github.com/operator-framework/operator-lifecycle-manager@v0.30.0/deploy/upstream/manifests/0.16.1/0000_50_olm_00-clusterserviceversions.crd.yaml (about) 1 --- 2 # Source: olm/crds/0000_50_olm_00-clusterserviceversions.crd.yaml 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.3.0 8 creationTimestamp: null 9 name: clusterserviceversions.operators.coreos.com 10 spec: 11 group: operators.coreos.com 12 names: 13 categories: 14 - olm 15 kind: ClusterServiceVersion 16 listKind: ClusterServiceVersionList 17 plural: clusterserviceversions 18 shortNames: 19 - csv 20 - csvs 21 singular: clusterserviceversion 22 scope: Namespaced 23 versions: 24 - additionalPrinterColumns: 25 - description: The name of the CSV 26 jsonPath: .spec.displayName 27 name: Display 28 type: string 29 - description: The version of the CSV 30 jsonPath: .spec.version 31 name: Version 32 type: string 33 - description: The name of a CSV that this one replaces 34 jsonPath: .spec.replaces 35 name: Replaces 36 type: string 37 - jsonPath: .status.phase 38 name: Phase 39 type: string 40 name: v1alpha1 41 schema: 42 openAPIV3Schema: 43 description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. 44 type: object 45 required: 46 - metadata 47 - spec 48 properties: 49 apiVersion: 50 description: 'APIVersion defines the versioned schema of this representation 51 of an object. Servers should convert recognized schemas to the latest 52 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 53 type: string 54 kind: 55 description: 'Kind is a string value representing the REST resource this 56 object represents. Servers may infer this from the endpoint the client 57 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 58 type: string 59 metadata: 60 type: object 61 spec: 62 description: ClusterServiceVersionSpec declarations tell OLM how to install 63 an operator that can manage apps for a given version. 64 type: object 65 required: 66 - displayName 67 - install 68 properties: 69 annotations: 70 description: Annotations is an unstructured key value map stored with 71 a resource that may be set by external tools to store and retrieve 72 arbitrary metadata. 73 type: object 74 additionalProperties: 75 type: string 76 apiservicedefinitions: 77 description: APIServiceDefinitions declares all of the extension apis 78 managed or required by an operator being ran by ClusterServiceVersion. 79 type: object 80 properties: 81 owned: 82 type: array 83 items: 84 description: APIServiceDescription provides details to OLM about 85 apis provided via aggregation 86 type: object 87 required: 88 - group 89 - kind 90 - name 91 - version 92 properties: 93 actionDescriptors: 94 type: array 95 items: 96 description: ActionDescriptor describes a declarative 97 action that can be performed on a custom resource instance 98 type: object 99 required: 100 - path 101 properties: 102 description: 103 type: string 104 displayName: 105 type: string 106 path: 107 type: string 108 value: 109 description: RawMessage is a raw encoded JSON value. 110 It implements Marshaler and Unmarshaler and can 111 be used to delay JSON decoding or precompute a JSON 112 encoding. 113 type: string 114 format: byte 115 x-descriptors: 116 type: array 117 items: 118 type: string 119 containerPort: 120 type: integer 121 format: int32 122 deploymentName: 123 type: string 124 description: 125 type: string 126 displayName: 127 type: string 128 group: 129 type: string 130 kind: 131 type: string 132 name: 133 type: string 134 resources: 135 type: array 136 items: 137 description: APIResourceReference is a Kubernetes resource 138 type used by a custom resource 139 type: object 140 required: 141 - kind 142 - name 143 - version 144 properties: 145 kind: 146 type: string 147 name: 148 type: string 149 version: 150 type: string 151 specDescriptors: 152 type: array 153 items: 154 description: SpecDescriptor describes a field in a spec 155 block of a CRD so that OLM can consume it 156 type: object 157 required: 158 - path 159 properties: 160 description: 161 type: string 162 displayName: 163 type: string 164 path: 165 type: string 166 value: 167 description: RawMessage is a raw encoded JSON value. 168 It implements Marshaler and Unmarshaler and can 169 be used to delay JSON decoding or precompute a JSON 170 encoding. 171 type: string 172 format: byte 173 x-descriptors: 174 type: array 175 items: 176 type: string 177 statusDescriptors: 178 type: array 179 items: 180 description: StatusDescriptor describes a field in a status 181 block of a CRD so that OLM can consume it 182 type: object 183 required: 184 - path 185 properties: 186 description: 187 type: string 188 displayName: 189 type: string 190 path: 191 type: string 192 value: 193 description: RawMessage is a raw encoded JSON value. 194 It implements Marshaler and Unmarshaler and can 195 be used to delay JSON decoding or precompute a JSON 196 encoding. 197 type: string 198 format: byte 199 x-descriptors: 200 type: array 201 items: 202 type: string 203 version: 204 type: string 205 required: 206 type: array 207 items: 208 description: APIServiceDescription provides details to OLM about 209 apis provided via aggregation 210 type: object 211 required: 212 - group 213 - kind 214 - name 215 - version 216 properties: 217 actionDescriptors: 218 type: array 219 items: 220 description: ActionDescriptor describes a declarative 221 action that can be performed on a custom resource instance 222 type: object 223 required: 224 - path 225 properties: 226 description: 227 type: string 228 displayName: 229 type: string 230 path: 231 type: string 232 value: 233 description: RawMessage is a raw encoded JSON value. 234 It implements Marshaler and Unmarshaler and can 235 be used to delay JSON decoding or precompute a JSON 236 encoding. 237 type: string 238 format: byte 239 x-descriptors: 240 type: array 241 items: 242 type: string 243 containerPort: 244 type: integer 245 format: int32 246 deploymentName: 247 type: string 248 description: 249 type: string 250 displayName: 251 type: string 252 group: 253 type: string 254 kind: 255 type: string 256 name: 257 type: string 258 resources: 259 type: array 260 items: 261 description: APIResourceReference is a Kubernetes resource 262 type used by a custom resource 263 type: object 264 required: 265 - kind 266 - name 267 - version 268 properties: 269 kind: 270 type: string 271 name: 272 type: string 273 version: 274 type: string 275 specDescriptors: 276 type: array 277 items: 278 description: SpecDescriptor describes a field in a spec 279 block of a CRD so that OLM can consume it 280 type: object 281 required: 282 - path 283 properties: 284 description: 285 type: string 286 displayName: 287 type: string 288 path: 289 type: string 290 value: 291 description: RawMessage is a raw encoded JSON value. 292 It implements Marshaler and Unmarshaler and can 293 be used to delay JSON decoding or precompute a JSON 294 encoding. 295 type: string 296 format: byte 297 x-descriptors: 298 type: array 299 items: 300 type: string 301 statusDescriptors: 302 type: array 303 items: 304 description: StatusDescriptor describes a field in a status 305 block of a CRD so that OLM can consume it 306 type: object 307 required: 308 - path 309 properties: 310 description: 311 type: string 312 displayName: 313 type: string 314 path: 315 type: string 316 value: 317 description: RawMessage is a raw encoded JSON value. 318 It implements Marshaler and Unmarshaler and can 319 be used to delay JSON decoding or precompute a JSON 320 encoding. 321 type: string 322 format: byte 323 x-descriptors: 324 type: array 325 items: 326 type: string 327 version: 328 type: string 329 customresourcedefinitions: 330 description: "CustomResourceDefinitions declares all of the CRDs managed 331 or required by an operator being ran by ClusterServiceVersion. \n 332 If the CRD is present in the Owned list, it is implicitly required." 333 type: object 334 properties: 335 owned: 336 type: array 337 items: 338 description: CRDDescription provides details to OLM about the 339 CRDs 340 type: object 341 required: 342 - kind 343 - name 344 - version 345 properties: 346 actionDescriptors: 347 type: array 348 items: 349 description: ActionDescriptor describes a declarative 350 action that can be performed on a custom resource instance 351 type: object 352 required: 353 - path 354 properties: 355 description: 356 type: string 357 displayName: 358 type: string 359 path: 360 type: string 361 value: 362 description: RawMessage is a raw encoded JSON value. 363 It implements Marshaler and Unmarshaler and can 364 be used to delay JSON decoding or precompute a JSON 365 encoding. 366 type: string 367 format: byte 368 x-descriptors: 369 type: array 370 items: 371 type: string 372 description: 373 type: string 374 displayName: 375 type: string 376 kind: 377 type: string 378 name: 379 type: string 380 resources: 381 type: array 382 items: 383 description: APIResourceReference is a Kubernetes resource 384 type used by a custom resource 385 type: object 386 required: 387 - kind 388 - name 389 - version 390 properties: 391 kind: 392 type: string 393 name: 394 type: string 395 version: 396 type: string 397 specDescriptors: 398 type: array 399 items: 400 description: SpecDescriptor describes a field in a spec 401 block of a CRD so that OLM can consume it 402 type: object 403 required: 404 - path 405 properties: 406 description: 407 type: string 408 displayName: 409 type: string 410 path: 411 type: string 412 value: 413 description: RawMessage is a raw encoded JSON value. 414 It implements Marshaler and Unmarshaler and can 415 be used to delay JSON decoding or precompute a JSON 416 encoding. 417 type: string 418 format: byte 419 x-descriptors: 420 type: array 421 items: 422 type: string 423 statusDescriptors: 424 type: array 425 items: 426 description: StatusDescriptor describes a field in a status 427 block of a CRD so that OLM can consume it 428 type: object 429 required: 430 - path 431 properties: 432 description: 433 type: string 434 displayName: 435 type: string 436 path: 437 type: string 438 value: 439 description: RawMessage is a raw encoded JSON value. 440 It implements Marshaler and Unmarshaler and can 441 be used to delay JSON decoding or precompute a JSON 442 encoding. 443 type: string 444 format: byte 445 x-descriptors: 446 type: array 447 items: 448 type: string 449 version: 450 type: string 451 required: 452 type: array 453 items: 454 description: CRDDescription provides details to OLM about the 455 CRDs 456 type: object 457 required: 458 - kind 459 - name 460 - version 461 properties: 462 actionDescriptors: 463 type: array 464 items: 465 description: ActionDescriptor describes a declarative 466 action that can be performed on a custom resource instance 467 type: object 468 required: 469 - path 470 properties: 471 description: 472 type: string 473 displayName: 474 type: string 475 path: 476 type: string 477 value: 478 description: RawMessage is a raw encoded JSON value. 479 It implements Marshaler and Unmarshaler and can 480 be used to delay JSON decoding or precompute a JSON 481 encoding. 482 type: string 483 format: byte 484 x-descriptors: 485 type: array 486 items: 487 type: string 488 description: 489 type: string 490 displayName: 491 type: string 492 kind: 493 type: string 494 name: 495 type: string 496 resources: 497 type: array 498 items: 499 description: APIResourceReference is a Kubernetes resource 500 type used by a custom resource 501 type: object 502 required: 503 - kind 504 - name 505 - version 506 properties: 507 kind: 508 type: string 509 name: 510 type: string 511 version: 512 type: string 513 specDescriptors: 514 type: array 515 items: 516 description: SpecDescriptor describes a field in a spec 517 block of a CRD so that OLM can consume it 518 type: object 519 required: 520 - path 521 properties: 522 description: 523 type: string 524 displayName: 525 type: string 526 path: 527 type: string 528 value: 529 description: RawMessage is a raw encoded JSON value. 530 It implements Marshaler and Unmarshaler and can 531 be used to delay JSON decoding or precompute a JSON 532 encoding. 533 type: string 534 format: byte 535 x-descriptors: 536 type: array 537 items: 538 type: string 539 statusDescriptors: 540 type: array 541 items: 542 description: StatusDescriptor describes a field in a status 543 block of a CRD so that OLM can consume it 544 type: object 545 required: 546 - path 547 properties: 548 description: 549 type: string 550 displayName: 551 type: string 552 path: 553 type: string 554 value: 555 description: RawMessage is a raw encoded JSON value. 556 It implements Marshaler and Unmarshaler and can 557 be used to delay JSON decoding or precompute a JSON 558 encoding. 559 type: string 560 format: byte 561 x-descriptors: 562 type: array 563 items: 564 type: string 565 version: 566 type: string 567 description: 568 type: string 569 displayName: 570 type: string 571 icon: 572 type: array 573 items: 574 type: object 575 required: 576 - base64data 577 - mediatype 578 properties: 579 base64data: 580 type: string 581 mediatype: 582 type: string 583 install: 584 description: NamedInstallStrategy represents the block of an ClusterServiceVersion 585 resource where the install strategy is specified. 586 type: object 587 required: 588 - strategy 589 properties: 590 spec: 591 description: StrategyDetailsDeployment represents the parsed details 592 of a Deployment InstallStrategy. 593 type: object 594 required: 595 - deployments 596 properties: 597 clusterPermissions: 598 type: array 599 items: 600 description: StrategyDeploymentPermissions describe the 601 rbac rules and service account needed by the install strategy 602 type: object 603 required: 604 - rules 605 - serviceAccountName 606 properties: 607 rules: 608 type: array 609 items: 610 description: PolicyRule holds information that describes 611 a policy rule, but does not contain information 612 about who the rule applies to or which namespace 613 the rule applies to. 614 type: object 615 required: 616 - verbs 617 properties: 618 apiGroups: 619 description: APIGroups is the name of the APIGroup 620 that contains the resources. If multiple API 621 groups are specified, any action requested against 622 one of the enumerated resources in any API group 623 will be allowed. 624 type: array 625 items: 626 type: string 627 nonResourceURLs: 628 description: NonResourceURLs is a set of partial 629 urls that a user should have access to. *s 630 are allowed, but only as the full, final step 631 in the path Since non-resource URLs are not 632 namespaced, this field is only applicable for 633 ClusterRoles referenced from a ClusterRoleBinding. 634 Rules can either apply to API resources (such 635 as "pods" or "secrets") or non-resource URL 636 paths (such as "/api"), but not both. 637 type: array 638 items: 639 type: string 640 resourceNames: 641 description: ResourceNames is an optional white 642 list of names that the rule applies to. An 643 empty set means that everything is allowed. 644 type: array 645 items: 646 type: string 647 resources: 648 description: Resources is a list of resources 649 this rule applies to. ResourceAll represents 650 all resources. 651 type: array 652 items: 653 type: string 654 verbs: 655 description: Verbs is a list of Verbs that apply 656 to ALL the ResourceKinds and AttributeRestrictions 657 contained in this rule. VerbAll represents 658 all kinds. 659 type: array 660 items: 661 type: string 662 serviceAccountName: 663 type: string 664 deployments: 665 type: array 666 items: 667 description: StrategyDeploymentSpec contains the name, spec 668 and labels for the deployment ALM should create 669 type: object 670 required: 671 - name 672 - spec 673 properties: 674 label: 675 description: Set is a map of label:value. It implements 676 Labels. 677 type: object 678 additionalProperties: 679 type: string 680 name: 681 type: string 682 spec: 683 description: DeploymentSpec is the specification of 684 the desired behavior of the Deployment. 685 type: object 686 required: 687 - selector 688 - template 689 properties: 690 minReadySeconds: 691 description: Minimum number of seconds for which 692 a newly created pod should be ready without any 693 of its container crashing, for it to be considered 694 available. Defaults to 0 (pod will be considered 695 available as soon as it is ready) 696 type: integer 697 format: int32 698 paused: 699 description: Indicates that the deployment is paused. 700 type: boolean 701 progressDeadlineSeconds: 702 description: The maximum time in seconds for a deployment 703 to make progress before it is considered to be 704 failed. The deployment controller will continue 705 to process failed deployments and a condition 706 with a ProgressDeadlineExceeded reason will be 707 surfaced in the deployment status. Note that progress 708 will not be estimated during the time a deployment 709 is paused. Defaults to 600s. 710 type: integer 711 format: int32 712 replicas: 713 description: Number of desired pods. This is a pointer 714 to distinguish between explicit zero and not specified. 715 Defaults to 1. 716 type: integer 717 format: int32 718 revisionHistoryLimit: 719 description: The number of old ReplicaSets to retain 720 to allow rollback. This is a pointer to distinguish 721 between explicit zero and not specified. Defaults 722 to 10. 723 type: integer 724 format: int32 725 selector: 726 description: Label selector for pods. Existing ReplicaSets 727 whose pods are selected by this will be the ones 728 affected by this deployment. It must match the 729 pod template's labels. 730 type: object 731 properties: 732 matchExpressions: 733 description: matchExpressions is a list of label 734 selector requirements. The requirements are 735 ANDed. 736 type: array 737 items: 738 description: A label selector requirement 739 is a selector that contains values, a key, 740 and an operator that relates the key and 741 values. 742 type: object 743 required: 744 - key 745 - operator 746 properties: 747 key: 748 description: key is the label key that 749 the selector applies to. 750 type: string 751 operator: 752 description: operator represents a key's 753 relationship to a set of values. Valid 754 operators are In, NotIn, Exists and 755 DoesNotExist. 756 type: string 757 values: 758 description: values is an array of string 759 values. If the operator is In or NotIn, 760 the values array must be non-empty. 761 If the operator is Exists or DoesNotExist, 762 the values array must be empty. This 763 array is replaced during a strategic 764 merge patch. 765 type: array 766 items: 767 type: string 768 matchLabels: 769 description: matchLabels is a map of {key,value} 770 pairs. A single {key,value} in the matchLabels 771 map is equivalent to an element of matchExpressions, 772 whose key field is "key", the operator is 773 "In", and the values array contains only "value". 774 The requirements are ANDed. 775 type: object 776 additionalProperties: 777 type: string 778 strategy: 779 description: The deployment strategy to use to replace 780 existing pods with new ones. 781 type: object 782 properties: 783 rollingUpdate: 784 description: 'Rolling update config params. 785 Present only if DeploymentStrategyType = RollingUpdate. 786 --- TODO: Update this to follow our convention 787 for oneOf, whatever we decide it to be.' 788 type: object 789 properties: 790 maxSurge: 791 description: 'The maximum number of pods 792 that can be scheduled above the desired 793 number of pods. Value can be an absolute 794 number (ex: 5) or a percentage of desired 795 pods (ex: 10%). This can not be 0 if MaxUnavailable 796 is 0. Absolute number is calculated from 797 percentage by rounding up. Defaults to 798 25%. Example: when this is set to 30%, 799 the new ReplicaSet can be scaled up immediately 800 when the rolling update starts, such that 801 the total number of old and new pods do 802 not exceed 130% of desired pods. Once 803 old pods have been killed, new ReplicaSet 804 can be scaled up further, ensuring that 805 total number of pods running at any time 806 during the update is at most 130% of desired 807 pods.' 808 anyOf: 809 - type: integer 810 - type: string 811 x-kubernetes-int-or-string: true 812 maxUnavailable: 813 description: 'The maximum number of pods 814 that can be unavailable during the update. 815 Value can be an absolute number (ex: 5) 816 or a percentage of desired pods (ex: 10%). 817 Absolute number is calculated from percentage 818 by rounding down. This can not be 0 if 819 MaxSurge is 0. Defaults to 25%. Example: 820 when this is set to 30%, the old ReplicaSet 821 can be scaled down to 70% of desired pods 822 immediately when the rolling update starts. 823 Once new pods are ready, old ReplicaSet 824 can be scaled down further, followed by 825 scaling up the new ReplicaSet, ensuring 826 that the total number of pods available 827 at all times during the update is at least 828 70% of desired pods.' 829 anyOf: 830 - type: integer 831 - type: string 832 x-kubernetes-int-or-string: true 833 type: 834 description: Type of deployment. Can be "Recreate" 835 or "RollingUpdate". Default is RollingUpdate. 836 type: string 837 template: 838 description: Template describes the pods that will 839 be created. 840 type: object 841 properties: 842 metadata: 843 description: 'Standard object''s metadata. More 844 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 845 type: object 846 x-kubernetes-preserve-unknown-fields: true 847 spec: 848 description: 'Specification of the desired behavior 849 of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 850 type: object 851 required: 852 - containers 853 properties: 854 activeDeadlineSeconds: 855 description: Optional duration in seconds 856 the pod may be active on the node relative 857 to StartTime before the system will actively 858 try to mark it failed and kill associated 859 containers. Value must be a positive integer. 860 type: integer 861 format: int64 862 affinity: 863 description: If specified, the pod's scheduling 864 constraints 865 type: object 866 properties: 867 nodeAffinity: 868 description: Describes node affinity 869 scheduling rules for the pod. 870 type: object 871 properties: 872 preferredDuringSchedulingIgnoredDuringExecution: 873 description: The scheduler will 874 prefer to schedule pods to nodes 875 that satisfy the affinity expressions 876 specified by this field, but it 877 may choose a node that violates 878 one or more of the expressions. 879 The node that is most preferred 880 is the one with the greatest sum 881 of weights, i.e. for each node 882 that meets all of the scheduling 883 requirements (resource request, 884 requiredDuringScheduling affinity 885 expressions, etc.), compute a 886 sum by iterating through the elements 887 of this field and adding "weight" 888 to the sum if the node matches 889 the corresponding matchExpressions; 890 the node(s) with the highest sum 891 are the most preferred. 892 type: array 893 items: 894 description: An empty preferred 895 scheduling term matches all 896 objects with implicit weight 897 0 (i.e. it's a no-op). A null 898 preferred scheduling term matches 899 no objects (i.e. is also a no-op). 900 type: object 901 required: 902 - preference 903 - weight 904 properties: 905 preference: 906 description: A node selector 907 term, associated with the 908 corresponding weight. 909 type: object 910 properties: 911 matchExpressions: 912 description: A list of 913 node selector requirements 914 by node's labels. 915 type: array 916 items: 917 description: A node 918 selector requirement 919 is a selector that 920 contains values, a 921 key, and an operator 922 that relates the key 923 and values. 924 type: object 925 required: 926 - key 927 - operator 928 properties: 929 key: 930 description: The 931 label key that 932 the selector applies 933 to. 934 type: string 935 operator: 936 description: Represents 937 a key's relationship 938 to a set of values. 939 Valid operators 940 are In, NotIn, 941 Exists, DoesNotExist. 942 Gt, and Lt. 943 type: string 944 values: 945 description: An 946 array of string 947 values. If the 948 operator is In 949 or NotIn, the 950 values array must 951 be non-empty. 952 If the operator 953 is Exists or DoesNotExist, 954 the values array 955 must be empty. 956 If the operator 957 is Gt or Lt, the 958 values array must 959 have a single 960 element, which 961 will be interpreted 962 as an integer. 963 This array is 964 replaced during 965 a strategic merge 966 patch. 967 type: array 968 items: 969 type: string 970 matchFields: 971 description: A list of 972 node selector requirements 973 by node's fields. 974 type: array 975 items: 976 description: A node 977 selector requirement 978 is a selector that 979 contains values, a 980 key, and an operator 981 that relates the key 982 and values. 983 type: object 984 required: 985 - key 986 - operator 987 properties: 988 key: 989 description: The 990 label key that 991 the selector applies 992 to. 993 type: string 994 operator: 995 description: Represents 996 a key's relationship 997 to a set of values. 998 Valid operators 999 are In, NotIn, 1000 Exists, DoesNotExist. 1001 Gt, and Lt. 1002 type: string 1003 values: 1004 description: An 1005 array of string 1006 values. If the 1007 operator is In 1008 or NotIn, the 1009 values array must 1010 be non-empty. 1011 If the operator 1012 is Exists or DoesNotExist, 1013 the values array 1014 must be empty. 1015 If the operator 1016 is Gt or Lt, the 1017 values array must 1018 have a single 1019 element, which 1020 will be interpreted 1021 as an integer. 1022 This array is 1023 replaced during 1024 a strategic merge 1025 patch. 1026 type: array 1027 items: 1028 type: string 1029 weight: 1030 description: Weight associated 1031 with matching the corresponding 1032 nodeSelectorTerm, in the 1033 range 1-100. 1034 type: integer 1035 format: int32 1036 requiredDuringSchedulingIgnoredDuringExecution: 1037 description: If the affinity requirements 1038 specified by this field are not 1039 met at scheduling time, the pod 1040 will not be scheduled onto the 1041 node. If the affinity requirements 1042 specified by this field cease 1043 to be met at some point during 1044 pod execution (e.g. due to an 1045 update), the system may or may 1046 not try to eventually evict the 1047 pod from its node. 1048 type: object 1049 required: 1050 - nodeSelectorTerms 1051 properties: 1052 nodeSelectorTerms: 1053 description: Required. A list 1054 of node selector terms. The 1055 terms are ORed. 1056 type: array 1057 items: 1058 description: A null or empty 1059 node selector term matches 1060 no objects. The requirements 1061 of them are ANDed. The TopologySelectorTerm 1062 type implements a subset 1063 of the NodeSelectorTerm. 1064 type: object 1065 properties: 1066 matchExpressions: 1067 description: A list of 1068 node selector requirements 1069 by node's labels. 1070 type: array 1071 items: 1072 description: A node 1073 selector requirement 1074 is a selector that 1075 contains values, a 1076 key, and an operator 1077 that relates the key 1078 and values. 1079 type: object 1080 required: 1081 - key 1082 - operator 1083 properties: 1084 key: 1085 description: The 1086 label key that 1087 the selector applies 1088 to. 1089 type: string 1090 operator: 1091 description: Represents 1092 a key's relationship 1093 to a set of values. 1094 Valid operators 1095 are In, NotIn, 1096 Exists, DoesNotExist. 1097 Gt, and Lt. 1098 type: string 1099 values: 1100 description: An 1101 array of string 1102 values. If the 1103 operator is In 1104 or NotIn, the 1105 values array must 1106 be non-empty. 1107 If the operator 1108 is Exists or DoesNotExist, 1109 the values array 1110 must be empty. 1111 If the operator 1112 is Gt or Lt, the 1113 values array must 1114 have a single 1115 element, which 1116 will be interpreted 1117 as an integer. 1118 This array is 1119 replaced during 1120 a strategic merge 1121 patch. 1122 type: array 1123 items: 1124 type: string 1125 matchFields: 1126 description: A list of 1127 node selector requirements 1128 by node's fields. 1129 type: array 1130 items: 1131 description: A node 1132 selector requirement 1133 is a selector that 1134 contains values, a 1135 key, and an operator 1136 that relates the key 1137 and values. 1138 type: object 1139 required: 1140 - key 1141 - operator 1142 properties: 1143 key: 1144 description: The 1145 label key that 1146 the selector applies 1147 to. 1148 type: string 1149 operator: 1150 description: Represents 1151 a key's relationship 1152 to a set of values. 1153 Valid operators 1154 are In, NotIn, 1155 Exists, DoesNotExist. 1156 Gt, and Lt. 1157 type: string 1158 values: 1159 description: An 1160 array of string 1161 values. If the 1162 operator is In 1163 or NotIn, the 1164 values array must 1165 be non-empty. 1166 If the operator 1167 is Exists or DoesNotExist, 1168 the values array 1169 must be empty. 1170 If the operator 1171 is Gt or Lt, the 1172 values array must 1173 have a single 1174 element, which 1175 will be interpreted 1176 as an integer. 1177 This array is 1178 replaced during 1179 a strategic merge 1180 patch. 1181 type: array 1182 items: 1183 type: string 1184 podAffinity: 1185 description: Describes pod affinity 1186 scheduling rules (e.g. co-locate this 1187 pod in the same node, zone, etc. as 1188 some other pod(s)). 1189 type: object 1190 properties: 1191 preferredDuringSchedulingIgnoredDuringExecution: 1192 description: The scheduler will 1193 prefer to schedule pods to nodes 1194 that satisfy the affinity expressions 1195 specified by this field, but it 1196 may choose a node that violates 1197 one or more of the expressions. 1198 The node that is most preferred 1199 is the one with the greatest sum 1200 of weights, i.e. for each node 1201 that meets all of the scheduling 1202 requirements (resource request, 1203 requiredDuringScheduling affinity 1204 expressions, etc.), compute a 1205 sum by iterating through the elements 1206 of this field and adding "weight" 1207 to the sum if the node has pods 1208 which matches the corresponding 1209 podAffinityTerm; the node(s) with 1210 the highest sum are the most preferred. 1211 type: array 1212 items: 1213 description: The weights of all 1214 of the matched WeightedPodAffinityTerm 1215 fields are added per-node to 1216 find the most preferred node(s) 1217 type: object 1218 required: 1219 - podAffinityTerm 1220 - weight 1221 properties: 1222 podAffinityTerm: 1223 description: Required. A pod 1224 affinity term, associated 1225 with the corresponding weight. 1226 type: object 1227 required: 1228 - topologyKey 1229 properties: 1230 labelSelector: 1231 description: A label query 1232 over a set of resources, 1233 in this case pods. 1234 type: object 1235 properties: 1236 matchExpressions: 1237 description: matchExpressions 1238 is a list of label 1239 selector requirements. 1240 The requirements 1241 are ANDed. 1242 type: array 1243 items: 1244 description: A label 1245 selector requirement 1246 is a selector 1247 that contains 1248 values, a key, 1249 and an operator 1250 that relates the 1251 key and values. 1252 type: object 1253 required: 1254 - key 1255 - operator 1256 properties: 1257 key: 1258 description: key 1259 is the label 1260 key that the 1261 selector applies 1262 to. 1263 type: string 1264 operator: 1265 description: operator 1266 represents 1267 a key's relationship 1268 to a set of 1269 values. Valid 1270 operators 1271 are In, NotIn, 1272 Exists and 1273 DoesNotExist. 1274 type: string 1275 values: 1276 description: values 1277 is an array 1278 of string 1279 values. If 1280 the operator 1281 is In or NotIn, 1282 the values 1283 array must 1284 be non-empty. 1285 If the operator 1286 is Exists 1287 or DoesNotExist, 1288 the values 1289 array must 1290 be empty. 1291 This array 1292 is replaced 1293 during a strategic 1294 merge patch. 1295 type: array 1296 items: 1297 type: string 1298 matchLabels: 1299 description: matchLabels 1300 is a map of {key,value} 1301 pairs. A single 1302 {key,value} in the 1303 matchLabels map 1304 is equivalent to 1305 an element of matchExpressions, 1306 whose key field 1307 is "key", the operator 1308 is "In", and the 1309 values array contains 1310 only "value". The 1311 requirements are 1312 ANDed. 1313 type: object 1314 additionalProperties: 1315 type: string 1316 namespaces: 1317 description: namespaces 1318 specifies which namespaces 1319 the labelSelector applies 1320 to (matches against); 1321 null or empty list means 1322 "this pod's namespace" 1323 type: array 1324 items: 1325 type: string 1326 topologyKey: 1327 description: This pod 1328 should be co-located 1329 (affinity) or not co-located 1330 (anti-affinity) with 1331 the pods matching the 1332 labelSelector in the 1333 specified namespaces, 1334 where co-located is 1335 defined as running on 1336 a node whose value of 1337 the label with key topologyKey 1338 matches that of any 1339 node on which any of 1340 the selected pods is 1341 running. Empty topologyKey 1342 is not allowed. 1343 type: string 1344 weight: 1345 description: weight associated 1346 with matching the corresponding 1347 podAffinityTerm, in the 1348 range 1-100. 1349 type: integer 1350 format: int32 1351 requiredDuringSchedulingIgnoredDuringExecution: 1352 description: If the affinity requirements 1353 specified by this field are not 1354 met at scheduling time, the pod 1355 will not be scheduled onto the 1356 node. If the affinity requirements 1357 specified by this field cease 1358 to be met at some point during 1359 pod execution (e.g. due to a pod 1360 label update), the system may 1361 or may not try to eventually evict 1362 the pod from its node. When there 1363 are multiple elements, the lists 1364 of nodes corresponding to each 1365 podAffinityTerm are intersected, 1366 i.e. all terms must be satisfied. 1367 type: array 1368 items: 1369 description: Defines a set of 1370 pods (namely those matching 1371 the labelSelector relative to 1372 the given namespace(s)) that 1373 this pod should be co-located 1374 (affinity) or not co-located 1375 (anti-affinity) with, where 1376 co-located is defined as running 1377 on a node whose value of the 1378 label with key <topologyKey> 1379 matches that of any node on 1380 which a pod of the set of pods 1381 is running 1382 type: object 1383 required: 1384 - topologyKey 1385 properties: 1386 labelSelector: 1387 description: A label query 1388 over a set of resources, 1389 in this case pods. 1390 type: object 1391 properties: 1392 matchExpressions: 1393 description: matchExpressions 1394 is a list of label selector 1395 requirements. The requirements 1396 are ANDed. 1397 type: array 1398 items: 1399 description: A label 1400 selector requirement 1401 is a selector that 1402 contains values, a 1403 key, and an operator 1404 that relates the key 1405 and values. 1406 type: object 1407 required: 1408 - key 1409 - operator 1410 properties: 1411 key: 1412 description: key 1413 is the label key 1414 that the selector 1415 applies to. 1416 type: string 1417 operator: 1418 description: operator 1419 represents a key's 1420 relationship to 1421 a set of values. 1422 Valid operators 1423 are In, NotIn, 1424 Exists and DoesNotExist. 1425 type: string 1426 values: 1427 description: values 1428 is an array of 1429 string values. 1430 If the operator 1431 is In or NotIn, 1432 the values array 1433 must be non-empty. 1434 If the operator 1435 is Exists or DoesNotExist, 1436 the values array 1437 must be empty. 1438 This array is 1439 replaced during 1440 a strategic merge 1441 patch. 1442 type: array 1443 items: 1444 type: string 1445 matchLabels: 1446 description: matchLabels 1447 is a map of {key,value} 1448 pairs. A single {key,value} 1449 in the matchLabels map 1450 is equivalent to an 1451 element of matchExpressions, 1452 whose key field is "key", 1453 the operator is "In", 1454 and the values array 1455 contains only "value". 1456 The requirements are 1457 ANDed. 1458 type: object 1459 additionalProperties: 1460 type: string 1461 namespaces: 1462 description: namespaces specifies 1463 which namespaces the labelSelector 1464 applies to (matches against); 1465 null or empty list means 1466 "this pod's namespace" 1467 type: array 1468 items: 1469 type: string 1470 topologyKey: 1471 description: This pod should 1472 be co-located (affinity) 1473 or not co-located (anti-affinity) 1474 with the pods matching the 1475 labelSelector in the specified 1476 namespaces, where co-located 1477 is defined as running on 1478 a node whose value of the 1479 label with key topologyKey 1480 matches that of any node 1481 on which any of the selected 1482 pods is running. Empty topologyKey 1483 is not allowed. 1484 type: string 1485 podAntiAffinity: 1486 description: Describes pod anti-affinity 1487 scheduling rules (e.g. avoid putting 1488 this pod in the same node, zone, etc. 1489 as some other pod(s)). 1490 type: object 1491 properties: 1492 preferredDuringSchedulingIgnoredDuringExecution: 1493 description: The scheduler will 1494 prefer to schedule pods to nodes 1495 that satisfy the anti-affinity 1496 expressions specified by this 1497 field, but it may choose a node 1498 that violates one or more of the 1499 expressions. The node that is 1500 most preferred is the one with 1501 the greatest sum of weights, i.e. 1502 for each node that meets all of 1503 the scheduling requirements (resource 1504 request, requiredDuringScheduling 1505 anti-affinity expressions, etc.), 1506 compute a sum by iterating through 1507 the elements of this field and 1508 adding "weight" to the sum if 1509 the node has pods which matches 1510 the corresponding podAffinityTerm; 1511 the node(s) with the highest sum 1512 are the most preferred. 1513 type: array 1514 items: 1515 description: The weights of all 1516 of the matched WeightedPodAffinityTerm 1517 fields are added per-node to 1518 find the most preferred node(s) 1519 type: object 1520 required: 1521 - podAffinityTerm 1522 - weight 1523 properties: 1524 podAffinityTerm: 1525 description: Required. A pod 1526 affinity term, associated 1527 with the corresponding weight. 1528 type: object 1529 required: 1530 - topologyKey 1531 properties: 1532 labelSelector: 1533 description: A label query 1534 over a set of resources, 1535 in this case pods. 1536 type: object 1537 properties: 1538 matchExpressions: 1539 description: matchExpressions 1540 is a list of label 1541 selector requirements. 1542 The requirements 1543 are ANDed. 1544 type: array 1545 items: 1546 description: A label 1547 selector requirement 1548 is a selector 1549 that contains 1550 values, a key, 1551 and an operator 1552 that relates the 1553 key and values. 1554 type: object 1555 required: 1556 - key 1557 - operator 1558 properties: 1559 key: 1560 description: key 1561 is the label 1562 key that the 1563 selector applies 1564 to. 1565 type: string 1566 operator: 1567 description: operator 1568 represents 1569 a key's relationship 1570 to a set of 1571 values. Valid 1572 operators 1573 are In, NotIn, 1574 Exists and 1575 DoesNotExist. 1576 type: string 1577 values: 1578 description: values 1579 is an array 1580 of string 1581 values. If 1582 the operator 1583 is In or NotIn, 1584 the values 1585 array must 1586 be non-empty. 1587 If the operator 1588 is Exists 1589 or DoesNotExist, 1590 the values 1591 array must 1592 be empty. 1593 This array 1594 is replaced 1595 during a strategic 1596 merge patch. 1597 type: array 1598 items: 1599 type: string 1600 matchLabels: 1601 description: matchLabels 1602 is a map of {key,value} 1603 pairs. A single 1604 {key,value} in the 1605 matchLabels map 1606 is equivalent to 1607 an element of matchExpressions, 1608 whose key field 1609 is "key", the operator 1610 is "In", and the 1611 values array contains 1612 only "value". The 1613 requirements are 1614 ANDed. 1615 type: object 1616 additionalProperties: 1617 type: string 1618 namespaces: 1619 description: namespaces 1620 specifies which namespaces 1621 the labelSelector applies 1622 to (matches against); 1623 null or empty list means 1624 "this pod's namespace" 1625 type: array 1626 items: 1627 type: string 1628 topologyKey: 1629 description: This pod 1630 should be co-located 1631 (affinity) or not co-located 1632 (anti-affinity) with 1633 the pods matching the 1634 labelSelector in the 1635 specified namespaces, 1636 where co-located is 1637 defined as running on 1638 a node whose value of 1639 the label with key topologyKey 1640 matches that of any 1641 node on which any of 1642 the selected pods is 1643 running. Empty topologyKey 1644 is not allowed. 1645 type: string 1646 weight: 1647 description: weight associated 1648 with matching the corresponding 1649 podAffinityTerm, in the 1650 range 1-100. 1651 type: integer 1652 format: int32 1653 requiredDuringSchedulingIgnoredDuringExecution: 1654 description: If the anti-affinity 1655 requirements specified by this 1656 field are not met at scheduling 1657 time, the pod will not be scheduled 1658 onto the node. If the anti-affinity 1659 requirements specified by this 1660 field cease to be met at some 1661 point during pod execution (e.g. 1662 due to a pod label update), the 1663 system may or may not try to eventually 1664 evict the pod from its node. When 1665 there are multiple elements, the 1666 lists of nodes corresponding to 1667 each podAffinityTerm are intersected, 1668 i.e. all terms must be satisfied. 1669 type: array 1670 items: 1671 description: Defines a set of 1672 pods (namely those matching 1673 the labelSelector relative to 1674 the given namespace(s)) that 1675 this pod should be co-located 1676 (affinity) or not co-located 1677 (anti-affinity) with, where 1678 co-located is defined as running 1679 on a node whose value of the 1680 label with key <topologyKey> 1681 matches that of any node on 1682 which a pod of the set of pods 1683 is running 1684 type: object 1685 required: 1686 - topologyKey 1687 properties: 1688 labelSelector: 1689 description: A label query 1690 over a set of resources, 1691 in this case pods. 1692 type: object 1693 properties: 1694 matchExpressions: 1695 description: matchExpressions 1696 is a list of label selector 1697 requirements. The requirements 1698 are ANDed. 1699 type: array 1700 items: 1701 description: A label 1702 selector requirement 1703 is a selector that 1704 contains values, a 1705 key, and an operator 1706 that relates the key 1707 and values. 1708 type: object 1709 required: 1710 - key 1711 - operator 1712 properties: 1713 key: 1714 description: key 1715 is the label key 1716 that the selector 1717 applies to. 1718 type: string 1719 operator: 1720 description: operator 1721 represents a key's 1722 relationship to 1723 a set of values. 1724 Valid operators 1725 are In, NotIn, 1726 Exists and DoesNotExist. 1727 type: string 1728 values: 1729 description: values 1730 is an array of 1731 string values. 1732 If the operator 1733 is In or NotIn, 1734 the values array 1735 must be non-empty. 1736 If the operator 1737 is Exists or DoesNotExist, 1738 the values array 1739 must be empty. 1740 This array is 1741 replaced during 1742 a strategic merge 1743 patch. 1744 type: array 1745 items: 1746 type: string 1747 matchLabels: 1748 description: matchLabels 1749 is a map of {key,value} 1750 pairs. A single {key,value} 1751 in the matchLabels map 1752 is equivalent to an 1753 element of matchExpressions, 1754 whose key field is "key", 1755 the operator is "In", 1756 and the values array 1757 contains only "value". 1758 The requirements are 1759 ANDed. 1760 type: object 1761 additionalProperties: 1762 type: string 1763 namespaces: 1764 description: namespaces specifies 1765 which namespaces the labelSelector 1766 applies to (matches against); 1767 null or empty list means 1768 "this pod's namespace" 1769 type: array 1770 items: 1771 type: string 1772 topologyKey: 1773 description: This pod should 1774 be co-located (affinity) 1775 or not co-located (anti-affinity) 1776 with the pods matching the 1777 labelSelector in the specified 1778 namespaces, where co-located 1779 is defined as running on 1780 a node whose value of the 1781 label with key topologyKey 1782 matches that of any node 1783 on which any of the selected 1784 pods is running. Empty topologyKey 1785 is not allowed. 1786 type: string 1787 automountServiceAccountToken: 1788 description: AutomountServiceAccountToken 1789 indicates whether a service account token 1790 should be automatically mounted. 1791 type: boolean 1792 containers: 1793 description: List of containers belonging 1794 to the pod. Containers cannot currently 1795 be added or removed. There must be at 1796 least one container in a Pod. Cannot be 1797 updated. 1798 type: array 1799 items: 1800 description: A single application container 1801 that you want to run within a pod. 1802 type: object 1803 required: 1804 - name 1805 properties: 1806 args: 1807 description: 'Arguments to the entrypoint. 1808 The docker image''s CMD is used 1809 if this is not provided. Variable 1810 references $(VAR_NAME) are expanded 1811 using the container''s environment. 1812 If a variable cannot be resolved, 1813 the reference in the input string 1814 will be unchanged. The $(VAR_NAME) 1815 syntax can be escaped with a double 1816 $$, ie: $$(VAR_NAME). Escaped references 1817 will never be expanded, regardless 1818 of whether the variable exists or 1819 not. Cannot be updated. More info: 1820 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1821 type: array 1822 items: 1823 type: string 1824 command: 1825 description: 'Entrypoint array. Not 1826 executed within a shell. The docker 1827 image''s ENTRYPOINT is used if this 1828 is not provided. Variable references 1829 $(VAR_NAME) are expanded using the 1830 container''s environment. If a variable 1831 cannot be resolved, the reference 1832 in the input string will be unchanged. 1833 The $(VAR_NAME) syntax can be escaped 1834 with a double $$, ie: $$(VAR_NAME). 1835 Escaped references will never be 1836 expanded, regardless of whether 1837 the variable exists or not. Cannot 1838 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1839 type: array 1840 items: 1841 type: string 1842 env: 1843 description: List of environment variables 1844 to set in the container. Cannot 1845 be updated. 1846 type: array 1847 items: 1848 description: EnvVar represents an 1849 environment variable present in 1850 a Container. 1851 type: object 1852 required: 1853 - name 1854 properties: 1855 name: 1856 description: Name of the environment 1857 variable. Must be a C_IDENTIFIER. 1858 type: string 1859 value: 1860 description: 'Variable references 1861 $(VAR_NAME) are expanded using 1862 the previous defined environment 1863 variables in the container 1864 and any service environment 1865 variables. If a variable cannot 1866 be resolved, the reference 1867 in the input string will be 1868 unchanged. The $(VAR_NAME) 1869 syntax can be escaped with 1870 a double $$, ie: $$(VAR_NAME). 1871 Escaped references will never 1872 be expanded, regardless of 1873 whether the variable exists 1874 or not. Defaults to "".' 1875 type: string 1876 valueFrom: 1877 description: Source for the 1878 environment variable's value. 1879 Cannot be used if value is 1880 not empty. 1881 type: object 1882 properties: 1883 configMapKeyRef: 1884 description: Selects a key 1885 of a ConfigMap. 1886 type: object 1887 required: 1888 - key 1889 properties: 1890 key: 1891 description: The key 1892 to select. 1893 type: string 1894 name: 1895 description: 'Name of 1896 the referent. More 1897 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1898 TODO: Add other useful 1899 fields. apiVersion, 1900 kind, uid?' 1901 type: string 1902 optional: 1903 description: Specify 1904 whether the ConfigMap 1905 or its key must be 1906 defined 1907 type: boolean 1908 fieldRef: 1909 description: 'Selects a 1910 field of the pod: supports 1911 metadata.name, metadata.namespace, 1912 metadata.labels, metadata.annotations, 1913 spec.nodeName, spec.serviceAccountName, 1914 status.hostIP, status.podIP, 1915 status.podIPs.' 1916 type: object 1917 required: 1918 - fieldPath 1919 properties: 1920 apiVersion: 1921 description: Version 1922 of the schema the 1923 FieldPath is written 1924 in terms of, defaults 1925 to "v1". 1926 type: string 1927 fieldPath: 1928 description: Path of 1929 the field to select 1930 in the specified API 1931 version. 1932 type: string 1933 resourceFieldRef: 1934 description: 'Selects a 1935 resource of the container: 1936 only resources limits 1937 and requests (limits.cpu, 1938 limits.memory, limits.ephemeral-storage, 1939 requests.cpu, requests.memory 1940 and requests.ephemeral-storage) 1941 are currently supported.' 1942 type: object 1943 required: 1944 - resource 1945 properties: 1946 containerName: 1947 description: 'Container 1948 name: required for 1949 volumes, optional 1950 for env vars' 1951 type: string 1952 divisor: 1953 description: Specifies 1954 the output format 1955 of the exposed resources, 1956 defaults to "1" 1957 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1958 anyOf: 1959 - type: integer 1960 - type: string 1961 x-kubernetes-int-or-string: true 1962 resource: 1963 description: 'Required: 1964 resource to select' 1965 type: string 1966 secretKeyRef: 1967 description: Selects a key 1968 of a secret in the pod's 1969 namespace 1970 type: object 1971 required: 1972 - key 1973 properties: 1974 key: 1975 description: The key 1976 of the secret to select 1977 from. Must be a valid 1978 secret key. 1979 type: string 1980 name: 1981 description: 'Name of 1982 the referent. More 1983 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1984 TODO: Add other useful 1985 fields. apiVersion, 1986 kind, uid?' 1987 type: string 1988 optional: 1989 description: Specify 1990 whether the Secret 1991 or its key must be 1992 defined 1993 type: boolean 1994 envFrom: 1995 description: List of sources to populate 1996 environment variables in the container. 1997 The keys defined within a source 1998 must be a C_IDENTIFIER. All invalid 1999 keys will be reported as an event 2000 when the container is starting. 2001 When a key exists in multiple sources, 2002 the value associated with the last 2003 source will take precedence. Values 2004 defined by an Env with a duplicate 2005 key will take precedence. Cannot 2006 be updated. 2007 type: array 2008 items: 2009 description: EnvFromSource represents 2010 the source of a set of ConfigMaps 2011 type: object 2012 properties: 2013 configMapRef: 2014 description: The ConfigMap to 2015 select from 2016 type: object 2017 properties: 2018 name: 2019 description: 'Name of the 2020 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2021 TODO: Add other useful 2022 fields. apiVersion, kind, 2023 uid?' 2024 type: string 2025 optional: 2026 description: Specify whether 2027 the ConfigMap must be 2028 defined 2029 type: boolean 2030 prefix: 2031 description: An optional identifier 2032 to prepend to each key in 2033 the ConfigMap. Must be a C_IDENTIFIER. 2034 type: string 2035 secretRef: 2036 description: The Secret to select 2037 from 2038 type: object 2039 properties: 2040 name: 2041 description: 'Name of the 2042 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2043 TODO: Add other useful 2044 fields. apiVersion, kind, 2045 uid?' 2046 type: string 2047 optional: 2048 description: Specify whether 2049 the Secret must be defined 2050 type: boolean 2051 image: 2052 description: 'Docker image name. More 2053 info: https://kubernetes.io/docs/concepts/containers/images 2054 This field is optional to allow 2055 higher level config management to 2056 default or override container images 2057 in workload controllers like Deployments 2058 and StatefulSets.' 2059 type: string 2060 imagePullPolicy: 2061 description: 'Image pull policy. One 2062 of Always, Never, IfNotPresent. 2063 Defaults to Always if :latest tag 2064 is specified, or IfNotPresent otherwise. 2065 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2066 type: string 2067 lifecycle: 2068 description: Actions that the management 2069 system should take in response to 2070 container lifecycle events. Cannot 2071 be updated. 2072 type: object 2073 properties: 2074 postStart: 2075 description: 'PostStart is called 2076 immediately after a container 2077 is created. If the handler fails, 2078 the container is terminated 2079 and restarted according to its 2080 restart policy. Other management 2081 of the container blocks until 2082 the hook completes. More info: 2083 https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2084 type: object 2085 properties: 2086 exec: 2087 description: One and only 2088 one of the following should 2089 be specified. Exec specifies 2090 the action to take. 2091 type: object 2092 properties: 2093 command: 2094 description: Command is 2095 the command line to 2096 execute inside the container, 2097 the working directory 2098 for the command is 2099 root ('/') in the container's 2100 filesystem. The command 2101 is simply exec'd, it 2102 is not run inside a 2103 shell, so traditional 2104 shell instructions ('|', 2105 etc) won't work. To 2106 use a shell, you need 2107 to explicitly call out 2108 to that shell. Exit 2109 status of 0 is treated 2110 as live/healthy and 2111 non-zero is unhealthy. 2112 type: array 2113 items: 2114 type: string 2115 httpGet: 2116 description: HTTPGet specifies 2117 the http request to perform. 2118 type: object 2119 required: 2120 - port 2121 properties: 2122 host: 2123 description: Host name 2124 to connect to, defaults 2125 to the pod IP. You probably 2126 want to set "Host" in 2127 httpHeaders instead. 2128 type: string 2129 httpHeaders: 2130 description: Custom headers 2131 to set in the request. 2132 HTTP allows repeated 2133 headers. 2134 type: array 2135 items: 2136 description: HTTPHeader 2137 describes a custom 2138 header to be used 2139 in HTTP probes 2140 type: object 2141 required: 2142 - name 2143 - value 2144 properties: 2145 name: 2146 description: The 2147 header field name 2148 type: string 2149 value: 2150 description: The 2151 header field value 2152 type: string 2153 path: 2154 description: Path to access 2155 on the HTTP server. 2156 type: string 2157 port: 2158 description: Name or number 2159 of the port to access 2160 on the container. Number 2161 must be in the range 2162 1 to 65535. Name must 2163 be an IANA_SVC_NAME. 2164 anyOf: 2165 - type: integer 2166 - type: string 2167 x-kubernetes-int-or-string: true 2168 scheme: 2169 description: Scheme to 2170 use for connecting to 2171 the host. Defaults to 2172 HTTP. 2173 type: string 2174 tcpSocket: 2175 description: 'TCPSocket specifies 2176 an action involving a TCP 2177 port. TCP hooks not yet 2178 supported TODO: implement 2179 a realistic TCP lifecycle 2180 hook' 2181 type: object 2182 required: 2183 - port 2184 properties: 2185 host: 2186 description: 'Optional: 2187 Host name to connect 2188 to, defaults to the 2189 pod IP.' 2190 type: string 2191 port: 2192 description: Number or 2193 name of the port to 2194 access on the container. 2195 Number must be in the 2196 range 1 to 65535. Name 2197 must be an IANA_SVC_NAME. 2198 anyOf: 2199 - type: integer 2200 - type: string 2201 x-kubernetes-int-or-string: true 2202 preStop: 2203 description: 'PreStop is called 2204 immediately before a container 2205 is terminated due to an API 2206 request or management event 2207 such as liveness/startup probe 2208 failure, preemption, resource 2209 contention, etc. The handler 2210 is not called if the container 2211 crashes or exits. The reason 2212 for termination is passed to 2213 the handler. The Pod''s termination 2214 grace period countdown begins 2215 before the PreStop hooked is 2216 executed. Regardless of the 2217 outcome of the handler, the 2218 container will eventually terminate 2219 within the Pod''s termination 2220 grace period. Other management 2221 of the container blocks until 2222 the hook completes or until 2223 the termination grace period 2224 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2225 type: object 2226 properties: 2227 exec: 2228 description: One and only 2229 one of the following should 2230 be specified. Exec specifies 2231 the action to take. 2232 type: object 2233 properties: 2234 command: 2235 description: Command is 2236 the command line to 2237 execute inside the container, 2238 the working directory 2239 for the command is 2240 root ('/') in the container's 2241 filesystem. The command 2242 is simply exec'd, it 2243 is not run inside a 2244 shell, so traditional 2245 shell instructions ('|', 2246 etc) won't work. To 2247 use a shell, you need 2248 to explicitly call out 2249 to that shell. Exit 2250 status of 0 is treated 2251 as live/healthy and 2252 non-zero is unhealthy. 2253 type: array 2254 items: 2255 type: string 2256 httpGet: 2257 description: HTTPGet specifies 2258 the http request to perform. 2259 type: object 2260 required: 2261 - port 2262 properties: 2263 host: 2264 description: Host name 2265 to connect to, defaults 2266 to the pod IP. You probably 2267 want to set "Host" in 2268 httpHeaders instead. 2269 type: string 2270 httpHeaders: 2271 description: Custom headers 2272 to set in the request. 2273 HTTP allows repeated 2274 headers. 2275 type: array 2276 items: 2277 description: HTTPHeader 2278 describes a custom 2279 header to be used 2280 in HTTP probes 2281 type: object 2282 required: 2283 - name 2284 - value 2285 properties: 2286 name: 2287 description: The 2288 header field name 2289 type: string 2290 value: 2291 description: The 2292 header field value 2293 type: string 2294 path: 2295 description: Path to access 2296 on the HTTP server. 2297 type: string 2298 port: 2299 description: Name or number 2300 of the port to access 2301 on the container. Number 2302 must be in the range 2303 1 to 65535. Name must 2304 be an IANA_SVC_NAME. 2305 anyOf: 2306 - type: integer 2307 - type: string 2308 x-kubernetes-int-or-string: true 2309 scheme: 2310 description: Scheme to 2311 use for connecting to 2312 the host. Defaults to 2313 HTTP. 2314 type: string 2315 tcpSocket: 2316 description: 'TCPSocket specifies 2317 an action involving a TCP 2318 port. TCP hooks not yet 2319 supported TODO: implement 2320 a realistic TCP lifecycle 2321 hook' 2322 type: object 2323 required: 2324 - port 2325 properties: 2326 host: 2327 description: 'Optional: 2328 Host name to connect 2329 to, defaults to the 2330 pod IP.' 2331 type: string 2332 port: 2333 description: Number or 2334 name of the port to 2335 access on the container. 2336 Number must be in the 2337 range 1 to 65535. Name 2338 must be an IANA_SVC_NAME. 2339 anyOf: 2340 - type: integer 2341 - type: string 2342 x-kubernetes-int-or-string: true 2343 livenessProbe: 2344 description: 'Periodic probe of container 2345 liveness. Container will be restarted 2346 if the probe fails. Cannot be updated. 2347 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2348 type: object 2349 properties: 2350 exec: 2351 description: One and only one 2352 of the following should be specified. 2353 Exec specifies the action to 2354 take. 2355 type: object 2356 properties: 2357 command: 2358 description: Command is the 2359 command line to execute 2360 inside the container, the 2361 working directory for the 2362 command is root ('/') in 2363 the container's filesystem. 2364 The command is simply exec'd, 2365 it is not run inside a shell, 2366 so traditional shell instructions 2367 ('|', etc) won't work. To 2368 use a shell, you need to 2369 explicitly call out to that 2370 shell. Exit status of 0 2371 is treated as live/healthy 2372 and non-zero is unhealthy. 2373 type: array 2374 items: 2375 type: string 2376 failureThreshold: 2377 description: Minimum consecutive 2378 failures for the probe to be 2379 considered failed after having 2380 succeeded. Defaults to 3. Minimum 2381 value is 1. 2382 type: integer 2383 format: int32 2384 httpGet: 2385 description: HTTPGet specifies 2386 the http request to perform. 2387 type: object 2388 required: 2389 - port 2390 properties: 2391 host: 2392 description: Host name to 2393 connect to, defaults to 2394 the pod IP. You probably 2395 want to set "Host" in httpHeaders 2396 instead. 2397 type: string 2398 httpHeaders: 2399 description: Custom headers 2400 to set in the request. HTTP 2401 allows repeated headers. 2402 type: array 2403 items: 2404 description: HTTPHeader 2405 describes a custom header 2406 to be used in HTTP probes 2407 type: object 2408 required: 2409 - name 2410 - value 2411 properties: 2412 name: 2413 description: The header 2414 field name 2415 type: string 2416 value: 2417 description: The header 2418 field value 2419 type: string 2420 path: 2421 description: Path to access 2422 on the HTTP server. 2423 type: string 2424 port: 2425 description: Name or number 2426 of the port to access on 2427 the container. Number must 2428 be in the range 1 to 65535. 2429 Name must be an IANA_SVC_NAME. 2430 anyOf: 2431 - type: integer 2432 - type: string 2433 x-kubernetes-int-or-string: true 2434 scheme: 2435 description: Scheme to use 2436 for connecting to the host. 2437 Defaults to HTTP. 2438 type: string 2439 initialDelaySeconds: 2440 description: 'Number of seconds 2441 after the container has started 2442 before liveness probes are initiated. 2443 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2444 type: integer 2445 format: int32 2446 periodSeconds: 2447 description: How often (in seconds) 2448 to perform the probe. Default 2449 to 10 seconds. Minimum value 2450 is 1. 2451 type: integer 2452 format: int32 2453 successThreshold: 2454 description: Minimum consecutive 2455 successes for the probe to be 2456 considered successful after 2457 having failed. Defaults to 1. 2458 Must be 1 for liveness and startup. 2459 Minimum value is 1. 2460 type: integer 2461 format: int32 2462 tcpSocket: 2463 description: 'TCPSocket specifies 2464 an action involving a TCP port. 2465 TCP hooks not yet supported 2466 TODO: implement a realistic 2467 TCP lifecycle hook' 2468 type: object 2469 required: 2470 - port 2471 properties: 2472 host: 2473 description: 'Optional: Host 2474 name to connect to, defaults 2475 to the pod IP.' 2476 type: string 2477 port: 2478 description: Number or name 2479 of the port to access on 2480 the container. Number must 2481 be in the range 1 to 65535. 2482 Name must be an IANA_SVC_NAME. 2483 anyOf: 2484 - type: integer 2485 - type: string 2486 x-kubernetes-int-or-string: true 2487 timeoutSeconds: 2488 description: 'Number of seconds 2489 after which the probe times 2490 out. Defaults to 1 second. Minimum 2491 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2492 type: integer 2493 format: int32 2494 name: 2495 description: Name of the container 2496 specified as a DNS_LABEL. Each container 2497 in a pod must have a unique name 2498 (DNS_LABEL). Cannot be updated. 2499 type: string 2500 ports: 2501 description: List of ports to expose 2502 from the container. Exposing a port 2503 here gives the system additional 2504 information about the network connections 2505 a container uses, but is primarily 2506 informational. Not specifying a 2507 port here DOES NOT prevent that 2508 port from being exposed. Any port 2509 which is listening on the default 2510 "0.0.0.0" address inside a container 2511 will be accessible from the network. 2512 Cannot be updated. 2513 type: array 2514 items: 2515 description: ContainerPort represents 2516 a network port in a single container. 2517 type: object 2518 required: 2519 - containerPort 2520 properties: 2521 containerPort: 2522 description: Number of port 2523 to expose on the pod's IP 2524 address. This must be a valid 2525 port number, 0 < x < 65536. 2526 type: integer 2527 format: int32 2528 hostIP: 2529 description: What host IP to 2530 bind the external port to. 2531 type: string 2532 hostPort: 2533 description: Number of port 2534 to expose on the host. If 2535 specified, this must be a 2536 valid port number, 0 < x < 2537 65536. If HostNetwork is specified, 2538 this must match ContainerPort. 2539 Most containers do not need 2540 this. 2541 type: integer 2542 format: int32 2543 name: 2544 description: If specified, this 2545 must be an IANA_SVC_NAME and 2546 unique within the pod. Each 2547 named port in a pod must have 2548 a unique name. Name for the 2549 port that can be referred 2550 to by services. 2551 type: string 2552 protocol: 2553 description: Protocol for port. 2554 Must be UDP, TCP, or SCTP. 2555 Defaults to "TCP". 2556 type: string 2557 default: TCP 2558 x-kubernetes-list-map-keys: 2559 - containerPort 2560 - protocol 2561 x-kubernetes-list-type: map 2562 readinessProbe: 2563 description: 'Periodic probe of container 2564 service readiness. Container will 2565 be removed from service endpoints 2566 if the probe fails. Cannot be updated. 2567 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2568 type: object 2569 properties: 2570 exec: 2571 description: One and only one 2572 of the following should be specified. 2573 Exec specifies the action to 2574 take. 2575 type: object 2576 properties: 2577 command: 2578 description: Command is the 2579 command line to execute 2580 inside the container, the 2581 working directory for the 2582 command is root ('/') in 2583 the container's filesystem. 2584 The command is simply exec'd, 2585 it is not run inside a shell, 2586 so traditional shell instructions 2587 ('|', etc) won't work. To 2588 use a shell, you need to 2589 explicitly call out to that 2590 shell. Exit status of 0 2591 is treated as live/healthy 2592 and non-zero is unhealthy. 2593 type: array 2594 items: 2595 type: string 2596 failureThreshold: 2597 description: Minimum consecutive 2598 failures for the probe to be 2599 considered failed after having 2600 succeeded. Defaults to 3. Minimum 2601 value is 1. 2602 type: integer 2603 format: int32 2604 httpGet: 2605 description: HTTPGet specifies 2606 the http request to perform. 2607 type: object 2608 required: 2609 - port 2610 properties: 2611 host: 2612 description: Host name to 2613 connect to, defaults to 2614 the pod IP. You probably 2615 want to set "Host" in httpHeaders 2616 instead. 2617 type: string 2618 httpHeaders: 2619 description: Custom headers 2620 to set in the request. HTTP 2621 allows repeated headers. 2622 type: array 2623 items: 2624 description: HTTPHeader 2625 describes a custom header 2626 to be used in HTTP probes 2627 type: object 2628 required: 2629 - name 2630 - value 2631 properties: 2632 name: 2633 description: The header 2634 field name 2635 type: string 2636 value: 2637 description: The header 2638 field value 2639 type: string 2640 path: 2641 description: Path to access 2642 on the HTTP server. 2643 type: string 2644 port: 2645 description: Name or number 2646 of the port to access on 2647 the container. Number must 2648 be in the range 1 to 65535. 2649 Name must be an IANA_SVC_NAME. 2650 anyOf: 2651 - type: integer 2652 - type: string 2653 x-kubernetes-int-or-string: true 2654 scheme: 2655 description: Scheme to use 2656 for connecting to the host. 2657 Defaults to HTTP. 2658 type: string 2659 initialDelaySeconds: 2660 description: 'Number of seconds 2661 after the container has started 2662 before liveness probes are initiated. 2663 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2664 type: integer 2665 format: int32 2666 periodSeconds: 2667 description: How often (in seconds) 2668 to perform the probe. Default 2669 to 10 seconds. Minimum value 2670 is 1. 2671 type: integer 2672 format: int32 2673 successThreshold: 2674 description: Minimum consecutive 2675 successes for the probe to be 2676 considered successful after 2677 having failed. Defaults to 1. 2678 Must be 1 for liveness and startup. 2679 Minimum value is 1. 2680 type: integer 2681 format: int32 2682 tcpSocket: 2683 description: 'TCPSocket specifies 2684 an action involving a TCP port. 2685 TCP hooks not yet supported 2686 TODO: implement a realistic 2687 TCP lifecycle hook' 2688 type: object 2689 required: 2690 - port 2691 properties: 2692 host: 2693 description: 'Optional: Host 2694 name to connect to, defaults 2695 to the pod IP.' 2696 type: string 2697 port: 2698 description: Number or name 2699 of the port to access on 2700 the container. Number must 2701 be in the range 1 to 65535. 2702 Name must be an IANA_SVC_NAME. 2703 anyOf: 2704 - type: integer 2705 - type: string 2706 x-kubernetes-int-or-string: true 2707 timeoutSeconds: 2708 description: 'Number of seconds 2709 after which the probe times 2710 out. Defaults to 1 second. Minimum 2711 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2712 type: integer 2713 format: int32 2714 resources: 2715 description: 'Compute Resources required 2716 by this container. Cannot be updated. 2717 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2718 type: object 2719 properties: 2720 limits: 2721 description: 'Limits describes 2722 the maximum amount of compute 2723 resources allowed. More info: 2724 https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2725 type: object 2726 additionalProperties: 2727 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2728 anyOf: 2729 - type: integer 2730 - type: string 2731 x-kubernetes-int-or-string: true 2732 requests: 2733 description: 'Requests describes 2734 the minimum amount of compute 2735 resources required. If Requests 2736 is omitted for a container, 2737 it defaults to Limits if that 2738 is explicitly specified, otherwise 2739 to an implementation-defined 2740 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2741 type: object 2742 additionalProperties: 2743 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2744 anyOf: 2745 - type: integer 2746 - type: string 2747 x-kubernetes-int-or-string: true 2748 securityContext: 2749 description: 'Security options the 2750 pod should run with. More info: 2751 https://kubernetes.io/docs/concepts/policy/security-context/ 2752 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2753 type: object 2754 properties: 2755 allowPrivilegeEscalation: 2756 description: 'AllowPrivilegeEscalation 2757 controls whether a process can 2758 gain more privileges than its 2759 parent process. This bool directly 2760 controls if the no_new_privs 2761 flag will be set on the container 2762 process. AllowPrivilegeEscalation 2763 is true always when the container 2764 is: 1) run as Privileged 2) 2765 has CAP_SYS_ADMIN' 2766 type: boolean 2767 capabilities: 2768 description: The capabilities 2769 to add/drop when running containers. 2770 Defaults to the default set 2771 of capabilities granted by the 2772 container runtime. 2773 type: object 2774 properties: 2775 add: 2776 description: Added capabilities 2777 type: array 2778 items: 2779 description: Capability 2780 represent POSIX capabilities 2781 type 2782 type: string 2783 drop: 2784 description: Removed capabilities 2785 type: array 2786 items: 2787 description: Capability 2788 represent POSIX capabilities 2789 type 2790 type: string 2791 privileged: 2792 description: Run container in 2793 privileged mode. Processes in 2794 privileged containers are essentially 2795 equivalent to root on the host. 2796 Defaults to false. 2797 type: boolean 2798 procMount: 2799 description: procMount denotes 2800 the type of proc mount to use 2801 for the containers. The default 2802 is DefaultProcMount which uses 2803 the container runtime defaults 2804 for readonly paths and masked 2805 paths. This requires the ProcMountType 2806 feature flag to be enabled. 2807 type: string 2808 readOnlyRootFilesystem: 2809 description: Whether this container 2810 has a read-only root filesystem. 2811 Default is false. 2812 type: boolean 2813 runAsGroup: 2814 description: The GID to run the 2815 entrypoint of the container 2816 process. Uses runtime default 2817 if unset. May also be set in 2818 PodSecurityContext. If set 2819 in both SecurityContext and 2820 PodSecurityContext, the value 2821 specified in SecurityContext 2822 takes precedence. 2823 type: integer 2824 format: int64 2825 runAsNonRoot: 2826 description: Indicates that the 2827 container must run as a non-root 2828 user. If true, the Kubelet will 2829 validate the image at runtime 2830 to ensure that it does not run 2831 as UID 0 (root) and fail to 2832 start the container if it does. 2833 If unset or false, no such validation 2834 will be performed. May also 2835 be set in PodSecurityContext. If 2836 set in both SecurityContext 2837 and PodSecurityContext, the 2838 value specified in SecurityContext 2839 takes precedence. 2840 type: boolean 2841 runAsUser: 2842 description: The UID to run the 2843 entrypoint of the container 2844 process. Defaults to user specified 2845 in image metadata if unspecified. 2846 May also be set in PodSecurityContext. If 2847 set in both SecurityContext 2848 and PodSecurityContext, the 2849 value specified in SecurityContext 2850 takes precedence. 2851 type: integer 2852 format: int64 2853 seLinuxOptions: 2854 description: The SELinux context 2855 to be applied to the container. 2856 If unspecified, the container 2857 runtime will allocate a random 2858 SELinux context for each container. May 2859 also be set in PodSecurityContext. If 2860 set in both SecurityContext 2861 and PodSecurityContext, the 2862 value specified in SecurityContext 2863 takes precedence. 2864 type: object 2865 properties: 2866 level: 2867 description: Level is SELinux 2868 level label that applies 2869 to the container. 2870 type: string 2871 role: 2872 description: Role is a SELinux 2873 role label that applies 2874 to the container. 2875 type: string 2876 type: 2877 description: Type is a SELinux 2878 type label that applies 2879 to the container. 2880 type: string 2881 user: 2882 description: User is a SELinux 2883 user label that applies 2884 to the container. 2885 type: string 2886 windowsOptions: 2887 description: The Windows specific 2888 settings applied to all containers. 2889 If unspecified, the options 2890 from the PodSecurityContext 2891 will be used. If set in both 2892 SecurityContext and PodSecurityContext, 2893 the value specified in SecurityContext 2894 takes precedence. 2895 type: object 2896 properties: 2897 gmsaCredentialSpec: 2898 description: GMSACredentialSpec 2899 is where the GMSA admission 2900 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2901 inlines the contents of 2902 the GMSA credential spec 2903 named by the GMSACredentialSpecName 2904 field. 2905 type: string 2906 gmsaCredentialSpecName: 2907 description: GMSACredentialSpecName 2908 is the name of the GMSA 2909 credential spec to use. 2910 type: string 2911 runAsUserName: 2912 description: The UserName 2913 in Windows to run the entrypoint 2914 of the container process. 2915 Defaults to the user specified 2916 in image metadata if unspecified. 2917 May also be set in PodSecurityContext. 2918 If set in both SecurityContext 2919 and PodSecurityContext, 2920 the value specified in SecurityContext 2921 takes precedence. 2922 type: string 2923 startupProbe: 2924 description: 'StartupProbe indicates 2925 that the Pod has successfully initialized. 2926 If specified, no other probes are 2927 executed until this completes successfully. 2928 If this probe fails, the Pod will 2929 be restarted, just as if the livenessProbe 2930 failed. This can be used to provide 2931 different probe parameters at the 2932 beginning of a Pod''s lifecycle, 2933 when it might take a long time to 2934 load data or warm a cache, than 2935 during steady-state operation. This 2936 cannot be updated. This is a beta 2937 feature enabled by the StartupProbe 2938 feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2939 type: object 2940 properties: 2941 exec: 2942 description: One and only one 2943 of the following should be specified. 2944 Exec specifies the action to 2945 take. 2946 type: object 2947 properties: 2948 command: 2949 description: Command is the 2950 command line to execute 2951 inside the container, the 2952 working directory for the 2953 command is root ('/') in 2954 the container's filesystem. 2955 The command is simply exec'd, 2956 it is not run inside a shell, 2957 so traditional shell instructions 2958 ('|', etc) won't work. To 2959 use a shell, you need to 2960 explicitly call out to that 2961 shell. Exit status of 0 2962 is treated as live/healthy 2963 and non-zero is unhealthy. 2964 type: array 2965 items: 2966 type: string 2967 failureThreshold: 2968 description: Minimum consecutive 2969 failures for the probe to be 2970 considered failed after having 2971 succeeded. Defaults to 3. Minimum 2972 value is 1. 2973 type: integer 2974 format: int32 2975 httpGet: 2976 description: HTTPGet specifies 2977 the http request to perform. 2978 type: object 2979 required: 2980 - port 2981 properties: 2982 host: 2983 description: Host name to 2984 connect to, defaults to 2985 the pod IP. You probably 2986 want to set "Host" in httpHeaders 2987 instead. 2988 type: string 2989 httpHeaders: 2990 description: Custom headers 2991 to set in the request. HTTP 2992 allows repeated headers. 2993 type: array 2994 items: 2995 description: HTTPHeader 2996 describes a custom header 2997 to be used in HTTP probes 2998 type: object 2999 required: 3000 - name 3001 - value 3002 properties: 3003 name: 3004 description: The header 3005 field name 3006 type: string 3007 value: 3008 description: The header 3009 field value 3010 type: string 3011 path: 3012 description: Path to access 3013 on the HTTP server. 3014 type: string 3015 port: 3016 description: Name or number 3017 of the port to access on 3018 the container. Number must 3019 be in the range 1 to 65535. 3020 Name must be an IANA_SVC_NAME. 3021 anyOf: 3022 - type: integer 3023 - type: string 3024 x-kubernetes-int-or-string: true 3025 scheme: 3026 description: Scheme to use 3027 for connecting to the host. 3028 Defaults to HTTP. 3029 type: string 3030 initialDelaySeconds: 3031 description: 'Number of seconds 3032 after the container has started 3033 before liveness probes are initiated. 3034 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3035 type: integer 3036 format: int32 3037 periodSeconds: 3038 description: How often (in seconds) 3039 to perform the probe. Default 3040 to 10 seconds. Minimum value 3041 is 1. 3042 type: integer 3043 format: int32 3044 successThreshold: 3045 description: Minimum consecutive 3046 successes for the probe to be 3047 considered successful after 3048 having failed. Defaults to 1. 3049 Must be 1 for liveness and startup. 3050 Minimum value is 1. 3051 type: integer 3052 format: int32 3053 tcpSocket: 3054 description: 'TCPSocket specifies 3055 an action involving a TCP port. 3056 TCP hooks not yet supported 3057 TODO: implement a realistic 3058 TCP lifecycle hook' 3059 type: object 3060 required: 3061 - port 3062 properties: 3063 host: 3064 description: 'Optional: Host 3065 name to connect to, defaults 3066 to the pod IP.' 3067 type: string 3068 port: 3069 description: Number or name 3070 of the port to access on 3071 the container. Number must 3072 be in the range 1 to 65535. 3073 Name must be an IANA_SVC_NAME. 3074 anyOf: 3075 - type: integer 3076 - type: string 3077 x-kubernetes-int-or-string: true 3078 timeoutSeconds: 3079 description: 'Number of seconds 3080 after which the probe times 3081 out. Defaults to 1 second. Minimum 3082 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3083 type: integer 3084 format: int32 3085 stdin: 3086 description: Whether this container 3087 should allocate a buffer for stdin 3088 in the container runtime. If this 3089 is not set, reads from stdin in 3090 the container will always result 3091 in EOF. Default is false. 3092 type: boolean 3093 stdinOnce: 3094 description: Whether the container 3095 runtime should close the stdin channel 3096 after it has been opened by a single 3097 attach. When stdin is true the stdin 3098 stream will remain open across multiple 3099 attach sessions. If stdinOnce is 3100 set to true, stdin is opened on 3101 container start, is empty until 3102 the first client attaches to stdin, 3103 and then remains open and accepts 3104 data until the client disconnects, 3105 at which time stdin is closed and 3106 remains closed until the container 3107 is restarted. If this flag is false, 3108 a container processes that reads 3109 from stdin will never receive an 3110 EOF. Default is false 3111 type: boolean 3112 terminationMessagePath: 3113 description: 'Optional: Path at which 3114 the file to which the container''s 3115 termination message will be written 3116 is mounted into the container''s 3117 filesystem. Message written is intended 3118 to be brief final status, such as 3119 an assertion failure message. Will 3120 be truncated by the node if greater 3121 than 4096 bytes. The total message 3122 length across all containers will 3123 be limited to 12kb. Defaults to 3124 /dev/termination-log. Cannot be 3125 updated.' 3126 type: string 3127 terminationMessagePolicy: 3128 description: Indicate how the termination 3129 message should be populated. File 3130 will use the contents of terminationMessagePath 3131 to populate the container status 3132 message on both success and failure. 3133 FallbackToLogsOnError will use the 3134 last chunk of container log output 3135 if the termination message file 3136 is empty and the container exited 3137 with an error. The log output is 3138 limited to 2048 bytes or 80 lines, 3139 whichever is smaller. Defaults to 3140 File. Cannot be updated. 3141 type: string 3142 tty: 3143 description: Whether this container 3144 should allocate a TTY for itself, 3145 also requires 'stdin' to be true. 3146 Default is false. 3147 type: boolean 3148 volumeDevices: 3149 description: volumeDevices is the 3150 list of block devices to be used 3151 by the container. 3152 type: array 3153 items: 3154 description: volumeDevice describes 3155 a mapping of a raw block device 3156 within a container. 3157 type: object 3158 required: 3159 - devicePath 3160 - name 3161 properties: 3162 devicePath: 3163 description: devicePath is the 3164 path inside of the container 3165 that the device will be mapped 3166 to. 3167 type: string 3168 name: 3169 description: name must match 3170 the name of a persistentVolumeClaim 3171 in the pod 3172 type: string 3173 volumeMounts: 3174 description: Pod volumes to mount 3175 into the container's filesystem. 3176 Cannot be updated. 3177 type: array 3178 items: 3179 description: VolumeMount describes 3180 a mounting of a Volume within 3181 a container. 3182 type: object 3183 required: 3184 - mountPath 3185 - name 3186 properties: 3187 mountPath: 3188 description: Path within the 3189 container at which the volume 3190 should be mounted. Must not 3191 contain ':'. 3192 type: string 3193 mountPropagation: 3194 description: mountPropagation 3195 determines how mounts are 3196 propagated from the host to 3197 container and the other way 3198 around. When not set, MountPropagationNone 3199 is used. This field is beta 3200 in 1.10. 3201 type: string 3202 name: 3203 description: This must match 3204 the Name of a Volume. 3205 type: string 3206 readOnly: 3207 description: Mounted read-only 3208 if true, read-write otherwise 3209 (false or unspecified). Defaults 3210 to false. 3211 type: boolean 3212 subPath: 3213 description: Path within the 3214 volume from which the container's 3215 volume should be mounted. 3216 Defaults to "" (volume's root). 3217 type: string 3218 subPathExpr: 3219 description: Expanded path within 3220 the volume from which the 3221 container's volume should 3222 be mounted. Behaves similarly 3223 to SubPath but environment 3224 variable references $(VAR_NAME) 3225 are expanded using the container's 3226 environment. Defaults to "" 3227 (volume's root). SubPathExpr 3228 and SubPath are mutually exclusive. 3229 type: string 3230 workingDir: 3231 description: Container's working directory. 3232 If not specified, the container 3233 runtime's default will be used, 3234 which might be configured in the 3235 container image. Cannot be updated. 3236 type: string 3237 dnsConfig: 3238 description: Specifies the DNS parameters 3239 of a pod. Parameters specified here will 3240 be merged to the generated DNS configuration 3241 based on DNSPolicy. 3242 type: object 3243 properties: 3244 nameservers: 3245 description: A list of DNS name server 3246 IP addresses. This will be appended 3247 to the base nameservers generated 3248 from DNSPolicy. Duplicated nameservers 3249 will be removed. 3250 type: array 3251 items: 3252 type: string 3253 options: 3254 description: A list of DNS resolver 3255 options. This will be merged with 3256 the base options generated from DNSPolicy. 3257 Duplicated entries will be removed. 3258 Resolution options given in Options 3259 will override those that appear in 3260 the base DNSPolicy. 3261 type: array 3262 items: 3263 description: PodDNSConfigOption defines 3264 DNS resolver options of a pod. 3265 type: object 3266 properties: 3267 name: 3268 description: Required. 3269 type: string 3270 value: 3271 type: string 3272 searches: 3273 description: A list of DNS search domains 3274 for host-name lookup. This will be 3275 appended to the base search paths 3276 generated from DNSPolicy. Duplicated 3277 search paths will be removed. 3278 type: array 3279 items: 3280 type: string 3281 dnsPolicy: 3282 description: Set DNS policy for the pod. 3283 Defaults to "ClusterFirst". Valid values 3284 are 'ClusterFirstWithHostNet', 'ClusterFirst', 3285 'Default' or 'None'. DNS parameters given 3286 in DNSConfig will be merged with the policy 3287 selected with DNSPolicy. To have DNS options 3288 set along with hostNetwork, you have to 3289 specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 3290 type: string 3291 enableServiceLinks: 3292 description: 'EnableServiceLinks indicates 3293 whether information about services should 3294 be injected into pod''s environment variables, 3295 matching the syntax of Docker links. Optional: 3296 Defaults to true.' 3297 type: boolean 3298 ephemeralContainers: 3299 description: List of ephemeral containers 3300 run in this pod. Ephemeral containers 3301 may be run in an existing pod to perform 3302 user-initiated actions such as debugging. 3303 This list cannot be specified when creating 3304 a pod, and it cannot be modified by updating 3305 the pod spec. In order to add an ephemeral 3306 container to an existing pod, use the 3307 pod's ephemeralcontainers subresource. 3308 This field is alpha-level and is only 3309 honored by servers that enable the EphemeralContainers 3310 feature. 3311 type: array 3312 items: 3313 description: An EphemeralContainer is 3314 a container that may be added temporarily 3315 to an existing pod for user-initiated 3316 activities such as debugging. Ephemeral 3317 containers have no resource or scheduling 3318 guarantees, and they will not be restarted 3319 when they exit or when a pod is removed 3320 or restarted. If an ephemeral container 3321 causes a pod to exceed its resource 3322 allocation, the pod may be evicted. 3323 Ephemeral containers may not be added 3324 by directly updating the pod spec. They 3325 must be added via the pod's ephemeralcontainers 3326 subresource, and they will appear in 3327 the pod spec once added. This is an 3328 alpha feature enabled by the EphemeralContainers 3329 feature flag. 3330 type: object 3331 required: 3332 - name 3333 properties: 3334 args: 3335 description: 'Arguments to the entrypoint. 3336 The docker image''s CMD is used 3337 if this is not provided. Variable 3338 references $(VAR_NAME) are expanded 3339 using the container''s environment. 3340 If a variable cannot be resolved, 3341 the reference in the input string 3342 will be unchanged. The $(VAR_NAME) 3343 syntax can be escaped with a double 3344 $$, ie: $$(VAR_NAME). Escaped references 3345 will never be expanded, regardless 3346 of whether the variable exists or 3347 not. Cannot be updated. More info: 3348 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 3349 type: array 3350 items: 3351 type: string 3352 command: 3353 description: 'Entrypoint array. Not 3354 executed within a shell. The docker 3355 image''s ENTRYPOINT is used if this 3356 is not provided. Variable references 3357 $(VAR_NAME) are expanded using the 3358 container''s environment. If a variable 3359 cannot be resolved, the reference 3360 in the input string will be unchanged. 3361 The $(VAR_NAME) syntax can be escaped 3362 with a double $$, ie: $$(VAR_NAME). 3363 Escaped references will never be 3364 expanded, regardless of whether 3365 the variable exists or not. Cannot 3366 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 3367 type: array 3368 items: 3369 type: string 3370 env: 3371 description: List of environment variables 3372 to set in the container. Cannot 3373 be updated. 3374 type: array 3375 items: 3376 description: EnvVar represents an 3377 environment variable present in 3378 a Container. 3379 type: object 3380 required: 3381 - name 3382 properties: 3383 name: 3384 description: Name of the environment 3385 variable. Must be a C_IDENTIFIER. 3386 type: string 3387 value: 3388 description: 'Variable references 3389 $(VAR_NAME) are expanded using 3390 the previous defined environment 3391 variables in the container 3392 and any service environment 3393 variables. If a variable cannot 3394 be resolved, the reference 3395 in the input string will be 3396 unchanged. The $(VAR_NAME) 3397 syntax can be escaped with 3398 a double $$, ie: $$(VAR_NAME). 3399 Escaped references will never 3400 be expanded, regardless of 3401 whether the variable exists 3402 or not. Defaults to "".' 3403 type: string 3404 valueFrom: 3405 description: Source for the 3406 environment variable's value. 3407 Cannot be used if value is 3408 not empty. 3409 type: object 3410 properties: 3411 configMapKeyRef: 3412 description: Selects a key 3413 of a ConfigMap. 3414 type: object 3415 required: 3416 - key 3417 properties: 3418 key: 3419 description: The key 3420 to select. 3421 type: string 3422 name: 3423 description: 'Name of 3424 the referent. More 3425 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3426 TODO: Add other useful 3427 fields. apiVersion, 3428 kind, uid?' 3429 type: string 3430 optional: 3431 description: Specify 3432 whether the ConfigMap 3433 or its key must be 3434 defined 3435 type: boolean 3436 fieldRef: 3437 description: 'Selects a 3438 field of the pod: supports 3439 metadata.name, metadata.namespace, 3440 metadata.labels, metadata.annotations, 3441 spec.nodeName, spec.serviceAccountName, 3442 status.hostIP, status.podIP, 3443 status.podIPs.' 3444 type: object 3445 required: 3446 - fieldPath 3447 properties: 3448 apiVersion: 3449 description: Version 3450 of the schema the 3451 FieldPath is written 3452 in terms of, defaults 3453 to "v1". 3454 type: string 3455 fieldPath: 3456 description: Path of 3457 the field to select 3458 in the specified API 3459 version. 3460 type: string 3461 resourceFieldRef: 3462 description: 'Selects a 3463 resource of the container: 3464 only resources limits 3465 and requests (limits.cpu, 3466 limits.memory, limits.ephemeral-storage, 3467 requests.cpu, requests.memory 3468 and requests.ephemeral-storage) 3469 are currently supported.' 3470 type: object 3471 required: 3472 - resource 3473 properties: 3474 containerName: 3475 description: 'Container 3476 name: required for 3477 volumes, optional 3478 for env vars' 3479 type: string 3480 divisor: 3481 description: Specifies 3482 the output format 3483 of the exposed resources, 3484 defaults to "1" 3485 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3486 anyOf: 3487 - type: integer 3488 - type: string 3489 x-kubernetes-int-or-string: true 3490 resource: 3491 description: 'Required: 3492 resource to select' 3493 type: string 3494 secretKeyRef: 3495 description: Selects a key 3496 of a secret in the pod's 3497 namespace 3498 type: object 3499 required: 3500 - key 3501 properties: 3502 key: 3503 description: The key 3504 of the secret to select 3505 from. Must be a valid 3506 secret key. 3507 type: string 3508 name: 3509 description: 'Name of 3510 the referent. More 3511 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3512 TODO: Add other useful 3513 fields. apiVersion, 3514 kind, uid?' 3515 type: string 3516 optional: 3517 description: Specify 3518 whether the Secret 3519 or its key must be 3520 defined 3521 type: boolean 3522 envFrom: 3523 description: List of sources to populate 3524 environment variables in the container. 3525 The keys defined within a source 3526 must be a C_IDENTIFIER. All invalid 3527 keys will be reported as an event 3528 when the container is starting. 3529 When a key exists in multiple sources, 3530 the value associated with the last 3531 source will take precedence. Values 3532 defined by an Env with a duplicate 3533 key will take precedence. Cannot 3534 be updated. 3535 type: array 3536 items: 3537 description: EnvFromSource represents 3538 the source of a set of ConfigMaps 3539 type: object 3540 properties: 3541 configMapRef: 3542 description: The ConfigMap to 3543 select from 3544 type: object 3545 properties: 3546 name: 3547 description: 'Name of the 3548 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3549 TODO: Add other useful 3550 fields. apiVersion, kind, 3551 uid?' 3552 type: string 3553 optional: 3554 description: Specify whether 3555 the ConfigMap must be 3556 defined 3557 type: boolean 3558 prefix: 3559 description: An optional identifier 3560 to prepend to each key in 3561 the ConfigMap. Must be a C_IDENTIFIER. 3562 type: string 3563 secretRef: 3564 description: The Secret to select 3565 from 3566 type: object 3567 properties: 3568 name: 3569 description: 'Name of the 3570 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3571 TODO: Add other useful 3572 fields. apiVersion, kind, 3573 uid?' 3574 type: string 3575 optional: 3576 description: Specify whether 3577 the Secret must be defined 3578 type: boolean 3579 image: 3580 description: 'Docker image name. More 3581 info: https://kubernetes.io/docs/concepts/containers/images' 3582 type: string 3583 imagePullPolicy: 3584 description: 'Image pull policy. One 3585 of Always, Never, IfNotPresent. 3586 Defaults to Always if :latest tag 3587 is specified, or IfNotPresent otherwise. 3588 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 3589 type: string 3590 lifecycle: 3591 description: Lifecycle is not allowed 3592 for ephemeral containers. 3593 type: object 3594 properties: 3595 postStart: 3596 description: 'PostStart is called 3597 immediately after a container 3598 is created. If the handler fails, 3599 the container is terminated 3600 and restarted according to its 3601 restart policy. Other management 3602 of the container blocks until 3603 the hook completes. More info: 3604 https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3605 type: object 3606 properties: 3607 exec: 3608 description: One and only 3609 one of the following should 3610 be specified. Exec specifies 3611 the action to take. 3612 type: object 3613 properties: 3614 command: 3615 description: Command is 3616 the command line to 3617 execute inside the container, 3618 the working directory 3619 for the command is 3620 root ('/') in the container's 3621 filesystem. The command 3622 is simply exec'd, it 3623 is not run inside a 3624 shell, so traditional 3625 shell instructions ('|', 3626 etc) won't work. To 3627 use a shell, you need 3628 to explicitly call out 3629 to that shell. Exit 3630 status of 0 is treated 3631 as live/healthy and 3632 non-zero is unhealthy. 3633 type: array 3634 items: 3635 type: string 3636 httpGet: 3637 description: HTTPGet specifies 3638 the http request to perform. 3639 type: object 3640 required: 3641 - port 3642 properties: 3643 host: 3644 description: Host name 3645 to connect to, defaults 3646 to the pod IP. You probably 3647 want to set "Host" in 3648 httpHeaders instead. 3649 type: string 3650 httpHeaders: 3651 description: Custom headers 3652 to set in the request. 3653 HTTP allows repeated 3654 headers. 3655 type: array 3656 items: 3657 description: HTTPHeader 3658 describes a custom 3659 header to be used 3660 in HTTP probes 3661 type: object 3662 required: 3663 - name 3664 - value 3665 properties: 3666 name: 3667 description: The 3668 header field name 3669 type: string 3670 value: 3671 description: The 3672 header field value 3673 type: string 3674 path: 3675 description: Path to access 3676 on the HTTP server. 3677 type: string 3678 port: 3679 description: Name or number 3680 of the port to access 3681 on the container. Number 3682 must be in the range 3683 1 to 65535. Name must 3684 be an IANA_SVC_NAME. 3685 anyOf: 3686 - type: integer 3687 - type: string 3688 x-kubernetes-int-or-string: true 3689 scheme: 3690 description: Scheme to 3691 use for connecting to 3692 the host. Defaults to 3693 HTTP. 3694 type: string 3695 tcpSocket: 3696 description: 'TCPSocket specifies 3697 an action involving a TCP 3698 port. TCP hooks not yet 3699 supported TODO: implement 3700 a realistic TCP lifecycle 3701 hook' 3702 type: object 3703 required: 3704 - port 3705 properties: 3706 host: 3707 description: 'Optional: 3708 Host name to connect 3709 to, defaults to the 3710 pod IP.' 3711 type: string 3712 port: 3713 description: Number or 3714 name of the port to 3715 access on the container. 3716 Number must be in the 3717 range 1 to 65535. Name 3718 must be an IANA_SVC_NAME. 3719 anyOf: 3720 - type: integer 3721 - type: string 3722 x-kubernetes-int-or-string: true 3723 preStop: 3724 description: 'PreStop is called 3725 immediately before a container 3726 is terminated due to an API 3727 request or management event 3728 such as liveness/startup probe 3729 failure, preemption, resource 3730 contention, etc. The handler 3731 is not called if the container 3732 crashes or exits. The reason 3733 for termination is passed to 3734 the handler. The Pod''s termination 3735 grace period countdown begins 3736 before the PreStop hooked is 3737 executed. Regardless of the 3738 outcome of the handler, the 3739 container will eventually terminate 3740 within the Pod''s termination 3741 grace period. Other management 3742 of the container blocks until 3743 the hook completes or until 3744 the termination grace period 3745 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3746 type: object 3747 properties: 3748 exec: 3749 description: One and only 3750 one of the following should 3751 be specified. Exec specifies 3752 the action to take. 3753 type: object 3754 properties: 3755 command: 3756 description: Command is 3757 the command line to 3758 execute inside the container, 3759 the working directory 3760 for the command is 3761 root ('/') in the container's 3762 filesystem. The command 3763 is simply exec'd, it 3764 is not run inside a 3765 shell, so traditional 3766 shell instructions ('|', 3767 etc) won't work. To 3768 use a shell, you need 3769 to explicitly call out 3770 to that shell. Exit 3771 status of 0 is treated 3772 as live/healthy and 3773 non-zero is unhealthy. 3774 type: array 3775 items: 3776 type: string 3777 httpGet: 3778 description: HTTPGet specifies 3779 the http request to perform. 3780 type: object 3781 required: 3782 - port 3783 properties: 3784 host: 3785 description: Host name 3786 to connect to, defaults 3787 to the pod IP. You probably 3788 want to set "Host" in 3789 httpHeaders instead. 3790 type: string 3791 httpHeaders: 3792 description: Custom headers 3793 to set in the request. 3794 HTTP allows repeated 3795 headers. 3796 type: array 3797 items: 3798 description: HTTPHeader 3799 describes a custom 3800 header to be used 3801 in HTTP probes 3802 type: object 3803 required: 3804 - name 3805 - value 3806 properties: 3807 name: 3808 description: The 3809 header field name 3810 type: string 3811 value: 3812 description: The 3813 header field value 3814 type: string 3815 path: 3816 description: Path to access 3817 on the HTTP server. 3818 type: string 3819 port: 3820 description: Name or number 3821 of the port to access 3822 on the container. Number 3823 must be in the range 3824 1 to 65535. Name must 3825 be an IANA_SVC_NAME. 3826 anyOf: 3827 - type: integer 3828 - type: string 3829 x-kubernetes-int-or-string: true 3830 scheme: 3831 description: Scheme to 3832 use for connecting to 3833 the host. Defaults to 3834 HTTP. 3835 type: string 3836 tcpSocket: 3837 description: 'TCPSocket specifies 3838 an action involving a TCP 3839 port. TCP hooks not yet 3840 supported TODO: implement 3841 a realistic TCP lifecycle 3842 hook' 3843 type: object 3844 required: 3845 - port 3846 properties: 3847 host: 3848 description: 'Optional: 3849 Host name to connect 3850 to, defaults to the 3851 pod IP.' 3852 type: string 3853 port: 3854 description: Number or 3855 name of the port to 3856 access on the container. 3857 Number must be in the 3858 range 1 to 65535. Name 3859 must be an IANA_SVC_NAME. 3860 anyOf: 3861 - type: integer 3862 - type: string 3863 x-kubernetes-int-or-string: true 3864 livenessProbe: 3865 description: Probes are not allowed 3866 for ephemeral containers. 3867 type: object 3868 properties: 3869 exec: 3870 description: One and only one 3871 of the following should be specified. 3872 Exec specifies the action to 3873 take. 3874 type: object 3875 properties: 3876 command: 3877 description: Command is the 3878 command line to execute 3879 inside the container, the 3880 working directory for the 3881 command is root ('/') in 3882 the container's filesystem. 3883 The command is simply exec'd, 3884 it is not run inside a shell, 3885 so traditional shell instructions 3886 ('|', etc) won't work. To 3887 use a shell, you need to 3888 explicitly call out to that 3889 shell. Exit status of 0 3890 is treated as live/healthy 3891 and non-zero is unhealthy. 3892 type: array 3893 items: 3894 type: string 3895 failureThreshold: 3896 description: Minimum consecutive 3897 failures for the probe to be 3898 considered failed after having 3899 succeeded. Defaults to 3. Minimum 3900 value is 1. 3901 type: integer 3902 format: int32 3903 httpGet: 3904 description: HTTPGet specifies 3905 the http request to perform. 3906 type: object 3907 required: 3908 - port 3909 properties: 3910 host: 3911 description: Host name to 3912 connect to, defaults to 3913 the pod IP. You probably 3914 want to set "Host" in httpHeaders 3915 instead. 3916 type: string 3917 httpHeaders: 3918 description: Custom headers 3919 to set in the request. HTTP 3920 allows repeated headers. 3921 type: array 3922 items: 3923 description: HTTPHeader 3924 describes a custom header 3925 to be used in HTTP probes 3926 type: object 3927 required: 3928 - name 3929 - value 3930 properties: 3931 name: 3932 description: The header 3933 field name 3934 type: string 3935 value: 3936 description: The header 3937 field value 3938 type: string 3939 path: 3940 description: Path to access 3941 on the HTTP server. 3942 type: string 3943 port: 3944 description: Name or number 3945 of the port to access on 3946 the container. Number must 3947 be in the range 1 to 65535. 3948 Name must be an IANA_SVC_NAME. 3949 anyOf: 3950 - type: integer 3951 - type: string 3952 x-kubernetes-int-or-string: true 3953 scheme: 3954 description: Scheme to use 3955 for connecting to the host. 3956 Defaults to HTTP. 3957 type: string 3958 initialDelaySeconds: 3959 description: 'Number of seconds 3960 after the container has started 3961 before liveness probes are initiated. 3962 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3963 type: integer 3964 format: int32 3965 periodSeconds: 3966 description: How often (in seconds) 3967 to perform the probe. Default 3968 to 10 seconds. Minimum value 3969 is 1. 3970 type: integer 3971 format: int32 3972 successThreshold: 3973 description: Minimum consecutive 3974 successes for the probe to be 3975 considered successful after 3976 having failed. Defaults to 1. 3977 Must be 1 for liveness and startup. 3978 Minimum value is 1. 3979 type: integer 3980 format: int32 3981 tcpSocket: 3982 description: 'TCPSocket specifies 3983 an action involving a TCP port. 3984 TCP hooks not yet supported 3985 TODO: implement a realistic 3986 TCP lifecycle hook' 3987 type: object 3988 required: 3989 - port 3990 properties: 3991 host: 3992 description: 'Optional: Host 3993 name to connect to, defaults 3994 to the pod IP.' 3995 type: string 3996 port: 3997 description: Number or name 3998 of the port to access on 3999 the container. Number must 4000 be in the range 1 to 65535. 4001 Name must be an IANA_SVC_NAME. 4002 anyOf: 4003 - type: integer 4004 - type: string 4005 x-kubernetes-int-or-string: true 4006 timeoutSeconds: 4007 description: 'Number of seconds 4008 after which the probe times 4009 out. Defaults to 1 second. Minimum 4010 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4011 type: integer 4012 format: int32 4013 name: 4014 description: Name of the ephemeral 4015 container specified as a DNS_LABEL. 4016 This name must be unique among all 4017 containers, init containers and 4018 ephemeral containers. 4019 type: string 4020 ports: 4021 description: Ports are not allowed 4022 for ephemeral containers. 4023 type: array 4024 items: 4025 description: ContainerPort represents 4026 a network port in a single container. 4027 type: object 4028 required: 4029 - containerPort 4030 properties: 4031 containerPort: 4032 description: Number of port 4033 to expose on the pod's IP 4034 address. This must be a valid 4035 port number, 0 < x < 65536. 4036 type: integer 4037 format: int32 4038 hostIP: 4039 description: What host IP to 4040 bind the external port to. 4041 type: string 4042 hostPort: 4043 description: Number of port 4044 to expose on the host. If 4045 specified, this must be a 4046 valid port number, 0 < x < 4047 65536. If HostNetwork is specified, 4048 this must match ContainerPort. 4049 Most containers do not need 4050 this. 4051 type: integer 4052 format: int32 4053 name: 4054 description: If specified, this 4055 must be an IANA_SVC_NAME and 4056 unique within the pod. Each 4057 named port in a pod must have 4058 a unique name. Name for the 4059 port that can be referred 4060 to by services. 4061 type: string 4062 protocol: 4063 description: Protocol for port. 4064 Must be UDP, TCP, or SCTP. 4065 Defaults to "TCP". 4066 type: string 4067 readinessProbe: 4068 description: Probes are not allowed 4069 for ephemeral containers. 4070 type: object 4071 properties: 4072 exec: 4073 description: One and only one 4074 of the following should be specified. 4075 Exec specifies the action to 4076 take. 4077 type: object 4078 properties: 4079 command: 4080 description: Command is the 4081 command line to execute 4082 inside the container, the 4083 working directory for the 4084 command is root ('/') in 4085 the container's filesystem. 4086 The command is simply exec'd, 4087 it is not run inside a shell, 4088 so traditional shell instructions 4089 ('|', etc) won't work. To 4090 use a shell, you need to 4091 explicitly call out to that 4092 shell. Exit status of 0 4093 is treated as live/healthy 4094 and non-zero is unhealthy. 4095 type: array 4096 items: 4097 type: string 4098 failureThreshold: 4099 description: Minimum consecutive 4100 failures for the probe to be 4101 considered failed after having 4102 succeeded. Defaults to 3. Minimum 4103 value is 1. 4104 type: integer 4105 format: int32 4106 httpGet: 4107 description: HTTPGet specifies 4108 the http request to perform. 4109 type: object 4110 required: 4111 - port 4112 properties: 4113 host: 4114 description: Host name to 4115 connect to, defaults to 4116 the pod IP. You probably 4117 want to set "Host" in httpHeaders 4118 instead. 4119 type: string 4120 httpHeaders: 4121 description: Custom headers 4122 to set in the request. HTTP 4123 allows repeated headers. 4124 type: array 4125 items: 4126 description: HTTPHeader 4127 describes a custom header 4128 to be used in HTTP probes 4129 type: object 4130 required: 4131 - name 4132 - value 4133 properties: 4134 name: 4135 description: The header 4136 field name 4137 type: string 4138 value: 4139 description: The header 4140 field value 4141 type: string 4142 path: 4143 description: Path to access 4144 on the HTTP server. 4145 type: string 4146 port: 4147 description: Name or number 4148 of the port to access on 4149 the container. Number must 4150 be in the range 1 to 65535. 4151 Name must be an IANA_SVC_NAME. 4152 anyOf: 4153 - type: integer 4154 - type: string 4155 x-kubernetes-int-or-string: true 4156 scheme: 4157 description: Scheme to use 4158 for connecting to the host. 4159 Defaults to HTTP. 4160 type: string 4161 initialDelaySeconds: 4162 description: 'Number of seconds 4163 after the container has started 4164 before liveness probes are initiated. 4165 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4166 type: integer 4167 format: int32 4168 periodSeconds: 4169 description: How often (in seconds) 4170 to perform the probe. Default 4171 to 10 seconds. Minimum value 4172 is 1. 4173 type: integer 4174 format: int32 4175 successThreshold: 4176 description: Minimum consecutive 4177 successes for the probe to be 4178 considered successful after 4179 having failed. Defaults to 1. 4180 Must be 1 for liveness and startup. 4181 Minimum value is 1. 4182 type: integer 4183 format: int32 4184 tcpSocket: 4185 description: 'TCPSocket specifies 4186 an action involving a TCP port. 4187 TCP hooks not yet supported 4188 TODO: implement a realistic 4189 TCP lifecycle hook' 4190 type: object 4191 required: 4192 - port 4193 properties: 4194 host: 4195 description: 'Optional: Host 4196 name to connect to, defaults 4197 to the pod IP.' 4198 type: string 4199 port: 4200 description: Number or name 4201 of the port to access on 4202 the container. Number must 4203 be in the range 1 to 65535. 4204 Name must be an IANA_SVC_NAME. 4205 anyOf: 4206 - type: integer 4207 - type: string 4208 x-kubernetes-int-or-string: true 4209 timeoutSeconds: 4210 description: 'Number of seconds 4211 after which the probe times 4212 out. Defaults to 1 second. Minimum 4213 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4214 type: integer 4215 format: int32 4216 resources: 4217 description: Resources are not allowed 4218 for ephemeral containers. Ephemeral 4219 containers use spare resources already 4220 allocated to the pod. 4221 type: object 4222 properties: 4223 limits: 4224 description: 'Limits describes 4225 the maximum amount of compute 4226 resources allowed. More info: 4227 https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 4228 type: object 4229 additionalProperties: 4230 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4231 anyOf: 4232 - type: integer 4233 - type: string 4234 x-kubernetes-int-or-string: true 4235 requests: 4236 description: 'Requests describes 4237 the minimum amount of compute 4238 resources required. If Requests 4239 is omitted for a container, 4240 it defaults to Limits if that 4241 is explicitly specified, otherwise 4242 to an implementation-defined 4243 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 4244 type: object 4245 additionalProperties: 4246 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4247 anyOf: 4248 - type: integer 4249 - type: string 4250 x-kubernetes-int-or-string: true 4251 securityContext: 4252 description: SecurityContext is not 4253 allowed for ephemeral containers. 4254 type: object 4255 properties: 4256 allowPrivilegeEscalation: 4257 description: 'AllowPrivilegeEscalation 4258 controls whether a process can 4259 gain more privileges than its 4260 parent process. This bool directly 4261 controls if the no_new_privs 4262 flag will be set on the container 4263 process. AllowPrivilegeEscalation 4264 is true always when the container 4265 is: 1) run as Privileged 2) 4266 has CAP_SYS_ADMIN' 4267 type: boolean 4268 capabilities: 4269 description: The capabilities 4270 to add/drop when running containers. 4271 Defaults to the default set 4272 of capabilities granted by the 4273 container runtime. 4274 type: object 4275 properties: 4276 add: 4277 description: Added capabilities 4278 type: array 4279 items: 4280 description: Capability 4281 represent POSIX capabilities 4282 type 4283 type: string 4284 drop: 4285 description: Removed capabilities 4286 type: array 4287 items: 4288 description: Capability 4289 represent POSIX capabilities 4290 type 4291 type: string 4292 privileged: 4293 description: Run container in 4294 privileged mode. Processes in 4295 privileged containers are essentially 4296 equivalent to root on the host. 4297 Defaults to false. 4298 type: boolean 4299 procMount: 4300 description: procMount denotes 4301 the type of proc mount to use 4302 for the containers. The default 4303 is DefaultProcMount which uses 4304 the container runtime defaults 4305 for readonly paths and masked 4306 paths. This requires the ProcMountType 4307 feature flag to be enabled. 4308 type: string 4309 readOnlyRootFilesystem: 4310 description: Whether this container 4311 has a read-only root filesystem. 4312 Default is false. 4313 type: boolean 4314 runAsGroup: 4315 description: The GID to run the 4316 entrypoint of the container 4317 process. Uses runtime default 4318 if unset. May also be set in 4319 PodSecurityContext. If set 4320 in both SecurityContext and 4321 PodSecurityContext, the value 4322 specified in SecurityContext 4323 takes precedence. 4324 type: integer 4325 format: int64 4326 runAsNonRoot: 4327 description: Indicates that the 4328 container must run as a non-root 4329 user. If true, the Kubelet will 4330 validate the image at runtime 4331 to ensure that it does not run 4332 as UID 0 (root) and fail to 4333 start the container if it does. 4334 If unset or false, no such validation 4335 will be performed. May also 4336 be set in PodSecurityContext. If 4337 set in both SecurityContext 4338 and PodSecurityContext, the 4339 value specified in SecurityContext 4340 takes precedence. 4341 type: boolean 4342 runAsUser: 4343 description: The UID to run the 4344 entrypoint of the container 4345 process. Defaults to user specified 4346 in image metadata if unspecified. 4347 May also be set in PodSecurityContext. If 4348 set in both SecurityContext 4349 and PodSecurityContext, the 4350 value specified in SecurityContext 4351 takes precedence. 4352 type: integer 4353 format: int64 4354 seLinuxOptions: 4355 description: The SELinux context 4356 to be applied to the container. 4357 If unspecified, the container 4358 runtime will allocate a random 4359 SELinux context for each container. May 4360 also be set in PodSecurityContext. If 4361 set in both SecurityContext 4362 and PodSecurityContext, the 4363 value specified in SecurityContext 4364 takes precedence. 4365 type: object 4366 properties: 4367 level: 4368 description: Level is SELinux 4369 level label that applies 4370 to the container. 4371 type: string 4372 role: 4373 description: Role is a SELinux 4374 role label that applies 4375 to the container. 4376 type: string 4377 type: 4378 description: Type is a SELinux 4379 type label that applies 4380 to the container. 4381 type: string 4382 user: 4383 description: User is a SELinux 4384 user label that applies 4385 to the container. 4386 type: string 4387 windowsOptions: 4388 description: The Windows specific 4389 settings applied to all containers. 4390 If unspecified, the options 4391 from the PodSecurityContext 4392 will be used. If set in both 4393 SecurityContext and PodSecurityContext, 4394 the value specified in SecurityContext 4395 takes precedence. 4396 type: object 4397 properties: 4398 gmsaCredentialSpec: 4399 description: GMSACredentialSpec 4400 is where the GMSA admission 4401 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 4402 inlines the contents of 4403 the GMSA credential spec 4404 named by the GMSACredentialSpecName 4405 field. 4406 type: string 4407 gmsaCredentialSpecName: 4408 description: GMSACredentialSpecName 4409 is the name of the GMSA 4410 credential spec to use. 4411 type: string 4412 runAsUserName: 4413 description: The UserName 4414 in Windows to run the entrypoint 4415 of the container process. 4416 Defaults to the user specified 4417 in image metadata if unspecified. 4418 May also be set in PodSecurityContext. 4419 If set in both SecurityContext 4420 and PodSecurityContext, 4421 the value specified in SecurityContext 4422 takes precedence. 4423 type: string 4424 startupProbe: 4425 description: Probes are not allowed 4426 for ephemeral containers. 4427 type: object 4428 properties: 4429 exec: 4430 description: One and only one 4431 of the following should be specified. 4432 Exec specifies the action to 4433 take. 4434 type: object 4435 properties: 4436 command: 4437 description: Command is the 4438 command line to execute 4439 inside the container, the 4440 working directory for the 4441 command is root ('/') in 4442 the container's filesystem. 4443 The command is simply exec'd, 4444 it is not run inside a shell, 4445 so traditional shell instructions 4446 ('|', etc) won't work. To 4447 use a shell, you need to 4448 explicitly call out to that 4449 shell. Exit status of 0 4450 is treated as live/healthy 4451 and non-zero is unhealthy. 4452 type: array 4453 items: 4454 type: string 4455 failureThreshold: 4456 description: Minimum consecutive 4457 failures for the probe to be 4458 considered failed after having 4459 succeeded. Defaults to 3. Minimum 4460 value is 1. 4461 type: integer 4462 format: int32 4463 httpGet: 4464 description: HTTPGet specifies 4465 the http request to perform. 4466 type: object 4467 required: 4468 - port 4469 properties: 4470 host: 4471 description: Host name to 4472 connect to, defaults to 4473 the pod IP. You probably 4474 want to set "Host" in httpHeaders 4475 instead. 4476 type: string 4477 httpHeaders: 4478 description: Custom headers 4479 to set in the request. HTTP 4480 allows repeated headers. 4481 type: array 4482 items: 4483 description: HTTPHeader 4484 describes a custom header 4485 to be used in HTTP probes 4486 type: object 4487 required: 4488 - name 4489 - value 4490 properties: 4491 name: 4492 description: The header 4493 field name 4494 type: string 4495 value: 4496 description: The header 4497 field value 4498 type: string 4499 path: 4500 description: Path to access 4501 on the HTTP server. 4502 type: string 4503 port: 4504 description: Name or number 4505 of the port to access on 4506 the container. Number must 4507 be in the range 1 to 65535. 4508 Name must be an IANA_SVC_NAME. 4509 anyOf: 4510 - type: integer 4511 - type: string 4512 x-kubernetes-int-or-string: true 4513 scheme: 4514 description: Scheme to use 4515 for connecting to the host. 4516 Defaults to HTTP. 4517 type: string 4518 initialDelaySeconds: 4519 description: 'Number of seconds 4520 after the container has started 4521 before liveness probes are initiated. 4522 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4523 type: integer 4524 format: int32 4525 periodSeconds: 4526 description: How often (in seconds) 4527 to perform the probe. Default 4528 to 10 seconds. Minimum value 4529 is 1. 4530 type: integer 4531 format: int32 4532 successThreshold: 4533 description: Minimum consecutive 4534 successes for the probe to be 4535 considered successful after 4536 having failed. Defaults to 1. 4537 Must be 1 for liveness and startup. 4538 Minimum value is 1. 4539 type: integer 4540 format: int32 4541 tcpSocket: 4542 description: 'TCPSocket specifies 4543 an action involving a TCP port. 4544 TCP hooks not yet supported 4545 TODO: implement a realistic 4546 TCP lifecycle hook' 4547 type: object 4548 required: 4549 - port 4550 properties: 4551 host: 4552 description: 'Optional: Host 4553 name to connect to, defaults 4554 to the pod IP.' 4555 type: string 4556 port: 4557 description: Number or name 4558 of the port to access on 4559 the container. Number must 4560 be in the range 1 to 65535. 4561 Name must be an IANA_SVC_NAME. 4562 anyOf: 4563 - type: integer 4564 - type: string 4565 x-kubernetes-int-or-string: true 4566 timeoutSeconds: 4567 description: 'Number of seconds 4568 after which the probe times 4569 out. Defaults to 1 second. Minimum 4570 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4571 type: integer 4572 format: int32 4573 stdin: 4574 description: Whether this container 4575 should allocate a buffer for stdin 4576 in the container runtime. If this 4577 is not set, reads from stdin in 4578 the container will always result 4579 in EOF. Default is false. 4580 type: boolean 4581 stdinOnce: 4582 description: Whether the container 4583 runtime should close the stdin channel 4584 after it has been opened by a single 4585 attach. When stdin is true the stdin 4586 stream will remain open across multiple 4587 attach sessions. If stdinOnce is 4588 set to true, stdin is opened on 4589 container start, is empty until 4590 the first client attaches to stdin, 4591 and then remains open and accepts 4592 data until the client disconnects, 4593 at which time stdin is closed and 4594 remains closed until the container 4595 is restarted. If this flag is false, 4596 a container processes that reads 4597 from stdin will never receive an 4598 EOF. Default is false 4599 type: boolean 4600 targetContainerName: 4601 description: If set, the name of the 4602 container from PodSpec that this 4603 ephemeral container targets. The 4604 ephemeral container will be run 4605 in the namespaces (IPC, PID, etc) 4606 of this container. If not set then 4607 the ephemeral container is run in 4608 whatever namespaces are shared for 4609 the pod. Note that the container 4610 runtime must support this feature. 4611 type: string 4612 terminationMessagePath: 4613 description: 'Optional: Path at which 4614 the file to which the container''s 4615 termination message will be written 4616 is mounted into the container''s 4617 filesystem. Message written is intended 4618 to be brief final status, such as 4619 an assertion failure message. Will 4620 be truncated by the node if greater 4621 than 4096 bytes. The total message 4622 length across all containers will 4623 be limited to 12kb. Defaults to 4624 /dev/termination-log. Cannot be 4625 updated.' 4626 type: string 4627 terminationMessagePolicy: 4628 description: Indicate how the termination 4629 message should be populated. File 4630 will use the contents of terminationMessagePath 4631 to populate the container status 4632 message on both success and failure. 4633 FallbackToLogsOnError will use the 4634 last chunk of container log output 4635 if the termination message file 4636 is empty and the container exited 4637 with an error. The log output is 4638 limited to 2048 bytes or 80 lines, 4639 whichever is smaller. Defaults to 4640 File. Cannot be updated. 4641 type: string 4642 tty: 4643 description: Whether this container 4644 should allocate a TTY for itself, 4645 also requires 'stdin' to be true. 4646 Default is false. 4647 type: boolean 4648 volumeDevices: 4649 description: volumeDevices is the 4650 list of block devices to be used 4651 by the container. 4652 type: array 4653 items: 4654 description: volumeDevice describes 4655 a mapping of a raw block device 4656 within a container. 4657 type: object 4658 required: 4659 - devicePath 4660 - name 4661 properties: 4662 devicePath: 4663 description: devicePath is the 4664 path inside of the container 4665 that the device will be mapped 4666 to. 4667 type: string 4668 name: 4669 description: name must match 4670 the name of a persistentVolumeClaim 4671 in the pod 4672 type: string 4673 volumeMounts: 4674 description: Pod volumes to mount 4675 into the container's filesystem. 4676 Cannot be updated. 4677 type: array 4678 items: 4679 description: VolumeMount describes 4680 a mounting of a Volume within 4681 a container. 4682 type: object 4683 required: 4684 - mountPath 4685 - name 4686 properties: 4687 mountPath: 4688 description: Path within the 4689 container at which the volume 4690 should be mounted. Must not 4691 contain ':'. 4692 type: string 4693 mountPropagation: 4694 description: mountPropagation 4695 determines how mounts are 4696 propagated from the host to 4697 container and the other way 4698 around. When not set, MountPropagationNone 4699 is used. This field is beta 4700 in 1.10. 4701 type: string 4702 name: 4703 description: This must match 4704 the Name of a Volume. 4705 type: string 4706 readOnly: 4707 description: Mounted read-only 4708 if true, read-write otherwise 4709 (false or unspecified). Defaults 4710 to false. 4711 type: boolean 4712 subPath: 4713 description: Path within the 4714 volume from which the container's 4715 volume should be mounted. 4716 Defaults to "" (volume's root). 4717 type: string 4718 subPathExpr: 4719 description: Expanded path within 4720 the volume from which the 4721 container's volume should 4722 be mounted. Behaves similarly 4723 to SubPath but environment 4724 variable references $(VAR_NAME) 4725 are expanded using the container's 4726 environment. Defaults to "" 4727 (volume's root). SubPathExpr 4728 and SubPath are mutually exclusive. 4729 type: string 4730 workingDir: 4731 description: Container's working directory. 4732 If not specified, the container 4733 runtime's default will be used, 4734 which might be configured in the 4735 container image. Cannot be updated. 4736 type: string 4737 hostAliases: 4738 description: HostAliases is an optional 4739 list of hosts and IPs that will be injected 4740 into the pod's hosts file if specified. 4741 This is only valid for non-hostNetwork 4742 pods. 4743 type: array 4744 items: 4745 description: HostAlias holds the mapping 4746 between IP and hostnames that will be 4747 injected as an entry in the pod's hosts 4748 file. 4749 type: object 4750 properties: 4751 hostnames: 4752 description: Hostnames for the above 4753 IP address. 4754 type: array 4755 items: 4756 type: string 4757 ip: 4758 description: IP address of the host 4759 file entry. 4760 type: string 4761 hostIPC: 4762 description: 'Use the host''s ipc namespace. 4763 Optional: Default to false.' 4764 type: boolean 4765 hostNetwork: 4766 description: Host networking requested for 4767 this pod. Use the host's network namespace. 4768 If this option is set, the ports that 4769 will be used must be specified. Default 4770 to false. 4771 type: boolean 4772 hostPID: 4773 description: 'Use the host''s pid namespace. 4774 Optional: Default to false.' 4775 type: boolean 4776 hostname: 4777 description: Specifies the hostname of the 4778 Pod If not specified, the pod's hostname 4779 will be set to a system-defined value. 4780 type: string 4781 imagePullSecrets: 4782 description: 'ImagePullSecrets is an optional 4783 list of references to secrets in the same 4784 namespace to use for pulling any of the 4785 images used by this PodSpec. If specified, 4786 these secrets will be passed to individual 4787 puller implementations for them to use. 4788 For example, in the case of docker, only 4789 DockerConfig type secrets are honored. 4790 More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 4791 type: array 4792 items: 4793 description: LocalObjectReference contains 4794 enough information to let you locate 4795 the referenced object inside the same 4796 namespace. 4797 type: object 4798 properties: 4799 name: 4800 description: 'Name of the referent. 4801 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4802 TODO: Add other useful fields. apiVersion, 4803 kind, uid?' 4804 type: string 4805 initContainers: 4806 description: 'List of initialization containers 4807 belonging to the pod. Init containers 4808 are executed in order prior to containers 4809 being started. If any init container fails, 4810 the pod is considered to have failed and 4811 is handled according to its restartPolicy. 4812 The name for an init container or normal 4813 container must be unique among all containers. 4814 Init containers may not have Lifecycle 4815 actions, Readiness probes, Liveness probes, 4816 or Startup probes. The resourceRequirements 4817 of an init container are taken into account 4818 during scheduling by finding the highest 4819 request/limit for each resource type, 4820 and then using the max of of that value 4821 or the sum of the normal containers. Limits 4822 are applied to init containers in a similar 4823 fashion. Init containers cannot currently 4824 be added or removed. Cannot be updated. 4825 More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' 4826 type: array 4827 items: 4828 description: A single application container 4829 that you want to run within a pod. 4830 type: object 4831 required: 4832 - name 4833 properties: 4834 args: 4835 description: 'Arguments to the entrypoint. 4836 The docker image''s CMD is used 4837 if this is not provided. Variable 4838 references $(VAR_NAME) are expanded 4839 using the container''s environment. 4840 If a variable cannot be resolved, 4841 the reference in the input string 4842 will be unchanged. The $(VAR_NAME) 4843 syntax can be escaped with a double 4844 $$, ie: $$(VAR_NAME). Escaped references 4845 will never be expanded, regardless 4846 of whether the variable exists or 4847 not. Cannot be updated. More info: 4848 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4849 type: array 4850 items: 4851 type: string 4852 command: 4853 description: 'Entrypoint array. Not 4854 executed within a shell. The docker 4855 image''s ENTRYPOINT is used if this 4856 is not provided. Variable references 4857 $(VAR_NAME) are expanded using the 4858 container''s environment. If a variable 4859 cannot be resolved, the reference 4860 in the input string will be unchanged. 4861 The $(VAR_NAME) syntax can be escaped 4862 with a double $$, ie: $$(VAR_NAME). 4863 Escaped references will never be 4864 expanded, regardless of whether 4865 the variable exists or not. Cannot 4866 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4867 type: array 4868 items: 4869 type: string 4870 env: 4871 description: List of environment variables 4872 to set in the container. Cannot 4873 be updated. 4874 type: array 4875 items: 4876 description: EnvVar represents an 4877 environment variable present in 4878 a Container. 4879 type: object 4880 required: 4881 - name 4882 properties: 4883 name: 4884 description: Name of the environment 4885 variable. Must be a C_IDENTIFIER. 4886 type: string 4887 value: 4888 description: 'Variable references 4889 $(VAR_NAME) are expanded using 4890 the previous defined environment 4891 variables in the container 4892 and any service environment 4893 variables. If a variable cannot 4894 be resolved, the reference 4895 in the input string will be 4896 unchanged. The $(VAR_NAME) 4897 syntax can be escaped with 4898 a double $$, ie: $$(VAR_NAME). 4899 Escaped references will never 4900 be expanded, regardless of 4901 whether the variable exists 4902 or not. Defaults to "".' 4903 type: string 4904 valueFrom: 4905 description: Source for the 4906 environment variable's value. 4907 Cannot be used if value is 4908 not empty. 4909 type: object 4910 properties: 4911 configMapKeyRef: 4912 description: Selects a key 4913 of a ConfigMap. 4914 type: object 4915 required: 4916 - key 4917 properties: 4918 key: 4919 description: The key 4920 to select. 4921 type: string 4922 name: 4923 description: 'Name of 4924 the referent. More 4925 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4926 TODO: Add other useful 4927 fields. apiVersion, 4928 kind, uid?' 4929 type: string 4930 optional: 4931 description: Specify 4932 whether the ConfigMap 4933 or its key must be 4934 defined 4935 type: boolean 4936 fieldRef: 4937 description: 'Selects a 4938 field of the pod: supports 4939 metadata.name, metadata.namespace, 4940 metadata.labels, metadata.annotations, 4941 spec.nodeName, spec.serviceAccountName, 4942 status.hostIP, status.podIP, 4943 status.podIPs.' 4944 type: object 4945 required: 4946 - fieldPath 4947 properties: 4948 apiVersion: 4949 description: Version 4950 of the schema the 4951 FieldPath is written 4952 in terms of, defaults 4953 to "v1". 4954 type: string 4955 fieldPath: 4956 description: Path of 4957 the field to select 4958 in the specified API 4959 version. 4960 type: string 4961 resourceFieldRef: 4962 description: 'Selects a 4963 resource of the container: 4964 only resources limits 4965 and requests (limits.cpu, 4966 limits.memory, limits.ephemeral-storage, 4967 requests.cpu, requests.memory 4968 and requests.ephemeral-storage) 4969 are currently supported.' 4970 type: object 4971 required: 4972 - resource 4973 properties: 4974 containerName: 4975 description: 'Container 4976 name: required for 4977 volumes, optional 4978 for env vars' 4979 type: string 4980 divisor: 4981 description: Specifies 4982 the output format 4983 of the exposed resources, 4984 defaults to "1" 4985 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4986 anyOf: 4987 - type: integer 4988 - type: string 4989 x-kubernetes-int-or-string: true 4990 resource: 4991 description: 'Required: 4992 resource to select' 4993 type: string 4994 secretKeyRef: 4995 description: Selects a key 4996 of a secret in the pod's 4997 namespace 4998 type: object 4999 required: 5000 - key 5001 properties: 5002 key: 5003 description: The key 5004 of the secret to select 5005 from. Must be a valid 5006 secret key. 5007 type: string 5008 name: 5009 description: 'Name of 5010 the referent. More 5011 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5012 TODO: Add other useful 5013 fields. apiVersion, 5014 kind, uid?' 5015 type: string 5016 optional: 5017 description: Specify 5018 whether the Secret 5019 or its key must be 5020 defined 5021 type: boolean 5022 envFrom: 5023 description: List of sources to populate 5024 environment variables in the container. 5025 The keys defined within a source 5026 must be a C_IDENTIFIER. All invalid 5027 keys will be reported as an event 5028 when the container is starting. 5029 When a key exists in multiple sources, 5030 the value associated with the last 5031 source will take precedence. Values 5032 defined by an Env with a duplicate 5033 key will take precedence. Cannot 5034 be updated. 5035 type: array 5036 items: 5037 description: EnvFromSource represents 5038 the source of a set of ConfigMaps 5039 type: object 5040 properties: 5041 configMapRef: 5042 description: The ConfigMap to 5043 select from 5044 type: object 5045 properties: 5046 name: 5047 description: 'Name of the 5048 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5049 TODO: Add other useful 5050 fields. apiVersion, kind, 5051 uid?' 5052 type: string 5053 optional: 5054 description: Specify whether 5055 the ConfigMap must be 5056 defined 5057 type: boolean 5058 prefix: 5059 description: An optional identifier 5060 to prepend to each key in 5061 the ConfigMap. Must be a C_IDENTIFIER. 5062 type: string 5063 secretRef: 5064 description: The Secret to select 5065 from 5066 type: object 5067 properties: 5068 name: 5069 description: 'Name of the 5070 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5071 TODO: Add other useful 5072 fields. apiVersion, kind, 5073 uid?' 5074 type: string 5075 optional: 5076 description: Specify whether 5077 the Secret must be defined 5078 type: boolean 5079 image: 5080 description: 'Docker image name. More 5081 info: https://kubernetes.io/docs/concepts/containers/images 5082 This field is optional to allow 5083 higher level config management to 5084 default or override container images 5085 in workload controllers like Deployments 5086 and StatefulSets.' 5087 type: string 5088 imagePullPolicy: 5089 description: 'Image pull policy. One 5090 of Always, Never, IfNotPresent. 5091 Defaults to Always if :latest tag 5092 is specified, or IfNotPresent otherwise. 5093 Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 5094 type: string 5095 lifecycle: 5096 description: Actions that the management 5097 system should take in response to 5098 container lifecycle events. Cannot 5099 be updated. 5100 type: object 5101 properties: 5102 postStart: 5103 description: 'PostStart is called 5104 immediately after a container 5105 is created. If the handler fails, 5106 the container is terminated 5107 and restarted according to its 5108 restart policy. Other management 5109 of the container blocks until 5110 the hook completes. More info: 5111 https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 5112 type: object 5113 properties: 5114 exec: 5115 description: One and only 5116 one of the following should 5117 be specified. Exec specifies 5118 the action to take. 5119 type: object 5120 properties: 5121 command: 5122 description: Command is 5123 the command line to 5124 execute inside the container, 5125 the working directory 5126 for the command is 5127 root ('/') in the container's 5128 filesystem. The command 5129 is simply exec'd, it 5130 is not run inside a 5131 shell, so traditional 5132 shell instructions ('|', 5133 etc) won't work. To 5134 use a shell, you need 5135 to explicitly call out 5136 to that shell. Exit 5137 status of 0 is treated 5138 as live/healthy and 5139 non-zero is unhealthy. 5140 type: array 5141 items: 5142 type: string 5143 httpGet: 5144 description: HTTPGet specifies 5145 the http request to perform. 5146 type: object 5147 required: 5148 - port 5149 properties: 5150 host: 5151 description: Host name 5152 to connect to, defaults 5153 to the pod IP. You probably 5154 want to set "Host" in 5155 httpHeaders instead. 5156 type: string 5157 httpHeaders: 5158 description: Custom headers 5159 to set in the request. 5160 HTTP allows repeated 5161 headers. 5162 type: array 5163 items: 5164 description: HTTPHeader 5165 describes a custom 5166 header to be used 5167 in HTTP probes 5168 type: object 5169 required: 5170 - name 5171 - value 5172 properties: 5173 name: 5174 description: The 5175 header field name 5176 type: string 5177 value: 5178 description: The 5179 header field value 5180 type: string 5181 path: 5182 description: Path to access 5183 on the HTTP server. 5184 type: string 5185 port: 5186 description: Name or number 5187 of the port to access 5188 on the container. Number 5189 must be in the range 5190 1 to 65535. Name must 5191 be an IANA_SVC_NAME. 5192 anyOf: 5193 - type: integer 5194 - type: string 5195 x-kubernetes-int-or-string: true 5196 scheme: 5197 description: Scheme to 5198 use for connecting to 5199 the host. Defaults to 5200 HTTP. 5201 type: string 5202 tcpSocket: 5203 description: 'TCPSocket specifies 5204 an action involving a TCP 5205 port. TCP hooks not yet 5206 supported TODO: implement 5207 a realistic TCP lifecycle 5208 hook' 5209 type: object 5210 required: 5211 - port 5212 properties: 5213 host: 5214 description: 'Optional: 5215 Host name to connect 5216 to, defaults to the 5217 pod IP.' 5218 type: string 5219 port: 5220 description: Number or 5221 name of the port to 5222 access on the container. 5223 Number must be in the 5224 range 1 to 65535. Name 5225 must be an IANA_SVC_NAME. 5226 anyOf: 5227 - type: integer 5228 - type: string 5229 x-kubernetes-int-or-string: true 5230 preStop: 5231 description: 'PreStop is called 5232 immediately before a container 5233 is terminated due to an API 5234 request or management event 5235 such as liveness/startup probe 5236 failure, preemption, resource 5237 contention, etc. The handler 5238 is not called if the container 5239 crashes or exits. The reason 5240 for termination is passed to 5241 the handler. The Pod''s termination 5242 grace period countdown begins 5243 before the PreStop hooked is 5244 executed. Regardless of the 5245 outcome of the handler, the 5246 container will eventually terminate 5247 within the Pod''s termination 5248 grace period. Other management 5249 of the container blocks until 5250 the hook completes or until 5251 the termination grace period 5252 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 5253 type: object 5254 properties: 5255 exec: 5256 description: One and only 5257 one of the following should 5258 be specified. Exec specifies 5259 the action to take. 5260 type: object 5261 properties: 5262 command: 5263 description: Command is 5264 the command line to 5265 execute inside the container, 5266 the working directory 5267 for the command is 5268 root ('/') in the container's 5269 filesystem. The command 5270 is simply exec'd, it 5271 is not run inside a 5272 shell, so traditional 5273 shell instructions ('|', 5274 etc) won't work. To 5275 use a shell, you need 5276 to explicitly call out 5277 to that shell. Exit 5278 status of 0 is treated 5279 as live/healthy and 5280 non-zero is unhealthy. 5281 type: array 5282 items: 5283 type: string 5284 httpGet: 5285 description: HTTPGet specifies 5286 the http request to perform. 5287 type: object 5288 required: 5289 - port 5290 properties: 5291 host: 5292 description: Host name 5293 to connect to, defaults 5294 to the pod IP. You probably 5295 want to set "Host" in 5296 httpHeaders instead. 5297 type: string 5298 httpHeaders: 5299 description: Custom headers 5300 to set in the request. 5301 HTTP allows repeated 5302 headers. 5303 type: array 5304 items: 5305 description: HTTPHeader 5306 describes a custom 5307 header to be used 5308 in HTTP probes 5309 type: object 5310 required: 5311 - name 5312 - value 5313 properties: 5314 name: 5315 description: The 5316 header field name 5317 type: string 5318 value: 5319 description: The 5320 header field value 5321 type: string 5322 path: 5323 description: Path to access 5324 on the HTTP server. 5325 type: string 5326 port: 5327 description: Name or number 5328 of the port to access 5329 on the container. Number 5330 must be in the range 5331 1 to 65535. Name must 5332 be an IANA_SVC_NAME. 5333 anyOf: 5334 - type: integer 5335 - type: string 5336 x-kubernetes-int-or-string: true 5337 scheme: 5338 description: Scheme to 5339 use for connecting to 5340 the host. Defaults to 5341 HTTP. 5342 type: string 5343 tcpSocket: 5344 description: 'TCPSocket specifies 5345 an action involving a TCP 5346 port. TCP hooks not yet 5347 supported TODO: implement 5348 a realistic TCP lifecycle 5349 hook' 5350 type: object 5351 required: 5352 - port 5353 properties: 5354 host: 5355 description: 'Optional: 5356 Host name to connect 5357 to, defaults to the 5358 pod IP.' 5359 type: string 5360 port: 5361 description: Number or 5362 name of the port to 5363 access on the container. 5364 Number must be in the 5365 range 1 to 65535. Name 5366 must be an IANA_SVC_NAME. 5367 anyOf: 5368 - type: integer 5369 - type: string 5370 x-kubernetes-int-or-string: true 5371 livenessProbe: 5372 description: 'Periodic probe of container 5373 liveness. Container will be restarted 5374 if the probe fails. Cannot be updated. 5375 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5376 type: object 5377 properties: 5378 exec: 5379 description: One and only one 5380 of the following should be specified. 5381 Exec specifies the action to 5382 take. 5383 type: object 5384 properties: 5385 command: 5386 description: Command is the 5387 command line to execute 5388 inside the container, the 5389 working directory for the 5390 command is root ('/') in 5391 the container's filesystem. 5392 The command is simply exec'd, 5393 it is not run inside a shell, 5394 so traditional shell instructions 5395 ('|', etc) won't work. To 5396 use a shell, you need to 5397 explicitly call out to that 5398 shell. Exit status of 0 5399 is treated as live/healthy 5400 and non-zero is unhealthy. 5401 type: array 5402 items: 5403 type: string 5404 failureThreshold: 5405 description: Minimum consecutive 5406 failures for the probe to be 5407 considered failed after having 5408 succeeded. Defaults to 3. Minimum 5409 value is 1. 5410 type: integer 5411 format: int32 5412 httpGet: 5413 description: HTTPGet specifies 5414 the http request to perform. 5415 type: object 5416 required: 5417 - port 5418 properties: 5419 host: 5420 description: Host name to 5421 connect to, defaults to 5422 the pod IP. You probably 5423 want to set "Host" in httpHeaders 5424 instead. 5425 type: string 5426 httpHeaders: 5427 description: Custom headers 5428 to set in the request. HTTP 5429 allows repeated headers. 5430 type: array 5431 items: 5432 description: HTTPHeader 5433 describes a custom header 5434 to be used in HTTP probes 5435 type: object 5436 required: 5437 - name 5438 - value 5439 properties: 5440 name: 5441 description: The header 5442 field name 5443 type: string 5444 value: 5445 description: The header 5446 field value 5447 type: string 5448 path: 5449 description: Path to access 5450 on the HTTP server. 5451 type: string 5452 port: 5453 description: Name or number 5454 of the port to access on 5455 the container. Number must 5456 be in the range 1 to 65535. 5457 Name must be an IANA_SVC_NAME. 5458 anyOf: 5459 - type: integer 5460 - type: string 5461 x-kubernetes-int-or-string: true 5462 scheme: 5463 description: Scheme to use 5464 for connecting to the host. 5465 Defaults to HTTP. 5466 type: string 5467 initialDelaySeconds: 5468 description: 'Number of seconds 5469 after the container has started 5470 before liveness probes are initiated. 5471 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5472 type: integer 5473 format: int32 5474 periodSeconds: 5475 description: How often (in seconds) 5476 to perform the probe. Default 5477 to 10 seconds. Minimum value 5478 is 1. 5479 type: integer 5480 format: int32 5481 successThreshold: 5482 description: Minimum consecutive 5483 successes for the probe to be 5484 considered successful after 5485 having failed. Defaults to 1. 5486 Must be 1 for liveness and startup. 5487 Minimum value is 1. 5488 type: integer 5489 format: int32 5490 tcpSocket: 5491 description: 'TCPSocket specifies 5492 an action involving a TCP port. 5493 TCP hooks not yet supported 5494 TODO: implement a realistic 5495 TCP lifecycle hook' 5496 type: object 5497 required: 5498 - port 5499 properties: 5500 host: 5501 description: 'Optional: Host 5502 name to connect to, defaults 5503 to the pod IP.' 5504 type: string 5505 port: 5506 description: Number or name 5507 of the port to access on 5508 the container. Number must 5509 be in the range 1 to 65535. 5510 Name must be an IANA_SVC_NAME. 5511 anyOf: 5512 - type: integer 5513 - type: string 5514 x-kubernetes-int-or-string: true 5515 timeoutSeconds: 5516 description: 'Number of seconds 5517 after which the probe times 5518 out. Defaults to 1 second. Minimum 5519 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5520 type: integer 5521 format: int32 5522 name: 5523 description: Name of the container 5524 specified as a DNS_LABEL. Each container 5525 in a pod must have a unique name 5526 (DNS_LABEL). Cannot be updated. 5527 type: string 5528 ports: 5529 description: List of ports to expose 5530 from the container. Exposing a port 5531 here gives the system additional 5532 information about the network connections 5533 a container uses, but is primarily 5534 informational. Not specifying a 5535 port here DOES NOT prevent that 5536 port from being exposed. Any port 5537 which is listening on the default 5538 "0.0.0.0" address inside a container 5539 will be accessible from the network. 5540 Cannot be updated. 5541 type: array 5542 items: 5543 description: ContainerPort represents 5544 a network port in a single container. 5545 type: object 5546 required: 5547 - containerPort 5548 properties: 5549 containerPort: 5550 description: Number of port 5551 to expose on the pod's IP 5552 address. This must be a valid 5553 port number, 0 < x < 65536. 5554 type: integer 5555 format: int32 5556 hostIP: 5557 description: What host IP to 5558 bind the external port to. 5559 type: string 5560 hostPort: 5561 description: Number of port 5562 to expose on the host. If 5563 specified, this must be a 5564 valid port number, 0 < x < 5565 65536. If HostNetwork is specified, 5566 this must match ContainerPort. 5567 Most containers do not need 5568 this. 5569 type: integer 5570 format: int32 5571 name: 5572 description: If specified, this 5573 must be an IANA_SVC_NAME and 5574 unique within the pod. Each 5575 named port in a pod must have 5576 a unique name. Name for the 5577 port that can be referred 5578 to by services. 5579 type: string 5580 protocol: 5581 description: Protocol for port. 5582 Must be UDP, TCP, or SCTP. 5583 Defaults to "TCP". 5584 type: string 5585 default: TCP 5586 x-kubernetes-list-map-keys: 5587 - containerPort 5588 - protocol 5589 x-kubernetes-list-type: map 5590 readinessProbe: 5591 description: 'Periodic probe of container 5592 service readiness. Container will 5593 be removed from service endpoints 5594 if the probe fails. Cannot be updated. 5595 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5596 type: object 5597 properties: 5598 exec: 5599 description: One and only one 5600 of the following should be specified. 5601 Exec specifies the action to 5602 take. 5603 type: object 5604 properties: 5605 command: 5606 description: Command is the 5607 command line to execute 5608 inside the container, the 5609 working directory for the 5610 command is root ('/') in 5611 the container's filesystem. 5612 The command is simply exec'd, 5613 it is not run inside a shell, 5614 so traditional shell instructions 5615 ('|', etc) won't work. To 5616 use a shell, you need to 5617 explicitly call out to that 5618 shell. Exit status of 0 5619 is treated as live/healthy 5620 and non-zero is unhealthy. 5621 type: array 5622 items: 5623 type: string 5624 failureThreshold: 5625 description: Minimum consecutive 5626 failures for the probe to be 5627 considered failed after having 5628 succeeded. Defaults to 3. Minimum 5629 value is 1. 5630 type: integer 5631 format: int32 5632 httpGet: 5633 description: HTTPGet specifies 5634 the http request to perform. 5635 type: object 5636 required: 5637 - port 5638 properties: 5639 host: 5640 description: Host name to 5641 connect to, defaults to 5642 the pod IP. You probably 5643 want to set "Host" in httpHeaders 5644 instead. 5645 type: string 5646 httpHeaders: 5647 description: Custom headers 5648 to set in the request. HTTP 5649 allows repeated headers. 5650 type: array 5651 items: 5652 description: HTTPHeader 5653 describes a custom header 5654 to be used in HTTP probes 5655 type: object 5656 required: 5657 - name 5658 - value 5659 properties: 5660 name: 5661 description: The header 5662 field name 5663 type: string 5664 value: 5665 description: The header 5666 field value 5667 type: string 5668 path: 5669 description: Path to access 5670 on the HTTP server. 5671 type: string 5672 port: 5673 description: Name or number 5674 of the port to access on 5675 the container. Number must 5676 be in the range 1 to 65535. 5677 Name must be an IANA_SVC_NAME. 5678 anyOf: 5679 - type: integer 5680 - type: string 5681 x-kubernetes-int-or-string: true 5682 scheme: 5683 description: Scheme to use 5684 for connecting to the host. 5685 Defaults to HTTP. 5686 type: string 5687 initialDelaySeconds: 5688 description: 'Number of seconds 5689 after the container has started 5690 before liveness probes are initiated. 5691 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5692 type: integer 5693 format: int32 5694 periodSeconds: 5695 description: How often (in seconds) 5696 to perform the probe. Default 5697 to 10 seconds. Minimum value 5698 is 1. 5699 type: integer 5700 format: int32 5701 successThreshold: 5702 description: Minimum consecutive 5703 successes for the probe to be 5704 considered successful after 5705 having failed. Defaults to 1. 5706 Must be 1 for liveness and startup. 5707 Minimum value is 1. 5708 type: integer 5709 format: int32 5710 tcpSocket: 5711 description: 'TCPSocket specifies 5712 an action involving a TCP port. 5713 TCP hooks not yet supported 5714 TODO: implement a realistic 5715 TCP lifecycle hook' 5716 type: object 5717 required: 5718 - port 5719 properties: 5720 host: 5721 description: 'Optional: Host 5722 name to connect to, defaults 5723 to the pod IP.' 5724 type: string 5725 port: 5726 description: Number or name 5727 of the port to access on 5728 the container. Number must 5729 be in the range 1 to 65535. 5730 Name must be an IANA_SVC_NAME. 5731 anyOf: 5732 - type: integer 5733 - type: string 5734 x-kubernetes-int-or-string: true 5735 timeoutSeconds: 5736 description: 'Number of seconds 5737 after which the probe times 5738 out. Defaults to 1 second. Minimum 5739 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5740 type: integer 5741 format: int32 5742 resources: 5743 description: 'Compute Resources required 5744 by this container. Cannot be updated. 5745 More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5746 type: object 5747 properties: 5748 limits: 5749 description: 'Limits describes 5750 the maximum amount of compute 5751 resources allowed. More info: 5752 https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5753 type: object 5754 additionalProperties: 5755 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5756 anyOf: 5757 - type: integer 5758 - type: string 5759 x-kubernetes-int-or-string: true 5760 requests: 5761 description: 'Requests describes 5762 the minimum amount of compute 5763 resources required. If Requests 5764 is omitted for a container, 5765 it defaults to Limits if that 5766 is explicitly specified, otherwise 5767 to an implementation-defined 5768 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5769 type: object 5770 additionalProperties: 5771 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5772 anyOf: 5773 - type: integer 5774 - type: string 5775 x-kubernetes-int-or-string: true 5776 securityContext: 5777 description: 'Security options the 5778 pod should run with. More info: 5779 https://kubernetes.io/docs/concepts/policy/security-context/ 5780 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 5781 type: object 5782 properties: 5783 allowPrivilegeEscalation: 5784 description: 'AllowPrivilegeEscalation 5785 controls whether a process can 5786 gain more privileges than its 5787 parent process. This bool directly 5788 controls if the no_new_privs 5789 flag will be set on the container 5790 process. AllowPrivilegeEscalation 5791 is true always when the container 5792 is: 1) run as Privileged 2) 5793 has CAP_SYS_ADMIN' 5794 type: boolean 5795 capabilities: 5796 description: The capabilities 5797 to add/drop when running containers. 5798 Defaults to the default set 5799 of capabilities granted by the 5800 container runtime. 5801 type: object 5802 properties: 5803 add: 5804 description: Added capabilities 5805 type: array 5806 items: 5807 description: Capability 5808 represent POSIX capabilities 5809 type 5810 type: string 5811 drop: 5812 description: Removed capabilities 5813 type: array 5814 items: 5815 description: Capability 5816 represent POSIX capabilities 5817 type 5818 type: string 5819 privileged: 5820 description: Run container in 5821 privileged mode. Processes in 5822 privileged containers are essentially 5823 equivalent to root on the host. 5824 Defaults to false. 5825 type: boolean 5826 procMount: 5827 description: procMount denotes 5828 the type of proc mount to use 5829 for the containers. The default 5830 is DefaultProcMount which uses 5831 the container runtime defaults 5832 for readonly paths and masked 5833 paths. This requires the ProcMountType 5834 feature flag to be enabled. 5835 type: string 5836 readOnlyRootFilesystem: 5837 description: Whether this container 5838 has a read-only root filesystem. 5839 Default is false. 5840 type: boolean 5841 runAsGroup: 5842 description: The GID to run the 5843 entrypoint of the container 5844 process. Uses runtime default 5845 if unset. May also be set in 5846 PodSecurityContext. If set 5847 in both SecurityContext and 5848 PodSecurityContext, the value 5849 specified in SecurityContext 5850 takes precedence. 5851 type: integer 5852 format: int64 5853 runAsNonRoot: 5854 description: Indicates that the 5855 container must run as a non-root 5856 user. If true, the Kubelet will 5857 validate the image at runtime 5858 to ensure that it does not run 5859 as UID 0 (root) and fail to 5860 start the container if it does. 5861 If unset or false, no such validation 5862 will be performed. May also 5863 be set in PodSecurityContext. If 5864 set in both SecurityContext 5865 and PodSecurityContext, the 5866 value specified in SecurityContext 5867 takes precedence. 5868 type: boolean 5869 runAsUser: 5870 description: The UID to run the 5871 entrypoint of the container 5872 process. Defaults to user specified 5873 in image metadata if unspecified. 5874 May also be set in PodSecurityContext. If 5875 set in both SecurityContext 5876 and PodSecurityContext, the 5877 value specified in SecurityContext 5878 takes precedence. 5879 type: integer 5880 format: int64 5881 seLinuxOptions: 5882 description: The SELinux context 5883 to be applied to the container. 5884 If unspecified, the container 5885 runtime will allocate a random 5886 SELinux context for each container. May 5887 also be set in PodSecurityContext. If 5888 set in both SecurityContext 5889 and PodSecurityContext, the 5890 value specified in SecurityContext 5891 takes precedence. 5892 type: object 5893 properties: 5894 level: 5895 description: Level is SELinux 5896 level label that applies 5897 to the container. 5898 type: string 5899 role: 5900 description: Role is a SELinux 5901 role label that applies 5902 to the container. 5903 type: string 5904 type: 5905 description: Type is a SELinux 5906 type label that applies 5907 to the container. 5908 type: string 5909 user: 5910 description: User is a SELinux 5911 user label that applies 5912 to the container. 5913 type: string 5914 windowsOptions: 5915 description: The Windows specific 5916 settings applied to all containers. 5917 If unspecified, the options 5918 from the PodSecurityContext 5919 will be used. If set in both 5920 SecurityContext and PodSecurityContext, 5921 the value specified in SecurityContext 5922 takes precedence. 5923 type: object 5924 properties: 5925 gmsaCredentialSpec: 5926 description: GMSACredentialSpec 5927 is where the GMSA admission 5928 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5929 inlines the contents of 5930 the GMSA credential spec 5931 named by the GMSACredentialSpecName 5932 field. 5933 type: string 5934 gmsaCredentialSpecName: 5935 description: GMSACredentialSpecName 5936 is the name of the GMSA 5937 credential spec to use. 5938 type: string 5939 runAsUserName: 5940 description: The UserName 5941 in Windows to run the entrypoint 5942 of the container process. 5943 Defaults to the user specified 5944 in image metadata if unspecified. 5945 May also be set in PodSecurityContext. 5946 If set in both SecurityContext 5947 and PodSecurityContext, 5948 the value specified in SecurityContext 5949 takes precedence. 5950 type: string 5951 startupProbe: 5952 description: 'StartupProbe indicates 5953 that the Pod has successfully initialized. 5954 If specified, no other probes are 5955 executed until this completes successfully. 5956 If this probe fails, the Pod will 5957 be restarted, just as if the livenessProbe 5958 failed. This can be used to provide 5959 different probe parameters at the 5960 beginning of a Pod''s lifecycle, 5961 when it might take a long time to 5962 load data or warm a cache, than 5963 during steady-state operation. This 5964 cannot be updated. This is a beta 5965 feature enabled by the StartupProbe 5966 feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5967 type: object 5968 properties: 5969 exec: 5970 description: One and only one 5971 of the following should be specified. 5972 Exec specifies the action to 5973 take. 5974 type: object 5975 properties: 5976 command: 5977 description: Command is the 5978 command line to execute 5979 inside the container, the 5980 working directory for the 5981 command is root ('/') in 5982 the container's filesystem. 5983 The command is simply exec'd, 5984 it is not run inside a shell, 5985 so traditional shell instructions 5986 ('|', etc) won't work. To 5987 use a shell, you need to 5988 explicitly call out to that 5989 shell. Exit status of 0 5990 is treated as live/healthy 5991 and non-zero is unhealthy. 5992 type: array 5993 items: 5994 type: string 5995 failureThreshold: 5996 description: Minimum consecutive 5997 failures for the probe to be 5998 considered failed after having 5999 succeeded. Defaults to 3. Minimum 6000 value is 1. 6001 type: integer 6002 format: int32 6003 httpGet: 6004 description: HTTPGet specifies 6005 the http request to perform. 6006 type: object 6007 required: 6008 - port 6009 properties: 6010 host: 6011 description: Host name to 6012 connect to, defaults to 6013 the pod IP. You probably 6014 want to set "Host" in httpHeaders 6015 instead. 6016 type: string 6017 httpHeaders: 6018 description: Custom headers 6019 to set in the request. HTTP 6020 allows repeated headers. 6021 type: array 6022 items: 6023 description: HTTPHeader 6024 describes a custom header 6025 to be used in HTTP probes 6026 type: object 6027 required: 6028 - name 6029 - value 6030 properties: 6031 name: 6032 description: The header 6033 field name 6034 type: string 6035 value: 6036 description: The header 6037 field value 6038 type: string 6039 path: 6040 description: Path to access 6041 on the HTTP server. 6042 type: string 6043 port: 6044 description: Name or number 6045 of the port to access on 6046 the container. Number must 6047 be in the range 1 to 65535. 6048 Name must be an IANA_SVC_NAME. 6049 anyOf: 6050 - type: integer 6051 - type: string 6052 x-kubernetes-int-or-string: true 6053 scheme: 6054 description: Scheme to use 6055 for connecting to the host. 6056 Defaults to HTTP. 6057 type: string 6058 initialDelaySeconds: 6059 description: 'Number of seconds 6060 after the container has started 6061 before liveness probes are initiated. 6062 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6063 type: integer 6064 format: int32 6065 periodSeconds: 6066 description: How often (in seconds) 6067 to perform the probe. Default 6068 to 10 seconds. Minimum value 6069 is 1. 6070 type: integer 6071 format: int32 6072 successThreshold: 6073 description: Minimum consecutive 6074 successes for the probe to be 6075 considered successful after 6076 having failed. Defaults to 1. 6077 Must be 1 for liveness and startup. 6078 Minimum value is 1. 6079 type: integer 6080 format: int32 6081 tcpSocket: 6082 description: 'TCPSocket specifies 6083 an action involving a TCP port. 6084 TCP hooks not yet supported 6085 TODO: implement a realistic 6086 TCP lifecycle hook' 6087 type: object 6088 required: 6089 - port 6090 properties: 6091 host: 6092 description: 'Optional: Host 6093 name to connect to, defaults 6094 to the pod IP.' 6095 type: string 6096 port: 6097 description: Number or name 6098 of the port to access on 6099 the container. Number must 6100 be in the range 1 to 65535. 6101 Name must be an IANA_SVC_NAME. 6102 anyOf: 6103 - type: integer 6104 - type: string 6105 x-kubernetes-int-or-string: true 6106 timeoutSeconds: 6107 description: 'Number of seconds 6108 after which the probe times 6109 out. Defaults to 1 second. Minimum 6110 value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 6111 type: integer 6112 format: int32 6113 stdin: 6114 description: Whether this container 6115 should allocate a buffer for stdin 6116 in the container runtime. If this 6117 is not set, reads from stdin in 6118 the container will always result 6119 in EOF. Default is false. 6120 type: boolean 6121 stdinOnce: 6122 description: Whether the container 6123 runtime should close the stdin channel 6124 after it has been opened by a single 6125 attach. When stdin is true the stdin 6126 stream will remain open across multiple 6127 attach sessions. If stdinOnce is 6128 set to true, stdin is opened on 6129 container start, is empty until 6130 the first client attaches to stdin, 6131 and then remains open and accepts 6132 data until the client disconnects, 6133 at which time stdin is closed and 6134 remains closed until the container 6135 is restarted. If this flag is false, 6136 a container processes that reads 6137 from stdin will never receive an 6138 EOF. Default is false 6139 type: boolean 6140 terminationMessagePath: 6141 description: 'Optional: Path at which 6142 the file to which the container''s 6143 termination message will be written 6144 is mounted into the container''s 6145 filesystem. Message written is intended 6146 to be brief final status, such as 6147 an assertion failure message. Will 6148 be truncated by the node if greater 6149 than 4096 bytes. The total message 6150 length across all containers will 6151 be limited to 12kb. Defaults to 6152 /dev/termination-log. Cannot be 6153 updated.' 6154 type: string 6155 terminationMessagePolicy: 6156 description: Indicate how the termination 6157 message should be populated. File 6158 will use the contents of terminationMessagePath 6159 to populate the container status 6160 message on both success and failure. 6161 FallbackToLogsOnError will use the 6162 last chunk of container log output 6163 if the termination message file 6164 is empty and the container exited 6165 with an error. The log output is 6166 limited to 2048 bytes or 80 lines, 6167 whichever is smaller. Defaults to 6168 File. Cannot be updated. 6169 type: string 6170 tty: 6171 description: Whether this container 6172 should allocate a TTY for itself, 6173 also requires 'stdin' to be true. 6174 Default is false. 6175 type: boolean 6176 volumeDevices: 6177 description: volumeDevices is the 6178 list of block devices to be used 6179 by the container. 6180 type: array 6181 items: 6182 description: volumeDevice describes 6183 a mapping of a raw block device 6184 within a container. 6185 type: object 6186 required: 6187 - devicePath 6188 - name 6189 properties: 6190 devicePath: 6191 description: devicePath is the 6192 path inside of the container 6193 that the device will be mapped 6194 to. 6195 type: string 6196 name: 6197 description: name must match 6198 the name of a persistentVolumeClaim 6199 in the pod 6200 type: string 6201 volumeMounts: 6202 description: Pod volumes to mount 6203 into the container's filesystem. 6204 Cannot be updated. 6205 type: array 6206 items: 6207 description: VolumeMount describes 6208 a mounting of a Volume within 6209 a container. 6210 type: object 6211 required: 6212 - mountPath 6213 - name 6214 properties: 6215 mountPath: 6216 description: Path within the 6217 container at which the volume 6218 should be mounted. Must not 6219 contain ':'. 6220 type: string 6221 mountPropagation: 6222 description: mountPropagation 6223 determines how mounts are 6224 propagated from the host to 6225 container and the other way 6226 around. When not set, MountPropagationNone 6227 is used. This field is beta 6228 in 1.10. 6229 type: string 6230 name: 6231 description: This must match 6232 the Name of a Volume. 6233 type: string 6234 readOnly: 6235 description: Mounted read-only 6236 if true, read-write otherwise 6237 (false or unspecified). Defaults 6238 to false. 6239 type: boolean 6240 subPath: 6241 description: Path within the 6242 volume from which the container's 6243 volume should be mounted. 6244 Defaults to "" (volume's root). 6245 type: string 6246 subPathExpr: 6247 description: Expanded path within 6248 the volume from which the 6249 container's volume should 6250 be mounted. Behaves similarly 6251 to SubPath but environment 6252 variable references $(VAR_NAME) 6253 are expanded using the container's 6254 environment. Defaults to "" 6255 (volume's root). SubPathExpr 6256 and SubPath are mutually exclusive. 6257 type: string 6258 workingDir: 6259 description: Container's working directory. 6260 If not specified, the container 6261 runtime's default will be used, 6262 which might be configured in the 6263 container image. Cannot be updated. 6264 type: string 6265 nodeName: 6266 description: NodeName is a request to schedule 6267 this pod onto a specific node. If it is 6268 non-empty, the scheduler simply schedules 6269 this pod onto that node, assuming that 6270 it fits resource requirements. 6271 type: string 6272 nodeSelector: 6273 description: 'NodeSelector is a selector 6274 which must be true for the pod to fit 6275 on a node. Selector which must match a 6276 node''s labels for the pod to be scheduled 6277 on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 6278 type: object 6279 additionalProperties: 6280 type: string 6281 overhead: 6282 description: 'Overhead represents the resource 6283 overhead associated with running a pod 6284 for a given RuntimeClass. This field will 6285 be autopopulated at admission time by 6286 the RuntimeClass admission controller. 6287 If the RuntimeClass admission controller 6288 is enabled, overhead must not be set in 6289 Pod create requests. The RuntimeClass 6290 admission controller will reject Pod create 6291 requests which have the overhead already 6292 set. If RuntimeClass is configured and 6293 selected in the PodSpec, Overhead will 6294 be set to the value defined in the corresponding 6295 RuntimeClass, otherwise it will remain 6296 unset and treated as zero. More info: 6297 https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md 6298 This field is alpha-level as of Kubernetes 6299 v1.16, and is only honored by servers 6300 that enable the PodOverhead feature.' 6301 type: object 6302 additionalProperties: 6303 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6304 anyOf: 6305 - type: integer 6306 - type: string 6307 x-kubernetes-int-or-string: true 6308 preemptionPolicy: 6309 description: PreemptionPolicy is the Policy 6310 for preempting pods with lower priority. 6311 One of Never, PreemptLowerPriority. Defaults 6312 to PreemptLowerPriority if unset. This 6313 field is alpha-level and is only honored 6314 by servers that enable the NonPreemptingPriority 6315 feature. 6316 type: string 6317 priority: 6318 description: The priority value. Various 6319 system components use this field to find 6320 the priority of the pod. When Priority 6321 Admission Controller is enabled, it prevents 6322 users from setting this field. The admission 6323 controller populates this field from PriorityClassName. 6324 The higher the value, the higher the priority. 6325 type: integer 6326 format: int32 6327 priorityClassName: 6328 description: If specified, indicates the 6329 pod's priority. "system-node-critical" 6330 and "system-cluster-critical" are two 6331 special keywords which indicate the highest 6332 priorities with the former being the highest 6333 priority. Any other name must be defined 6334 by creating a PriorityClass object with 6335 that name. If not specified, the pod priority 6336 will be default or zero if there is no 6337 default. 6338 type: string 6339 readinessGates: 6340 description: 'If specified, all readiness 6341 gates will be evaluated for pod readiness. 6342 A pod is ready when all its containers 6343 are ready AND all conditions specified 6344 in the readiness gates have status equal 6345 to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' 6346 type: array 6347 items: 6348 description: PodReadinessGate contains 6349 the reference to a pod condition 6350 type: object 6351 required: 6352 - conditionType 6353 properties: 6354 conditionType: 6355 description: ConditionType refers 6356 to a condition in the pod's condition 6357 list with matching type. 6358 type: string 6359 restartPolicy: 6360 description: 'Restart policy for all containers 6361 within the pod. One of Always, OnFailure, 6362 Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 6363 type: string 6364 runtimeClassName: 6365 description: 'RuntimeClassName refers to 6366 a RuntimeClass object in the node.k8s.io 6367 group, which should be used to run this 6368 pod. If no RuntimeClass resource matches 6369 the named class, the pod will not be run. 6370 If unset or empty, the "legacy" RuntimeClass 6371 will be used, which is an implicit class 6372 with an empty definition that uses the 6373 default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md 6374 This is a beta feature as of Kubernetes 6375 v1.14.' 6376 type: string 6377 schedulerName: 6378 description: If specified, the pod will 6379 be dispatched by specified scheduler. 6380 If not specified, the pod will be dispatched 6381 by default scheduler. 6382 type: string 6383 securityContext: 6384 description: 'SecurityContext holds pod-level 6385 security attributes and common container 6386 settings. Optional: Defaults to empty. See 6387 type description for default values of 6388 each field.' 6389 type: object 6390 properties: 6391 fsGroup: 6392 description: "A special supplemental 6393 group that applies to all containers 6394 in a pod. Some volume types allow 6395 the Kubelet to change the ownership 6396 of that volume to be owned by the 6397 pod: \n 1. The owning GID will be 6398 the FSGroup 2. The setgid bit is set 6399 (new files created in the volume will 6400 be owned by FSGroup) 3. The permission 6401 bits are OR'd with rw-rw---- \n If 6402 unset, the Kubelet will not modify 6403 the ownership and permissions of any 6404 volume." 6405 type: integer 6406 format: int64 6407 fsGroupChangePolicy: 6408 description: 'fsGroupChangePolicy defines 6409 behavior of changing ownership and 6410 permission of the volume before being 6411 exposed inside Pod. This field will 6412 only apply to volume types which support 6413 fsGroup based ownership(and permissions). 6414 It will have no effect on ephemeral 6415 volume types such as: secret, configmaps 6416 and emptydir. Valid values are "OnRootMismatch" 6417 and "Always". If not specified defaults 6418 to "Always".' 6419 type: string 6420 runAsGroup: 6421 description: The GID to run the entrypoint 6422 of the container process. Uses runtime 6423 default if unset. May also be set 6424 in SecurityContext. If set in both 6425 SecurityContext and PodSecurityContext, 6426 the value specified in SecurityContext 6427 takes precedence for that container. 6428 type: integer 6429 format: int64 6430 runAsNonRoot: 6431 description: Indicates that the container 6432 must run as a non-root user. If true, 6433 the Kubelet will validate the image 6434 at runtime to ensure that it does 6435 not run as UID 0 (root) and fail to 6436 start the container if it does. If 6437 unset or false, no such validation 6438 will be performed. May also be set 6439 in SecurityContext. If set in both 6440 SecurityContext and PodSecurityContext, 6441 the value specified in SecurityContext 6442 takes precedence. 6443 type: boolean 6444 runAsUser: 6445 description: The UID to run the entrypoint 6446 of the container process. Defaults 6447 to user specified in image metadata 6448 if unspecified. May also be set in 6449 SecurityContext. If set in both SecurityContext 6450 and PodSecurityContext, the value 6451 specified in SecurityContext takes 6452 precedence for that container. 6453 type: integer 6454 format: int64 6455 seLinuxOptions: 6456 description: The SELinux context to 6457 be applied to all containers. If unspecified, 6458 the container runtime will allocate 6459 a random SELinux context for each 6460 container. May also be set in SecurityContext. If 6461 set in both SecurityContext and PodSecurityContext, 6462 the value specified in SecurityContext 6463 takes precedence for that container. 6464 type: object 6465 properties: 6466 level: 6467 description: Level is SELinux level 6468 label that applies to the container. 6469 type: string 6470 role: 6471 description: Role is a SELinux role 6472 label that applies to the container. 6473 type: string 6474 type: 6475 description: Type is a SELinux type 6476 label that applies to the container. 6477 type: string 6478 user: 6479 description: User is a SELinux user 6480 label that applies to the container. 6481 type: string 6482 supplementalGroups: 6483 description: A list of groups applied 6484 to the first process run in each container, 6485 in addition to the container's primary 6486 GID. If unspecified, no groups will 6487 be added to any container. 6488 type: array 6489 items: 6490 type: integer 6491 format: int64 6492 sysctls: 6493 description: Sysctls hold a list of 6494 namespaced sysctls used for the pod. 6495 Pods with unsupported sysctls (by 6496 the container runtime) might fail 6497 to launch. 6498 type: array 6499 items: 6500 description: Sysctl defines a kernel 6501 parameter to be set 6502 type: object 6503 required: 6504 - name 6505 - value 6506 properties: 6507 name: 6508 description: Name of a property 6509 to set 6510 type: string 6511 value: 6512 description: Value of a property 6513 to set 6514 type: string 6515 windowsOptions: 6516 description: The Windows specific settings 6517 applied to all containers. If unspecified, 6518 the options within a container's SecurityContext 6519 will be used. If set in both SecurityContext 6520 and PodSecurityContext, the value 6521 specified in SecurityContext takes 6522 precedence. 6523 type: object 6524 properties: 6525 gmsaCredentialSpec: 6526 description: GMSACredentialSpec 6527 is where the GMSA admission webhook 6528 (https://github.com/kubernetes-sigs/windows-gmsa) 6529 inlines the contents of the GMSA 6530 credential spec named by the GMSACredentialSpecName 6531 field. 6532 type: string 6533 gmsaCredentialSpecName: 6534 description: GMSACredentialSpecName 6535 is the name of the GMSA credential 6536 spec to use. 6537 type: string 6538 runAsUserName: 6539 description: The UserName in Windows 6540 to run the entrypoint of the container 6541 process. Defaults to the user 6542 specified in image metadata if 6543 unspecified. May also be set in 6544 PodSecurityContext. If set in 6545 both SecurityContext and PodSecurityContext, 6546 the value specified in SecurityContext 6547 takes precedence. 6548 type: string 6549 serviceAccount: 6550 description: 'DeprecatedServiceAccount is 6551 a depreciated alias for ServiceAccountName. 6552 Deprecated: Use serviceAccountName instead.' 6553 type: string 6554 serviceAccountName: 6555 description: 'ServiceAccountName is the 6556 name of the ServiceAccount to use to run 6557 this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 6558 type: string 6559 shareProcessNamespace: 6560 description: 'Share a single process namespace 6561 between all of the containers in a pod. 6562 When this is set containers will be able 6563 to view and signal processes from other 6564 containers in the same pod, and the first 6565 process in each container will not be 6566 assigned PID 1. HostPID and ShareProcessNamespace 6567 cannot both be set. Optional: Default 6568 to false.' 6569 type: boolean 6570 subdomain: 6571 description: If specified, the fully qualified 6572 Pod hostname will be "<hostname>.<subdomain>.<pod 6573 namespace>.svc.<cluster domain>". If not 6574 specified, the pod will not have a domainname 6575 at all. 6576 type: string 6577 terminationGracePeriodSeconds: 6578 description: Optional duration in seconds 6579 the pod needs to terminate gracefully. 6580 May be decreased in delete request. Value 6581 must be non-negative integer. The value 6582 zero indicates delete immediately. If 6583 this value is nil, the default grace period 6584 will be used instead. The grace period 6585 is the duration in seconds after the processes 6586 running in the pod are sent a termination 6587 signal and the time when the processes 6588 are forcibly halted with a kill signal. 6589 Set this value longer than the expected 6590 cleanup time for your process. Defaults 6591 to 30 seconds. 6592 type: integer 6593 format: int64 6594 tolerations: 6595 description: If specified, the pod's tolerations. 6596 type: array 6597 items: 6598 description: The pod this Toleration is 6599 attached to tolerates any taint that 6600 matches the triple <key,value,effect> 6601 using the matching operator <operator>. 6602 type: object 6603 properties: 6604 effect: 6605 description: Effect indicates the 6606 taint effect to match. Empty means 6607 match all taint effects. When specified, 6608 allowed values are NoSchedule, PreferNoSchedule 6609 and NoExecute. 6610 type: string 6611 key: 6612 description: Key is the taint key 6613 that the toleration applies to. 6614 Empty means match all taint keys. 6615 If the key is empty, operator must 6616 be Exists; this combination means 6617 to match all values and all keys. 6618 type: string 6619 operator: 6620 description: Operator represents a 6621 key's relationship to the value. 6622 Valid operators are Exists and Equal. 6623 Defaults to Equal. Exists is equivalent 6624 to wildcard for value, so that a 6625 pod can tolerate all taints of a 6626 particular category. 6627 type: string 6628 tolerationSeconds: 6629 description: TolerationSeconds represents 6630 the period of time the toleration 6631 (which must be of effect NoExecute, 6632 otherwise this field is ignored) 6633 tolerates the taint. By default, 6634 it is not set, which means tolerate 6635 the taint forever (do not evict). 6636 Zero and negative values will be 6637 treated as 0 (evict immediately) 6638 by the system. 6639 type: integer 6640 format: int64 6641 value: 6642 description: Value is the taint value 6643 the toleration matches to. If the 6644 operator is Exists, the value should 6645 be empty, otherwise just a regular 6646 string. 6647 type: string 6648 topologySpreadConstraints: 6649 description: TopologySpreadConstraints describes 6650 how a group of pods ought to spread across 6651 topology domains. Scheduler will schedule 6652 pods in a way which abides by the constraints. 6653 This field is only honored by clusters 6654 that enable the EvenPodsSpread feature. 6655 All topologySpreadConstraints are ANDed. 6656 type: array 6657 items: 6658 description: TopologySpreadConstraint 6659 specifies how to spread matching pods 6660 among the given topology. 6661 type: object 6662 required: 6663 - maxSkew 6664 - topologyKey 6665 - whenUnsatisfiable 6666 properties: 6667 labelSelector: 6668 description: LabelSelector is used 6669 to find matching pods. Pods that 6670 match this label selector are counted 6671 to determine the number of pods 6672 in their corresponding topology 6673 domain. 6674 type: object 6675 properties: 6676 matchExpressions: 6677 description: matchExpressions 6678 is a list of label selector 6679 requirements. The requirements 6680 are ANDed. 6681 type: array 6682 items: 6683 description: A label selector 6684 requirement is a selector 6685 that contains values, a key, 6686 and an operator that relates 6687 the key and values. 6688 type: object 6689 required: 6690 - key 6691 - operator 6692 properties: 6693 key: 6694 description: key is the 6695 label key that the selector 6696 applies to. 6697 type: string 6698 operator: 6699 description: operator represents 6700 a key's relationship to 6701 a set of values. Valid 6702 operators are In, NotIn, 6703 Exists and DoesNotExist. 6704 type: string 6705 values: 6706 description: values is an 6707 array of string values. 6708 If the operator is In 6709 or NotIn, the values array 6710 must be non-empty. If 6711 the operator is Exists 6712 or DoesNotExist, the values 6713 array must be empty. This 6714 array is replaced during 6715 a strategic merge patch. 6716 type: array 6717 items: 6718 type: string 6719 matchLabels: 6720 description: matchLabels is a 6721 map of {key,value} pairs. A 6722 single {key,value} in the matchLabels 6723 map is equivalent to an element 6724 of matchExpressions, whose key 6725 field is "key", the operator 6726 is "In", and the values array 6727 contains only "value". The requirements 6728 are ANDed. 6729 type: object 6730 additionalProperties: 6731 type: string 6732 maxSkew: 6733 description: 'MaxSkew describes the 6734 degree to which pods may be unevenly 6735 distributed. It''s the maximum permitted 6736 difference between the number of 6737 matching pods in any two topology 6738 domains of a given topology type. 6739 For example, in a 3-zone cluster, 6740 MaxSkew is set to 1, and pods with 6741 the same labelSelector spread as 6742 1/1/0: | zone1 | zone2 | zone3 | 6743 | P | P | | - if MaxSkew 6744 is 1, incoming pod can only be scheduled 6745 to zone3 to become 1/1/1; scheduling 6746 it onto zone1(zone2) would make 6747 the ActualSkew(2-0) on zone1(zone2) 6748 violate MaxSkew(1). - if MaxSkew 6749 is 2, incoming pod can be scheduled 6750 onto any zone. It''s a required 6751 field. Default value is 1 and 0 6752 is not allowed.' 6753 type: integer 6754 format: int32 6755 topologyKey: 6756 description: TopologyKey is the key 6757 of node labels. Nodes that have 6758 a label with this key and identical 6759 values are considered to be in the 6760 same topology. We consider each 6761 <key, value> as a "bucket", and 6762 try to put balanced number of pods 6763 into each bucket. It's a required 6764 field. 6765 type: string 6766 whenUnsatisfiable: 6767 description: 'WhenUnsatisfiable indicates 6768 how to deal with a pod if it doesn''t 6769 satisfy the spread constraint. - 6770 DoNotSchedule (default) tells the 6771 scheduler not to schedule it - ScheduleAnyway 6772 tells the scheduler to still schedule 6773 it It''s considered as "Unsatisfiable" 6774 if and only if placing incoming 6775 pod on any topology violates "MaxSkew". 6776 For example, in a 3-zone cluster, 6777 MaxSkew is set to 1, and pods with 6778 the same labelSelector spread as 6779 3/1/1: | zone1 | zone2 | zone3 | 6780 | P P P | P | P | If WhenUnsatisfiable 6781 is set to DoNotSchedule, incoming 6782 pod can only be scheduled to zone2(zone3) 6783 to become 3/2/1(3/1/2) as ActualSkew(2-1) 6784 on zone2(zone3) satisfies MaxSkew(1). 6785 In other words, the cluster can 6786 still be imbalanced, but scheduler 6787 won''t make it *more* imbalanced. 6788 It''s a required field.' 6789 type: string 6790 x-kubernetes-list-map-keys: 6791 - topologyKey 6792 - whenUnsatisfiable 6793 x-kubernetes-list-type: map 6794 volumes: 6795 description: 'List of volumes that can be 6796 mounted by containers belonging to the 6797 pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 6798 type: array 6799 items: 6800 description: Volume represents a named 6801 volume in a pod that may be accessed 6802 by any container in the pod. 6803 type: object 6804 required: 6805 - name 6806 properties: 6807 awsElasticBlockStore: 6808 description: 'AWSElasticBlockStore 6809 represents an AWS Disk resource 6810 that is attached to a kubelet''s 6811 host machine and then exposed to 6812 the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6813 type: object 6814 required: 6815 - volumeID 6816 properties: 6817 fsType: 6818 description: 'Filesystem type 6819 of the volume that you want 6820 to mount. Tip: Ensure that the 6821 filesystem type is supported 6822 by the host operating system. 6823 Examples: "ext4", "xfs", "ntfs". 6824 Implicitly inferred to be "ext4" 6825 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6826 TODO: how do we prevent errors 6827 in the filesystem from compromising 6828 the machine' 6829 type: string 6830 partition: 6831 description: 'The partition in 6832 the volume that you want to 6833 mount. If omitted, the default 6834 is to mount by volume name. 6835 Examples: For volume /dev/sda1, 6836 you specify the partition as 6837 "1". Similarly, the volume partition 6838 for /dev/sda is "0" (or you 6839 can leave the property empty).' 6840 type: integer 6841 format: int32 6842 readOnly: 6843 description: 'Specify "true" to 6844 force and set the ReadOnly property 6845 in VolumeMounts to "true". If 6846 omitted, the default is "false". 6847 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6848 type: boolean 6849 volumeID: 6850 description: 'Unique ID of the 6851 persistent disk resource in 6852 AWS (Amazon EBS volume). More 6853 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6854 type: string 6855 azureDisk: 6856 description: AzureDisk represents 6857 an Azure Data Disk mount on the 6858 host and bind mount to the pod. 6859 type: object 6860 required: 6861 - diskName 6862 - diskURI 6863 properties: 6864 cachingMode: 6865 description: 'Host Caching mode: 6866 None, Read Only, Read Write.' 6867 type: string 6868 diskName: 6869 description: The Name of the data 6870 disk in the blob storage 6871 type: string 6872 diskURI: 6873 description: The URI the data 6874 disk in the blob storage 6875 type: string 6876 fsType: 6877 description: Filesystem type to 6878 mount. Must be a filesystem 6879 type supported by the host operating 6880 system. Ex. "ext4", "xfs", "ntfs". 6881 Implicitly inferred to be "ext4" 6882 if unspecified. 6883 type: string 6884 kind: 6885 description: 'Expected values 6886 Shared: multiple blob disks 6887 per storage account Dedicated: 6888 single blob disk per storage 6889 account Managed: azure managed 6890 data disk (only in managed availability 6891 set). defaults to shared' 6892 type: string 6893 readOnly: 6894 description: Defaults to false 6895 (read/write). ReadOnly here 6896 will force the ReadOnly setting 6897 in VolumeMounts. 6898 type: boolean 6899 azureFile: 6900 description: AzureFile represents 6901 an Azure File Service mount on the 6902 host and bind mount to the pod. 6903 type: object 6904 required: 6905 - secretName 6906 - shareName 6907 properties: 6908 readOnly: 6909 description: Defaults to false 6910 (read/write). ReadOnly here 6911 will force the ReadOnly setting 6912 in VolumeMounts. 6913 type: boolean 6914 secretName: 6915 description: the name of secret 6916 that contains Azure Storage 6917 Account Name and Key 6918 type: string 6919 shareName: 6920 description: Share Name 6921 type: string 6922 cephfs: 6923 description: CephFS represents a Ceph 6924 FS mount on the host that shares 6925 a pod's lifetime 6926 type: object 6927 required: 6928 - monitors 6929 properties: 6930 monitors: 6931 description: 'Required: Monitors 6932 is a collection of Ceph monitors 6933 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6934 type: array 6935 items: 6936 type: string 6937 path: 6938 description: 'Optional: Used as 6939 the mounted root, rather than 6940 the full Ceph tree, default 6941 is /' 6942 type: string 6943 readOnly: 6944 description: 'Optional: Defaults 6945 to false (read/write). ReadOnly 6946 here will force the ReadOnly 6947 setting in VolumeMounts. More 6948 info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6949 type: boolean 6950 secretFile: 6951 description: 'Optional: SecretFile 6952 is the path to key ring for 6953 User, default is /etc/ceph/user.secret 6954 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6955 type: string 6956 secretRef: 6957 description: 'Optional: SecretRef 6958 is reference to the authentication 6959 secret for User, default is 6960 empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6961 type: object 6962 properties: 6963 name: 6964 description: 'Name of the 6965 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6966 TODO: Add other useful fields. 6967 apiVersion, kind, uid?' 6968 type: string 6969 user: 6970 description: 'Optional: User is 6971 the rados user name, default 6972 is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6973 type: string 6974 cinder: 6975 description: 'Cinder represents a 6976 cinder volume attached and mounted 6977 on kubelets host machine. More info: 6978 https://examples.k8s.io/mysql-cinder-pd/README.md' 6979 type: object 6980 required: 6981 - volumeID 6982 properties: 6983 fsType: 6984 description: 'Filesystem type 6985 to mount. Must be a filesystem 6986 type supported by the host operating 6987 system. Examples: "ext4", "xfs", 6988 "ntfs". Implicitly inferred 6989 to be "ext4" if unspecified. 6990 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6991 type: string 6992 readOnly: 6993 description: 'Optional: Defaults 6994 to false (read/write). ReadOnly 6995 here will force the ReadOnly 6996 setting in VolumeMounts. More 6997 info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6998 type: boolean 6999 secretRef: 7000 description: 'Optional: points 7001 to a secret object containing 7002 parameters used to connect to 7003 OpenStack.' 7004 type: object 7005 properties: 7006 name: 7007 description: 'Name of the 7008 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7009 TODO: Add other useful fields. 7010 apiVersion, kind, uid?' 7011 type: string 7012 volumeID: 7013 description: 'volume id used to 7014 identify the volume in cinder. 7015 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 7016 type: string 7017 configMap: 7018 description: ConfigMap represents 7019 a configMap that should populate 7020 this volume 7021 type: object 7022 properties: 7023 defaultMode: 7024 description: 'Optional: mode bits 7025 to use on created files by default. 7026 Must be a value between 0 and 7027 0777. Defaults to 0644. Directories 7028 within the path are not affected 7029 by this setting. This might 7030 be in conflict with other options 7031 that affect the file mode, like 7032 fsGroup, and the result can 7033 be other mode bits set.' 7034 type: integer 7035 format: int32 7036 items: 7037 description: If unspecified, each 7038 key-value pair in the Data field 7039 of the referenced ConfigMap 7040 will be projected into the volume 7041 as a file whose name is the 7042 key and content is the value. 7043 If specified, the listed keys 7044 will be projected into the specified 7045 paths, and unlisted keys will 7046 not be present. If a key is 7047 specified which is not present 7048 in the ConfigMap, the volume 7049 setup will error unless it is 7050 marked optional. Paths must 7051 be relative and may not contain 7052 the '..' path or start with 7053 '..'. 7054 type: array 7055 items: 7056 description: Maps a string key 7057 to a path within a volume. 7058 type: object 7059 required: 7060 - key 7061 - path 7062 properties: 7063 key: 7064 description: The key to 7065 project. 7066 type: string 7067 mode: 7068 description: 'Optional: 7069 mode bits to use on this 7070 file, must be a value 7071 between 0 and 0777. If 7072 not specified, the volume 7073 defaultMode will be used. 7074 This might be in conflict 7075 with other options that 7076 affect the file mode, 7077 like fsGroup, and the 7078 result can be other mode 7079 bits set.' 7080 type: integer 7081 format: int32 7082 path: 7083 description: The relative 7084 path of the file to map 7085 the key to. May not be 7086 an absolute path. May 7087 not contain the path element 7088 '..'. May not start with 7089 the string '..'. 7090 type: string 7091 name: 7092 description: 'Name of the referent. 7093 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7094 TODO: Add other useful fields. 7095 apiVersion, kind, uid?' 7096 type: string 7097 optional: 7098 description: Specify whether the 7099 ConfigMap or its keys must be 7100 defined 7101 type: boolean 7102 csi: 7103 description: CSI (Container Storage 7104 Interface) represents storage that 7105 is handled by an external CSI driver 7106 (Alpha feature). 7107 type: object 7108 required: 7109 - driver 7110 properties: 7111 driver: 7112 description: Driver is the name 7113 of the CSI driver that handles 7114 this volume. Consult with your 7115 admin for the correct name as 7116 registered in the cluster. 7117 type: string 7118 fsType: 7119 description: Filesystem type to 7120 mount. Ex. "ext4", "xfs", "ntfs". 7121 If not provided, the empty value 7122 is passed to the associated 7123 CSI driver which will determine 7124 the default filesystem to apply. 7125 type: string 7126 nodePublishSecretRef: 7127 description: NodePublishSecretRef 7128 is a reference to the secret 7129 object containing sensitive 7130 information to pass to the CSI 7131 driver to complete the CSI NodePublishVolume 7132 and NodeUnpublishVolume calls. 7133 This field is optional, and may 7134 be empty if no secret is required. 7135 If the secret object contains 7136 more than one secret, all secret 7137 references are passed. 7138 type: object 7139 properties: 7140 name: 7141 description: 'Name of the 7142 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7143 TODO: Add other useful fields. 7144 apiVersion, kind, uid?' 7145 type: string 7146 readOnly: 7147 description: Specifies a read-only 7148 configuration for the volume. 7149 Defaults to false (read/write). 7150 type: boolean 7151 volumeAttributes: 7152 description: VolumeAttributes 7153 stores driver-specific properties 7154 that are passed to the CSI driver. 7155 Consult your driver's documentation 7156 for supported values. 7157 type: object 7158 additionalProperties: 7159 type: string 7160 downwardAPI: 7161 description: DownwardAPI represents 7162 downward API about the pod that 7163 should populate this volume 7164 type: object 7165 properties: 7166 defaultMode: 7167 description: 'Optional: mode bits 7168 to use on created files by default. 7169 Must be a value between 0 and 7170 0777. Defaults to 0644. Directories 7171 within the path are not affected 7172 by this setting. This might 7173 be in conflict with other options 7174 that affect the file mode, like 7175 fsGroup, and the result can 7176 be other mode bits set.' 7177 type: integer 7178 format: int32 7179 items: 7180 description: Items is a list of 7181 downward API volume file 7182 type: array 7183 items: 7184 description: DownwardAPIVolumeFile 7185 represents information to 7186 create the file containing 7187 the pod field 7188 type: object 7189 required: 7190 - path 7191 properties: 7192 fieldRef: 7193 description: 'Required: 7194 Selects a field of the 7195 pod: only annotations, 7196 labels, name and namespace 7197 are supported.' 7198 type: object 7199 required: 7200 - fieldPath 7201 properties: 7202 apiVersion: 7203 description: Version 7204 of the schema the 7205 FieldPath is written 7206 in terms of, defaults 7207 to "v1". 7208 type: string 7209 fieldPath: 7210 description: Path of 7211 the field to select 7212 in the specified API 7213 version. 7214 type: string 7215 mode: 7216 description: 'Optional: 7217 mode bits to use on this 7218 file, must be a value 7219 between 0 and 0777. If 7220 not specified, the volume 7221 defaultMode will be used. 7222 This might be in conflict 7223 with other options that 7224 affect the file mode, 7225 like fsGroup, and the 7226 result can be other mode 7227 bits set.' 7228 type: integer 7229 format: int32 7230 path: 7231 description: 'Required: 7232 Path is the relative 7233 path name of the file 7234 to be created. Must not 7235 be absolute or contain 7236 the ''..'' path. Must 7237 be utf-8 encoded. The 7238 first item of the relative 7239 path must not start with 7240 ''..''' 7241 type: string 7242 resourceFieldRef: 7243 description: 'Selects a 7244 resource of the container: 7245 only resources limits 7246 and requests (limits.cpu, 7247 limits.memory, requests.cpu 7248 and requests.memory) are 7249 currently supported.' 7250 type: object 7251 required: 7252 - resource 7253 properties: 7254 containerName: 7255 description: 'Container 7256 name: required for 7257 volumes, optional 7258 for env vars' 7259 type: string 7260 divisor: 7261 description: Specifies 7262 the output format 7263 of the exposed resources, 7264 defaults to "1" 7265 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7266 anyOf: 7267 - type: integer 7268 - type: string 7269 x-kubernetes-int-or-string: true 7270 resource: 7271 description: 'Required: 7272 resource to select' 7273 type: string 7274 emptyDir: 7275 description: 'EmptyDir represents 7276 a temporary directory that shares 7277 a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 7278 type: object 7279 properties: 7280 medium: 7281 description: 'What type of storage 7282 medium should back this directory. 7283 The default is "" which means 7284 to use the node''s default medium. 7285 Must be an empty string (default) 7286 or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 7287 type: string 7288 sizeLimit: 7289 description: 'Total amount of 7290 local storage required for this 7291 EmptyDir volume. The size limit 7292 is also applicable for memory 7293 medium. The maximum usage on 7294 memory medium EmptyDir would 7295 be the minimum value between 7296 the SizeLimit specified here 7297 and the sum of memory limits 7298 of all containers in a pod. 7299 The default is nil which means 7300 that the limit is undefined. 7301 More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 7302 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7303 anyOf: 7304 - type: integer 7305 - type: string 7306 x-kubernetes-int-or-string: true 7307 fc: 7308 description: FC represents a Fibre 7309 Channel resource that is attached 7310 to a kubelet's host machine and 7311 then exposed to the pod. 7312 type: object 7313 properties: 7314 fsType: 7315 description: 'Filesystem type 7316 to mount. Must be a filesystem 7317 type supported by the host operating 7318 system. Ex. "ext4", "xfs", "ntfs". 7319 Implicitly inferred to be "ext4" 7320 if unspecified. TODO: how do 7321 we prevent errors in the filesystem 7322 from compromising the machine' 7323 type: string 7324 lun: 7325 description: 'Optional: FC target 7326 lun number' 7327 type: integer 7328 format: int32 7329 readOnly: 7330 description: 'Optional: Defaults 7331 to false (read/write). ReadOnly 7332 here will force the ReadOnly 7333 setting in VolumeMounts.' 7334 type: boolean 7335 targetWWNs: 7336 description: 'Optional: FC target 7337 worldwide names (WWNs)' 7338 type: array 7339 items: 7340 type: string 7341 wwids: 7342 description: 'Optional: FC volume 7343 world wide identifiers (wwids) 7344 Either wwids or combination 7345 of targetWWNs and lun must be 7346 set, but not both simultaneously.' 7347 type: array 7348 items: 7349 type: string 7350 flexVolume: 7351 description: FlexVolume represents 7352 a generic volume resource that is 7353 provisioned/attached using an exec 7354 based plugin. 7355 type: object 7356 required: 7357 - driver 7358 properties: 7359 driver: 7360 description: Driver is the name 7361 of the driver to use for this 7362 volume. 7363 type: string 7364 fsType: 7365 description: Filesystem type to 7366 mount. Must be a filesystem 7367 type supported by the host operating 7368 system. Ex. "ext4", "xfs", "ntfs". 7369 The default filesystem depends 7370 on FlexVolume script. 7371 type: string 7372 options: 7373 description: 'Optional: Extra 7374 command options if any.' 7375 type: object 7376 additionalProperties: 7377 type: string 7378 readOnly: 7379 description: 'Optional: Defaults 7380 to false (read/write). ReadOnly 7381 here will force the ReadOnly 7382 setting in VolumeMounts.' 7383 type: boolean 7384 secretRef: 7385 description: 'Optional: SecretRef 7386 is reference to the secret object 7387 containing sensitive information 7388 to pass to the plugin scripts. 7389 This may be empty if no secret 7390 object is specified. If the 7391 secret object contains more 7392 than one secret, all secrets 7393 are passed to the plugin scripts.' 7394 type: object 7395 properties: 7396 name: 7397 description: 'Name of the 7398 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7399 TODO: Add other useful fields. 7400 apiVersion, kind, uid?' 7401 type: string 7402 flocker: 7403 description: Flocker represents a 7404 Flocker volume attached to a kubelet's 7405 host machine. This depends on the 7406 Flocker control service being running 7407 type: object 7408 properties: 7409 datasetName: 7410 description: Name of the dataset 7411 stored as metadata -> name on 7412 the dataset for Flocker should 7413 be considered as deprecated 7414 type: string 7415 datasetUUID: 7416 description: UUID of the dataset. 7417 This is unique identifier of 7418 a Flocker dataset 7419 type: string 7420 gcePersistentDisk: 7421 description: 'GCEPersistentDisk represents 7422 a GCE Disk resource that is attached 7423 to a kubelet''s host machine and 7424 then exposed to the pod. More info: 7425 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7426 type: object 7427 required: 7428 - pdName 7429 properties: 7430 fsType: 7431 description: 'Filesystem type 7432 of the volume that you want 7433 to mount. Tip: Ensure that the 7434 filesystem type is supported 7435 by the host operating system. 7436 Examples: "ext4", "xfs", "ntfs". 7437 Implicitly inferred to be "ext4" 7438 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 7439 TODO: how do we prevent errors 7440 in the filesystem from compromising 7441 the machine' 7442 type: string 7443 partition: 7444 description: 'The partition in 7445 the volume that you want to 7446 mount. If omitted, the default 7447 is to mount by volume name. 7448 Examples: For volume /dev/sda1, 7449 you specify the partition as 7450 "1". Similarly, the volume partition 7451 for /dev/sda is "0" (or you 7452 can leave the property empty). 7453 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7454 type: integer 7455 format: int32 7456 pdName: 7457 description: 'Unique name of the 7458 PD resource in GCE. Used to 7459 identify the disk in GCE. More 7460 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7461 type: string 7462 readOnly: 7463 description: 'ReadOnly here will 7464 force the ReadOnly setting in 7465 VolumeMounts. Defaults to false. 7466 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 7467 type: boolean 7468 gitRepo: 7469 description: 'GitRepo represents a 7470 git repository at a particular revision. 7471 DEPRECATED: GitRepo is deprecated. 7472 To provision a container with a 7473 git repo, mount an EmptyDir into 7474 an InitContainer that clones the 7475 repo using git, then mount the EmptyDir 7476 into the Pod''s container.' 7477 type: object 7478 required: 7479 - repository 7480 properties: 7481 directory: 7482 description: Target directory 7483 name. Must not contain or start 7484 with '..'. If '.' is supplied, 7485 the volume directory will be 7486 the git repository. Otherwise, 7487 if specified, the volume will 7488 contain the git repository in 7489 the subdirectory with the given 7490 name. 7491 type: string 7492 repository: 7493 description: Repository URL 7494 type: string 7495 revision: 7496 description: Commit hash for the 7497 specified revision. 7498 type: string 7499 glusterfs: 7500 description: 'Glusterfs represents 7501 a Glusterfs mount on the host that 7502 shares a pod''s lifetime. More info: 7503 https://examples.k8s.io/volumes/glusterfs/README.md' 7504 type: object 7505 required: 7506 - endpoints 7507 - path 7508 properties: 7509 endpoints: 7510 description: 'EndpointsName is 7511 the endpoint name that details 7512 Glusterfs topology. More info: 7513 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7514 type: string 7515 path: 7516 description: 'Path is the Glusterfs 7517 volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7518 type: string 7519 readOnly: 7520 description: 'ReadOnly here will 7521 force the Glusterfs volume to 7522 be mounted with read-only permissions. 7523 Defaults to false. More info: 7524 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 7525 type: boolean 7526 hostPath: 7527 description: 'HostPath represents 7528 a pre-existing file or directory 7529 on the host machine that is directly 7530 exposed to the container. This is 7531 generally used for system agents 7532 or other privileged things that 7533 are allowed to see the host machine. 7534 Most containers will NOT need this. 7535 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 7536 --- TODO(jonesdl) We need to restrict 7537 who can use host directory mounts 7538 and who can/can not mount host directories 7539 as read/write.' 7540 type: object 7541 required: 7542 - path 7543 properties: 7544 path: 7545 description: 'Path of the directory 7546 on the host. If the path is 7547 a symlink, it will follow the 7548 link to the real path. More 7549 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 7550 type: string 7551 type: 7552 description: 'Type for HostPath 7553 Volume Defaults to "" More info: 7554 https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 7555 type: string 7556 iscsi: 7557 description: 'ISCSI represents an 7558 ISCSI Disk resource that is attached 7559 to a kubelet''s host machine and 7560 then exposed to the pod. More info: 7561 https://examples.k8s.io/volumes/iscsi/README.md' 7562 type: object 7563 required: 7564 - iqn 7565 - lun 7566 - targetPortal 7567 properties: 7568 chapAuthDiscovery: 7569 description: whether support iSCSI 7570 Discovery CHAP authentication 7571 type: boolean 7572 chapAuthSession: 7573 description: whether support iSCSI 7574 Session CHAP authentication 7575 type: boolean 7576 fsType: 7577 description: 'Filesystem type 7578 of the volume that you want 7579 to mount. Tip: Ensure that the 7580 filesystem type is supported 7581 by the host operating system. 7582 Examples: "ext4", "xfs", "ntfs". 7583 Implicitly inferred to be "ext4" 7584 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 7585 TODO: how do we prevent errors 7586 in the filesystem from compromising 7587 the machine' 7588 type: string 7589 initiatorName: 7590 description: Custom iSCSI Initiator 7591 Name. If initiatorName is specified 7592 with iscsiInterface simultaneously, 7593 new iSCSI interface <target 7594 portal>:<volume name> will be 7595 created for the connection. 7596 type: string 7597 iqn: 7598 description: Target iSCSI Qualified 7599 Name. 7600 type: string 7601 iscsiInterface: 7602 description: iSCSI Interface Name 7603 that uses an iSCSI transport. 7604 Defaults to 'default' (tcp). 7605 type: string 7606 lun: 7607 description: iSCSI Target Lun 7608 number. 7609 type: integer 7610 format: int32 7611 portals: 7612 description: iSCSI Target Portal 7613 List. The portal is either an 7614 IP or ip_addr:port if the port 7615 is other than default (typically 7616 TCP ports 860 and 3260). 7617 type: array 7618 items: 7619 type: string 7620 readOnly: 7621 description: ReadOnly here will 7622 force the ReadOnly setting in 7623 VolumeMounts. Defaults to false. 7624 type: boolean 7625 secretRef: 7626 description: CHAP Secret for iSCSI 7627 target and initiator authentication 7628 type: object 7629 properties: 7630 name: 7631 description: 'Name of the 7632 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7633 TODO: Add other useful fields. 7634 apiVersion, kind, uid?' 7635 type: string 7636 targetPortal: 7637 description: iSCSI Target Portal. 7638 The Portal is either an IP or 7639 ip_addr:port if the port is 7640 other than default (typically 7641 TCP ports 860 and 3260). 7642 type: string 7643 name: 7644 description: 'Volume''s name. Must 7645 be a DNS_LABEL and unique within 7646 the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 7647 type: string 7648 nfs: 7649 description: 'NFS represents an NFS 7650 mount on the host that shares a 7651 pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7652 type: object 7653 required: 7654 - path 7655 - server 7656 properties: 7657 path: 7658 description: 'Path that is exported 7659 by the NFS server. More info: 7660 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7661 type: string 7662 readOnly: 7663 description: 'ReadOnly here will 7664 force the NFS export to be mounted 7665 with read-only permissions. 7666 Defaults to false. More info: 7667 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7668 type: boolean 7669 server: 7670 description: 'Server is the hostname 7671 or IP address of the NFS server. 7672 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7673 type: string 7674 persistentVolumeClaim: 7675 description: 'PersistentVolumeClaimVolumeSource 7676 represents a reference to a PersistentVolumeClaim 7677 in the same namespace. More info: 7678 https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7679 type: object 7680 required: 7681 - claimName 7682 properties: 7683 claimName: 7684 description: 'ClaimName is the 7685 name of a PersistentVolumeClaim 7686 in the same namespace as the 7687 pod using this volume. More 7688 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7689 type: string 7690 readOnly: 7691 description: Will force the ReadOnly 7692 setting in VolumeMounts. Default 7693 false. 7694 type: boolean 7695 photonPersistentDisk: 7696 description: PhotonPersistentDisk 7697 represents a PhotonController persistent 7698 disk attached and mounted on kubelets 7699 host machine 7700 type: object 7701 required: 7702 - pdID 7703 properties: 7704 fsType: 7705 description: Filesystem type to 7706 mount. Must be a filesystem 7707 type supported by the host operating 7708 system. Ex. "ext4", "xfs", "ntfs". 7709 Implicitly inferred to be "ext4" 7710 if unspecified. 7711 type: string 7712 pdID: 7713 description: ID that identifies 7714 Photon Controller persistent 7715 disk 7716 type: string 7717 portworxVolume: 7718 description: PortworxVolume represents 7719 a portworx volume attached and mounted 7720 on kubelets host machine 7721 type: object 7722 required: 7723 - volumeID 7724 properties: 7725 fsType: 7726 description: FSType represents 7727 the filesystem type to mount 7728 Must be a filesystem type supported 7729 by the host operating system. 7730 Ex. "ext4", "xfs". Implicitly 7731 inferred to be "ext4" if unspecified. 7732 type: string 7733 readOnly: 7734 description: Defaults to false 7735 (read/write). ReadOnly here 7736 will force the ReadOnly setting 7737 in VolumeMounts. 7738 type: boolean 7739 volumeID: 7740 description: VolumeID uniquely 7741 identifies a Portworx volume 7742 type: string 7743 projected: 7744 description: Items for all in one 7745 resources secrets, configmaps, and 7746 downward API 7747 type: object 7748 required: 7749 - sources 7750 properties: 7751 defaultMode: 7752 description: Mode bits to use 7753 on created files by default. 7754 Must be a value between 0 and 7755 0777. Directories within the 7756 path are not affected by this 7757 setting. This might be in conflict 7758 with other options that affect 7759 the file mode, like fsGroup, 7760 and the result can be other 7761 mode bits set. 7762 type: integer 7763 format: int32 7764 sources: 7765 description: list of volume projections 7766 type: array 7767 items: 7768 description: Projection that 7769 may be projected along with 7770 other supported volume types 7771 type: object 7772 properties: 7773 configMap: 7774 description: information 7775 about the configMap data 7776 to project 7777 type: object 7778 properties: 7779 items: 7780 description: If unspecified, 7781 each key-value pair 7782 in the Data field 7783 of the referenced 7784 ConfigMap will be 7785 projected into the 7786 volume as a file whose 7787 name is the key and 7788 content is the value. 7789 If specified, the 7790 listed keys will be 7791 projected into the 7792 specified paths, and 7793 unlisted keys will 7794 not be present. If 7795 a key is specified 7796 which is not present 7797 in the ConfigMap, 7798 the volume setup will 7799 error unless it is 7800 marked optional. Paths 7801 must be relative and 7802 may not contain the 7803 '..' path or start 7804 with '..'. 7805 type: array 7806 items: 7807 description: Maps 7808 a string key to 7809 a path within a 7810 volume. 7811 type: object 7812 required: 7813 - key 7814 - path 7815 properties: 7816 key: 7817 description: The 7818 key to project. 7819 type: string 7820 mode: 7821 description: 'Optional: 7822 mode bits to 7823 use on this 7824 file, must be 7825 a value between 7826 0 and 0777. 7827 If not specified, 7828 the volume defaultMode 7829 will be used. 7830 This might be 7831 in conflict 7832 with other options 7833 that affect 7834 the file mode, 7835 like fsGroup, 7836 and the result 7837 can be other 7838 mode bits set.' 7839 type: integer 7840 format: int32 7841 path: 7842 description: The 7843 relative path 7844 of the file 7845 to map the key 7846 to. May not 7847 be an absolute 7848 path. May not 7849 contain the 7850 path element 7851 '..'. May not 7852 start with the 7853 string '..'. 7854 type: string 7855 name: 7856 description: 'Name of 7857 the referent. More 7858 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7859 TODO: Add other useful 7860 fields. apiVersion, 7861 kind, uid?' 7862 type: string 7863 optional: 7864 description: Specify 7865 whether the ConfigMap 7866 or its keys must be 7867 defined 7868 type: boolean 7869 downwardAPI: 7870 description: information 7871 about the downwardAPI 7872 data to project 7873 type: object 7874 properties: 7875 items: 7876 description: Items is 7877 a list of DownwardAPIVolume 7878 file 7879 type: array 7880 items: 7881 description: DownwardAPIVolumeFile 7882 represents information 7883 to create the file 7884 containing the pod 7885 field 7886 type: object 7887 required: 7888 - path 7889 properties: 7890 fieldRef: 7891 description: 'Required: 7892 Selects a field 7893 of the pod: 7894 only annotations, 7895 labels, name 7896 and namespace 7897 are supported.' 7898 type: object 7899 required: 7900 - fieldPath 7901 properties: 7902 apiVersion: 7903 description: Version 7904 of the schema 7905 the FieldPath 7906 is written 7907 in terms 7908 of, defaults 7909 to "v1". 7910 type: string 7911 fieldPath: 7912 description: Path 7913 of the field 7914 to select 7915 in the specified 7916 API version. 7917 type: string 7918 mode: 7919 description: 'Optional: 7920 mode bits to 7921 use on this 7922 file, must be 7923 a value between 7924 0 and 0777. 7925 If not specified, 7926 the volume defaultMode 7927 will be used. 7928 This might be 7929 in conflict 7930 with other options 7931 that affect 7932 the file mode, 7933 like fsGroup, 7934 and the result 7935 can be other 7936 mode bits set.' 7937 type: integer 7938 format: int32 7939 path: 7940 description: 'Required: 7941 Path is the 7942 relative path 7943 name of the 7944 file to be created. 7945 Must not be 7946 absolute or 7947 contain the 7948 ''..'' path. 7949 Must be utf-8 7950 encoded. The 7951 first item of 7952 the relative 7953 path must not 7954 start with ''..''' 7955 type: string 7956 resourceFieldRef: 7957 description: 'Selects 7958 a resource of 7959 the container: 7960 only resources 7961 limits and requests 7962 (limits.cpu, 7963 limits.memory, 7964 requests.cpu 7965 and requests.memory) 7966 are currently 7967 supported.' 7968 type: object 7969 required: 7970 - resource 7971 properties: 7972 containerName: 7973 description: 'Container 7974 name: required 7975 for volumes, 7976 optional 7977 for env 7978 vars' 7979 type: string 7980 divisor: 7981 description: Specifies 7982 the output 7983 format of 7984 the exposed 7985 resources, 7986 defaults 7987 to "1" 7988 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7989 anyOf: 7990 - type: integer 7991 - type: string 7992 x-kubernetes-int-or-string: true 7993 resource: 7994 description: 'Required: 7995 resource 7996 to select' 7997 type: string 7998 secret: 7999 description: information 8000 about the secret data 8001 to project 8002 type: object 8003 properties: 8004 items: 8005 description: If unspecified, 8006 each key-value pair 8007 in the Data field 8008 of the referenced 8009 Secret will be projected 8010 into the volume as 8011 a file whose name 8012 is the key and content 8013 is the value. If specified, 8014 the listed keys will 8015 be projected into 8016 the specified paths, 8017 and unlisted keys 8018 will not be present. 8019 If a key is specified 8020 which is not present 8021 in the Secret, the 8022 volume setup will 8023 error unless it is 8024 marked optional. Paths 8025 must be relative and 8026 may not contain the 8027 '..' path or start 8028 with '..'. 8029 type: array 8030 items: 8031 description: Maps 8032 a string key to 8033 a path within a 8034 volume. 8035 type: object 8036 required: 8037 - key 8038 - path 8039 properties: 8040 key: 8041 description: The 8042 key to project. 8043 type: string 8044 mode: 8045 description: 'Optional: 8046 mode bits to 8047 use on this 8048 file, must be 8049 a value between 8050 0 and 0777. 8051 If not specified, 8052 the volume defaultMode 8053 will be used. 8054 This might be 8055 in conflict 8056 with other options 8057 that affect 8058 the file mode, 8059 like fsGroup, 8060 and the result 8061 can be other 8062 mode bits set.' 8063 type: integer 8064 format: int32 8065 path: 8066 description: The 8067 relative path 8068 of the file 8069 to map the key 8070 to. May not 8071 be an absolute 8072 path. May not 8073 contain the 8074 path element 8075 '..'. May not 8076 start with the 8077 string '..'. 8078 type: string 8079 name: 8080 description: 'Name of 8081 the referent. More 8082 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8083 TODO: Add other useful 8084 fields. apiVersion, 8085 kind, uid?' 8086 type: string 8087 optional: 8088 description: Specify 8089 whether the Secret 8090 or its key must be 8091 defined 8092 type: boolean 8093 serviceAccountToken: 8094 description: information 8095 about the serviceAccountToken 8096 data to project 8097 type: object 8098 required: 8099 - path 8100 properties: 8101 audience: 8102 description: Audience 8103 is the intended audience 8104 of the token. A recipient 8105 of a token must identify 8106 itself with an identifier 8107 specified in the audience 8108 of the token, and 8109 otherwise should reject 8110 the token. The audience 8111 defaults to the identifier 8112 of the apiserver. 8113 type: string 8114 expirationSeconds: 8115 description: ExpirationSeconds 8116 is the requested duration 8117 of validity of the 8118 service account token. 8119 As the token approaches 8120 expiration, the kubelet 8121 volume plugin will 8122 proactively rotate 8123 the service account 8124 token. The kubelet 8125 will start trying 8126 to rotate the token 8127 if the token is older 8128 than 80 percent of 8129 its time to live or 8130 if the token is older 8131 than 24 hours.Defaults 8132 to 1 hour and must 8133 be at least 10 minutes. 8134 type: integer 8135 format: int64 8136 path: 8137 description: Path is 8138 the path relative 8139 to the mount point 8140 of the file to project 8141 the token into. 8142 type: string 8143 quobyte: 8144 description: Quobyte represents a 8145 Quobyte mount on the host that shares 8146 a pod's lifetime 8147 type: object 8148 required: 8149 - registry 8150 - volume 8151 properties: 8152 group: 8153 description: Group to map volume 8154 access to Default is no group 8155 type: string 8156 readOnly: 8157 description: ReadOnly here will 8158 force the Quobyte volume to 8159 be mounted with read-only permissions. 8160 Defaults to false. 8161 type: boolean 8162 registry: 8163 description: Registry represents 8164 a single or multiple Quobyte 8165 Registry services specified 8166 as a string as host:port pair 8167 (multiple entries are separated 8168 with commas) which acts as the 8169 central registry for volumes 8170 type: string 8171 tenant: 8172 description: Tenant owning the 8173 given Quobyte volume in the 8174 Backend Used with dynamically 8175 provisioned Quobyte volumes, 8176 value is set by the plugin 8177 type: string 8178 user: 8179 description: User to map volume 8180 access to Defaults to serivceaccount 8181 user 8182 type: string 8183 volume: 8184 description: Volume is a string 8185 that references an already created 8186 Quobyte volume by name. 8187 type: string 8188 rbd: 8189 description: 'RBD represents a Rados 8190 Block Device mount on the host that 8191 shares a pod''s lifetime. More info: 8192 https://examples.k8s.io/volumes/rbd/README.md' 8193 type: object 8194 required: 8195 - image 8196 - monitors 8197 properties: 8198 fsType: 8199 description: 'Filesystem type 8200 of the volume that you want 8201 to mount. Tip: Ensure that the 8202 filesystem type is supported 8203 by the host operating system. 8204 Examples: "ext4", "xfs", "ntfs". 8205 Implicitly inferred to be "ext4" 8206 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 8207 TODO: how do we prevent errors 8208 in the filesystem from compromising 8209 the machine' 8210 type: string 8211 image: 8212 description: 'The rados image 8213 name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8214 type: string 8215 keyring: 8216 description: 'Keyring is the path 8217 to key ring for RBDUser. Default 8218 is /etc/ceph/keyring. More info: 8219 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8220 type: string 8221 monitors: 8222 description: 'A collection of 8223 Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8224 type: array 8225 items: 8226 type: string 8227 pool: 8228 description: 'The rados pool name. 8229 Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8230 type: string 8231 readOnly: 8232 description: 'ReadOnly here will 8233 force the ReadOnly setting in 8234 VolumeMounts. Defaults to false. 8235 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8236 type: boolean 8237 secretRef: 8238 description: 'SecretRef is name 8239 of the authentication secret 8240 for RBDUser. If provided overrides 8241 keyring. Default is nil. More 8242 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8243 type: object 8244 properties: 8245 name: 8246 description: 'Name of the 8247 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8248 TODO: Add other useful fields. 8249 apiVersion, kind, uid?' 8250 type: string 8251 user: 8252 description: 'The rados user name. 8253 Default is admin. More info: 8254 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 8255 type: string 8256 scaleIO: 8257 description: ScaleIO represents a 8258 ScaleIO persistent volume attached 8259 and mounted on Kubernetes nodes. 8260 type: object 8261 required: 8262 - gateway 8263 - secretRef 8264 - system 8265 properties: 8266 fsType: 8267 description: Filesystem type to 8268 mount. Must be a filesystem 8269 type supported by the host operating 8270 system. Ex. "ext4", "xfs", "ntfs". 8271 Default is "xfs". 8272 type: string 8273 gateway: 8274 description: The host address 8275 of the ScaleIO API Gateway. 8276 type: string 8277 protectionDomain: 8278 description: The name of the ScaleIO 8279 Protection Domain for the configured 8280 storage. 8281 type: string 8282 readOnly: 8283 description: Defaults to false 8284 (read/write). ReadOnly here 8285 will force the ReadOnly setting 8286 in VolumeMounts. 8287 type: boolean 8288 secretRef: 8289 description: SecretRef references 8290 to the secret for ScaleIO user 8291 and other sensitive information. 8292 If this is not provided, Login 8293 operation will fail. 8294 type: object 8295 properties: 8296 name: 8297 description: 'Name of the 8298 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8299 TODO: Add other useful fields. 8300 apiVersion, kind, uid?' 8301 type: string 8302 sslEnabled: 8303 description: Flag to enable/disable 8304 SSL communication with Gateway, 8305 default false 8306 type: boolean 8307 storageMode: 8308 description: Indicates whether 8309 the storage for a volume should 8310 be ThickProvisioned or ThinProvisioned. 8311 Default is ThinProvisioned. 8312 type: string 8313 storagePool: 8314 description: The ScaleIO Storage 8315 Pool associated with the protection 8316 domain. 8317 type: string 8318 system: 8319 description: The name of the storage 8320 system as configured in ScaleIO. 8321 type: string 8322 volumeName: 8323 description: The name of a volume 8324 already created in the ScaleIO 8325 system that is associated with 8326 this volume source. 8327 type: string 8328 secret: 8329 description: 'Secret represents a 8330 secret that should populate this 8331 volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 8332 type: object 8333 properties: 8334 defaultMode: 8335 description: 'Optional: mode bits 8336 to use on created files by default. 8337 Must be a value between 0 and 8338 0777. Defaults to 0644. Directories 8339 within the path are not affected 8340 by this setting. This might 8341 be in conflict with other options 8342 that affect the file mode, like 8343 fsGroup, and the result can 8344 be other mode bits set.' 8345 type: integer 8346 format: int32 8347 items: 8348 description: If unspecified, each 8349 key-value pair in the Data field 8350 of the referenced Secret will 8351 be projected into the volume 8352 as a file whose name is the 8353 key and content is the value. 8354 If specified, the listed keys 8355 will be projected into the specified 8356 paths, and unlisted keys will 8357 not be present. If a key is 8358 specified which is not present 8359 in the Secret, the volume setup 8360 will error unless it is marked 8361 optional. Paths must be relative 8362 and may not contain the '..' 8363 path or start with '..'. 8364 type: array 8365 items: 8366 description: Maps a string key 8367 to a path within a volume. 8368 type: object 8369 required: 8370 - key 8371 - path 8372 properties: 8373 key: 8374 description: The key to 8375 project. 8376 type: string 8377 mode: 8378 description: 'Optional: 8379 mode bits to use on this 8380 file, must be a value 8381 between 0 and 0777. If 8382 not specified, the volume 8383 defaultMode will be used. 8384 This might be in conflict 8385 with other options that 8386 affect the file mode, 8387 like fsGroup, and the 8388 result can be other mode 8389 bits set.' 8390 type: integer 8391 format: int32 8392 path: 8393 description: The relative 8394 path of the file to map 8395 the key to. May not be 8396 an absolute path. May 8397 not contain the path element 8398 '..'. May not start with 8399 the string '..'. 8400 type: string 8401 optional: 8402 description: Specify whether the 8403 Secret or its keys must be defined 8404 type: boolean 8405 secretName: 8406 description: 'Name of the secret 8407 in the pod''s namespace to use. 8408 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 8409 type: string 8410 storageos: 8411 description: StorageOS represents 8412 a StorageOS volume attached and 8413 mounted on Kubernetes nodes. 8414 type: object 8415 properties: 8416 fsType: 8417 description: Filesystem type to 8418 mount. Must be a filesystem 8419 type supported by the host operating 8420 system. Ex. "ext4", "xfs", "ntfs". 8421 Implicitly inferred to be "ext4" 8422 if unspecified. 8423 type: string 8424 readOnly: 8425 description: Defaults to false 8426 (read/write). ReadOnly here 8427 will force the ReadOnly setting 8428 in VolumeMounts. 8429 type: boolean 8430 secretRef: 8431 description: SecretRef specifies 8432 the secret to use for obtaining 8433 the StorageOS API credentials. If 8434 not specified, default values 8435 will be attempted. 8436 type: object 8437 properties: 8438 name: 8439 description: 'Name of the 8440 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8441 TODO: Add other useful fields. 8442 apiVersion, kind, uid?' 8443 type: string 8444 volumeName: 8445 description: VolumeName is the 8446 human-readable name of the StorageOS 8447 volume. Volume names are only 8448 unique within a namespace. 8449 type: string 8450 volumeNamespace: 8451 description: VolumeNamespace specifies 8452 the scope of the volume within 8453 StorageOS. If no namespace 8454 is specified then the Pod's 8455 namespace will be used. This 8456 allows the Kubernetes name scoping 8457 to be mirrored within StorageOS 8458 for tighter integration. Set 8459 VolumeName to any name to override 8460 the default behaviour. Set to 8461 "default" if you are not using 8462 namespaces within StorageOS. 8463 Namespaces that do not pre-exist 8464 within StorageOS will be created. 8465 type: string 8466 vsphereVolume: 8467 description: VsphereVolume represents 8468 a vSphere volume attached and mounted 8469 on kubelets host machine 8470 type: object 8471 required: 8472 - volumePath 8473 properties: 8474 fsType: 8475 description: Filesystem type to 8476 mount. Must be a filesystem 8477 type supported by the host operating 8478 system. Ex. "ext4", "xfs", "ntfs". 8479 Implicitly inferred to be "ext4" 8480 if unspecified. 8481 type: string 8482 storagePolicyID: 8483 description: Storage Policy Based 8484 Management (SPBM) profile ID 8485 associated with the StoragePolicyName. 8486 type: string 8487 storagePolicyName: 8488 description: Storage Policy Based 8489 Management (SPBM) profile name. 8490 type: string 8491 volumePath: 8492 description: Path that identifies 8493 vSphere volume vmdk 8494 type: string 8495 permissions: 8496 type: array 8497 items: 8498 description: StrategyDeploymentPermissions describe the 8499 rbac rules and service account needed by the install strategy 8500 type: object 8501 required: 8502 - rules 8503 - serviceAccountName 8504 properties: 8505 rules: 8506 type: array 8507 items: 8508 description: PolicyRule holds information that describes 8509 a policy rule, but does not contain information 8510 about who the rule applies to or which namespace 8511 the rule applies to. 8512 type: object 8513 required: 8514 - verbs 8515 properties: 8516 apiGroups: 8517 description: APIGroups is the name of the APIGroup 8518 that contains the resources. If multiple API 8519 groups are specified, any action requested against 8520 one of the enumerated resources in any API group 8521 will be allowed. 8522 type: array 8523 items: 8524 type: string 8525 nonResourceURLs: 8526 description: NonResourceURLs is a set of partial 8527 urls that a user should have access to. *s 8528 are allowed, but only as the full, final step 8529 in the path Since non-resource URLs are not 8530 namespaced, this field is only applicable for 8531 ClusterRoles referenced from a ClusterRoleBinding. 8532 Rules can either apply to API resources (such 8533 as "pods" or "secrets") or non-resource URL 8534 paths (such as "/api"), but not both. 8535 type: array 8536 items: 8537 type: string 8538 resourceNames: 8539 description: ResourceNames is an optional white 8540 list of names that the rule applies to. An 8541 empty set means that everything is allowed. 8542 type: array 8543 items: 8544 type: string 8545 resources: 8546 description: Resources is a list of resources 8547 this rule applies to. ResourceAll represents 8548 all resources. 8549 type: array 8550 items: 8551 type: string 8552 verbs: 8553 description: Verbs is a list of Verbs that apply 8554 to ALL the ResourceKinds and AttributeRestrictions 8555 contained in this rule. VerbAll represents 8556 all kinds. 8557 type: array 8558 items: 8559 type: string 8560 serviceAccountName: 8561 type: string 8562 strategy: 8563 type: string 8564 installModes: 8565 description: InstallModes specify supported installation types 8566 type: array 8567 items: 8568 description: InstallMode associates an InstallModeType with a flag 8569 representing if the CSV supports it 8570 type: object 8571 required: 8572 - supported 8573 - type 8574 properties: 8575 supported: 8576 type: boolean 8577 type: 8578 description: InstallModeType is a supported type of install 8579 mode for CSV installation 8580 type: string 8581 keywords: 8582 type: array 8583 items: 8584 type: string 8585 labels: 8586 description: Map of string keys and values that can be used to organize 8587 and categorize (scope and select) objects. 8588 type: object 8589 additionalProperties: 8590 type: string 8591 links: 8592 type: array 8593 items: 8594 type: object 8595 properties: 8596 name: 8597 type: string 8598 url: 8599 type: string 8600 maintainers: 8601 type: array 8602 items: 8603 type: object 8604 properties: 8605 email: 8606 type: string 8607 name: 8608 type: string 8609 maturity: 8610 type: string 8611 minKubeVersion: 8612 type: string 8613 nativeAPIs: 8614 type: array 8615 items: 8616 description: GroupVersionKind unambiguously identifies a kind. It 8617 doesn't anonymously include GroupVersion to avoid automatic coersion. It 8618 doesn't use a GroupVersion to avoid custom marshalling 8619 type: object 8620 required: 8621 - group 8622 - kind 8623 - version 8624 properties: 8625 group: 8626 type: string 8627 kind: 8628 type: string 8629 version: 8630 type: string 8631 provider: 8632 type: object 8633 properties: 8634 name: 8635 type: string 8636 url: 8637 type: string 8638 replaces: 8639 description: The name of a CSV this one replaces. Should match the 8640 `metadata.Name` field of the old CSV. 8641 type: string 8642 selector: 8643 description: Label selector for related resources. 8644 type: object 8645 properties: 8646 matchExpressions: 8647 description: matchExpressions is a list of label selector requirements. 8648 The requirements are ANDed. 8649 type: array 8650 items: 8651 description: A label selector requirement is a selector that 8652 contains values, a key, and an operator that relates the key 8653 and values. 8654 type: object 8655 required: 8656 - key 8657 - operator 8658 properties: 8659 key: 8660 description: key is the label key that the selector applies 8661 to. 8662 type: string 8663 operator: 8664 description: operator represents a key's relationship to 8665 a set of values. Valid operators are In, NotIn, Exists 8666 and DoesNotExist. 8667 type: string 8668 values: 8669 description: values is an array of string values. If the 8670 operator is In or NotIn, the values array must be non-empty. 8671 If the operator is Exists or DoesNotExist, the values 8672 array must be empty. This array is replaced during a strategic 8673 merge patch. 8674 type: array 8675 items: 8676 type: string 8677 matchLabels: 8678 description: matchLabels is a map of {key,value} pairs. A single 8679 {key,value} in the matchLabels map is equivalent to an element 8680 of matchExpressions, whose key field is "key", the operator 8681 is "In", and the values array contains only "value". The requirements 8682 are ANDed. 8683 type: object 8684 additionalProperties: 8685 type: string 8686 version: 8687 description: OperatorVersion is a wrapper around semver.Version which 8688 supports correct marshaling to YAML and JSON. 8689 type: string 8690 webhookdefinitions: 8691 type: array 8692 items: 8693 description: WebhookDescription provides details to OLM about required 8694 webhooks 8695 type: object 8696 required: 8697 - admissionReviewVersions 8698 - generateName 8699 - sideEffects 8700 - type 8701 properties: 8702 admissionReviewVersions: 8703 type: array 8704 items: 8705 type: string 8706 containerPort: 8707 type: integer 8708 format: int32 8709 conversionCRDs: 8710 type: array 8711 items: 8712 type: string 8713 deploymentName: 8714 type: string 8715 failurePolicy: 8716 type: string 8717 generateName: 8718 type: string 8719 matchPolicy: 8720 description: MatchPolicyType specifies the type of match policy 8721 type: string 8722 objectSelector: 8723 description: A label selector is a label query over a set of 8724 resources. The result of matchLabels and matchExpressions 8725 are ANDed. An empty label selector matches all objects. A 8726 null label selector matches no objects. 8727 type: object 8728 properties: 8729 matchExpressions: 8730 description: matchExpressions is a list of label selector 8731 requirements. The requirements are ANDed. 8732 type: array 8733 items: 8734 description: A label selector requirement is a selector 8735 that contains values, a key, and an operator that relates 8736 the key and values. 8737 type: object 8738 required: 8739 - key 8740 - operator 8741 properties: 8742 key: 8743 description: key is the label key that the selector 8744 applies to. 8745 type: string 8746 operator: 8747 description: operator represents a key's relationship 8748 to a set of values. Valid operators are In, NotIn, 8749 Exists and DoesNotExist. 8750 type: string 8751 values: 8752 description: values is an array of string values. 8753 If the operator is In or NotIn, the values array 8754 must be non-empty. If the operator is Exists or 8755 DoesNotExist, the values array must be empty. This 8756 array is replaced during a strategic merge patch. 8757 type: array 8758 items: 8759 type: string 8760 matchLabels: 8761 description: matchLabels is a map of {key,value} pairs. 8762 A single {key,value} in the matchLabels map is equivalent 8763 to an element of matchExpressions, whose key field is 8764 "key", the operator is "In", and the values array contains 8765 only "value". The requirements are ANDed. 8766 type: object 8767 additionalProperties: 8768 type: string 8769 reinvocationPolicy: 8770 description: ReinvocationPolicyType specifies what type of policy 8771 the admission hook uses. 8772 type: string 8773 rules: 8774 type: array 8775 items: 8776 description: RuleWithOperations is a tuple of Operations and 8777 Resources. It is recommended to make sure that all the tuple 8778 expansions are valid. 8779 type: object 8780 properties: 8781 apiGroups: 8782 description: APIGroups is the API groups the resources 8783 belong to. '*' is all groups. If '*' is present, the 8784 length of the slice must be one. Required. 8785 type: array 8786 items: 8787 type: string 8788 apiVersions: 8789 description: APIVersions is the API versions the resources 8790 belong to. '*' is all versions. If '*' is present, the 8791 length of the slice must be one. Required. 8792 type: array 8793 items: 8794 type: string 8795 operations: 8796 description: Operations is the operations the admission 8797 hook cares about - CREATE, UPDATE, or * for all operations. 8798 If '*' is present, the length of the slice must be one. 8799 Required. 8800 type: array 8801 items: 8802 type: string 8803 resources: 8804 description: "Resources is a list of resources this rule 8805 applies to. \n For example: 'pods' means pods. 'pods/log' 8806 means the log subresource of pods. '*' means all resources, 8807 but not subresources. 'pods/*' means all subresources 8808 of pods. '*/scale' means all scale subresources. '*/*' 8809 means all resources and their subresources. \n If wildcard 8810 is present, the validation rule will ensure resources 8811 do not overlap with each other. \n Depending on the 8812 enclosing object, subresources might not be allowed. 8813 Required." 8814 type: array 8815 items: 8816 type: string 8817 scope: 8818 description: scope specifies the scope of this rule. Valid 8819 values are "Cluster", "Namespaced", and "*" "Cluster" 8820 means that only cluster-scoped resources will match 8821 this rule. Namespace API objects are cluster-scoped. 8822 "Namespaced" means that only namespaced resources will 8823 match this rule. "*" means that there are no scope restrictions. 8824 Subresources match the scope of their parent resource. 8825 Default is "*". 8826 type: string 8827 sideEffects: 8828 type: string 8829 targetPort: 8830 anyOf: 8831 - type: integer 8832 - type: string 8833 x-kubernetes-int-or-string: true 8834 timeoutSeconds: 8835 type: integer 8836 format: int32 8837 type: 8838 description: WebhookAdmissionType is the type of admission webhooks 8839 supported by OLM 8840 type: string 8841 enum: 8842 - ValidatingAdmissionWebhook 8843 - MutatingAdmissionWebhook 8844 - ConversionWebhook 8845 webhookPath: 8846 type: string 8847 status: 8848 description: ClusterServiceVersionStatus represents information about 8849 the status of a pod. Status may trail the actual state of a system. 8850 type: object 8851 properties: 8852 certsLastUpdated: 8853 description: Last time the owned APIService certs were updated 8854 type: string 8855 format: date-time 8856 certsRotateAt: 8857 description: Time the owned APIService certs will rotate next 8858 type: string 8859 format: date-time 8860 conditions: 8861 description: List of conditions, a history of state transitions 8862 type: array 8863 items: 8864 description: Conditions appear in the status as a record of state 8865 transitions on the ClusterServiceVersion 8866 type: object 8867 properties: 8868 lastTransitionTime: 8869 description: Last time the status transitioned from one status 8870 to another. 8871 type: string 8872 format: date-time 8873 lastUpdateTime: 8874 description: Last time we updated the status 8875 type: string 8876 format: date-time 8877 message: 8878 description: A human readable message indicating details about 8879 why the ClusterServiceVersion is in this condition. 8880 type: string 8881 phase: 8882 description: Condition of the ClusterServiceVersion 8883 type: string 8884 reason: 8885 description: A brief CamelCase message indicating details about 8886 why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' 8887 type: string 8888 lastTransitionTime: 8889 description: Last time the status transitioned from one status to 8890 another. 8891 type: string 8892 format: date-time 8893 lastUpdateTime: 8894 description: Last time we updated the status 8895 type: string 8896 format: date-time 8897 message: 8898 description: A human readable message indicating details about why 8899 the ClusterServiceVersion is in this condition. 8900 type: string 8901 phase: 8902 description: Current condition of the ClusterServiceVersion 8903 type: string 8904 reason: 8905 description: A brief CamelCase message indicating details about why 8906 the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' 8907 type: string 8908 requirementStatus: 8909 description: The status of each requirement for this CSV 8910 type: array 8911 items: 8912 type: object 8913 required: 8914 - group 8915 - kind 8916 - message 8917 - name 8918 - status 8919 - version 8920 properties: 8921 dependents: 8922 type: array 8923 items: 8924 description: DependentStatus is the status for a dependent 8925 requirement (to prevent infinite nesting) 8926 type: object 8927 required: 8928 - group 8929 - kind 8930 - status 8931 - version 8932 properties: 8933 group: 8934 type: string 8935 kind: 8936 type: string 8937 message: 8938 type: string 8939 status: 8940 description: StatusReason is a camelcased reason for the 8941 status of a RequirementStatus or DependentStatus 8942 type: string 8943 uuid: 8944 type: string 8945 version: 8946 type: string 8947 group: 8948 type: string 8949 kind: 8950 type: string 8951 message: 8952 type: string 8953 name: 8954 type: string 8955 status: 8956 description: StatusReason is a camelcased reason for the status 8957 of a RequirementStatus or DependentStatus 8958 type: string 8959 uuid: 8960 type: string 8961 version: 8962 type: string 8963 served: true 8964 storage: true 8965 subresources: 8966 status: {} 8967