github.com/operator-framework/operator-lifecycle-manager@v0.30.0/deploy/upstream/manifests/0.18.0/0000_50_olm_00-clusterserviceversions.crd.yaml (about) 1 --- 2 # Source: olm/crds/0000_50_olm_00-clusterserviceversions.crd.yaml 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.4.1 8 creationTimestamp: null 9 name: clusterserviceversions.operators.coreos.com 10 spec: 11 group: operators.coreos.com 12 names: 13 categories: 14 - olm 15 kind: ClusterServiceVersion 16 listKind: ClusterServiceVersionList 17 plural: clusterserviceversions 18 shortNames: 19 - csv 20 - csvs 21 singular: clusterserviceversion 22 scope: Namespaced 23 versions: 24 - additionalPrinterColumns: 25 - description: The name of the CSV 26 jsonPath: .spec.displayName 27 name: Display 28 type: string 29 - description: The version of the CSV 30 jsonPath: .spec.version 31 name: Version 32 type: string 33 - description: The name of a CSV that this one replaces 34 jsonPath: .spec.replaces 35 name: Replaces 36 type: string 37 - jsonPath: .status.phase 38 name: Phase 39 type: string 40 name: v1alpha1 41 schema: 42 openAPIV3Schema: 43 description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. 44 type: object 45 required: 46 - metadata 47 - spec 48 properties: 49 apiVersion: 50 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 51 type: string 52 kind: 53 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 54 type: string 55 metadata: 56 type: object 57 spec: 58 description: ClusterServiceVersionSpec declarations tell OLM how to install an operator that can manage apps for a given version. 59 type: object 60 required: 61 - displayName 62 - install 63 properties: 64 annotations: 65 description: Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. 66 type: object 67 additionalProperties: 68 type: string 69 apiservicedefinitions: 70 description: APIServiceDefinitions declares all of the extension apis managed or required by an operator being ran by ClusterServiceVersion. 71 type: object 72 properties: 73 owned: 74 type: array 75 items: 76 description: APIServiceDescription provides details to OLM about apis provided via aggregation 77 type: object 78 required: 79 - group 80 - kind 81 - name 82 - version 83 properties: 84 actionDescriptors: 85 type: array 86 items: 87 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 88 type: object 89 required: 90 - path 91 properties: 92 description: 93 type: string 94 displayName: 95 type: string 96 path: 97 type: string 98 value: 99 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 100 type: string 101 format: byte 102 x-descriptors: 103 type: array 104 items: 105 type: string 106 containerPort: 107 type: integer 108 format: int32 109 deploymentName: 110 type: string 111 description: 112 type: string 113 displayName: 114 type: string 115 group: 116 type: string 117 kind: 118 type: string 119 name: 120 type: string 121 resources: 122 type: array 123 items: 124 description: APIResourceReference is a Kubernetes resource type used by a custom resource 125 type: object 126 required: 127 - kind 128 - name 129 - version 130 properties: 131 kind: 132 type: string 133 name: 134 type: string 135 version: 136 type: string 137 specDescriptors: 138 type: array 139 items: 140 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 141 type: object 142 required: 143 - path 144 properties: 145 description: 146 type: string 147 displayName: 148 type: string 149 path: 150 type: string 151 value: 152 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 153 type: string 154 format: byte 155 x-descriptors: 156 type: array 157 items: 158 type: string 159 statusDescriptors: 160 type: array 161 items: 162 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 163 type: object 164 required: 165 - path 166 properties: 167 description: 168 type: string 169 displayName: 170 type: string 171 path: 172 type: string 173 value: 174 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 175 type: string 176 format: byte 177 x-descriptors: 178 type: array 179 items: 180 type: string 181 version: 182 type: string 183 required: 184 type: array 185 items: 186 description: APIServiceDescription provides details to OLM about apis provided via aggregation 187 type: object 188 required: 189 - group 190 - kind 191 - name 192 - version 193 properties: 194 actionDescriptors: 195 type: array 196 items: 197 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 198 type: object 199 required: 200 - path 201 properties: 202 description: 203 type: string 204 displayName: 205 type: string 206 path: 207 type: string 208 value: 209 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 210 type: string 211 format: byte 212 x-descriptors: 213 type: array 214 items: 215 type: string 216 containerPort: 217 type: integer 218 format: int32 219 deploymentName: 220 type: string 221 description: 222 type: string 223 displayName: 224 type: string 225 group: 226 type: string 227 kind: 228 type: string 229 name: 230 type: string 231 resources: 232 type: array 233 items: 234 description: APIResourceReference is a Kubernetes resource type used by a custom resource 235 type: object 236 required: 237 - kind 238 - name 239 - version 240 properties: 241 kind: 242 type: string 243 name: 244 type: string 245 version: 246 type: string 247 specDescriptors: 248 type: array 249 items: 250 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 251 type: object 252 required: 253 - path 254 properties: 255 description: 256 type: string 257 displayName: 258 type: string 259 path: 260 type: string 261 value: 262 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 263 type: string 264 format: byte 265 x-descriptors: 266 type: array 267 items: 268 type: string 269 statusDescriptors: 270 type: array 271 items: 272 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 273 type: object 274 required: 275 - path 276 properties: 277 description: 278 type: string 279 displayName: 280 type: string 281 path: 282 type: string 283 value: 284 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 285 type: string 286 format: byte 287 x-descriptors: 288 type: array 289 items: 290 type: string 291 version: 292 type: string 293 cleanup: 294 description: Cleanup specifies the cleanup behaviour when the CSV gets deleted 295 type: object 296 required: 297 - enabled 298 properties: 299 enabled: 300 type: boolean 301 customresourcedefinitions: 302 description: "CustomResourceDefinitions declares all of the CRDs managed or required by an operator being ran by ClusterServiceVersion. \n If the CRD is present in the Owned list, it is implicitly required." 303 type: object 304 properties: 305 owned: 306 type: array 307 items: 308 description: CRDDescription provides details to OLM about the CRDs 309 type: object 310 required: 311 - kind 312 - name 313 - version 314 properties: 315 actionDescriptors: 316 type: array 317 items: 318 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 319 type: object 320 required: 321 - path 322 properties: 323 description: 324 type: string 325 displayName: 326 type: string 327 path: 328 type: string 329 value: 330 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 331 type: string 332 format: byte 333 x-descriptors: 334 type: array 335 items: 336 type: string 337 description: 338 type: string 339 displayName: 340 type: string 341 kind: 342 type: string 343 name: 344 type: string 345 resources: 346 type: array 347 items: 348 description: APIResourceReference is a Kubernetes resource type used by a custom resource 349 type: object 350 required: 351 - kind 352 - name 353 - version 354 properties: 355 kind: 356 type: string 357 name: 358 type: string 359 version: 360 type: string 361 specDescriptors: 362 type: array 363 items: 364 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 365 type: object 366 required: 367 - path 368 properties: 369 description: 370 type: string 371 displayName: 372 type: string 373 path: 374 type: string 375 value: 376 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 377 type: string 378 format: byte 379 x-descriptors: 380 type: array 381 items: 382 type: string 383 statusDescriptors: 384 type: array 385 items: 386 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 387 type: object 388 required: 389 - path 390 properties: 391 description: 392 type: string 393 displayName: 394 type: string 395 path: 396 type: string 397 value: 398 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 399 type: string 400 format: byte 401 x-descriptors: 402 type: array 403 items: 404 type: string 405 version: 406 type: string 407 required: 408 type: array 409 items: 410 description: CRDDescription provides details to OLM about the CRDs 411 type: object 412 required: 413 - kind 414 - name 415 - version 416 properties: 417 actionDescriptors: 418 type: array 419 items: 420 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 421 type: object 422 required: 423 - path 424 properties: 425 description: 426 type: string 427 displayName: 428 type: string 429 path: 430 type: string 431 value: 432 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 433 type: string 434 format: byte 435 x-descriptors: 436 type: array 437 items: 438 type: string 439 description: 440 type: string 441 displayName: 442 type: string 443 kind: 444 type: string 445 name: 446 type: string 447 resources: 448 type: array 449 items: 450 description: APIResourceReference is a Kubernetes resource type used by a custom resource 451 type: object 452 required: 453 - kind 454 - name 455 - version 456 properties: 457 kind: 458 type: string 459 name: 460 type: string 461 version: 462 type: string 463 specDescriptors: 464 type: array 465 items: 466 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 467 type: object 468 required: 469 - path 470 properties: 471 description: 472 type: string 473 displayName: 474 type: string 475 path: 476 type: string 477 value: 478 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 479 type: string 480 format: byte 481 x-descriptors: 482 type: array 483 items: 484 type: string 485 statusDescriptors: 486 type: array 487 items: 488 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 489 type: object 490 required: 491 - path 492 properties: 493 description: 494 type: string 495 displayName: 496 type: string 497 path: 498 type: string 499 value: 500 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 501 type: string 502 format: byte 503 x-descriptors: 504 type: array 505 items: 506 type: string 507 version: 508 type: string 509 description: 510 type: string 511 displayName: 512 type: string 513 icon: 514 type: array 515 items: 516 type: object 517 required: 518 - base64data 519 - mediatype 520 properties: 521 base64data: 522 type: string 523 mediatype: 524 type: string 525 install: 526 description: NamedInstallStrategy represents the block of an ClusterServiceVersion resource where the install strategy is specified. 527 type: object 528 required: 529 - strategy 530 properties: 531 spec: 532 description: StrategyDetailsDeployment represents the parsed details of a Deployment InstallStrategy. 533 type: object 534 required: 535 - deployments 536 properties: 537 clusterPermissions: 538 type: array 539 items: 540 description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy 541 type: object 542 required: 543 - rules 544 - serviceAccountName 545 properties: 546 rules: 547 type: array 548 items: 549 description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. 550 type: object 551 required: 552 - verbs 553 properties: 554 apiGroups: 555 description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. 556 type: array 557 items: 558 type: string 559 nonResourceURLs: 560 description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. 561 type: array 562 items: 563 type: string 564 resourceNames: 565 description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. 566 type: array 567 items: 568 type: string 569 resources: 570 description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. 571 type: array 572 items: 573 type: string 574 verbs: 575 description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. 576 type: array 577 items: 578 type: string 579 serviceAccountName: 580 type: string 581 deployments: 582 type: array 583 items: 584 description: StrategyDeploymentSpec contains the name, spec and labels for the deployment ALM should create 585 type: object 586 required: 587 - name 588 - spec 589 properties: 590 label: 591 description: Set is a map of label:value. It implements Labels. 592 type: object 593 additionalProperties: 594 type: string 595 name: 596 type: string 597 spec: 598 description: DeploymentSpec is the specification of the desired behavior of the Deployment. 599 type: object 600 required: 601 - selector 602 - template 603 properties: 604 minReadySeconds: 605 description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) 606 type: integer 607 format: int32 608 paused: 609 description: Indicates that the deployment is paused. 610 type: boolean 611 progressDeadlineSeconds: 612 description: The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. 613 type: integer 614 format: int32 615 replicas: 616 description: Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. 617 type: integer 618 format: int32 619 revisionHistoryLimit: 620 description: The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. 621 type: integer 622 format: int32 623 selector: 624 description: Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. 625 type: object 626 properties: 627 matchExpressions: 628 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 629 type: array 630 items: 631 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 632 type: object 633 required: 634 - key 635 - operator 636 properties: 637 key: 638 description: key is the label key that the selector applies to. 639 type: string 640 operator: 641 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 642 type: string 643 values: 644 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 645 type: array 646 items: 647 type: string 648 matchLabels: 649 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 650 type: object 651 additionalProperties: 652 type: string 653 strategy: 654 description: The deployment strategy to use to replace existing pods with new ones. 655 type: object 656 properties: 657 rollingUpdate: 658 description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.' 659 type: object 660 properties: 661 maxSurge: 662 description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.' 663 anyOf: 664 - type: integer 665 - type: string 666 x-kubernetes-int-or-string: true 667 maxUnavailable: 668 description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.' 669 anyOf: 670 - type: integer 671 - type: string 672 x-kubernetes-int-or-string: true 673 type: 674 description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. 675 type: string 676 template: 677 description: Template describes the pods that will be created. 678 type: object 679 properties: 680 metadata: 681 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 682 type: object 683 x-kubernetes-preserve-unknown-fields: true 684 spec: 685 description: 'Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 686 type: object 687 required: 688 - containers 689 properties: 690 activeDeadlineSeconds: 691 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. 692 type: integer 693 format: int64 694 affinity: 695 description: If specified, the pod's scheduling constraints 696 type: object 697 properties: 698 nodeAffinity: 699 description: Describes node affinity scheduling rules for the pod. 700 type: object 701 properties: 702 preferredDuringSchedulingIgnoredDuringExecution: 703 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 704 type: array 705 items: 706 description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). 707 type: object 708 required: 709 - preference 710 - weight 711 properties: 712 preference: 713 description: A node selector term, associated with the corresponding weight. 714 type: object 715 properties: 716 matchExpressions: 717 description: A list of node selector requirements by node's labels. 718 type: array 719 items: 720 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 721 type: object 722 required: 723 - key 724 - operator 725 properties: 726 key: 727 description: The label key that the selector applies to. 728 type: string 729 operator: 730 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 731 type: string 732 values: 733 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 734 type: array 735 items: 736 type: string 737 matchFields: 738 description: A list of node selector requirements by node's fields. 739 type: array 740 items: 741 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 742 type: object 743 required: 744 - key 745 - operator 746 properties: 747 key: 748 description: The label key that the selector applies to. 749 type: string 750 operator: 751 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 752 type: string 753 values: 754 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 755 type: array 756 items: 757 type: string 758 weight: 759 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 760 type: integer 761 format: int32 762 requiredDuringSchedulingIgnoredDuringExecution: 763 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 764 type: object 765 required: 766 - nodeSelectorTerms 767 properties: 768 nodeSelectorTerms: 769 description: Required. A list of node selector terms. The terms are ORed. 770 type: array 771 items: 772 description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. 773 type: object 774 properties: 775 matchExpressions: 776 description: A list of node selector requirements by node's labels. 777 type: array 778 items: 779 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 780 type: object 781 required: 782 - key 783 - operator 784 properties: 785 key: 786 description: The label key that the selector applies to. 787 type: string 788 operator: 789 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 790 type: string 791 values: 792 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 793 type: array 794 items: 795 type: string 796 matchFields: 797 description: A list of node selector requirements by node's fields. 798 type: array 799 items: 800 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 801 type: object 802 required: 803 - key 804 - operator 805 properties: 806 key: 807 description: The label key that the selector applies to. 808 type: string 809 operator: 810 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 811 type: string 812 values: 813 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 814 type: array 815 items: 816 type: string 817 podAffinity: 818 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 819 type: object 820 properties: 821 preferredDuringSchedulingIgnoredDuringExecution: 822 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 823 type: array 824 items: 825 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) 826 type: object 827 required: 828 - podAffinityTerm 829 - weight 830 properties: 831 podAffinityTerm: 832 description: Required. A pod affinity term, associated with the corresponding weight. 833 type: object 834 required: 835 - topologyKey 836 properties: 837 labelSelector: 838 description: A label query over a set of resources, in this case pods. 839 type: object 840 properties: 841 matchExpressions: 842 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 843 type: array 844 items: 845 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 846 type: object 847 required: 848 - key 849 - operator 850 properties: 851 key: 852 description: key is the label key that the selector applies to. 853 type: string 854 operator: 855 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 856 type: string 857 values: 858 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 859 type: array 860 items: 861 type: string 862 matchLabels: 863 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 864 type: object 865 additionalProperties: 866 type: string 867 namespaces: 868 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 869 type: array 870 items: 871 type: string 872 topologyKey: 873 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 874 type: string 875 weight: 876 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 877 type: integer 878 format: int32 879 requiredDuringSchedulingIgnoredDuringExecution: 880 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 881 type: array 882 items: 883 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running 884 type: object 885 required: 886 - topologyKey 887 properties: 888 labelSelector: 889 description: A label query over a set of resources, in this case pods. 890 type: object 891 properties: 892 matchExpressions: 893 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 894 type: array 895 items: 896 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 897 type: object 898 required: 899 - key 900 - operator 901 properties: 902 key: 903 description: key is the label key that the selector applies to. 904 type: string 905 operator: 906 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 907 type: string 908 values: 909 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 910 type: array 911 items: 912 type: string 913 matchLabels: 914 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 915 type: object 916 additionalProperties: 917 type: string 918 namespaces: 919 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 920 type: array 921 items: 922 type: string 923 topologyKey: 924 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 925 type: string 926 podAntiAffinity: 927 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 928 type: object 929 properties: 930 preferredDuringSchedulingIgnoredDuringExecution: 931 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 932 type: array 933 items: 934 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) 935 type: object 936 required: 937 - podAffinityTerm 938 - weight 939 properties: 940 podAffinityTerm: 941 description: Required. A pod affinity term, associated with the corresponding weight. 942 type: object 943 required: 944 - topologyKey 945 properties: 946 labelSelector: 947 description: A label query over a set of resources, in this case pods. 948 type: object 949 properties: 950 matchExpressions: 951 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 952 type: array 953 items: 954 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 955 type: object 956 required: 957 - key 958 - operator 959 properties: 960 key: 961 description: key is the label key that the selector applies to. 962 type: string 963 operator: 964 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 965 type: string 966 values: 967 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 968 type: array 969 items: 970 type: string 971 matchLabels: 972 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 973 type: object 974 additionalProperties: 975 type: string 976 namespaces: 977 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 978 type: array 979 items: 980 type: string 981 topologyKey: 982 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 983 type: string 984 weight: 985 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 986 type: integer 987 format: int32 988 requiredDuringSchedulingIgnoredDuringExecution: 989 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 990 type: array 991 items: 992 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running 993 type: object 994 required: 995 - topologyKey 996 properties: 997 labelSelector: 998 description: A label query over a set of resources, in this case pods. 999 type: object 1000 properties: 1001 matchExpressions: 1002 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1003 type: array 1004 items: 1005 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 1006 type: object 1007 required: 1008 - key 1009 - operator 1010 properties: 1011 key: 1012 description: key is the label key that the selector applies to. 1013 type: string 1014 operator: 1015 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1016 type: string 1017 values: 1018 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1019 type: array 1020 items: 1021 type: string 1022 matchLabels: 1023 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1024 type: object 1025 additionalProperties: 1026 type: string 1027 namespaces: 1028 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 1029 type: array 1030 items: 1031 type: string 1032 topologyKey: 1033 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 1034 type: string 1035 automountServiceAccountToken: 1036 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 1037 type: boolean 1038 containers: 1039 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. 1040 type: array 1041 items: 1042 description: A single application container that you want to run within a pod. 1043 type: object 1044 required: 1045 - name 1046 properties: 1047 args: 1048 description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1049 type: array 1050 items: 1051 type: string 1052 command: 1053 description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1054 type: array 1055 items: 1056 type: string 1057 env: 1058 description: List of environment variables to set in the container. Cannot be updated. 1059 type: array 1060 items: 1061 description: EnvVar represents an environment variable present in a Container. 1062 type: object 1063 required: 1064 - name 1065 properties: 1066 name: 1067 description: Name of the environment variable. Must be a C_IDENTIFIER. 1068 type: string 1069 value: 1070 description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' 1071 type: string 1072 valueFrom: 1073 description: Source for the environment variable's value. Cannot be used if value is not empty. 1074 type: object 1075 properties: 1076 configMapKeyRef: 1077 description: Selects a key of a ConfigMap. 1078 type: object 1079 required: 1080 - key 1081 properties: 1082 key: 1083 description: The key to select. 1084 type: string 1085 name: 1086 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1087 type: string 1088 optional: 1089 description: Specify whether the ConfigMap or its key must be defined 1090 type: boolean 1091 fieldRef: 1092 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' 1093 type: object 1094 required: 1095 - fieldPath 1096 properties: 1097 apiVersion: 1098 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 1099 type: string 1100 fieldPath: 1101 description: Path of the field to select in the specified API version. 1102 type: string 1103 resourceFieldRef: 1104 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' 1105 type: object 1106 required: 1107 - resource 1108 properties: 1109 containerName: 1110 description: 'Container name: required for volumes, optional for env vars' 1111 type: string 1112 divisor: 1113 description: Specifies the output format of the exposed resources, defaults to "1" 1114 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1115 anyOf: 1116 - type: integer 1117 - type: string 1118 x-kubernetes-int-or-string: true 1119 resource: 1120 description: 'Required: resource to select' 1121 type: string 1122 secretKeyRef: 1123 description: Selects a key of a secret in the pod's namespace 1124 type: object 1125 required: 1126 - key 1127 properties: 1128 key: 1129 description: The key of the secret to select from. Must be a valid secret key. 1130 type: string 1131 name: 1132 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1133 type: string 1134 optional: 1135 description: Specify whether the Secret or its key must be defined 1136 type: boolean 1137 envFrom: 1138 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 1139 type: array 1140 items: 1141 description: EnvFromSource represents the source of a set of ConfigMaps 1142 type: object 1143 properties: 1144 configMapRef: 1145 description: The ConfigMap to select from 1146 type: object 1147 properties: 1148 name: 1149 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1150 type: string 1151 optional: 1152 description: Specify whether the ConfigMap must be defined 1153 type: boolean 1154 prefix: 1155 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 1156 type: string 1157 secretRef: 1158 description: The Secret to select from 1159 type: object 1160 properties: 1161 name: 1162 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1163 type: string 1164 optional: 1165 description: Specify whether the Secret must be defined 1166 type: boolean 1167 image: 1168 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' 1169 type: string 1170 imagePullPolicy: 1171 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1172 type: string 1173 lifecycle: 1174 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 1175 type: object 1176 properties: 1177 postStart: 1178 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1179 type: object 1180 properties: 1181 exec: 1182 description: One and only one of the following should be specified. Exec specifies the action to take. 1183 type: object 1184 properties: 1185 command: 1186 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1187 type: array 1188 items: 1189 type: string 1190 httpGet: 1191 description: HTTPGet specifies the http request to perform. 1192 type: object 1193 required: 1194 - port 1195 properties: 1196 host: 1197 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1198 type: string 1199 httpHeaders: 1200 description: Custom headers to set in the request. HTTP allows repeated headers. 1201 type: array 1202 items: 1203 description: HTTPHeader describes a custom header to be used in HTTP probes 1204 type: object 1205 required: 1206 - name 1207 - value 1208 properties: 1209 name: 1210 description: The header field name 1211 type: string 1212 value: 1213 description: The header field value 1214 type: string 1215 path: 1216 description: Path to access on the HTTP server. 1217 type: string 1218 port: 1219 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1220 anyOf: 1221 - type: integer 1222 - type: string 1223 x-kubernetes-int-or-string: true 1224 scheme: 1225 description: Scheme to use for connecting to the host. Defaults to HTTP. 1226 type: string 1227 tcpSocket: 1228 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1229 type: object 1230 required: 1231 - port 1232 properties: 1233 host: 1234 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1235 type: string 1236 port: 1237 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1238 anyOf: 1239 - type: integer 1240 - type: string 1241 x-kubernetes-int-or-string: true 1242 preStop: 1243 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1244 type: object 1245 properties: 1246 exec: 1247 description: One and only one of the following should be specified. Exec specifies the action to take. 1248 type: object 1249 properties: 1250 command: 1251 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1252 type: array 1253 items: 1254 type: string 1255 httpGet: 1256 description: HTTPGet specifies the http request to perform. 1257 type: object 1258 required: 1259 - port 1260 properties: 1261 host: 1262 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1263 type: string 1264 httpHeaders: 1265 description: Custom headers to set in the request. HTTP allows repeated headers. 1266 type: array 1267 items: 1268 description: HTTPHeader describes a custom header to be used in HTTP probes 1269 type: object 1270 required: 1271 - name 1272 - value 1273 properties: 1274 name: 1275 description: The header field name 1276 type: string 1277 value: 1278 description: The header field value 1279 type: string 1280 path: 1281 description: Path to access on the HTTP server. 1282 type: string 1283 port: 1284 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1285 anyOf: 1286 - type: integer 1287 - type: string 1288 x-kubernetes-int-or-string: true 1289 scheme: 1290 description: Scheme to use for connecting to the host. Defaults to HTTP. 1291 type: string 1292 tcpSocket: 1293 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1294 type: object 1295 required: 1296 - port 1297 properties: 1298 host: 1299 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1300 type: string 1301 port: 1302 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1303 anyOf: 1304 - type: integer 1305 - type: string 1306 x-kubernetes-int-or-string: true 1307 livenessProbe: 1308 description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1309 type: object 1310 properties: 1311 exec: 1312 description: One and only one of the following should be specified. Exec specifies the action to take. 1313 type: object 1314 properties: 1315 command: 1316 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1317 type: array 1318 items: 1319 type: string 1320 failureThreshold: 1321 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1322 type: integer 1323 format: int32 1324 httpGet: 1325 description: HTTPGet specifies the http request to perform. 1326 type: object 1327 required: 1328 - port 1329 properties: 1330 host: 1331 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1332 type: string 1333 httpHeaders: 1334 description: Custom headers to set in the request. HTTP allows repeated headers. 1335 type: array 1336 items: 1337 description: HTTPHeader describes a custom header to be used in HTTP probes 1338 type: object 1339 required: 1340 - name 1341 - value 1342 properties: 1343 name: 1344 description: The header field name 1345 type: string 1346 value: 1347 description: The header field value 1348 type: string 1349 path: 1350 description: Path to access on the HTTP server. 1351 type: string 1352 port: 1353 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1354 anyOf: 1355 - type: integer 1356 - type: string 1357 x-kubernetes-int-or-string: true 1358 scheme: 1359 description: Scheme to use for connecting to the host. Defaults to HTTP. 1360 type: string 1361 initialDelaySeconds: 1362 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1363 type: integer 1364 format: int32 1365 periodSeconds: 1366 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1367 type: integer 1368 format: int32 1369 successThreshold: 1370 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1371 type: integer 1372 format: int32 1373 tcpSocket: 1374 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1375 type: object 1376 required: 1377 - port 1378 properties: 1379 host: 1380 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1381 type: string 1382 port: 1383 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1384 anyOf: 1385 - type: integer 1386 - type: string 1387 x-kubernetes-int-or-string: true 1388 timeoutSeconds: 1389 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1390 type: integer 1391 format: int32 1392 name: 1393 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 1394 type: string 1395 ports: 1396 description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. 1397 type: array 1398 items: 1399 description: ContainerPort represents a network port in a single container. 1400 type: object 1401 required: 1402 - containerPort 1403 properties: 1404 containerPort: 1405 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 1406 type: integer 1407 format: int32 1408 hostIP: 1409 description: What host IP to bind the external port to. 1410 type: string 1411 hostPort: 1412 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 1413 type: integer 1414 format: int32 1415 name: 1416 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 1417 type: string 1418 protocol: 1419 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 1420 type: string 1421 default: TCP 1422 x-kubernetes-list-map-keys: 1423 - containerPort 1424 - protocol 1425 x-kubernetes-list-type: map 1426 readinessProbe: 1427 description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1428 type: object 1429 properties: 1430 exec: 1431 description: One and only one of the following should be specified. Exec specifies the action to take. 1432 type: object 1433 properties: 1434 command: 1435 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1436 type: array 1437 items: 1438 type: string 1439 failureThreshold: 1440 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1441 type: integer 1442 format: int32 1443 httpGet: 1444 description: HTTPGet specifies the http request to perform. 1445 type: object 1446 required: 1447 - port 1448 properties: 1449 host: 1450 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1451 type: string 1452 httpHeaders: 1453 description: Custom headers to set in the request. HTTP allows repeated headers. 1454 type: array 1455 items: 1456 description: HTTPHeader describes a custom header to be used in HTTP probes 1457 type: object 1458 required: 1459 - name 1460 - value 1461 properties: 1462 name: 1463 description: The header field name 1464 type: string 1465 value: 1466 description: The header field value 1467 type: string 1468 path: 1469 description: Path to access on the HTTP server. 1470 type: string 1471 port: 1472 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1473 anyOf: 1474 - type: integer 1475 - type: string 1476 x-kubernetes-int-or-string: true 1477 scheme: 1478 description: Scheme to use for connecting to the host. Defaults to HTTP. 1479 type: string 1480 initialDelaySeconds: 1481 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1482 type: integer 1483 format: int32 1484 periodSeconds: 1485 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1486 type: integer 1487 format: int32 1488 successThreshold: 1489 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1490 type: integer 1491 format: int32 1492 tcpSocket: 1493 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1494 type: object 1495 required: 1496 - port 1497 properties: 1498 host: 1499 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1500 type: string 1501 port: 1502 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1503 anyOf: 1504 - type: integer 1505 - type: string 1506 x-kubernetes-int-or-string: true 1507 timeoutSeconds: 1508 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1509 type: integer 1510 format: int32 1511 resources: 1512 description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1513 type: object 1514 properties: 1515 limits: 1516 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1517 type: object 1518 additionalProperties: 1519 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1520 anyOf: 1521 - type: integer 1522 - type: string 1523 x-kubernetes-int-or-string: true 1524 requests: 1525 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1526 type: object 1527 additionalProperties: 1528 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1529 anyOf: 1530 - type: integer 1531 - type: string 1532 x-kubernetes-int-or-string: true 1533 securityContext: 1534 description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 1535 type: object 1536 properties: 1537 allowPrivilegeEscalation: 1538 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' 1539 type: boolean 1540 capabilities: 1541 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. 1542 type: object 1543 properties: 1544 add: 1545 description: Added capabilities 1546 type: array 1547 items: 1548 description: Capability represent POSIX capabilities type 1549 type: string 1550 drop: 1551 description: Removed capabilities 1552 type: array 1553 items: 1554 description: Capability represent POSIX capabilities type 1555 type: string 1556 privileged: 1557 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. 1558 type: boolean 1559 procMount: 1560 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. 1561 type: string 1562 readOnlyRootFilesystem: 1563 description: Whether this container has a read-only root filesystem. Default is false. 1564 type: boolean 1565 runAsGroup: 1566 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1567 type: integer 1568 format: int64 1569 runAsNonRoot: 1570 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1571 type: boolean 1572 runAsUser: 1573 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1574 type: integer 1575 format: int64 1576 seLinuxOptions: 1577 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1578 type: object 1579 properties: 1580 level: 1581 description: Level is SELinux level label that applies to the container. 1582 type: string 1583 role: 1584 description: Role is a SELinux role label that applies to the container. 1585 type: string 1586 type: 1587 description: Type is a SELinux type label that applies to the container. 1588 type: string 1589 user: 1590 description: User is a SELinux user label that applies to the container. 1591 type: string 1592 seccompProfile: 1593 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. 1594 type: object 1595 required: 1596 - type 1597 properties: 1598 localhostProfile: 1599 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". 1600 type: string 1601 type: 1602 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." 1603 type: string 1604 windowsOptions: 1605 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1606 type: object 1607 properties: 1608 gmsaCredentialSpec: 1609 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 1610 type: string 1611 gmsaCredentialSpecName: 1612 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 1613 type: string 1614 runAsUserName: 1615 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1616 type: string 1617 startupProbe: 1618 description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1619 type: object 1620 properties: 1621 exec: 1622 description: One and only one of the following should be specified. Exec specifies the action to take. 1623 type: object 1624 properties: 1625 command: 1626 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1627 type: array 1628 items: 1629 type: string 1630 failureThreshold: 1631 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1632 type: integer 1633 format: int32 1634 httpGet: 1635 description: HTTPGet specifies the http request to perform. 1636 type: object 1637 required: 1638 - port 1639 properties: 1640 host: 1641 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1642 type: string 1643 httpHeaders: 1644 description: Custom headers to set in the request. HTTP allows repeated headers. 1645 type: array 1646 items: 1647 description: HTTPHeader describes a custom header to be used in HTTP probes 1648 type: object 1649 required: 1650 - name 1651 - value 1652 properties: 1653 name: 1654 description: The header field name 1655 type: string 1656 value: 1657 description: The header field value 1658 type: string 1659 path: 1660 description: Path to access on the HTTP server. 1661 type: string 1662 port: 1663 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1664 anyOf: 1665 - type: integer 1666 - type: string 1667 x-kubernetes-int-or-string: true 1668 scheme: 1669 description: Scheme to use for connecting to the host. Defaults to HTTP. 1670 type: string 1671 initialDelaySeconds: 1672 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1673 type: integer 1674 format: int32 1675 periodSeconds: 1676 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1677 type: integer 1678 format: int32 1679 successThreshold: 1680 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1681 type: integer 1682 format: int32 1683 tcpSocket: 1684 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1685 type: object 1686 required: 1687 - port 1688 properties: 1689 host: 1690 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1691 type: string 1692 port: 1693 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1694 anyOf: 1695 - type: integer 1696 - type: string 1697 x-kubernetes-int-or-string: true 1698 timeoutSeconds: 1699 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1700 type: integer 1701 format: int32 1702 stdin: 1703 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 1704 type: boolean 1705 stdinOnce: 1706 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 1707 type: boolean 1708 terminationMessagePath: 1709 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' 1710 type: string 1711 terminationMessagePolicy: 1712 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 1713 type: string 1714 tty: 1715 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 1716 type: boolean 1717 volumeDevices: 1718 description: volumeDevices is the list of block devices to be used by the container. 1719 type: array 1720 items: 1721 description: volumeDevice describes a mapping of a raw block device within a container. 1722 type: object 1723 required: 1724 - devicePath 1725 - name 1726 properties: 1727 devicePath: 1728 description: devicePath is the path inside of the container that the device will be mapped to. 1729 type: string 1730 name: 1731 description: name must match the name of a persistentVolumeClaim in the pod 1732 type: string 1733 volumeMounts: 1734 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 1735 type: array 1736 items: 1737 description: VolumeMount describes a mounting of a Volume within a container. 1738 type: object 1739 required: 1740 - mountPath 1741 - name 1742 properties: 1743 mountPath: 1744 description: Path within the container at which the volume should be mounted. Must not contain ':'. 1745 type: string 1746 mountPropagation: 1747 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. 1748 type: string 1749 name: 1750 description: This must match the Name of a Volume. 1751 type: string 1752 readOnly: 1753 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 1754 type: boolean 1755 subPath: 1756 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 1757 type: string 1758 subPathExpr: 1759 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 1760 type: string 1761 workingDir: 1762 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 1763 type: string 1764 dnsConfig: 1765 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. 1766 type: object 1767 properties: 1768 nameservers: 1769 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. 1770 type: array 1771 items: 1772 type: string 1773 options: 1774 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. 1775 type: array 1776 items: 1777 description: PodDNSConfigOption defines DNS resolver options of a pod. 1778 type: object 1779 properties: 1780 name: 1781 description: Required. 1782 type: string 1783 value: 1784 type: string 1785 searches: 1786 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. 1787 type: array 1788 items: 1789 type: string 1790 dnsPolicy: 1791 description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 1792 type: string 1793 enableServiceLinks: 1794 description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' 1795 type: boolean 1796 ephemeralContainers: 1797 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature. 1798 type: array 1799 items: 1800 description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. 1801 type: object 1802 required: 1803 - name 1804 properties: 1805 args: 1806 description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1807 type: array 1808 items: 1809 type: string 1810 command: 1811 description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1812 type: array 1813 items: 1814 type: string 1815 env: 1816 description: List of environment variables to set in the container. Cannot be updated. 1817 type: array 1818 items: 1819 description: EnvVar represents an environment variable present in a Container. 1820 type: object 1821 required: 1822 - name 1823 properties: 1824 name: 1825 description: Name of the environment variable. Must be a C_IDENTIFIER. 1826 type: string 1827 value: 1828 description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' 1829 type: string 1830 valueFrom: 1831 description: Source for the environment variable's value. Cannot be used if value is not empty. 1832 type: object 1833 properties: 1834 configMapKeyRef: 1835 description: Selects a key of a ConfigMap. 1836 type: object 1837 required: 1838 - key 1839 properties: 1840 key: 1841 description: The key to select. 1842 type: string 1843 name: 1844 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1845 type: string 1846 optional: 1847 description: Specify whether the ConfigMap or its key must be defined 1848 type: boolean 1849 fieldRef: 1850 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' 1851 type: object 1852 required: 1853 - fieldPath 1854 properties: 1855 apiVersion: 1856 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 1857 type: string 1858 fieldPath: 1859 description: Path of the field to select in the specified API version. 1860 type: string 1861 resourceFieldRef: 1862 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' 1863 type: object 1864 required: 1865 - resource 1866 properties: 1867 containerName: 1868 description: 'Container name: required for volumes, optional for env vars' 1869 type: string 1870 divisor: 1871 description: Specifies the output format of the exposed resources, defaults to "1" 1872 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1873 anyOf: 1874 - type: integer 1875 - type: string 1876 x-kubernetes-int-or-string: true 1877 resource: 1878 description: 'Required: resource to select' 1879 type: string 1880 secretKeyRef: 1881 description: Selects a key of a secret in the pod's namespace 1882 type: object 1883 required: 1884 - key 1885 properties: 1886 key: 1887 description: The key of the secret to select from. Must be a valid secret key. 1888 type: string 1889 name: 1890 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1891 type: string 1892 optional: 1893 description: Specify whether the Secret or its key must be defined 1894 type: boolean 1895 envFrom: 1896 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 1897 type: array 1898 items: 1899 description: EnvFromSource represents the source of a set of ConfigMaps 1900 type: object 1901 properties: 1902 configMapRef: 1903 description: The ConfigMap to select from 1904 type: object 1905 properties: 1906 name: 1907 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1908 type: string 1909 optional: 1910 description: Specify whether the ConfigMap must be defined 1911 type: boolean 1912 prefix: 1913 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 1914 type: string 1915 secretRef: 1916 description: The Secret to select from 1917 type: object 1918 properties: 1919 name: 1920 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1921 type: string 1922 optional: 1923 description: Specify whether the Secret must be defined 1924 type: boolean 1925 image: 1926 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' 1927 type: string 1928 imagePullPolicy: 1929 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1930 type: string 1931 lifecycle: 1932 description: Lifecycle is not allowed for ephemeral containers. 1933 type: object 1934 properties: 1935 postStart: 1936 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1937 type: object 1938 properties: 1939 exec: 1940 description: One and only one of the following should be specified. Exec specifies the action to take. 1941 type: object 1942 properties: 1943 command: 1944 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1945 type: array 1946 items: 1947 type: string 1948 httpGet: 1949 description: HTTPGet specifies the http request to perform. 1950 type: object 1951 required: 1952 - port 1953 properties: 1954 host: 1955 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1956 type: string 1957 httpHeaders: 1958 description: Custom headers to set in the request. HTTP allows repeated headers. 1959 type: array 1960 items: 1961 description: HTTPHeader describes a custom header to be used in HTTP probes 1962 type: object 1963 required: 1964 - name 1965 - value 1966 properties: 1967 name: 1968 description: The header field name 1969 type: string 1970 value: 1971 description: The header field value 1972 type: string 1973 path: 1974 description: Path to access on the HTTP server. 1975 type: string 1976 port: 1977 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1978 anyOf: 1979 - type: integer 1980 - type: string 1981 x-kubernetes-int-or-string: true 1982 scheme: 1983 description: Scheme to use for connecting to the host. Defaults to HTTP. 1984 type: string 1985 tcpSocket: 1986 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1987 type: object 1988 required: 1989 - port 1990 properties: 1991 host: 1992 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1993 type: string 1994 port: 1995 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1996 anyOf: 1997 - type: integer 1998 - type: string 1999 x-kubernetes-int-or-string: true 2000 preStop: 2001 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2002 type: object 2003 properties: 2004 exec: 2005 description: One and only one of the following should be specified. Exec specifies the action to take. 2006 type: object 2007 properties: 2008 command: 2009 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2010 type: array 2011 items: 2012 type: string 2013 httpGet: 2014 description: HTTPGet specifies the http request to perform. 2015 type: object 2016 required: 2017 - port 2018 properties: 2019 host: 2020 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2021 type: string 2022 httpHeaders: 2023 description: Custom headers to set in the request. HTTP allows repeated headers. 2024 type: array 2025 items: 2026 description: HTTPHeader describes a custom header to be used in HTTP probes 2027 type: object 2028 required: 2029 - name 2030 - value 2031 properties: 2032 name: 2033 description: The header field name 2034 type: string 2035 value: 2036 description: The header field value 2037 type: string 2038 path: 2039 description: Path to access on the HTTP server. 2040 type: string 2041 port: 2042 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2043 anyOf: 2044 - type: integer 2045 - type: string 2046 x-kubernetes-int-or-string: true 2047 scheme: 2048 description: Scheme to use for connecting to the host. Defaults to HTTP. 2049 type: string 2050 tcpSocket: 2051 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2052 type: object 2053 required: 2054 - port 2055 properties: 2056 host: 2057 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2058 type: string 2059 port: 2060 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2061 anyOf: 2062 - type: integer 2063 - type: string 2064 x-kubernetes-int-or-string: true 2065 livenessProbe: 2066 description: Probes are not allowed for ephemeral containers. 2067 type: object 2068 properties: 2069 exec: 2070 description: One and only one of the following should be specified. Exec specifies the action to take. 2071 type: object 2072 properties: 2073 command: 2074 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2075 type: array 2076 items: 2077 type: string 2078 failureThreshold: 2079 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2080 type: integer 2081 format: int32 2082 httpGet: 2083 description: HTTPGet specifies the http request to perform. 2084 type: object 2085 required: 2086 - port 2087 properties: 2088 host: 2089 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2090 type: string 2091 httpHeaders: 2092 description: Custom headers to set in the request. HTTP allows repeated headers. 2093 type: array 2094 items: 2095 description: HTTPHeader describes a custom header to be used in HTTP probes 2096 type: object 2097 required: 2098 - name 2099 - value 2100 properties: 2101 name: 2102 description: The header field name 2103 type: string 2104 value: 2105 description: The header field value 2106 type: string 2107 path: 2108 description: Path to access on the HTTP server. 2109 type: string 2110 port: 2111 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2112 anyOf: 2113 - type: integer 2114 - type: string 2115 x-kubernetes-int-or-string: true 2116 scheme: 2117 description: Scheme to use for connecting to the host. Defaults to HTTP. 2118 type: string 2119 initialDelaySeconds: 2120 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2121 type: integer 2122 format: int32 2123 periodSeconds: 2124 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2125 type: integer 2126 format: int32 2127 successThreshold: 2128 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2129 type: integer 2130 format: int32 2131 tcpSocket: 2132 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2133 type: object 2134 required: 2135 - port 2136 properties: 2137 host: 2138 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2139 type: string 2140 port: 2141 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2142 anyOf: 2143 - type: integer 2144 - type: string 2145 x-kubernetes-int-or-string: true 2146 timeoutSeconds: 2147 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2148 type: integer 2149 format: int32 2150 name: 2151 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. 2152 type: string 2153 ports: 2154 description: Ports are not allowed for ephemeral containers. 2155 type: array 2156 items: 2157 description: ContainerPort represents a network port in a single container. 2158 type: object 2159 required: 2160 - containerPort 2161 properties: 2162 containerPort: 2163 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 2164 type: integer 2165 format: int32 2166 hostIP: 2167 description: What host IP to bind the external port to. 2168 type: string 2169 hostPort: 2170 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 2171 type: integer 2172 format: int32 2173 name: 2174 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 2175 type: string 2176 protocol: 2177 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 2178 type: string 2179 default: TCP 2180 readinessProbe: 2181 description: Probes are not allowed for ephemeral containers. 2182 type: object 2183 properties: 2184 exec: 2185 description: One and only one of the following should be specified. Exec specifies the action to take. 2186 type: object 2187 properties: 2188 command: 2189 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2190 type: array 2191 items: 2192 type: string 2193 failureThreshold: 2194 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2195 type: integer 2196 format: int32 2197 httpGet: 2198 description: HTTPGet specifies the http request to perform. 2199 type: object 2200 required: 2201 - port 2202 properties: 2203 host: 2204 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2205 type: string 2206 httpHeaders: 2207 description: Custom headers to set in the request. HTTP allows repeated headers. 2208 type: array 2209 items: 2210 description: HTTPHeader describes a custom header to be used in HTTP probes 2211 type: object 2212 required: 2213 - name 2214 - value 2215 properties: 2216 name: 2217 description: The header field name 2218 type: string 2219 value: 2220 description: The header field value 2221 type: string 2222 path: 2223 description: Path to access on the HTTP server. 2224 type: string 2225 port: 2226 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2227 anyOf: 2228 - type: integer 2229 - type: string 2230 x-kubernetes-int-or-string: true 2231 scheme: 2232 description: Scheme to use for connecting to the host. Defaults to HTTP. 2233 type: string 2234 initialDelaySeconds: 2235 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2236 type: integer 2237 format: int32 2238 periodSeconds: 2239 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2240 type: integer 2241 format: int32 2242 successThreshold: 2243 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2244 type: integer 2245 format: int32 2246 tcpSocket: 2247 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2248 type: object 2249 required: 2250 - port 2251 properties: 2252 host: 2253 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2254 type: string 2255 port: 2256 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2257 anyOf: 2258 - type: integer 2259 - type: string 2260 x-kubernetes-int-or-string: true 2261 timeoutSeconds: 2262 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2263 type: integer 2264 format: int32 2265 resources: 2266 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. 2267 type: object 2268 properties: 2269 limits: 2270 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2271 type: object 2272 additionalProperties: 2273 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2274 anyOf: 2275 - type: integer 2276 - type: string 2277 x-kubernetes-int-or-string: true 2278 requests: 2279 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2280 type: object 2281 additionalProperties: 2282 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2283 anyOf: 2284 - type: integer 2285 - type: string 2286 x-kubernetes-int-or-string: true 2287 securityContext: 2288 description: SecurityContext is not allowed for ephemeral containers. 2289 type: object 2290 properties: 2291 allowPrivilegeEscalation: 2292 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' 2293 type: boolean 2294 capabilities: 2295 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. 2296 type: object 2297 properties: 2298 add: 2299 description: Added capabilities 2300 type: array 2301 items: 2302 description: Capability represent POSIX capabilities type 2303 type: string 2304 drop: 2305 description: Removed capabilities 2306 type: array 2307 items: 2308 description: Capability represent POSIX capabilities type 2309 type: string 2310 privileged: 2311 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. 2312 type: boolean 2313 procMount: 2314 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. 2315 type: string 2316 readOnlyRootFilesystem: 2317 description: Whether this container has a read-only root filesystem. Default is false. 2318 type: boolean 2319 runAsGroup: 2320 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2321 type: integer 2322 format: int64 2323 runAsNonRoot: 2324 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2325 type: boolean 2326 runAsUser: 2327 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2328 type: integer 2329 format: int64 2330 seLinuxOptions: 2331 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2332 type: object 2333 properties: 2334 level: 2335 description: Level is SELinux level label that applies to the container. 2336 type: string 2337 role: 2338 description: Role is a SELinux role label that applies to the container. 2339 type: string 2340 type: 2341 description: Type is a SELinux type label that applies to the container. 2342 type: string 2343 user: 2344 description: User is a SELinux user label that applies to the container. 2345 type: string 2346 seccompProfile: 2347 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. 2348 type: object 2349 required: 2350 - type 2351 properties: 2352 localhostProfile: 2353 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". 2354 type: string 2355 type: 2356 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." 2357 type: string 2358 windowsOptions: 2359 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2360 type: object 2361 properties: 2362 gmsaCredentialSpec: 2363 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 2364 type: string 2365 gmsaCredentialSpecName: 2366 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 2367 type: string 2368 runAsUserName: 2369 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2370 type: string 2371 startupProbe: 2372 description: Probes are not allowed for ephemeral containers. 2373 type: object 2374 properties: 2375 exec: 2376 description: One and only one of the following should be specified. Exec specifies the action to take. 2377 type: object 2378 properties: 2379 command: 2380 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2381 type: array 2382 items: 2383 type: string 2384 failureThreshold: 2385 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2386 type: integer 2387 format: int32 2388 httpGet: 2389 description: HTTPGet specifies the http request to perform. 2390 type: object 2391 required: 2392 - port 2393 properties: 2394 host: 2395 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2396 type: string 2397 httpHeaders: 2398 description: Custom headers to set in the request. HTTP allows repeated headers. 2399 type: array 2400 items: 2401 description: HTTPHeader describes a custom header to be used in HTTP probes 2402 type: object 2403 required: 2404 - name 2405 - value 2406 properties: 2407 name: 2408 description: The header field name 2409 type: string 2410 value: 2411 description: The header field value 2412 type: string 2413 path: 2414 description: Path to access on the HTTP server. 2415 type: string 2416 port: 2417 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2418 anyOf: 2419 - type: integer 2420 - type: string 2421 x-kubernetes-int-or-string: true 2422 scheme: 2423 description: Scheme to use for connecting to the host. Defaults to HTTP. 2424 type: string 2425 initialDelaySeconds: 2426 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2427 type: integer 2428 format: int32 2429 periodSeconds: 2430 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2431 type: integer 2432 format: int32 2433 successThreshold: 2434 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2435 type: integer 2436 format: int32 2437 tcpSocket: 2438 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2439 type: object 2440 required: 2441 - port 2442 properties: 2443 host: 2444 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2445 type: string 2446 port: 2447 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2448 anyOf: 2449 - type: integer 2450 - type: string 2451 x-kubernetes-int-or-string: true 2452 timeoutSeconds: 2453 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2454 type: integer 2455 format: int32 2456 stdin: 2457 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 2458 type: boolean 2459 stdinOnce: 2460 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 2461 type: boolean 2462 targetContainerName: 2463 description: If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature. 2464 type: string 2465 terminationMessagePath: 2466 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' 2467 type: string 2468 terminationMessagePolicy: 2469 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 2470 type: string 2471 tty: 2472 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 2473 type: boolean 2474 volumeDevices: 2475 description: volumeDevices is the list of block devices to be used by the container. 2476 type: array 2477 items: 2478 description: volumeDevice describes a mapping of a raw block device within a container. 2479 type: object 2480 required: 2481 - devicePath 2482 - name 2483 properties: 2484 devicePath: 2485 description: devicePath is the path inside of the container that the device will be mapped to. 2486 type: string 2487 name: 2488 description: name must match the name of a persistentVolumeClaim in the pod 2489 type: string 2490 volumeMounts: 2491 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 2492 type: array 2493 items: 2494 description: VolumeMount describes a mounting of a Volume within a container. 2495 type: object 2496 required: 2497 - mountPath 2498 - name 2499 properties: 2500 mountPath: 2501 description: Path within the container at which the volume should be mounted. Must not contain ':'. 2502 type: string 2503 mountPropagation: 2504 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. 2505 type: string 2506 name: 2507 description: This must match the Name of a Volume. 2508 type: string 2509 readOnly: 2510 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 2511 type: boolean 2512 subPath: 2513 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 2514 type: string 2515 subPathExpr: 2516 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 2517 type: string 2518 workingDir: 2519 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 2520 type: string 2521 hostAliases: 2522 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. 2523 type: array 2524 items: 2525 description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. 2526 type: object 2527 properties: 2528 hostnames: 2529 description: Hostnames for the above IP address. 2530 type: array 2531 items: 2532 type: string 2533 ip: 2534 description: IP address of the host file entry. 2535 type: string 2536 hostIPC: 2537 description: 'Use the host''s ipc namespace. Optional: Default to false.' 2538 type: boolean 2539 hostNetwork: 2540 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. 2541 type: boolean 2542 hostPID: 2543 description: 'Use the host''s pid namespace. Optional: Default to false.' 2544 type: boolean 2545 hostname: 2546 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. 2547 type: string 2548 imagePullSecrets: 2549 description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 2550 type: array 2551 items: 2552 description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. 2553 type: object 2554 properties: 2555 name: 2556 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2557 type: string 2558 initContainers: 2559 description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' 2560 type: array 2561 items: 2562 description: A single application container that you want to run within a pod. 2563 type: object 2564 required: 2565 - name 2566 properties: 2567 args: 2568 description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2569 type: array 2570 items: 2571 type: string 2572 command: 2573 description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2574 type: array 2575 items: 2576 type: string 2577 env: 2578 description: List of environment variables to set in the container. Cannot be updated. 2579 type: array 2580 items: 2581 description: EnvVar represents an environment variable present in a Container. 2582 type: object 2583 required: 2584 - name 2585 properties: 2586 name: 2587 description: Name of the environment variable. Must be a C_IDENTIFIER. 2588 type: string 2589 value: 2590 description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' 2591 type: string 2592 valueFrom: 2593 description: Source for the environment variable's value. Cannot be used if value is not empty. 2594 type: object 2595 properties: 2596 configMapKeyRef: 2597 description: Selects a key of a ConfigMap. 2598 type: object 2599 required: 2600 - key 2601 properties: 2602 key: 2603 description: The key to select. 2604 type: string 2605 name: 2606 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2607 type: string 2608 optional: 2609 description: Specify whether the ConfigMap or its key must be defined 2610 type: boolean 2611 fieldRef: 2612 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' 2613 type: object 2614 required: 2615 - fieldPath 2616 properties: 2617 apiVersion: 2618 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 2619 type: string 2620 fieldPath: 2621 description: Path of the field to select in the specified API version. 2622 type: string 2623 resourceFieldRef: 2624 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' 2625 type: object 2626 required: 2627 - resource 2628 properties: 2629 containerName: 2630 description: 'Container name: required for volumes, optional for env vars' 2631 type: string 2632 divisor: 2633 description: Specifies the output format of the exposed resources, defaults to "1" 2634 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2635 anyOf: 2636 - type: integer 2637 - type: string 2638 x-kubernetes-int-or-string: true 2639 resource: 2640 description: 'Required: resource to select' 2641 type: string 2642 secretKeyRef: 2643 description: Selects a key of a secret in the pod's namespace 2644 type: object 2645 required: 2646 - key 2647 properties: 2648 key: 2649 description: The key of the secret to select from. Must be a valid secret key. 2650 type: string 2651 name: 2652 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2653 type: string 2654 optional: 2655 description: Specify whether the Secret or its key must be defined 2656 type: boolean 2657 envFrom: 2658 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 2659 type: array 2660 items: 2661 description: EnvFromSource represents the source of a set of ConfigMaps 2662 type: object 2663 properties: 2664 configMapRef: 2665 description: The ConfigMap to select from 2666 type: object 2667 properties: 2668 name: 2669 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2670 type: string 2671 optional: 2672 description: Specify whether the ConfigMap must be defined 2673 type: boolean 2674 prefix: 2675 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 2676 type: string 2677 secretRef: 2678 description: The Secret to select from 2679 type: object 2680 properties: 2681 name: 2682 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2683 type: string 2684 optional: 2685 description: Specify whether the Secret must be defined 2686 type: boolean 2687 image: 2688 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' 2689 type: string 2690 imagePullPolicy: 2691 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2692 type: string 2693 lifecycle: 2694 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 2695 type: object 2696 properties: 2697 postStart: 2698 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2699 type: object 2700 properties: 2701 exec: 2702 description: One and only one of the following should be specified. Exec specifies the action to take. 2703 type: object 2704 properties: 2705 command: 2706 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2707 type: array 2708 items: 2709 type: string 2710 httpGet: 2711 description: HTTPGet specifies the http request to perform. 2712 type: object 2713 required: 2714 - port 2715 properties: 2716 host: 2717 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2718 type: string 2719 httpHeaders: 2720 description: Custom headers to set in the request. HTTP allows repeated headers. 2721 type: array 2722 items: 2723 description: HTTPHeader describes a custom header to be used in HTTP probes 2724 type: object 2725 required: 2726 - name 2727 - value 2728 properties: 2729 name: 2730 description: The header field name 2731 type: string 2732 value: 2733 description: The header field value 2734 type: string 2735 path: 2736 description: Path to access on the HTTP server. 2737 type: string 2738 port: 2739 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2740 anyOf: 2741 - type: integer 2742 - type: string 2743 x-kubernetes-int-or-string: true 2744 scheme: 2745 description: Scheme to use for connecting to the host. Defaults to HTTP. 2746 type: string 2747 tcpSocket: 2748 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2749 type: object 2750 required: 2751 - port 2752 properties: 2753 host: 2754 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2755 type: string 2756 port: 2757 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2758 anyOf: 2759 - type: integer 2760 - type: string 2761 x-kubernetes-int-or-string: true 2762 preStop: 2763 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2764 type: object 2765 properties: 2766 exec: 2767 description: One and only one of the following should be specified. Exec specifies the action to take. 2768 type: object 2769 properties: 2770 command: 2771 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2772 type: array 2773 items: 2774 type: string 2775 httpGet: 2776 description: HTTPGet specifies the http request to perform. 2777 type: object 2778 required: 2779 - port 2780 properties: 2781 host: 2782 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2783 type: string 2784 httpHeaders: 2785 description: Custom headers to set in the request. HTTP allows repeated headers. 2786 type: array 2787 items: 2788 description: HTTPHeader describes a custom header to be used in HTTP probes 2789 type: object 2790 required: 2791 - name 2792 - value 2793 properties: 2794 name: 2795 description: The header field name 2796 type: string 2797 value: 2798 description: The header field value 2799 type: string 2800 path: 2801 description: Path to access on the HTTP server. 2802 type: string 2803 port: 2804 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2805 anyOf: 2806 - type: integer 2807 - type: string 2808 x-kubernetes-int-or-string: true 2809 scheme: 2810 description: Scheme to use for connecting to the host. Defaults to HTTP. 2811 type: string 2812 tcpSocket: 2813 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2814 type: object 2815 required: 2816 - port 2817 properties: 2818 host: 2819 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2820 type: string 2821 port: 2822 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2823 anyOf: 2824 - type: integer 2825 - type: string 2826 x-kubernetes-int-or-string: true 2827 livenessProbe: 2828 description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2829 type: object 2830 properties: 2831 exec: 2832 description: One and only one of the following should be specified. Exec specifies the action to take. 2833 type: object 2834 properties: 2835 command: 2836 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2837 type: array 2838 items: 2839 type: string 2840 failureThreshold: 2841 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2842 type: integer 2843 format: int32 2844 httpGet: 2845 description: HTTPGet specifies the http request to perform. 2846 type: object 2847 required: 2848 - port 2849 properties: 2850 host: 2851 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2852 type: string 2853 httpHeaders: 2854 description: Custom headers to set in the request. HTTP allows repeated headers. 2855 type: array 2856 items: 2857 description: HTTPHeader describes a custom header to be used in HTTP probes 2858 type: object 2859 required: 2860 - name 2861 - value 2862 properties: 2863 name: 2864 description: The header field name 2865 type: string 2866 value: 2867 description: The header field value 2868 type: string 2869 path: 2870 description: Path to access on the HTTP server. 2871 type: string 2872 port: 2873 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2874 anyOf: 2875 - type: integer 2876 - type: string 2877 x-kubernetes-int-or-string: true 2878 scheme: 2879 description: Scheme to use for connecting to the host. Defaults to HTTP. 2880 type: string 2881 initialDelaySeconds: 2882 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2883 type: integer 2884 format: int32 2885 periodSeconds: 2886 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2887 type: integer 2888 format: int32 2889 successThreshold: 2890 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2891 type: integer 2892 format: int32 2893 tcpSocket: 2894 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2895 type: object 2896 required: 2897 - port 2898 properties: 2899 host: 2900 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2901 type: string 2902 port: 2903 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2904 anyOf: 2905 - type: integer 2906 - type: string 2907 x-kubernetes-int-or-string: true 2908 timeoutSeconds: 2909 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2910 type: integer 2911 format: int32 2912 name: 2913 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 2914 type: string 2915 ports: 2916 description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. 2917 type: array 2918 items: 2919 description: ContainerPort represents a network port in a single container. 2920 type: object 2921 required: 2922 - containerPort 2923 properties: 2924 containerPort: 2925 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 2926 type: integer 2927 format: int32 2928 hostIP: 2929 description: What host IP to bind the external port to. 2930 type: string 2931 hostPort: 2932 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 2933 type: integer 2934 format: int32 2935 name: 2936 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 2937 type: string 2938 protocol: 2939 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 2940 type: string 2941 default: TCP 2942 x-kubernetes-list-map-keys: 2943 - containerPort 2944 - protocol 2945 x-kubernetes-list-type: map 2946 readinessProbe: 2947 description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2948 type: object 2949 properties: 2950 exec: 2951 description: One and only one of the following should be specified. Exec specifies the action to take. 2952 type: object 2953 properties: 2954 command: 2955 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2956 type: array 2957 items: 2958 type: string 2959 failureThreshold: 2960 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2961 type: integer 2962 format: int32 2963 httpGet: 2964 description: HTTPGet specifies the http request to perform. 2965 type: object 2966 required: 2967 - port 2968 properties: 2969 host: 2970 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2971 type: string 2972 httpHeaders: 2973 description: Custom headers to set in the request. HTTP allows repeated headers. 2974 type: array 2975 items: 2976 description: HTTPHeader describes a custom header to be used in HTTP probes 2977 type: object 2978 required: 2979 - name 2980 - value 2981 properties: 2982 name: 2983 description: The header field name 2984 type: string 2985 value: 2986 description: The header field value 2987 type: string 2988 path: 2989 description: Path to access on the HTTP server. 2990 type: string 2991 port: 2992 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2993 anyOf: 2994 - type: integer 2995 - type: string 2996 x-kubernetes-int-or-string: true 2997 scheme: 2998 description: Scheme to use for connecting to the host. Defaults to HTTP. 2999 type: string 3000 initialDelaySeconds: 3001 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3002 type: integer 3003 format: int32 3004 periodSeconds: 3005 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3006 type: integer 3007 format: int32 3008 successThreshold: 3009 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3010 type: integer 3011 format: int32 3012 tcpSocket: 3013 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 3014 type: object 3015 required: 3016 - port 3017 properties: 3018 host: 3019 description: 'Optional: Host name to connect to, defaults to the pod IP.' 3020 type: string 3021 port: 3022 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3023 anyOf: 3024 - type: integer 3025 - type: string 3026 x-kubernetes-int-or-string: true 3027 timeoutSeconds: 3028 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3029 type: integer 3030 format: int32 3031 resources: 3032 description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3033 type: object 3034 properties: 3035 limits: 3036 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3037 type: object 3038 additionalProperties: 3039 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3040 anyOf: 3041 - type: integer 3042 - type: string 3043 x-kubernetes-int-or-string: true 3044 requests: 3045 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3046 type: object 3047 additionalProperties: 3048 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3049 anyOf: 3050 - type: integer 3051 - type: string 3052 x-kubernetes-int-or-string: true 3053 securityContext: 3054 description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 3055 type: object 3056 properties: 3057 allowPrivilegeEscalation: 3058 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' 3059 type: boolean 3060 capabilities: 3061 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. 3062 type: object 3063 properties: 3064 add: 3065 description: Added capabilities 3066 type: array 3067 items: 3068 description: Capability represent POSIX capabilities type 3069 type: string 3070 drop: 3071 description: Removed capabilities 3072 type: array 3073 items: 3074 description: Capability represent POSIX capabilities type 3075 type: string 3076 privileged: 3077 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. 3078 type: boolean 3079 procMount: 3080 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. 3081 type: string 3082 readOnlyRootFilesystem: 3083 description: Whether this container has a read-only root filesystem. Default is false. 3084 type: boolean 3085 runAsGroup: 3086 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3087 type: integer 3088 format: int64 3089 runAsNonRoot: 3090 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3091 type: boolean 3092 runAsUser: 3093 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3094 type: integer 3095 format: int64 3096 seLinuxOptions: 3097 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3098 type: object 3099 properties: 3100 level: 3101 description: Level is SELinux level label that applies to the container. 3102 type: string 3103 role: 3104 description: Role is a SELinux role label that applies to the container. 3105 type: string 3106 type: 3107 description: Type is a SELinux type label that applies to the container. 3108 type: string 3109 user: 3110 description: User is a SELinux user label that applies to the container. 3111 type: string 3112 seccompProfile: 3113 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. 3114 type: object 3115 required: 3116 - type 3117 properties: 3118 localhostProfile: 3119 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". 3120 type: string 3121 type: 3122 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." 3123 type: string 3124 windowsOptions: 3125 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3126 type: object 3127 properties: 3128 gmsaCredentialSpec: 3129 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 3130 type: string 3131 gmsaCredentialSpecName: 3132 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 3133 type: string 3134 runAsUserName: 3135 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3136 type: string 3137 startupProbe: 3138 description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3139 type: object 3140 properties: 3141 exec: 3142 description: One and only one of the following should be specified. Exec specifies the action to take. 3143 type: object 3144 properties: 3145 command: 3146 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3147 type: array 3148 items: 3149 type: string 3150 failureThreshold: 3151 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3152 type: integer 3153 format: int32 3154 httpGet: 3155 description: HTTPGet specifies the http request to perform. 3156 type: object 3157 required: 3158 - port 3159 properties: 3160 host: 3161 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3162 type: string 3163 httpHeaders: 3164 description: Custom headers to set in the request. HTTP allows repeated headers. 3165 type: array 3166 items: 3167 description: HTTPHeader describes a custom header to be used in HTTP probes 3168 type: object 3169 required: 3170 - name 3171 - value 3172 properties: 3173 name: 3174 description: The header field name 3175 type: string 3176 value: 3177 description: The header field value 3178 type: string 3179 path: 3180 description: Path to access on the HTTP server. 3181 type: string 3182 port: 3183 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3184 anyOf: 3185 - type: integer 3186 - type: string 3187 x-kubernetes-int-or-string: true 3188 scheme: 3189 description: Scheme to use for connecting to the host. Defaults to HTTP. 3190 type: string 3191 initialDelaySeconds: 3192 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3193 type: integer 3194 format: int32 3195 periodSeconds: 3196 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3197 type: integer 3198 format: int32 3199 successThreshold: 3200 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3201 type: integer 3202 format: int32 3203 tcpSocket: 3204 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 3205 type: object 3206 required: 3207 - port 3208 properties: 3209 host: 3210 description: 'Optional: Host name to connect to, defaults to the pod IP.' 3211 type: string 3212 port: 3213 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3214 anyOf: 3215 - type: integer 3216 - type: string 3217 x-kubernetes-int-or-string: true 3218 timeoutSeconds: 3219 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3220 type: integer 3221 format: int32 3222 stdin: 3223 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 3224 type: boolean 3225 stdinOnce: 3226 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 3227 type: boolean 3228 terminationMessagePath: 3229 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' 3230 type: string 3231 terminationMessagePolicy: 3232 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 3233 type: string 3234 tty: 3235 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 3236 type: boolean 3237 volumeDevices: 3238 description: volumeDevices is the list of block devices to be used by the container. 3239 type: array 3240 items: 3241 description: volumeDevice describes a mapping of a raw block device within a container. 3242 type: object 3243 required: 3244 - devicePath 3245 - name 3246 properties: 3247 devicePath: 3248 description: devicePath is the path inside of the container that the device will be mapped to. 3249 type: string 3250 name: 3251 description: name must match the name of a persistentVolumeClaim in the pod 3252 type: string 3253 volumeMounts: 3254 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 3255 type: array 3256 items: 3257 description: VolumeMount describes a mounting of a Volume within a container. 3258 type: object 3259 required: 3260 - mountPath 3261 - name 3262 properties: 3263 mountPath: 3264 description: Path within the container at which the volume should be mounted. Must not contain ':'. 3265 type: string 3266 mountPropagation: 3267 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. 3268 type: string 3269 name: 3270 description: This must match the Name of a Volume. 3271 type: string 3272 readOnly: 3273 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 3274 type: boolean 3275 subPath: 3276 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 3277 type: string 3278 subPathExpr: 3279 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 3280 type: string 3281 workingDir: 3282 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 3283 type: string 3284 nodeName: 3285 description: NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. 3286 type: string 3287 nodeSelector: 3288 description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 3289 type: object 3290 additionalProperties: 3291 type: string 3292 overhead: 3293 description: 'Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.' 3294 type: object 3295 additionalProperties: 3296 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3297 anyOf: 3298 - type: integer 3299 - type: string 3300 x-kubernetes-int-or-string: true 3301 preemptionPolicy: 3302 description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is beta-level, gated by the NonPreemptingPriority feature-gate. 3303 type: string 3304 priority: 3305 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. 3306 type: integer 3307 format: int32 3308 priorityClassName: 3309 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. 3310 type: string 3311 readinessGates: 3312 description: 'If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' 3313 type: array 3314 items: 3315 description: PodReadinessGate contains the reference to a pod condition 3316 type: object 3317 required: 3318 - conditionType 3319 properties: 3320 conditionType: 3321 description: ConditionType refers to a condition in the pod's condition list with matching type. 3322 type: string 3323 restartPolicy: 3324 description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 3325 type: string 3326 runtimeClassName: 3327 description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.' 3328 type: string 3329 schedulerName: 3330 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. 3331 type: string 3332 securityContext: 3333 description: 'SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.' 3334 type: object 3335 properties: 3336 fsGroup: 3337 description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." 3338 type: integer 3339 format: int64 3340 fsGroupChangePolicy: 3341 description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.' 3342 type: string 3343 runAsGroup: 3344 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. 3345 type: integer 3346 format: int64 3347 runAsNonRoot: 3348 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3349 type: boolean 3350 runAsUser: 3351 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. 3352 type: integer 3353 format: int64 3354 seLinuxOptions: 3355 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. 3356 type: object 3357 properties: 3358 level: 3359 description: Level is SELinux level label that applies to the container. 3360 type: string 3361 role: 3362 description: Role is a SELinux role label that applies to the container. 3363 type: string 3364 type: 3365 description: Type is a SELinux type label that applies to the container. 3366 type: string 3367 user: 3368 description: User is a SELinux user label that applies to the container. 3369 type: string 3370 seccompProfile: 3371 description: The seccomp options to use by the containers in this pod. 3372 type: object 3373 required: 3374 - type 3375 properties: 3376 localhostProfile: 3377 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". 3378 type: string 3379 type: 3380 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." 3381 type: string 3382 supplementalGroups: 3383 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. 3384 type: array 3385 items: 3386 type: integer 3387 format: int64 3388 sysctls: 3389 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. 3390 type: array 3391 items: 3392 description: Sysctl defines a kernel parameter to be set 3393 type: object 3394 required: 3395 - name 3396 - value 3397 properties: 3398 name: 3399 description: Name of a property to set 3400 type: string 3401 value: 3402 description: Value of a property to set 3403 type: string 3404 windowsOptions: 3405 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3406 type: object 3407 properties: 3408 gmsaCredentialSpec: 3409 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 3410 type: string 3411 gmsaCredentialSpecName: 3412 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 3413 type: string 3414 runAsUserName: 3415 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3416 type: string 3417 serviceAccount: 3418 description: 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.' 3419 type: string 3420 serviceAccountName: 3421 description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 3422 type: string 3423 setHostnameAsFQDN: 3424 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. 3425 type: boolean 3426 shareProcessNamespace: 3427 description: 'Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.' 3428 type: boolean 3429 subdomain: 3430 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all. 3431 type: string 3432 terminationGracePeriodSeconds: 3433 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. 3434 type: integer 3435 format: int64 3436 tolerations: 3437 description: If specified, the pod's tolerations. 3438 type: array 3439 items: 3440 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 3441 type: object 3442 properties: 3443 effect: 3444 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 3445 type: string 3446 key: 3447 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 3448 type: string 3449 operator: 3450 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 3451 type: string 3452 tolerationSeconds: 3453 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 3454 type: integer 3455 format: int64 3456 value: 3457 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 3458 type: string 3459 topologySpreadConstraints: 3460 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. 3461 type: array 3462 items: 3463 description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. 3464 type: object 3465 required: 3466 - maxSkew 3467 - topologyKey 3468 - whenUnsatisfiable 3469 properties: 3470 labelSelector: 3471 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 3472 type: object 3473 properties: 3474 matchExpressions: 3475 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 3476 type: array 3477 items: 3478 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 3479 type: object 3480 required: 3481 - key 3482 - operator 3483 properties: 3484 key: 3485 description: key is the label key that the selector applies to. 3486 type: string 3487 operator: 3488 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 3489 type: string 3490 values: 3491 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 3492 type: array 3493 items: 3494 type: string 3495 matchLabels: 3496 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 3497 type: object 3498 additionalProperties: 3499 type: string 3500 maxSkew: 3501 description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' 3502 type: integer 3503 format: int32 3504 topologyKey: 3505 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. 3506 type: string 3507 whenUnsatisfiable: 3508 description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assigment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' 3509 type: string 3510 x-kubernetes-list-map-keys: 3511 - topologyKey 3512 - whenUnsatisfiable 3513 x-kubernetes-list-type: map 3514 volumes: 3515 description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 3516 type: array 3517 items: 3518 description: Volume represents a named volume in a pod that may be accessed by any container in the pod. 3519 type: object 3520 required: 3521 - name 3522 properties: 3523 awsElasticBlockStore: 3524 description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3525 type: object 3526 required: 3527 - volumeID 3528 properties: 3529 fsType: 3530 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' 3531 type: string 3532 partition: 3533 description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' 3534 type: integer 3535 format: int32 3536 readOnly: 3537 description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3538 type: boolean 3539 volumeID: 3540 description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3541 type: string 3542 azureDisk: 3543 description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 3544 type: object 3545 required: 3546 - diskName 3547 - diskURI 3548 properties: 3549 cachingMode: 3550 description: 'Host Caching mode: None, Read Only, Read Write.' 3551 type: string 3552 diskName: 3553 description: The Name of the data disk in the blob storage 3554 type: string 3555 diskURI: 3556 description: The URI the data disk in the blob storage 3557 type: string 3558 fsType: 3559 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 3560 type: string 3561 kind: 3562 description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' 3563 type: string 3564 readOnly: 3565 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 3566 type: boolean 3567 azureFile: 3568 description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 3569 type: object 3570 required: 3571 - secretName 3572 - shareName 3573 properties: 3574 readOnly: 3575 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 3576 type: boolean 3577 secretName: 3578 description: the name of secret that contains Azure Storage Account Name and Key 3579 type: string 3580 shareName: 3581 description: Share Name 3582 type: string 3583 cephfs: 3584 description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime 3585 type: object 3586 required: 3587 - monitors 3588 properties: 3589 monitors: 3590 description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3591 type: array 3592 items: 3593 type: string 3594 path: 3595 description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' 3596 type: string 3597 readOnly: 3598 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3599 type: boolean 3600 secretFile: 3601 description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3602 type: string 3603 secretRef: 3604 description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3605 type: object 3606 properties: 3607 name: 3608 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3609 type: string 3610 user: 3611 description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3612 type: string 3613 cinder: 3614 description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3615 type: object 3616 required: 3617 - volumeID 3618 properties: 3619 fsType: 3620 description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3621 type: string 3622 readOnly: 3623 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3624 type: boolean 3625 secretRef: 3626 description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' 3627 type: object 3628 properties: 3629 name: 3630 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3631 type: string 3632 volumeID: 3633 description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3634 type: string 3635 configMap: 3636 description: ConfigMap represents a configMap that should populate this volume 3637 type: object 3638 properties: 3639 defaultMode: 3640 description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3641 type: integer 3642 format: int32 3643 items: 3644 description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 3645 type: array 3646 items: 3647 description: Maps a string key to a path within a volume. 3648 type: object 3649 required: 3650 - key 3651 - path 3652 properties: 3653 key: 3654 description: The key to project. 3655 type: string 3656 mode: 3657 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3658 type: integer 3659 format: int32 3660 path: 3661 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 3662 type: string 3663 name: 3664 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3665 type: string 3666 optional: 3667 description: Specify whether the ConfigMap or its keys must be defined 3668 type: boolean 3669 csi: 3670 description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). 3671 type: object 3672 required: 3673 - driver 3674 properties: 3675 driver: 3676 description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 3677 type: string 3678 fsType: 3679 description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 3680 type: string 3681 nodePublishSecretRef: 3682 description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 3683 type: object 3684 properties: 3685 name: 3686 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3687 type: string 3688 readOnly: 3689 description: Specifies a read-only configuration for the volume. Defaults to false (read/write). 3690 type: boolean 3691 volumeAttributes: 3692 description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 3693 type: object 3694 additionalProperties: 3695 type: string 3696 downwardAPI: 3697 description: DownwardAPI represents downward API about the pod that should populate this volume 3698 type: object 3699 properties: 3700 defaultMode: 3701 description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3702 type: integer 3703 format: int32 3704 items: 3705 description: Items is a list of downward API volume file 3706 type: array 3707 items: 3708 description: DownwardAPIVolumeFile represents information to create the file containing the pod field 3709 type: object 3710 required: 3711 - path 3712 properties: 3713 fieldRef: 3714 description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' 3715 type: object 3716 required: 3717 - fieldPath 3718 properties: 3719 apiVersion: 3720 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 3721 type: string 3722 fieldPath: 3723 description: Path of the field to select in the specified API version. 3724 type: string 3725 mode: 3726 description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3727 type: integer 3728 format: int32 3729 path: 3730 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' 3731 type: string 3732 resourceFieldRef: 3733 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' 3734 type: object 3735 required: 3736 - resource 3737 properties: 3738 containerName: 3739 description: 'Container name: required for volumes, optional for env vars' 3740 type: string 3741 divisor: 3742 description: Specifies the output format of the exposed resources, defaults to "1" 3743 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3744 anyOf: 3745 - type: integer 3746 - type: string 3747 x-kubernetes-int-or-string: true 3748 resource: 3749 description: 'Required: resource to select' 3750 type: string 3751 emptyDir: 3752 description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 3753 type: object 3754 properties: 3755 medium: 3756 description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 3757 type: string 3758 sizeLimit: 3759 description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 3760 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3761 anyOf: 3762 - type: integer 3763 - type: string 3764 x-kubernetes-int-or-string: true 3765 ephemeral: 3766 description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." 3767 type: object 3768 properties: 3769 readOnly: 3770 description: Specifies a read-only configuration for the volume. Defaults to false (read/write). 3771 type: boolean 3772 volumeClaimTemplate: 3773 description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." 3774 type: object 3775 required: 3776 - spec 3777 properties: 3778 metadata: 3779 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 3780 type: object 3781 spec: 3782 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 3783 type: object 3784 properties: 3785 accessModes: 3786 description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 3787 type: array 3788 items: 3789 type: string 3790 dataSource: 3791 description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' 3792 type: object 3793 required: 3794 - kind 3795 - name 3796 properties: 3797 apiGroup: 3798 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 3799 type: string 3800 kind: 3801 description: Kind is the type of resource being referenced 3802 type: string 3803 name: 3804 description: Name is the name of resource being referenced 3805 type: string 3806 resources: 3807 description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 3808 type: object 3809 properties: 3810 limits: 3811 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3812 type: object 3813 additionalProperties: 3814 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3815 anyOf: 3816 - type: integer 3817 - type: string 3818 x-kubernetes-int-or-string: true 3819 requests: 3820 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3821 type: object 3822 additionalProperties: 3823 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3824 anyOf: 3825 - type: integer 3826 - type: string 3827 x-kubernetes-int-or-string: true 3828 selector: 3829 description: A label query over volumes to consider for binding. 3830 type: object 3831 properties: 3832 matchExpressions: 3833 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 3834 type: array 3835 items: 3836 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 3837 type: object 3838 required: 3839 - key 3840 - operator 3841 properties: 3842 key: 3843 description: key is the label key that the selector applies to. 3844 type: string 3845 operator: 3846 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 3847 type: string 3848 values: 3849 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 3850 type: array 3851 items: 3852 type: string 3853 matchLabels: 3854 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 3855 type: object 3856 additionalProperties: 3857 type: string 3858 storageClassName: 3859 description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 3860 type: string 3861 volumeMode: 3862 description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 3863 type: string 3864 volumeName: 3865 description: VolumeName is the binding reference to the PersistentVolume backing this claim. 3866 type: string 3867 fc: 3868 description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 3869 type: object 3870 properties: 3871 fsType: 3872 description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' 3873 type: string 3874 lun: 3875 description: 'Optional: FC target lun number' 3876 type: integer 3877 format: int32 3878 readOnly: 3879 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' 3880 type: boolean 3881 targetWWNs: 3882 description: 'Optional: FC target worldwide names (WWNs)' 3883 type: array 3884 items: 3885 type: string 3886 wwids: 3887 description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' 3888 type: array 3889 items: 3890 type: string 3891 flexVolume: 3892 description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. 3893 type: object 3894 required: 3895 - driver 3896 properties: 3897 driver: 3898 description: Driver is the name of the driver to use for this volume. 3899 type: string 3900 fsType: 3901 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 3902 type: string 3903 options: 3904 description: 'Optional: Extra command options if any.' 3905 type: object 3906 additionalProperties: 3907 type: string 3908 readOnly: 3909 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' 3910 type: boolean 3911 secretRef: 3912 description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' 3913 type: object 3914 properties: 3915 name: 3916 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3917 type: string 3918 flocker: 3919 description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running 3920 type: object 3921 properties: 3922 datasetName: 3923 description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 3924 type: string 3925 datasetUUID: 3926 description: UUID of the dataset. This is unique identifier of a Flocker dataset 3927 type: string 3928 gcePersistentDisk: 3929 description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3930 type: object 3931 required: 3932 - pdName 3933 properties: 3934 fsType: 3935 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' 3936 type: string 3937 partition: 3938 description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3939 type: integer 3940 format: int32 3941 pdName: 3942 description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3943 type: string 3944 readOnly: 3945 description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3946 type: boolean 3947 gitRepo: 3948 description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' 3949 type: object 3950 required: 3951 - repository 3952 properties: 3953 directory: 3954 description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 3955 type: string 3956 repository: 3957 description: Repository URL 3958 type: string 3959 revision: 3960 description: Commit hash for the specified revision. 3961 type: string 3962 glusterfs: 3963 description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 3964 type: object 3965 required: 3966 - endpoints 3967 - path 3968 properties: 3969 endpoints: 3970 description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 3971 type: string 3972 path: 3973 description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 3974 type: string 3975 readOnly: 3976 description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 3977 type: boolean 3978 hostPath: 3979 description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' 3980 type: object 3981 required: 3982 - path 3983 properties: 3984 path: 3985 description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 3986 type: string 3987 type: 3988 description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 3989 type: string 3990 iscsi: 3991 description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 3992 type: object 3993 required: 3994 - iqn 3995 - lun 3996 - targetPortal 3997 properties: 3998 chapAuthDiscovery: 3999 description: whether support iSCSI Discovery CHAP authentication 4000 type: boolean 4001 chapAuthSession: 4002 description: whether support iSCSI Session CHAP authentication 4003 type: boolean 4004 fsType: 4005 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' 4006 type: string 4007 initiatorName: 4008 description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 4009 type: string 4010 iqn: 4011 description: Target iSCSI Qualified Name. 4012 type: string 4013 iscsiInterface: 4014 description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 4015 type: string 4016 lun: 4017 description: iSCSI Target Lun number. 4018 type: integer 4019 format: int32 4020 portals: 4021 description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 4022 type: array 4023 items: 4024 type: string 4025 readOnly: 4026 description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 4027 type: boolean 4028 secretRef: 4029 description: CHAP Secret for iSCSI target and initiator authentication 4030 type: object 4031 properties: 4032 name: 4033 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4034 type: string 4035 targetPortal: 4036 description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 4037 type: string 4038 name: 4039 description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 4040 type: string 4041 nfs: 4042 description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4043 type: object 4044 required: 4045 - path 4046 - server 4047 properties: 4048 path: 4049 description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4050 type: string 4051 readOnly: 4052 description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4053 type: boolean 4054 server: 4055 description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4056 type: string 4057 persistentVolumeClaim: 4058 description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 4059 type: object 4060 required: 4061 - claimName 4062 properties: 4063 claimName: 4064 description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 4065 type: string 4066 readOnly: 4067 description: Will force the ReadOnly setting in VolumeMounts. Default false. 4068 type: boolean 4069 photonPersistentDisk: 4070 description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine 4071 type: object 4072 required: 4073 - pdID 4074 properties: 4075 fsType: 4076 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4077 type: string 4078 pdID: 4079 description: ID that identifies Photon Controller persistent disk 4080 type: string 4081 portworxVolume: 4082 description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine 4083 type: object 4084 required: 4085 - volumeID 4086 properties: 4087 fsType: 4088 description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 4089 type: string 4090 readOnly: 4091 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4092 type: boolean 4093 volumeID: 4094 description: VolumeID uniquely identifies a Portworx volume 4095 type: string 4096 projected: 4097 description: Items for all in one resources secrets, configmaps, and downward API 4098 type: object 4099 properties: 4100 defaultMode: 4101 description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 4102 type: integer 4103 format: int32 4104 sources: 4105 description: list of volume projections 4106 type: array 4107 items: 4108 description: Projection that may be projected along with other supported volume types 4109 type: object 4110 properties: 4111 configMap: 4112 description: information about the configMap data to project 4113 type: object 4114 properties: 4115 items: 4116 description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 4117 type: array 4118 items: 4119 description: Maps a string key to a path within a volume. 4120 type: object 4121 required: 4122 - key 4123 - path 4124 properties: 4125 key: 4126 description: The key to project. 4127 type: string 4128 mode: 4129 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 4130 type: integer 4131 format: int32 4132 path: 4133 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 4134 type: string 4135 name: 4136 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4137 type: string 4138 optional: 4139 description: Specify whether the ConfigMap or its keys must be defined 4140 type: boolean 4141 downwardAPI: 4142 description: information about the downwardAPI data to project 4143 type: object 4144 properties: 4145 items: 4146 description: Items is a list of DownwardAPIVolume file 4147 type: array 4148 items: 4149 description: DownwardAPIVolumeFile represents information to create the file containing the pod field 4150 type: object 4151 required: 4152 - path 4153 properties: 4154 fieldRef: 4155 description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' 4156 type: object 4157 required: 4158 - fieldPath 4159 properties: 4160 apiVersion: 4161 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 4162 type: string 4163 fieldPath: 4164 description: Path of the field to select in the specified API version. 4165 type: string 4166 mode: 4167 description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 4168 type: integer 4169 format: int32 4170 path: 4171 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' 4172 type: string 4173 resourceFieldRef: 4174 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' 4175 type: object 4176 required: 4177 - resource 4178 properties: 4179 containerName: 4180 description: 'Container name: required for volumes, optional for env vars' 4181 type: string 4182 divisor: 4183 description: Specifies the output format of the exposed resources, defaults to "1" 4184 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4185 anyOf: 4186 - type: integer 4187 - type: string 4188 x-kubernetes-int-or-string: true 4189 resource: 4190 description: 'Required: resource to select' 4191 type: string 4192 secret: 4193 description: information about the secret data to project 4194 type: object 4195 properties: 4196 items: 4197 description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 4198 type: array 4199 items: 4200 description: Maps a string key to a path within a volume. 4201 type: object 4202 required: 4203 - key 4204 - path 4205 properties: 4206 key: 4207 description: The key to project. 4208 type: string 4209 mode: 4210 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 4211 type: integer 4212 format: int32 4213 path: 4214 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 4215 type: string 4216 name: 4217 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4218 type: string 4219 optional: 4220 description: Specify whether the Secret or its key must be defined 4221 type: boolean 4222 serviceAccountToken: 4223 description: information about the serviceAccountToken data to project 4224 type: object 4225 required: 4226 - path 4227 properties: 4228 audience: 4229 description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 4230 type: string 4231 expirationSeconds: 4232 description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 4233 type: integer 4234 format: int64 4235 path: 4236 description: Path is the path relative to the mount point of the file to project the token into. 4237 type: string 4238 quobyte: 4239 description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime 4240 type: object 4241 required: 4242 - registry 4243 - volume 4244 properties: 4245 group: 4246 description: Group to map volume access to Default is no group 4247 type: string 4248 readOnly: 4249 description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 4250 type: boolean 4251 registry: 4252 description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 4253 type: string 4254 tenant: 4255 description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 4256 type: string 4257 user: 4258 description: User to map volume access to Defaults to serivceaccount user 4259 type: string 4260 volume: 4261 description: Volume is a string that references an already created Quobyte volume by name. 4262 type: string 4263 rbd: 4264 description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' 4265 type: object 4266 required: 4267 - image 4268 - monitors 4269 properties: 4270 fsType: 4271 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' 4272 type: string 4273 image: 4274 description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4275 type: string 4276 keyring: 4277 description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4278 type: string 4279 monitors: 4280 description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4281 type: array 4282 items: 4283 type: string 4284 pool: 4285 description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4286 type: string 4287 readOnly: 4288 description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4289 type: boolean 4290 secretRef: 4291 description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4292 type: object 4293 properties: 4294 name: 4295 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4296 type: string 4297 user: 4298 description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4299 type: string 4300 scaleIO: 4301 description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. 4302 type: object 4303 required: 4304 - gateway 4305 - secretRef 4306 - system 4307 properties: 4308 fsType: 4309 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 4310 type: string 4311 gateway: 4312 description: The host address of the ScaleIO API Gateway. 4313 type: string 4314 protectionDomain: 4315 description: The name of the ScaleIO Protection Domain for the configured storage. 4316 type: string 4317 readOnly: 4318 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4319 type: boolean 4320 secretRef: 4321 description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 4322 type: object 4323 properties: 4324 name: 4325 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4326 type: string 4327 sslEnabled: 4328 description: Flag to enable/disable SSL communication with Gateway, default false 4329 type: boolean 4330 storageMode: 4331 description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 4332 type: string 4333 storagePool: 4334 description: The ScaleIO Storage Pool associated with the protection domain. 4335 type: string 4336 system: 4337 description: The name of the storage system as configured in ScaleIO. 4338 type: string 4339 volumeName: 4340 description: The name of a volume already created in the ScaleIO system that is associated with this volume source. 4341 type: string 4342 secret: 4343 description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 4344 type: object 4345 properties: 4346 defaultMode: 4347 description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 4348 type: integer 4349 format: int32 4350 items: 4351 description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 4352 type: array 4353 items: 4354 description: Maps a string key to a path within a volume. 4355 type: object 4356 required: 4357 - key 4358 - path 4359 properties: 4360 key: 4361 description: The key to project. 4362 type: string 4363 mode: 4364 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 4365 type: integer 4366 format: int32 4367 path: 4368 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 4369 type: string 4370 optional: 4371 description: Specify whether the Secret or its keys must be defined 4372 type: boolean 4373 secretName: 4374 description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 4375 type: string 4376 storageos: 4377 description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. 4378 type: object 4379 properties: 4380 fsType: 4381 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4382 type: string 4383 readOnly: 4384 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4385 type: boolean 4386 secretRef: 4387 description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 4388 type: object 4389 properties: 4390 name: 4391 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4392 type: string 4393 volumeName: 4394 description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 4395 type: string 4396 volumeNamespace: 4397 description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 4398 type: string 4399 vsphereVolume: 4400 description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine 4401 type: object 4402 required: 4403 - volumePath 4404 properties: 4405 fsType: 4406 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4407 type: string 4408 storagePolicyID: 4409 description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 4410 type: string 4411 storagePolicyName: 4412 description: Storage Policy Based Management (SPBM) profile name. 4413 type: string 4414 volumePath: 4415 description: Path that identifies vSphere volume vmdk 4416 type: string 4417 permissions: 4418 type: array 4419 items: 4420 description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy 4421 type: object 4422 required: 4423 - rules 4424 - serviceAccountName 4425 properties: 4426 rules: 4427 type: array 4428 items: 4429 description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. 4430 type: object 4431 required: 4432 - verbs 4433 properties: 4434 apiGroups: 4435 description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. 4436 type: array 4437 items: 4438 type: string 4439 nonResourceURLs: 4440 description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. 4441 type: array 4442 items: 4443 type: string 4444 resourceNames: 4445 description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. 4446 type: array 4447 items: 4448 type: string 4449 resources: 4450 description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. 4451 type: array 4452 items: 4453 type: string 4454 verbs: 4455 description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. 4456 type: array 4457 items: 4458 type: string 4459 serviceAccountName: 4460 type: string 4461 strategy: 4462 type: string 4463 installModes: 4464 description: InstallModes specify supported installation types 4465 type: array 4466 items: 4467 description: InstallMode associates an InstallModeType with a flag representing if the CSV supports it 4468 type: object 4469 required: 4470 - supported 4471 - type 4472 properties: 4473 supported: 4474 type: boolean 4475 type: 4476 description: InstallModeType is a supported type of install mode for CSV installation 4477 type: string 4478 keywords: 4479 type: array 4480 items: 4481 type: string 4482 labels: 4483 description: Map of string keys and values that can be used to organize and categorize (scope and select) objects. 4484 type: object 4485 additionalProperties: 4486 type: string 4487 links: 4488 type: array 4489 items: 4490 type: object 4491 properties: 4492 name: 4493 type: string 4494 url: 4495 type: string 4496 maintainers: 4497 type: array 4498 items: 4499 type: object 4500 properties: 4501 email: 4502 type: string 4503 name: 4504 type: string 4505 maturity: 4506 type: string 4507 minKubeVersion: 4508 type: string 4509 nativeAPIs: 4510 type: array 4511 items: 4512 description: GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion to avoid automatic coersion. It doesn't use a GroupVersion to avoid custom marshalling 4513 type: object 4514 required: 4515 - group 4516 - kind 4517 - version 4518 properties: 4519 group: 4520 type: string 4521 kind: 4522 type: string 4523 version: 4524 type: string 4525 provider: 4526 type: object 4527 properties: 4528 name: 4529 type: string 4530 url: 4531 type: string 4532 relatedImages: 4533 description: List any related images, or other container images that your Operator might require to perform their functions. This list should also include operand images as well. All image references should be specified by digest (SHA) and not by tag. This field is only used during catalog creation and plays no part in cluster runtime. 4534 type: array 4535 items: 4536 type: object 4537 required: 4538 - image 4539 - name 4540 properties: 4541 image: 4542 type: string 4543 name: 4544 type: string 4545 replaces: 4546 description: The name of a CSV this one replaces. Should match the `metadata.Name` field of the old CSV. 4547 type: string 4548 selector: 4549 description: Label selector for related resources. 4550 type: object 4551 properties: 4552 matchExpressions: 4553 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4554 type: array 4555 items: 4556 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 4557 type: object 4558 required: 4559 - key 4560 - operator 4561 properties: 4562 key: 4563 description: key is the label key that the selector applies to. 4564 type: string 4565 operator: 4566 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4567 type: string 4568 values: 4569 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4570 type: array 4571 items: 4572 type: string 4573 matchLabels: 4574 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4575 type: object 4576 additionalProperties: 4577 type: string 4578 skips: 4579 description: The name(s) of one or more CSV(s) that should be skipped in the upgrade graph. Should match the `metadata.Name` field of the CSV that should be skipped. This field is only used during catalog creation and plays no part in cluster runtime. 4580 type: array 4581 items: 4582 type: string 4583 version: 4584 description: OperatorVersion is a wrapper around semver.Version which supports correct marshaling to YAML and JSON. 4585 type: string 4586 webhookdefinitions: 4587 type: array 4588 items: 4589 description: WebhookDescription provides details to OLM about required webhooks 4590 type: object 4591 required: 4592 - admissionReviewVersions 4593 - generateName 4594 - sideEffects 4595 - type 4596 properties: 4597 admissionReviewVersions: 4598 type: array 4599 items: 4600 type: string 4601 containerPort: 4602 type: integer 4603 format: int32 4604 default: 443 4605 maximum: 65535 4606 minimum: 1 4607 conversionCRDs: 4608 type: array 4609 items: 4610 type: string 4611 deploymentName: 4612 type: string 4613 failurePolicy: 4614 type: string 4615 generateName: 4616 type: string 4617 matchPolicy: 4618 description: MatchPolicyType specifies the type of match policy 4619 type: string 4620 objectSelector: 4621 description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. 4622 type: object 4623 properties: 4624 matchExpressions: 4625 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4626 type: array 4627 items: 4628 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 4629 type: object 4630 required: 4631 - key 4632 - operator 4633 properties: 4634 key: 4635 description: key is the label key that the selector applies to. 4636 type: string 4637 operator: 4638 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4639 type: string 4640 values: 4641 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4642 type: array 4643 items: 4644 type: string 4645 matchLabels: 4646 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4647 type: object 4648 additionalProperties: 4649 type: string 4650 reinvocationPolicy: 4651 description: ReinvocationPolicyType specifies what type of policy the admission hook uses. 4652 type: string 4653 rules: 4654 type: array 4655 items: 4656 description: RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid. 4657 type: object 4658 properties: 4659 apiGroups: 4660 description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. 4661 type: array 4662 items: 4663 type: string 4664 apiVersions: 4665 description: APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. 4666 type: array 4667 items: 4668 type: string 4669 operations: 4670 description: Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. 4671 type: array 4672 items: 4673 type: string 4674 resources: 4675 description: "Resources is a list of resources this rule applies to. \n For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources. \n If wildcard is present, the validation rule will ensure resources do not overlap with each other. \n Depending on the enclosing object, subresources might not be allowed. Required." 4676 type: array 4677 items: 4678 type: string 4679 scope: 4680 description: scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". 4681 type: string 4682 sideEffects: 4683 type: string 4684 targetPort: 4685 anyOf: 4686 - type: integer 4687 - type: string 4688 x-kubernetes-int-or-string: true 4689 timeoutSeconds: 4690 type: integer 4691 format: int32 4692 type: 4693 description: WebhookAdmissionType is the type of admission webhooks supported by OLM 4694 type: string 4695 enum: 4696 - ValidatingAdmissionWebhook 4697 - MutatingAdmissionWebhook 4698 - ConversionWebhook 4699 webhookPath: 4700 type: string 4701 status: 4702 description: ClusterServiceVersionStatus represents information about the status of a CSV. Status may trail the actual state of a system. 4703 type: object 4704 properties: 4705 certsLastUpdated: 4706 description: Last time the owned APIService certs were updated 4707 type: string 4708 format: date-time 4709 certsRotateAt: 4710 description: Time the owned APIService certs will rotate next 4711 type: string 4712 format: date-time 4713 cleanup: 4714 description: CleanupStatus represents information about the status of cleanup while a CSV is pending deletion 4715 type: object 4716 properties: 4717 pendingDeletion: 4718 description: PendingDeletion is the list of custom resource objects that are pending deletion and blocked on finalizers. This indicates the progress of cleanup that is blocking CSV deletion or operator uninstall. 4719 type: array 4720 items: 4721 description: ResourceList represents a list of resources which are of the same Group/Kind 4722 type: object 4723 required: 4724 - group 4725 - instances 4726 - kind 4727 properties: 4728 group: 4729 type: string 4730 instances: 4731 type: array 4732 items: 4733 type: object 4734 required: 4735 - name 4736 properties: 4737 name: 4738 type: string 4739 namespace: 4740 description: Namespace can be empty for cluster-scoped resources 4741 type: string 4742 kind: 4743 type: string 4744 conditions: 4745 description: List of conditions, a history of state transitions 4746 type: array 4747 items: 4748 description: Conditions appear in the status as a record of state transitions on the ClusterServiceVersion 4749 type: object 4750 properties: 4751 lastTransitionTime: 4752 description: Last time the status transitioned from one status to another. 4753 type: string 4754 format: date-time 4755 lastUpdateTime: 4756 description: Last time we updated the status 4757 type: string 4758 format: date-time 4759 message: 4760 description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. 4761 type: string 4762 phase: 4763 description: Condition of the ClusterServiceVersion 4764 type: string 4765 reason: 4766 description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' 4767 type: string 4768 lastTransitionTime: 4769 description: Last time the status transitioned from one status to another. 4770 type: string 4771 format: date-time 4772 lastUpdateTime: 4773 description: Last time we updated the status 4774 type: string 4775 format: date-time 4776 message: 4777 description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. 4778 type: string 4779 phase: 4780 description: Current condition of the ClusterServiceVersion 4781 type: string 4782 reason: 4783 description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' 4784 type: string 4785 requirementStatus: 4786 description: The status of each requirement for this CSV 4787 type: array 4788 items: 4789 type: object 4790 required: 4791 - group 4792 - kind 4793 - message 4794 - name 4795 - status 4796 - version 4797 properties: 4798 dependents: 4799 type: array 4800 items: 4801 description: DependentStatus is the status for a dependent requirement (to prevent infinite nesting) 4802 type: object 4803 required: 4804 - group 4805 - kind 4806 - status 4807 - version 4808 properties: 4809 group: 4810 type: string 4811 kind: 4812 type: string 4813 message: 4814 type: string 4815 status: 4816 description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus 4817 type: string 4818 uuid: 4819 type: string 4820 version: 4821 type: string 4822 group: 4823 type: string 4824 kind: 4825 type: string 4826 message: 4827 type: string 4828 name: 4829 type: string 4830 status: 4831 description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus 4832 type: string 4833 uuid: 4834 type: string 4835 version: 4836 type: string 4837 served: true 4838 storage: true 4839 subresources: 4840 status: {} 4841