In other words, the cluster can 6780 still be imbalanced, but scheduler 6781 won''t make it *more* imbalanced. 6782 It''s a required field.' 6783 type: string 6784 x-kubernetes-list-map-keys: 6785 - topologyKey 6786 - whenUnsatisfiable 6787 x-kubernetes-list-type: map 6788 volumes: 6789 description: 'List of volumes that can be 6790 mounted by containers belonging to the 6791 pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 6792 type: array 6793 items: 6794 description: Volume represents a named 6795 volume in a pod that may be accessed 6796 by any container in the pod. 6797 type: object 6798 required: 6799 - name 6800 properties: 6801 awsElasticBlockStore: 6802 description: 'AWSElasticBlockStore 6803 represents an AWS Disk resource 6804 that is attached to a kubelet''s 6805 host machine and then exposed to 6806 the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6807 type: object 6808 required: 6809 - volumeID 6810 properties: 6811 fsType: 6812 description: 'Filesystem type 6813 of the volume that you want 6814 to mount. Tip: Ensure that the 6815 filesystem type is supported 6816 by the host operating system. 6817 Examples: "ext4", "xfs", "ntfs". 6818 Implicitly inferred to be "ext4" 6819 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6820 TODO: how do we prevent errors 6821 in the filesystem from compromising 6822 the machine' 6823 type: string 6824 partition: 6825 description: 'The partition in 6826 the volume that you want to 6827 mount. If omitted, the default 6828 is to mount by volume name. 6829 Examples: For volume /dev/sda1, 6830 you specify the partition as 6831 "1". Similarly, the volume partition 6832 for /dev/sda is "0" (or you 6833 can leave the property empty).' 6834 type: integer 6835 format: int32 6836 readOnly: 6837 description: 'Specify "true" to 6838 force and set the ReadOnly property 6839 in VolumeMounts to "true". If 6840 omitted, the default is "false". 6841 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6842 type: boolean 6843 volumeID: 6844 description: 'Unique ID of the 6845 persistent disk resource in 6846 AWS (Amazon EBS volume). More 6847 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6848 type: string 6849 azureDisk: 6850 description: AzureDisk represents 6851 an Azure Data Disk mount on the 6852 host and bind mount to the pod. 6853 type: object 6854 required: 6855 - diskName 6856 - diskURI 6857 properties: 6858 cachingMode: 6859 description: 'Host Caching mode: 6860 None, Read Only, Read Write.' 6861 type: string 6862 diskName: 6863 description: The Name of the data 6864 disk in the blob storage 6865 type: string 6866 diskURI: 6867 description: The URI the data 6868 disk in the blob storage 6869 type: string 6870 fsType: 6871 description: Filesystem type to 6872 mount. Must be a filesystem 6873 type supported by the host operating 6874 system. Ex. "ext4", "xfs", "ntfs". 6875 Implicitly inferred to be "ext4" 6876 if unspecified. 6877 type: string 6878 kind: 6879 description: 'Expected values 6880 Shared: multiple blob disks 6881 per storage account Dedicated: 6882 single blob disk per storage 6883 account Managed: azure managed 6884 data disk (only in managed availability 6885 set). defaults to shared' 6886 type: string 6887 readOnly: 6888 description: Defaults to false 6889 (read/write). ReadOnly here 6890 will force the ReadOnly setting 6891 in VolumeMounts. 6892 type: boolean 6893 azureFile: 6894 description: AzureFile represents 6895 an Azure File Service mount on the 6896 host and bind mount to the pod. 6897 type: object 6898 required: 6899 - secretName 6900 - shareName 6901 properties: 6902 readOnly: 6903 description: Defaults to false 6904 (read/write). ReadOnly here 6905 will force the ReadOnly setting 6906 in VolumeMounts. 6907 type: boolean 6908 secretName: 6909 description: the name of secret 6910 that contains Azure Storage 6911 Account Name and Key 6912 type: string 6913 shareName: 6914 description: Share Name 6915 type: string 6916 cephfs: 6917 description: CephFS represents a Ceph 6918 FS mount on the host that shares 6919 a pod's lifetime 6920 type: object 6921 required: 6922 - monitors 6923 properties: 6924 monitors: 6925 description: 'Required: Monitors 6926 is a collection of Ceph monitors 6927 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6928 type: array 6929 items: 6930 type: string 6931 path: 6932 description: 'Optional: Used as 6933 the mounted root, rather than 6934 the full Ceph tree, default 6935 is /' 6936 type: string 6937 readOnly: 6938 description: 'Optional: Defaults 6939 to false (read/write). ReadOnly 6940 here will force the ReadOnly 6941 setting in VolumeMounts. More 6942 info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6943 type: boolean 6944 secretFile: 6945 description: 'Optional: SecretFile 6946 is the path to key ring for 6947 User, default is /etc/ceph/user.secret 6948 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6949 type: string 6950 secretRef: 6951 description: 'Optional: SecretRef 6952 is reference to the authentication 6953 secret for User, default is 6954 empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6955 type: object 6956 properties: 6957 name: 6958 description: 'Name of the 6959 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6960 TODO: Add other useful fields. 6961 apiVersion, kind, uid?' 6962 type: string 6963 user: 6964 description: 'Optional: User is 6965 the rados user name, default 6966 is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6967 type: string 6968 cinder: 6969 description: 'Cinder represents a 6970 cinder volume attached and mounted 6971 on kubelets host machine. More info: 6972 https://examples.k8s.io/mysql-cinder-pd/README.md' 6973 type: object 6974 required: 6975 - volumeID 6976 properties: 6977 fsType: 6978 description: 'Filesystem type 6979 to mount. Must be a filesystem 6980 type supported by the host operating 6981 system. Examples: "ext4", "xfs", 6982 "ntfs". Implicitly inferred 6983 to be "ext4" if unspecified. 6984 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6985 type: string 6986 readOnly: 6987 description: 'Optional: Defaults 6988 to false (read/write). ReadOnly 6989 here will force the ReadOnly 6990 setting in VolumeMounts. More 6991 info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6992 type: boolean 6993 secretRef: 6994 description: 'Optional: points 6995 to a secret object containing 6996 parameters used to connect to 6997 OpenStack.' 6998 type: object 6999 properties: 7000 name: 7001 description: 'Name of the 7002 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7003 TODO: Add other useful fields. 7004 apiVersion, kind, uid?' 7005 type: string 7006 volumeID: 7007 description: 'volume id used to 7008 identify the volume in cinder. 7009 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 7010 type: string 7011 configMap: 7012 description: ConfigMap represents 7013 a configMap that should populate 7014 this volume 7015 type: object 7016 properties: 7017 defaultMode: 7018 description: 'Optional: mode bits 7019 to use on created files by default. 7020 Must be a value between 0 and 7021 0777. Defaults to 0644. Directories 7022 within the path are not affected 7023 by this setting. This might 7024 be in conflict with other options 7025 that affect the file mode, like 7026 fsGroup, and the result can 7027 be other mode bits set.' 7028 type: integer 7029 format: int32 7030 items: 7031 description: If unspecified, each 7032 key-value pair in the Data field 7033 of the referenced ConfigMap 7034 will be projected into the volume 7035 as a file whose name is the 7036 key and content is the value. 7037 If specified, the listed keys 7038 will be projected into the specified 7039 paths, and unlisted keys will 7040 not be present. If a key is 7041 specified which is not present 7042 in the ConfigMap, the volume 7043 setup will error unless it is 7044 marked optional. Paths must 7045 be relative and may not contain 7046 the '..' path or start with 7047 '..'. 7048 type: array 7049 items: 7050 description: Maps a string key 7051 to a path within a volume. 7052 type: object 7053 required: 7054 - key 7055 - path 7056 properties: 7057 key: 7058 description: The key to 7059 project. 7060 type: string 7061 mode: 7062 description: 'Optional: 7063 mode bits to use on this 7064 file, must be a value 7065 between 0 and 0777. If 7066 not specified, the volume 7067 defaultMode will be used. 7068 This might be in conflict 7069 with other options that 7070 affect the file mode, 7071 like fsGroup, and the 7072 result can be other mode 7073 bits set.' 7074 type: integer 7075 format: int32 7076 path: 7077 description: The relative 7078 path of the file to map 7079 the key to. May not be 7080 an absolute path. May 7081 not contain the path element 7082 '..'. May not start with 7083 the string '..'. 7084 type: string 7085 name: 7086 description: 'Name of the referent. 7087 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7088 TODO: Add other useful fields. 7089 apiVersion, kind, uid?' 7090 type: string 7091 optional: 7092 description: Specify whether the 7093 ConfigMap or its keys must be 7094 defined 7095 type: boolean 7096 csi: 7097 description: CSI (Container Storage 7098 Interface) represents storage that 7099 is handled by an external CSI driver 7100 (Alpha feature). 7101 type: object 7102 required: 7103 - driver 7104 properties: 7105 driver: 7106 description: Driver is the name 7107 of the CSI driver that handles 7108 this volume. Consult with your 7109 admin for the correct name as 7110 registered in the cluster. 7111 type: string 7112 fsType: 7113 description: Filesystem type to 7114 mount. Ex. "ext4", "xfs", "ntfs". 7115 If not provided, the empty value 7116 is passed to the associated 7117 CSI driver which will determine 7118 the default filesystem to apply. 7119 type: string 7120 nodePublishSecretRef: 7121 description: NodePublishSecretRef 7122 is a reference to the secret 7123 object containing sensitive 7124 information to pass to the CSI 7125 driver to complete the CSI NodePublishVolume 7126 and NodeUnpublishVolume calls. 7127 This field is optional, and may 7128 be empty if no secret is required. 7129 If the secret object contains 7130 more than one secret, all secret 7131 references are passed. 7132 type: object 7133 properties: 7134 name: 7135 description: 'Name of the 7136 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7137 TODO: Add other useful fields. 7138 apiVersion, kind, uid?' 7139 type: string 7140 readOnly: 7141 description: Specifies a read-only 7142 configuration for the volume. 7143 Defaults to false (read/write). 7144 type: boolean 7145 volumeAttributes: 7146 description: VolumeAttributes 7147 stores driver-specific properties 7148 that are passed to the CSI driver. 7149 Consult your driver's documentation 7150 for supported values. 7151 type: object 7152 additionalProperties: 7153 type: string 7154 downwardAPI: 7155 description: DownwardAPI represents 7156 downward API about the pod that 7157 should populate this volume 7158 type: object 7159 properties: 7160 defaultMode: 7161 description: 'Optional: mode bits 7162 to use on created files by default. 7163 Must be a value between 0 and 7164 0777. Defaults to 0644. Directories 7165 within the path are not affected 7166 by this setting. This might 7167 be in conflict with other options 7168 that affect the file mode, like 7169 fsGroup, and the result can 7170 be other mode bits set.' 7171 type: integer 7172 format: int32 7173 items: 7174 description: Items is a list of 7175 downward API volume file 7176 type: array 7177 items: 7178 description: DownwardAPIVolumeFile 7179 represents information to 7180 create the file containing 7181 the pod field 7182 type: object 7183 required: 7184 - path 7185 properties: 7186 fieldRef: 7187 description: 'Required: 7188 Selects a field of the 7189 pod: only annotations, 7190 labels, name and namespace 7191 are supported.' 7192 type: object 7193 required: 7194 - fieldPath 7195 properties: 7196 apiVersion: 7197 description: Version 7198 of the schema the 7199 FieldPath is written 7200 in terms of, defaults 7201 to "v1". 7202 type: string 7203 fieldPath: 7204 description: Path of 7205 the field to select 7206 in the specified API 7207 version. 7208 type: string 7209 mode: 7210 description: 'Optional: 7211 mode bits to use on this 7212 file, must be a value 7213 between 0 and 0777. If 7214 not specified, the volume 7215 defaultMode will be used. 7216 This might be in conflict 7217 with other options that 7218 affect the file mode, 7219 like fsGroup, and the 7220 result can be other mode 7221 bits set.' 7222 type: integer 7223 format: int32 7224 path: 7225 description: 'Required: 7226 Path is the relative 7227 path name of the file 7228 to be created. Must not 7229 be absolute or contain 7230 the ''..'' path. Must 7231 be utf-8 encoded. The 7232 first item of the relative 7233 path must not start with 7234 ''..''' 7235 type: string 7236 resourceFieldRef: 7237 description: 'Selects a 7238 resource of the container: 7239 only resources limits 7240 and requests (limits.cpu, 7241 limits.memory, requests.cpu 7242 and requests.memory) are 7243 currently supported.' 7244 type: object 7245 required: 7246 - resource 7247 properties: 7248 containerName: 7249 description: 'Container 7250 name: required for 7251 volumes, optional 7252 for env vars' 7253 type: string 7254 divisor: 7255 description: Specifies 7256 the output format 7257 of the exposed resources, 7258 defaults to "1" 7259 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7260 anyOf: 7261 - type: integer 7262 - type: string 7263 x-kubernetes-int-or-string: true 7264 resource: 7265 description: 'Required: 7266 resource to select' 7267 type: string 7268 emptyDir: 7269 description: 'EmptyDir represents 7270 a temporary directory that shares 7271 a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 7272 type: object 7273 properties: 7274 medium: 7275 description: 'What type of storage 7276 medium should back this directory. 7277 The default is "" which means 7278 to use the node''s default medium. 7279 Must be an empty string (default) 7280 or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 7281 type: string 7282 sizeLimit: 7283 description: 'Total amount of 7284 local storage required for this 7285 EmptyDir volume. The size limit 7286 is also applicable for memory 7287 medium. The maximum usage on 7288 memory medium EmptyDir would 7289 be the minimum value between 7290 the SizeLimit specified here 7291 and the sum of memory limits 7292 of all containers in a pod. 7293 The default is nil which means 7294 that the limit is undefined. 7295 More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 7296 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7297 anyOf: 7298 - type: integer 7299 - type: string 7300 x-kubernetes-int-or-string: true 7301 fc: 7302 description: FC represents a Fibre 7303 Channel resource that is attached 7304 to a kubelet's host machine and 7305 then exposed to the pod. 7306 type: object 7307 properties: 7308 fsType: 7309 description: 'Filesystem type 7310 to mount. Must be a filesystem 7311 type supported by the host operating 7312 system. Ex. "ext4", "xfs", "ntfs". 7313 Implicitly inferred to be "ext4" 7314 if unspecified. TODO: how do 7315 we prevent errors in the filesystem 7316 from compromising the machine' 7317 type: string 7318 lun: 7319 description: 'Optional: FC target 7320 lun number' 7321 type: integer 7322 format: int32 7323 readOnly: 7324 description: 'Optional: Defaults 7325 to false (read/write). ReadOnly 7326 here will force the ReadOnly 7327 setting in VolumeMounts.' 7328 type: boolean 7329 targetWWNs: 7330 description: 'Optional: FC target 7331 worldwide names (WWNs)' 7332 type: array 7333 items: 7334 type: string 7335 wwids: 7336 description: 'Optional: FC volume 7337 world wide identifiers (wwids) 7338 Either wwids or combination 7339 of targetWWNs and lun must be 7340 set, but not both simultaneously.' 7341 type: array 7342 items: 7343 type: string 7344 flexVolume: 7345 description: FlexVolume represents 7346 a generic volume resource that is 7347 provisioned/attached using an exec 7348 based plugin. 7349 type: object 7350 required: 7351 - driver 7352 properties: 7353 driver: 7354 description: Driver is the name 7355 of the driver to use for this 7356 volume. 7357 type: string 7358 fsType: 7359 description: Filesystem type to 7360 mount. Must be a filesystem 7361 type supported by the host operating 7362 system. Ex. "ext4", "xfs", "ntfs". 7363 The default filesystem depends 7364 on FlexVolume script. 7365 type: string 7366 options: 7367 description: 'Optional: Extra 7368 command options if any.' 7369 type: object 7370 additionalProperties: 7371 type: string 7372 readOnly: 7373 description: 'Optional: Defaults 7374 to false (read/write). ReadOnly 7375 here will force the ReadOnly 7376 setting in VolumeMounts.' 7377 type: boolean 7378 secretRef: 7379 description: 'Optional: SecretRef 7380 is reference to the secret object 7381 containing sensitive information 7382 to pass to the plugin scripts. 7383 This may be empty if no secret 7384 object is specified. If the 7385 secret object contains more 7386 than one secret, all secrets 7387 are passed to the plugin scripts.' 7388 type: object 7389 properties: 7390 name: 7391 description: 'Name of the 7392 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7393 TODO: Add other useful fields. 7394 apiVersion, kind, uid?' 7395 type: string 7396 flocker: 7397 description: Flocker represents a 7398 Flocker volume attached to a kubelet's 7399 host machine. This depends on the 7400 Flocker control service being running 7401 type: object 7402 properties: 7403 datasetName: 7404 description: Name of the dataset 7405 stored as metadata -> name on 7406 the dataset for Flocker should 7407 be considered as deprecated 7408 type: string 7409 datasetUUID: 7410 description: UUID of the dataset. 7411 This is unique identifier of 7412 a Flocker dataset 7413 type: string 7414 gcePersistentDisk: 7415 description: 'GCEPersistentDisk represents 7416 a GCE Disk resource that is attached 7417 to a kubelet''s host machine and 7418 then exposed to the pod. More info: 7419 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7420 type: object 7421 required: 7422 - pdName 7423 properties: 7424 fsType: 7425 description: 'Filesystem type 7426 of the volume that you want 7427 to mount. Tip: Ensure that the 7428 filesystem type is supported 7429 by the host operating system. 7430 Examples: "ext4", "xfs", "ntfs". 7431 Implicitly inferred to be "ext4" 7432 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 7433 TODO: how do we prevent errors 7434 in the filesystem from compromising 7435 the machine' 7436 type: string 7437 partition: 7438 description: 'The partition in 7439 the volume that you want to 7440 mount. If omitted, the default 7441 is to mount by volume name. 7442 Examples: For volume /dev/sda1, 7443 you specify the partition as 7444 "1". Similarly, the volume partition 7445 for /dev/sda is "0" (or you 7446 can leave the property empty). 7447 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7448 type: integer 7449 format: int32 7450 pdName: 7451 description: 'Unique name of the 7452 PD resource in GCE. Used to 7453 identify the disk in GCE. More 7454 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7455 type: string 7456 readOnly: 7457 description: 'ReadOnly here will 7458 force the ReadOnly setting in 7459 VolumeMounts. Defaults to false. 7460 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7461 type: boolean 7462 gitRepo: 7463 description: 'GitRepo represents a 7464 git repository at a particular revision. 7465 DEPRECATED: GitRepo is deprecated. 7466 To provision a container with a 7467 git repo, mount an EmptyDir into 7468 an InitContainer that clones the 7469 repo using git, then mount the EmptyDir 7470 into the Pod''s container.' 7471 type: object 7472 required: 7473 - repository 7474 properties: 7475 directory: 7476 description: Target directory 7477 name. Must not contain or start 7478 with '..'. If '.' is supplied, 7479 the volume directory will be 7480 the git repository. Otherwise, 7481 if specified, the volume will 7482 contain the git repository in 7483 the subdirectory with the given 7484 name. 7485 type: string 7486 repository: 7487 description: Repository URL 7488 type: string 7489 revision: 7490 description: Commit hash for the 7491 specified revision. 7492 type: string 7493 glusterfs: 7494 description: 'Glusterfs represents 7495 a Glusterfs mount on the host that 7496 shares a pod''s lifetime. More info: 7497 https://examples.k8s.io/volumes/glusterfs/README.md' 7498 type: object 7499 required: 7500 - endpoints 7501 - path 7502 properties: 7503 endpoints: 7504 description: 'EndpointsName is 7505 the endpoint name that details 7506 Glusterfs topology. More info: 7507 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7508 type: string 7509 path: 7510 description: 'Path is the Glusterfs 7511 volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7512 type: string 7513 readOnly: 7514 description: 'ReadOnly here will 7515 force the Glusterfs volume to 7516 be mounted with read-only permissions. 7517 Defaults to false. More info: 7518 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7519 type: boolean 7520 hostPath: 7521 description: 'HostPath represents 7522 a pre-existing file or directory 7523 on the host machine that is directly 7524 exposed to the container. This is 7525 generally used for system agents 7526 or other privileged things that 7527 are allowed to see the host machine. 7528 Most containers will NOT need this. 7529 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 7530 --- TODO(jonesdl) We need to restrict 7531 who can use host directory mounts 7532 and who can/can not mount host directories 7533 as read/write.' 7534 type: object 7535 required: 7536 - path 7537 properties: 7538 path: 7539 description: 'Path of the directory 7540 on the host. If the path is 7541 a symlink, it will follow the 7542 link to the real path. More 7543 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 7544 type: string 7545 type: 7546 description: 'Type for HostPath 7547 Volume Defaults to "" More info: 7548 https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 7549 type: string 7550 iscsi: 7551 description: 'ISCSI represents an 7552 ISCSI Disk resource that is attached 7553 to a kubelet''s host machine and 7554 then exposed to the pod. More info: 7555 https://examples.k8s.io/volumes/iscsi/README.md' 7556 type: object 7557 required: 7558 - iqn 7559 - lun 7560 - targetPortal 7561 properties: 7562 chapAuthDiscovery: 7563 description: whether support iSCSI 7564 Discovery CHAP authentication 7565 type: boolean 7566 chapAuthSession: 7567 description: whether support iSCSI 7568 Session CHAP authentication 7569 type: boolean 7570 fsType: 7571 description: 'Filesystem type 7572 of the volume that you want 7573 to mount. Tip: Ensure that the 7574 filesystem type is supported 7575 by the host operating system. 7576 Examples: "ext4", "xfs", "ntfs". 7577 Implicitly inferred to be "ext4" 7578 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 7579 TODO: how do we prevent errors 7580 in the filesystem from compromising 7581 the machine' 7582 type: string 7583 initiatorName: 7584 description: Custom iSCSI Initiator 7585 Name. If initiatorName is specified 7586 with iscsiInterface simultaneously, 7587 new iSCSI interface <target 7588 portal>:<volume name> will be 7589 created for the connection. 7590 type: string 7591 iqn: 7592 description: Target iSCSI Qualified 7593 Name. 7594 type: string 7595 iscsiInterface: 7596 description: iSCSI Interface Name 7597 that uses an iSCSI transport. 7598 Defaults to 'default' (tcp). 7599 type: string 7600 lun: 7601 description: iSCSI Target Lun 7602 number. 7603 type: integer 7604 format: int32 7605 portals: 7606 description: iSCSI Target Portal 7607 List. The portal is either an 7608 IP or ip_addr:port if the port 7609 is other than default (typically 7610 TCP ports 860 and 3260). 7611 type: array 7612 items: 7613 type: string 7614 readOnly: 7615 description: ReadOnly here will 7616 force the ReadOnly setting in 7617 VolumeMounts. Defaults to false. 7618 type: boolean 7619 secretRef: 7620 description: CHAP Secret for iSCSI 7621 target and initiator authentication 7622 type: object 7623 properties: 7624 name: 7625 description: 'Name of the 7626 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7627 TODO: Add other useful fields. 7628 apiVersion, kind, uid?' 7629 type: string 7630 targetPortal: 7631 description: iSCSI Target Portal. 7632 The Portal is either an IP or 7633 ip_addr:port if the port is 7634 other than default (typically 7635 TCP ports 860 and 3260). 7636 type: string 7637 name: 7638 description: 'Volume''s name. Must 7639 be a DNS_LABEL and unique within 7640 the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 7641 type: string 7642 nfs: 7643 description: 'NFS represents an NFS 7644 mount on the host that shares a 7645 pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7646 type: object 7647 required: 7648 - path 7649 - server 7650 properties: 7651 path: 7652 description: 'Path that is exported 7653 by the NFS server. More info: 7654 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7655 type: string 7656 readOnly: 7657 description: 'ReadOnly here will 7658 force the NFS export to be mounted 7659 with read-only permissions. 7660 Defaults to false. More info: 7661 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7662 type: boolean 7663 server: 7664 description: 'Server is the hostname 7665 or IP address of the NFS server. 7666 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7667 type: string 7668 persistentVolumeClaim: 7669 description: 'PersistentVolumeClaimVolumeSource 7670 represents a reference to a PersistentVolumeClaim 7671 in the same namespace. More info: 7672 https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7673 type: object 7674 required: 7675 - claimName 7676 properties: 7677 claimName: 7678 description: 'ClaimName is the 7679 name of a PersistentVolumeClaim 7680 in the same namespace as the 7681 pod using this volume. More 7682 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7683 type: string 7684 readOnly: 7685 description: Will force the ReadOnly 7686 setting in VolumeMounts. Default 7687 false. 7688 type: boolean 7689 photonPersistentDisk: 7690 description: PhotonPersistentDisk 7691 represents a PhotonController persistent 7692 disk attached and mounted on kubelets 7693 host machine 7694 type: object 7695 required: 7696 - pdID 7697 properties: 7698 fsType: 7699 description: Filesystem type to 7700 mount. Must be a filesystem 7701 type supported by the host operating 7702 system. Ex. "ext4", "xfs", "ntfs". 7703 Implicitly inferred to be "ext4" 7704 if unspecified. 7705 type: string 7706 pdID: 7707 description: ID that identifies 7708 Photon Controller persistent 7709 disk 7710 type: string 7711 portworxVolume: 7712 description: PortworxVolume represents 7713 a portworx volume attached and mounted 7714 on kubelets host machine 7715 type: object 7716 required: 7717 - volumeID 7718 properties: 7719 fsType: 7720 description: FSType represents 7721 the filesystem type to mount 7722 Must be a filesystem type supported 7723 by the host operating system. 7724 Ex. "ext4", "xfs". Implicitly 7725 inferred to be "ext4" if unspecified. 7726 type: string 7727 readOnly: 7728 description: Defaults to false 7729 (read/write). ReadOnly here 7730 will force the ReadOnly setting 7731 in VolumeMounts. 7732 type: boolean 7733 volumeID: 7734 description: VolumeID uniquely 7735 identifies a Portworx volume 7736 type: string 7737 projected: 7738 description: Items for all in one 7739 resources secrets, configmaps, and 7740 downward API 7741 type: object 7742 required: 7743 - sources 7744 properties: 7745 defaultMode: 7746 description: Mode bits to use 7747 on created files by default. 7748 Must be a value between 0 and 7749 0777. Directories within the 7750 path are not affected by this 7751 setting. This might be in conflict 7752 with other options that affect 7753 the file mode, like fsGroup, 7754 and the result can be other 7755 mode bits set. 7756 type: integer 7757 format: int32 7758 sources: 7759 description: list of volume projections 7760 type: array 7761 items: 7762 description: Projection that 7763 may be projected along with 7764 other supported volume types 7765 type: object 7766 properties: 7767 configMap: 7768 description: information 7769 about the configMap data 7770 to project 7771 type: object 7772 properties: 7773 items: 7774 description: If unspecified, 7775 each key-value pair 7776 in the Data field 7777 of the referenced 7778 ConfigMap will be 7779 projected into the 7780 volume as a file whose 7781 name is the key and 7782 content is the value. 7783 If specified, the 7784 listed keys will be 7785 projected into the 7786 specified paths, and 7787 unlisted keys will 7788 not be present. If 7789 a key is specified 7790 which is not present 7791 in the ConfigMap, 7792 the volume setup will 7793 error unless it is 7794 marked optional. Paths 7795 must be relative and 7796 may not contain the 7797 '..' path or start 7798 with '..'. 7799 type: array 7800 items: 7801 description: Maps 7802 a string key to 7803 a path within a 7804 volume. 7805 type: object 7806 required: 7807 - key 7808 - path 7809 properties: 7810 key: 7811 description: The 7812 key to project. 7813 type: string 7814 mode: 7815 description: 'Optional: 7816 mode bits to 7817 use on this 7818 file, must be 7819 a value between 7820 0 and 0777. 7821 If not specified, 7822 the volume defaultMode 7823 will be used. 7824 This might be 7825 in conflict 7826 with other options 7827 that affect 7828 the file mode, 7829 like fsGroup, 7830 and the result 7831 can be other 7832 mode bits set.' 7833 type: integer 7834 format: int32 7835 path: 7836 description: The 7837 relative path 7838 of the file 7839 to map the key 7840 to. May not 7841 be an absolute 7842 path. May not 7843 contain the 7844 path element 7845 '..'. May not 7846 start with the 7847 string '..'. 7848 type: string 7849 name: 7850 description: 'Name of 7851 the referent. More 7852 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7853 TODO: Add other useful 7854 fields. apiVersion, 7855 kind, uid?' 7856 type: string 7857 optional: 7858 description: Specify 7859 whether the ConfigMap 7860 or its keys must be 7861 defined 7862 type: boolean 7863 downwardAPI: 7864 description: information 7865 about the downwardAPI 7866 data to project 7867 type: object 7868 properties: 7869 items: 7870 description: Items is 7871 a list of DownwardAPIVolume 7872 file 7873 type: array 7874 items: 7875 description: DownwardAPIVolumeFile 7876 represents information 7877 to create the file 7878 containing the pod 7879 field 7880 type: object 7881 required: 7882 - path 7883 properties: 7884 fieldRef: 7885 description: 'Required: 7886 Selects a field 7887 of the pod: 7888 only annotations, 7889 labels, name 7890 and namespace 7891 are supported.' 7892 type: object 7893 required: 7894 - fieldPath 7895 properties: 7896 apiVersion: 7897 description: Version 7898 of the schema 7899 the FieldPath 7900 is written 7901 in terms 7902 of, defaults 7903 to "v1". 7904 type: string 7905 fieldPath: 7906 description: Path 7907 of the field 7908 to select 7909 in the specified 7910 API version. 7911 type: string 7912 mode: 7913 description: 'Optional: 7914 mode bits to 7915 use on this 7916 file, must be 7917 a value between 7918 0 and 0777. 7919 If not specified, 7920 the volume defaultMode 7921 will be used. 7922 This might be 7923 in conflict 7924 with other options 7925 that affect 7926 the file mode, 7927 like fsGroup, 7928 and the result 7929 can be other 7930 mode bits set.' 7931 type: integer 7932 format: int32 7933 path: 7934 description: 'Required: 7935 Path is the 7936 relative path 7937 name of the 7938 file to be created. 7939 Must not be 7940 absolute or 7941 contain the 7942 ''..'' path. 7943 Must be utf-8 7944 encoded. The 7945 first item of 7946 the relative 7947 path must not 7948 start with ''..''' 7949 type: string 7950 resourceFieldRef: 7951 description: 'Selects 7952 a resource of 7953 the container: 7954 only resources 7955 limits and requests 7956 (limits.cpu, 7957 limits.memory, 7958 requests.cpu 7959 and requests.memory) 7960 are currently 7961 supported.' 7962 type: object 7963 required: 7964 - resource 7965 properties: 7966 containerName: 7967 description: 'Container 7968 name: required 7969 for volumes, 7970 optional 7971 for env 7972 vars' 7973 type: string 7974 divisor: 7975 description: Specifies 7976 the output 7977 format of 7978 the exposed 7979 resources, 7980 defaults 7981 to "1" 7982 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7983 anyOf: 7984 - type: integer 7985 - type: string 7986 x-kubernetes-int-or-string: true 7987 resource: 7988 description: 'Required: 7989 resource 7990 to select' 7991 type: string 7992 secret: 7993 description: information 7994 about the secret data 7995 to project 7996 type: object 7997 properties: 7998 items: 7999 description: If unspecified, 8000 each key-value pair 8001 in the Data field 8002 of the referenced 8003 Secret will be projected 8004 into the volume as 8005 a file whose name 8006 is the key and content 8007 is the value. If specified, 8008 the listed keys will 8009 be projected into 8010 the specified paths, 8011 and unlisted keys 8012 will not be present. 8013 If a key is specified 8014 which is not present 8015 in the Secret, the 8016 volume setup will 8017 error unless it is 8018 marked optional. Paths 8019 must be relative and 8020 may not contain the 8021 '..' path or start 8022 with '..'. 8023 type: array 8024 items: 8025 description: Maps 8026 a string key to 8027 a path within a 8028 volume. 8029 type: object 8030 required: 8031 - key 8032 - path 8033 properties: 8034 key: 8035 description: The 8036 key to project. 8037 type: string 8038 mode: 8039 description: 'Optional: 8040 mode bits to 8041 use on this 8042 file, must be 8043 a value between 8044 0 and 0777. 8045 If not specified, 8046 the volume defaultMode 8047 will be used. 8048 This might be 8049 in conflict 8050 with other options 8051 that affect 8052 the file mode, 8053 like fsGroup, 8054 and the result 8055 can be other 8056 mode bits set.' 8057 type: integer 8058 format: int32 8059 path: 8060 description: The 8061 relative path 8062 of the file 8063 to map the key 8064 to. May not 8065 be an absolute 8066 path. May not 8067 contain the 8068 path element 8069 '..'. May not 8070 start with the 8071 string '..'. 8072 type: string 8073 name: 8074 description: 'Name of 8075 the referent. More 8076 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8077 TODO: Add other useful 8078 fields. apiVersion, 8079 kind, uid?' 8080 type: string 8081 optional: 8082 description: Specify 8083 whether the Secret 8084 or its key must be 8085 defined 8086 type: boolean 8087 serviceAccountToken: 8088 description: information 8089 about the serviceAccountToken 8090 data to project 8091 type: object 8092 required: 8093 - path 8094 properties: 8095 audience: 8096 description: Audience 8097 is the intended audience 8098 of the token. A recipient 8099 of a token must identify 8100 itself with an identifier 8101 specified in the audience 8102 of the token, and 8103 otherwise should reject 8104 the token. The audience 8105 defaults to the identifier 8106 of the apiserver. 8107 type: string 8108 expirationSeconds: 8109 description: ExpirationSeconds 8110 is the requested duration 8111 of validity of the 8112 service account token. 8113 As the token approaches 8114 expiration, the kubelet 8115 volume plugin will 8116 proactively rotate 8117 the service account 8118 token. The kubelet 8119 will start trying 8120 to rotate the token 8121 if the token is older 8122 than 80 percent of 8123 its time to live or 8124 if the token is older 8125 than 24 hours.Defaults 8126 to 1 hour and must 8127 be at least 10 minutes. 8128 type: integer 8129 format: int64 8130 path: 8131 description: Path is 8132 the path relative 8133 to the mount point 8134 of the file to project 8135 the token into. 8136 type: string 8137 quobyte: 8138 description: Quobyte represents a 8139 Quobyte mount on the host that shares 8140 a pod's lifetime 8141 type: object 8142 required: 8143 - registry 8144 - volume 8145 properties: 8146 group: 8147 description: Group to map volume 8148 access to Default is no group 8149 type: string 8150 readOnly: 8151 description: ReadOnly here will 8152 force the Quobyte volume to 8153 be mounted with read-only permissions. 8154 Defaults to false. 8155 type: boolean 8156 registry: 8157 description: Registry represents 8158 a single or multiple Quobyte 8159 Registry services specified 8160 as a string as host:port pair 8161 (multiple entries are separated 8162 with commas) which acts as the 8163 central registry for volumes 8164 type: string 8165 tenant: 8166 description: Tenant owning the 8167 given Quobyte volume in the 8168 Backend Used with dynamically 8169 provisioned Quobyte volumes, 8170 value is set by the plugin 8171 type: string 8172 user: 8173 description: User to map volume 8174 access to Defaults to serivceaccount 8175 user 8176 type: string 8177 volume: 8178 description: Volume is a string 8179 that references an already created 8180 Quobyte volume by name. 8181 type: string 8182 rbd: 8183 description: 'RBD represents a Rados 8184 Block Device mount on the host that 8185 shares a pod''s lifetime. More info: 8186 https://examples.k8s.io/volumes/rbd/README.md' 8187 type: object 8188 required: 8189 - image 8190 - monitors 8191 properties: 8192 fsType: 8193 description: 'Filesystem type 8194 of the volume that you want 8195 to mount. Tip: Ensure that the 8196 filesystem type is supported 8197 by the host operating system. 8198 Examples: "ext4", "xfs", "ntfs". 8199 Implicitly inferred to be "ext4" 8200 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 8201 TODO: how do we prevent errors 8202 in the filesystem from compromising 8203 the machine' 8204 type: string 8205 image: 8206 description: 'The rados image 8207 name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8208 type: string 8209 keyring: 8210 description: 'Keyring is the path 8211 to key ring for RBDUser. Default 8212 is /etc/ceph/keyring. More info: 8213 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8214 type: string 8215 monitors: 8216 description: 'A collection of 8217 Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8218 type: array 8219 items: 8220 type: string 8221 pool: 8222 description: 'The rados pool name. 8223 Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8224 type: string 8225 readOnly: 8226 description: 'ReadOnly here will 8227 force the ReadOnly setting in 8228 VolumeMounts. Defaults to false. 8229 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8230 type: boolean 8231 secretRef: 8232 description: 'SecretRef is name 8233 of the authentication secret 8234 for RBDUser. If provided overrides 8235 keyring. Default is nil. More 8236 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8237 type: object 8238 properties: 8239 name: 8240 description: 'Name of the 8241 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8242 TODO: Add other useful fields. 8243 apiVersion, kind, uid?' 8244 type: string 8245 user: 8246 description: 'The rados user name. 8247 Default is admin. More info: 8248 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8249 type: string 8250 scaleIO: 8251 description: ScaleIO represents a 8252 ScaleIO persistent volume attached 8253 and mounted on Kubernetes nodes. 8254 type: object 8255 required: 8256 - gateway 8257 - secretRef 8258 - system 8259 properties: 8260 fsType: 8261 description: Filesystem type to 8262 mount. Must be a filesystem 8263 type supported by the host operating 8264 system. Ex. "ext4", "xfs", "ntfs". 8265 Default is "xfs". 8266 type: string 8267 gateway: 8268 description: The host address 8269 of the ScaleIO API Gateway. 8270 type: string 8271 protectionDomain: 8272 description: The name of the ScaleIO 8273 Protection Domain for the configured 8274 storage. 8275 type: string 8276 readOnly: 8277 description: Defaults to false 8278 (read/write). ReadOnly here 8279 will force the ReadOnly setting 8280 in VolumeMounts. 8281 type: boolean 8282 secretRef: 8283 description: SecretRef references 8284 to the secret for ScaleIO user 8285 and other sensitive information. 8286 If this is not provided, Login 8287 operation will fail. 8288 type: object 8289 properties: 8290 name: 8291 description: 'Name of the 8292 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8293 TODO: Add other useful fields. 8294 apiVersion, kind, uid?' 8295 type: string 8296 sslEnabled: 8297 description: Flag to enable/disable 8298 SSL communication with Gateway, 8299 default false 8300 type: boolean 8301 storageMode: 8302 description: Indicates whether 8303 the storage for a volume should 8304 be ThickProvisioned or ThinProvisioned. 8305 Default is ThinProvisioned. 8306 type: string 8307 storagePool: 8308 description: The ScaleIO Storage 8309 Pool associated with the protection 8310 domain. 8311 type: string 8312 system: 8313 description: The name of the storage 8314 system as configured in ScaleIO. 8315 type: string 8316 volumeName: 8317 description: The name of a volume 8318 already created in the ScaleIO 8319 system that is associated with 8320 this volume source. 8321 type: string 8322 secret: 8323 description: 'Secret represents a 8324 secret that should populate this 8325 volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 8326 type: object 8327 properties: 8328 defaultMode: 8329 description: 'Optional: mode bits 8330 to use on created files by default. 8331 Must be a value between 0 and 8332 0777. Defaults to 0644. Directories 8333 within the path are not affected 8334 by this setting. This might 8335 be in conflict with other options 8336 that affect the file mode, like 8337 fsGroup, and the result can 8338 be other mode bits set.' 8339 type: integer 8340 format: int32 8341 items: 8342 description: If unspecified, each 8343 key-value pair in the Data field 8344 of the referenced Secret will 8345 be projected into the volume 8346 as a file whose name is the 8347 key and content is the value. 8348 If specified, the listed keys 8349 will be projected into the specified 8350 paths, and unlisted keys will 8351 not be present. If a key is 8352 specified which is not present 8353 in the Secret, the volume setup 8354 will error unless it is marked 8355 optional. Paths must be relative 8356 and may not contain the '..' 8357 path or start with '..'. 8358 type: array 8359 items: 8360 description: Maps a string key 8361 to a path within a volume. 8362 type: object 8363 required: 8364 - key 8365 - path 8366 properties: 8367 key: 8368 description: The key to 8369 project. 8370 type: string 8371 mode: 8372 description: 'Optional: 8373 mode bits to use on this 8374 file, must be a value 8375 between 0 and 0777. If 8376 not specified, the volume 8377 defaultMode will be used. 8378 This might be in conflict 8379 with other options that 8380 affect the file mode, 8381 like fsGroup, and the 8382 result can be other mode 8383 bits set.' 8384 type: integer 8385 format: int32 8386 path: 8387 description: The relative 8388 path of the file to map 8389 the key to. May not be 8390 an absolute path. May 8391 not contain the path element 8392 '..'. May not start with 8393 the string '..'. 8394 type: string 8395 optional: 8396 description: Specify whether the 8397 Secret or its keys must be defined 8398 type: boolean 8399 secretName: 8400 description: 'Name of the secret 8401 in the pod''s namespace to use. 8402 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 8403 type: string 8404 storageos: 8405 description: StorageOS represents 8406 a StorageOS volume attached and 8407 mounted on Kubernetes nodes. 8408 type: object 8409 properties: 8410 fsType: 8411 description: Filesystem type to 8412 mount. Must be a filesystem 8413 type supported by the host operating 8414 system. Ex. "ext4", "xfs", "ntfs". 8415 Implicitly inferred to be "ext4" 8416 if unspecified. 8417 type: string 8418 readOnly: 8419 description: Defaults to false 8420 (read/write). ReadOnly here 8421 will force the ReadOnly setting 8422 in VolumeMounts. 8423 type: boolean 8424 secretRef: 8425 description: SecretRef specifies 8426 the secret to use for obtaining 8427 the StorageOS API credentials. If 8428 not specified, default values 8429 will be attempted. 8430 type: object 8431 properties: 8432 name: 8433 description: 'Name of the 8434 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8435 TODO: Add other useful fields. 8436 apiVersion, kind, uid?' 8437 type: string 8438 volumeName: 8439 description: VolumeName is the 8440 human-readable name of the StorageOS 8441 volume. Volume names are only 8442 unique within a namespace. 8443 type: string 8444 volumeNamespace: 8445 description: VolumeNamespace specifies 8446 the scope of the volume within 8447 StorageOS. If no namespace 8448 is specified then the Pod's 8449 namespace will be used. This 8450 allows the Kubernetes name scoping 8451 to be mirrored within StorageOS 8452 for tighter integration. Set 8453 VolumeName to any name to override 8454 the default behaviour. Set to 8455 "default" if you are not using 8456 namespaces within StorageOS. 8457 Namespaces that do not pre-exist 8458 within StorageOS will be created. 8459 type: string 8460 vsphereVolume: 8461 description: VsphereVolume represents 8462 a vSphere volume attached and mounted 8463 on kubelets host machine 8464 type: object 8465 required: 8466 - volumePath 8467 properties: 8468 fsType: 8469 description: Filesystem type to 8470 mount. Must be a filesystem 8471 type supported by the host operating 8472 system. Ex. "ext4", "xfs", "ntfs". 8473 Implicitly inferred to be "ext4" 8474 if unspecified. 8475 type: string 8476 storagePolicyID: 8477 description: Storage Policy Based 8478 Management (SPBM) profile ID 8479 associated with the StoragePolicyName. 8480 type: string 8481 storagePolicyName: 8482 description: Storage Policy Based 8483 Management (SPBM) profile name. 8484 type: string 8485 volumePath: 8486 description: Path that identifies 8487 vSphere volume vmdk 8488 type: string 8489 permissions: 8490 type: array 8491 items: 8492 description: StrategyDeploymentPermissions describe the 8493 rbac rules and service account needed by the install strategy 8494 type: object 8495 required: 8496 - rules 8497 - serviceAccountName 8498 properties: 8499 rules: 8500 type: array 8501 items: 8502 description: PolicyRule holds information that describes 8503 a policy rule, but does not contain information 8504 about who the rule applies to or which namespace 8505 the rule applies to. 8506 type: object 8507 required: 8508 - verbs 8509 properties: 8510 apiGroups: 8511 description: APIGroups is the name of the APIGroup 8512 that contains the resources. If multiple API 8513 groups are specified, any action requested against 8514 one of the enumerated resources in any API group 8515 will be allowed. 8516 type: array 8517 items: 8518 type: string 8519 nonResourceURLs: 8520 description: NonResourceURLs is a set of partial 8521 urls that a user should have access to. *s 8522 are allowed, but only as the full, final step 8523 in the path Since non-resource URLs are not 8524 namespaced, this field is only applicable for 8525 ClusterRoles referenced from a ClusterRoleBinding. 8526 Rules can either apply to API resources (such 8527 as "pods" or "secrets") or non-resource URL 8528 paths (such as "/api"), but not both. 8529 type: array 8530 items: 8531 type: string 8532 resourceNames: 8533 description: ResourceNames is an optional white 8534 list of names that the rule applies to. An 8535 empty set means that everything is allowed. 8536 type: array 8537 items: 8538 type: string 8539 resources: 8540 description: Resources is a list of resources 8541 this rule applies to. ResourceAll represents 8542 all resources. 8543 type: array 8544 items: 8545 type: string 8546 verbs: 8547 description: Verbs is a list of Verbs that apply 8548 to ALL the ResourceKinds and AttributeRestrictions 8549 contained in this rule. VerbAll represents 8550 all kinds. 8551 type: array 8552 items: 8553 type: string 8554 serviceAccountName: 8555 type: string 8556 strategy: 8557 type: string 8558 installModes: 8559 description: InstallModes specify supported installation types 8560 type: array 8561 items: 8562 description: InstallMode associates an InstallModeType with a flag 8563 representing if the CSV supports it 8564 type: object 8565 required: 8566 - supported 8567 - type 8568 properties: 8569 supported: 8570 type: boolean 8571 type: 8572 description: InstallModeType is a supported type of install 8573 mode for CSV installation 8574 type: string 8575 keywords: 8576 type: array 8577 items: 8578 type: string 8579 labels: 8580 description: Map of string keys and values that can be used to organize 8581 and categorize (scope and select) objects. 8582 type: object 8583 additionalProperties: 8584 type: string 8585 links: 8586 type: array 8587 items: 8588 type: object 8589 properties: 8590 name: 8591 type: string 8592 url: 8593 type: string 8594 maintainers: 8595 type: array 8596 items: 8597 type: object 8598 properties: 8599 email: 8600 type: string 8601 name: 8602 type: string 8603 maturity: 8604 type: string 8605 minKubeVersion: 8606 type: string 8607 nativeAPIs: 8608 type: array 8609 items: 8610 description: GroupVersionKind unambiguously identifies a kind. It 8611 doesn't anonymously include GroupVersion to avoid automatic coersion. It 8612 doesn't use a GroupVersion to avoid custom marshalling 8613 type: object 8614 required: 8615 - group 8616 - kind 8617 - version 8618 properties: 8619 group: 8620 type: string 8621 kind: 8622 type: string 8623 version: 8624 type: string 8625 provider: 8626 type: object 8627 properties: 8628 name: 8629 type: string 8630 url: 8631 type: string 8632 replaces: 8633 description: The name of a CSV this one replaces. Should match the 8634 `metadata.Name` field of the old CSV. 8635 type: string 8636 selector: 8637 description: Label selector for related resources. 8638 type: object 8639 properties: 8640 matchExpressions: 8641 description: matchExpressions is a list of label selector requirements. 8642 The requirements are ANDed. 8643 type: array 8644 items: 8645 description: A label selector requirement is a selector that 8646 contains values, a key, and an operator that relates the key 8647 and values. 8648 type: object 8649 required: 8650 - key 8651 - operator 8652 properties: 8653 key: 8654 description: key is the label key that the selector applies 8655 to. 8656 type: string 8657 operator: 8658 description: operator represents a key's relationship to 8659 a set of values. Valid operators are In, NotIn, Exists 8660 and DoesNotExist. 8661 type: string 8662 values: 8663 description: values is an array of string values. If the 8664 operator is In or NotIn, the values array must be non-empty. 8665 If the operator is Exists or DoesNotExist, the values 8666 array must be empty. This array is replaced during a strategic 8667 merge patch. 8668 type: array 8669 items: 8670 type: string 8671 matchLabels: 8672 description: matchLabels is a map of {key,value} pairs. A single 8673 {key,value} in the matchLabels map is equivalent to an element 8674 of matchExpressions, whose key field is "key", the operator 8675 is "In", and the values array contains only "value". The requirements 8676 are ANDed. 8677 type: object 8678 additionalProperties: 8679 type: string 8680 version: 8681 description: OperatorVersion is a wrapper around semver.Version which 8682 supports correct marshaling to YAML and JSON. 8683 type: string 8684 webhookdefinitions: 8685 type: array 8686 items: 8687 description: WebhookDescription provides details to OLM about required 8688 webhooks 8689 type: object 8690 required: 8691 - admissionReviewVersions 8692 - generateName 8693 - sideEffects 8694 - type 8695 properties: 8696 admissionReviewVersions: 8697 type: array 8698 items: 8699 type: string 8700 containerPort: 8701 type: integer 8702 format: int32 8703 deploymentName: 8704 type: string 8705 failurePolicy: 8706 type: string 8707 generateName: 8708 type: string 8709 matchPolicy: 8710 description: MatchPolicyType specifies the type of match policy 8711 type: string 8712 objectSelector: 8713 description: A label selector is a label query over a set of 8714 resources. The result of matchLabels and matchExpressions 8715 are ANDed. An empty label selector matches all objects. A 8716 null label selector matches no objects. 8717 type: object 8718 properties: 8719 matchExpressions: 8720 description: matchExpressions is a list of label selector 8721 requirements. The requirements are ANDed. 8722 type: array 8723 items: 8724 description: A label selector requirement is a selector 8725 that contains values, a key, and an operator that relates 8726 the key and values. 8727 type: object 8728 required: 8729 - key 8730 - operator 8731 properties: 8732 key: 8733 description: key is the label key that the selector 8734 applies to. 8735 type: string 8736 operator: 8737 description: operator represents a key's relationship 8738 to a set of values. Valid operators are In, NotIn, 8739 Exists and DoesNotExist. 8740 type: string 8741 values: 8742 description: values is an array of string values. 8743 If the operator is In or NotIn, the values array 8744 must be non-empty. If the operator is Exists or 8745 DoesNotExist, the values array must be empty. This 8746 array is replaced during a strategic merge patch. 8747 type: array 8748 items: 8749 type: string 8750 matchLabels: 8751 description: matchLabels is a map of {key,value} pairs. 8752 A single {key,value} in the matchLabels map is equivalent 8753 to an element of matchExpressions, whose key field is 8754 "key", the operator is "In", and the values array contains 8755 only "value". The requirements are ANDed. 8756 type: object 8757 additionalProperties: 8758 type: string 8759 reinvocationPolicy: 8760 description: ReinvocationPolicyType specifies what type of policy 8761 the admission hook uses. 8762 type: string 8763 rules: 8764 type: array 8765 items: 8766 description: RuleWithOperations is a tuple of Operations and 8767 Resources. It is recommended to make sure that all the tuple 8768 expansions are valid. 8769 type: object 8770 properties: 8771 apiGroups: 8772 description: APIGroups is the API groups the resources 8773 belong to. '*' is all groups. If '*' is present, the 8774 length of the slice must be one. Required. 8775 type: array 8776 items: 8777 type: string 8778 apiVersions: 8779 description: APIVersions is the API versions the resources 8780 belong to. '*' is all versions. If '*' is present, the 8781 length of the slice must be one. Required. 8782 type: array 8783 items: 8784 type: string 8785 operations: 8786 description: Operations is the operations the admission 8787 hook cares about - CREATE, UPDATE, or * for all operations. 8788 If '*' is present, the length of the slice must be one. 8789 Required. 8790 type: array 8791 items: 8792 type: string 8793 resources: 8794 description: "Resources is a list of resources this rule 8795 applies to. \n For example: 'pods' means pods. 'pods/log' 8796 means the log subresource of pods. '*' means all resources, 8797 but not subresources. 'pods/*' means all subresources 8798 of pods. '*/scale' means all scale subresources. '*/*' 8799 means all resources and their subresources. \n If wildcard 8800 is present, the validation rule will ensure resources 8801 do not overlap with each other. \n Depending on the 8802 enclosing object, subresources might not be allowed. 8803 Required." 8804 type: array 8805 items: 8806 type: string 8807 scope: 8808 description: scope specifies the scope of this rule. Valid 8809 values are "Cluster", "Namespaced", and "*" "Cluster" 8810 means that only cluster-scoped resources will match 8811 this rule. Namespace API objects are cluster-scoped. 8812 "Namespaced" means that only namespaced resources will 8813 match this rule. "*" means that there are no scope restrictions. 8814 Subresources match the scope of their parent resource. 8815 Default is "*". 8816 type: string 8817 sideEffects: 8818 type: string 8819 timeoutSeconds: 8820 type: integer 8821 format: int32 8822 type: 8823 description: WebhookAdmissionType is the type of admission webhooks 8824 supported by OLM 8825 type: string 8826 enum: 8827 - ValidatingAdmissionWebhook 8828 - MutatingAdmissionWebhook 8829 webhookPath: 8830 type: string 8831 status: 8832 description: ClusterServiceVersionStatus represents information about 8833 the status of a pod. Status may trail the actual state of a system. 8834 type: object 8835 properties: 8836 certsLastUpdated: 8837 description: Last time the owned APIService certs were updated 8838 type: string 8839 format: date-time 8840 certsRotateAt: 8841 description: Time the owned APIService certs will rotate next 8842 type: string 8843 format: date-time 8844 conditions: 8845 description: List of conditions, a history of state transitions 8846 type: array 8847 items: 8848 description: Conditions appear in the status as a record of state 8849 transitions on the ClusterServiceVersion 8850 type: object 8851 properties: 8852 lastTransitionTime: 8853 description: Last time the status transitioned from one status 8854 to another. 8855 type: string 8856 format: date-time 8857 lastUpdateTime: 8858 description: Last time we updated the status 8859 type: string 8860 format: date-time 8861 message: 8862 description: A human readable message indicating details about 8863 why the ClusterServiceVersion is in this condition. 8864 type: string 8865 phase: 8866 description: Condition of the ClusterServiceVersion 8867 type: string 8868 reason: 8869 description: A brief CamelCase message indicating details about 8870 why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' 8871 type: string 8872 lastTransitionTime: 8873 description: Last time the status transitioned from one status to 8874 another. 8875 type: string 8876 format: date-time 8877 lastUpdateTime: 8878 description: Last time we updated the status 8879 type: string 8880 format: date-time 8881 message: 8882 description: A human readable message indicating details about why 8883 the ClusterServiceVersion is in this condition. 8884 type: string 8885 phase: 8886 description: Current condition of the ClusterServiceVersion 8887 type: string 8888 reason: 8889 description: A brief CamelCase message indicating details about why 8890 the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' 8891 type: string 8892 requirementStatus: 8893 description: The status of each requirement for this CSV 8894 type: array 8895 items: 8896 type: object 8897 required: 8898 - group 8899 - kind 8900 - message 8901 - name 8902 - status 8903 - version 8904 properties: 8905 dependents: 8906 type: array 8907 items: 8908 description: DependentStatus is the status for a dependent 8909 requirement (to prevent infinite nesting) 8910 type: object 8911 required: 8912 - group 8913 - kind 8914 - status 8915 - version 8916 properties: 8917 group: 8918 type: string 8919 kind: 8920 type: string 8921 message: 8922 type: string 8923 status: 8924 description: StatusReason is a camelcased reason for the 8925 status of a RequirementStatus or DependentStatus 8926 type: string 8927 uuid: 8928 type: string 8929 version: 8930 type: string 8931 group: 8932 type: string 8933 kind: 8934 type: string 8935 message: 8936 type: string 8937 name: 8938 type: string 8939 status: 8940 description: StatusReason is a camelcased reason for the status 8941 of a RequirementStatus or DependentStatus 8942 type: string 8943 uuid: 8944 type: string 8945 version: 8946 type: string 8947 served: true 8948 storage: true 8949 subresources: 8950 status: {} 8951 status: 8952 acceptedNames: 8953 kind: "" 8954 plural: "" 8955 conditions: [] 8956 storedVersions: [] 8957