github.com/operator-framework/operator-lifecycle-manager@v0.30.0/deploy/upstream/quickstart/crds.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.4.1 7 creationTimestamp: null 8 name: catalogsources.operators.coreos.com 9 spec: 10 group: operators.coreos.com 11 names: 12 categories: 13 - olm 14 kind: CatalogSource 15 listKind: CatalogSourceList 16 plural: catalogsources 17 shortNames: 18 - catsrc 19 singular: catalogsource 20 scope: Namespaced 21 versions: 22 - additionalPrinterColumns: 23 - description: The pretty name of the catalog 24 jsonPath: .spec.displayName 25 name: Display 26 type: string 27 - description: The type of the catalog 28 jsonPath: .spec.sourceType 29 name: Type 30 type: string 31 - description: The publisher of the catalog 32 jsonPath: .spec.publisher 33 name: Publisher 34 type: string 35 - jsonPath: .metadata.creationTimestamp 36 name: Age 37 type: date 38 name: v1alpha1 39 schema: 40 openAPIV3Schema: 41 description: CatalogSource is a repository of CSVs, CRDs, and operator packages. 42 type: object 43 required: 44 - metadata 45 - spec 46 properties: 47 apiVersion: 48 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 49 type: string 50 kind: 51 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 52 type: string 53 metadata: 54 type: object 55 spec: 56 type: object 57 required: 58 - sourceType 59 properties: 60 address: 61 description: 'Address is a host that OLM can use to connect to a pre-existing registry. Format: <registry-host or ip>:<port> Only used when SourceType = SourceTypeGrpc. Ignored when the Image field is set.' 62 type: string 63 configMap: 64 description: ConfigMap is the name of the ConfigMap to be used to back a configmap-server registry. Only used when SourceType = SourceTypeConfigmap or SourceTypeInternal. 65 type: string 66 description: 67 type: string 68 displayName: 69 description: Metadata 70 type: string 71 icon: 72 type: object 73 required: 74 - base64data 75 - mediatype 76 properties: 77 base64data: 78 type: string 79 mediatype: 80 type: string 81 image: 82 description: Image is an operator-registry container image to instantiate a registry-server with. Only used when SourceType = SourceTypeGrpc. If present, the address field is ignored. 83 type: string 84 priority: 85 description: 'Priority field assigns a weight to the catalog source to prioritize them so that it can be consumed by the dependency resolver. Usage: Higher weight indicates that this catalog source is preferred over lower weighted catalog sources during dependency resolution. The range of the priority value can go from positive to negative in the range of int32. The default value to a catalog source with unassigned priority would be 0. The catalog source with the same priority values will be ranked lexicographically based on its name.' 86 type: integer 87 publisher: 88 type: string 89 secrets: 90 description: Secrets represent set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. 91 type: array 92 items: 93 type: string 94 sourceType: 95 description: SourceType is the type of source 96 type: string 97 updateStrategy: 98 description: UpdateStrategy defines how updated catalog source images can be discovered Consists of an interval that defines polling duration and an embedded strategy type 99 type: object 100 properties: 101 registryPoll: 102 type: object 103 properties: 104 interval: 105 description: Interval is used to determine the time interval between checks of the latest catalog source version. The catalog operator polls to see if a new version of the catalog source is available. If available, the latest image is pulled and gRPC traffic is directed to the latest catalog source. 106 type: string 107 status: 108 type: object 109 properties: 110 configMapReference: 111 type: object 112 required: 113 - name 114 - namespace 115 properties: 116 lastUpdateTime: 117 type: string 118 format: date-time 119 name: 120 type: string 121 namespace: 122 type: string 123 resourceVersion: 124 type: string 125 uid: 126 description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. 127 type: string 128 connectionState: 129 type: object 130 required: 131 - lastObservedState 132 properties: 133 address: 134 type: string 135 lastConnect: 136 type: string 137 format: date-time 138 lastObservedState: 139 type: string 140 latestImageRegistryPoll: 141 description: The last time the CatalogSource image registry has been polled to ensure the image is up-to-date 142 type: string 143 format: date-time 144 message: 145 description: A human readable message indicating details about why the CatalogSource is in this condition. 146 type: string 147 reason: 148 description: Reason is the reason the CatalogSource was transitioned to its current state. 149 type: string 150 registryService: 151 type: object 152 properties: 153 createdAt: 154 type: string 155 format: date-time 156 port: 157 type: string 158 protocol: 159 type: string 160 serviceName: 161 type: string 162 serviceNamespace: 163 type: string 164 served: true 165 storage: true 166 subresources: 167 status: {} 168 169 --- 170 apiVersion: apiextensions.k8s.io/v1 171 kind: CustomResourceDefinition 172 metadata: 173 annotations: 174 controller-gen.kubebuilder.io/version: v0.4.1 175 creationTimestamp: null 176 name: clusterserviceversions.operators.coreos.com 177 spec: 178 group: operators.coreos.com 179 names: 180 categories: 181 - olm 182 kind: ClusterServiceVersion 183 listKind: ClusterServiceVersionList 184 plural: clusterserviceversions 185 shortNames: 186 - csv 187 - csvs 188 singular: clusterserviceversion 189 scope: Namespaced 190 versions: 191 - additionalPrinterColumns: 192 - description: The name of the CSV 193 jsonPath: .spec.displayName 194 name: Display 195 type: string 196 - description: The version of the CSV 197 jsonPath: .spec.version 198 name: Version 199 type: string 200 - description: The name of a CSV that this one replaces 201 jsonPath: .spec.replaces 202 name: Replaces 203 type: string 204 - jsonPath: .status.phase 205 name: Phase 206 type: string 207 name: v1alpha1 208 schema: 209 openAPIV3Schema: 210 description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. 211 type: object 212 required: 213 - metadata 214 - spec 215 properties: 216 apiVersion: 217 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 218 type: string 219 kind: 220 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 221 type: string 222 metadata: 223 type: object 224 spec: 225 description: ClusterServiceVersionSpec declarations tell OLM how to install an operator that can manage apps for a given version. 226 type: object 227 required: 228 - displayName 229 - install 230 properties: 231 annotations: 232 description: Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. 233 type: object 234 additionalProperties: 235 type: string 236 apiservicedefinitions: 237 description: APIServiceDefinitions declares all of the extension apis managed or required by an operator being ran by ClusterServiceVersion. 238 type: object 239 properties: 240 owned: 241 type: array 242 items: 243 description: APIServiceDescription provides details to OLM about apis provided via aggregation 244 type: object 245 required: 246 - group 247 - kind 248 - name 249 - version 250 properties: 251 actionDescriptors: 252 type: array 253 items: 254 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 255 type: object 256 required: 257 - path 258 properties: 259 description: 260 type: string 261 displayName: 262 type: string 263 path: 264 type: string 265 value: 266 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 267 type: string 268 format: byte 269 x-descriptors: 270 type: array 271 items: 272 type: string 273 containerPort: 274 type: integer 275 format: int32 276 deploymentName: 277 type: string 278 description: 279 type: string 280 displayName: 281 type: string 282 group: 283 type: string 284 kind: 285 type: string 286 name: 287 type: string 288 resources: 289 type: array 290 items: 291 description: APIResourceReference is a Kubernetes resource type used by a custom resource 292 type: object 293 required: 294 - kind 295 - name 296 - version 297 properties: 298 kind: 299 type: string 300 name: 301 type: string 302 version: 303 type: string 304 specDescriptors: 305 type: array 306 items: 307 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 308 type: object 309 required: 310 - path 311 properties: 312 description: 313 type: string 314 displayName: 315 type: string 316 path: 317 type: string 318 value: 319 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 320 type: string 321 format: byte 322 x-descriptors: 323 type: array 324 items: 325 type: string 326 statusDescriptors: 327 type: array 328 items: 329 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 330 type: object 331 required: 332 - path 333 properties: 334 description: 335 type: string 336 displayName: 337 type: string 338 path: 339 type: string 340 value: 341 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 342 type: string 343 format: byte 344 x-descriptors: 345 type: array 346 items: 347 type: string 348 version: 349 type: string 350 required: 351 type: array 352 items: 353 description: APIServiceDescription provides details to OLM about apis provided via aggregation 354 type: object 355 required: 356 - group 357 - kind 358 - name 359 - version 360 properties: 361 actionDescriptors: 362 type: array 363 items: 364 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 365 type: object 366 required: 367 - path 368 properties: 369 description: 370 type: string 371 displayName: 372 type: string 373 path: 374 type: string 375 value: 376 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 377 type: string 378 format: byte 379 x-descriptors: 380 type: array 381 items: 382 type: string 383 containerPort: 384 type: integer 385 format: int32 386 deploymentName: 387 type: string 388 description: 389 type: string 390 displayName: 391 type: string 392 group: 393 type: string 394 kind: 395 type: string 396 name: 397 type: string 398 resources: 399 type: array 400 items: 401 description: APIResourceReference is a Kubernetes resource type used by a custom resource 402 type: object 403 required: 404 - kind 405 - name 406 - version 407 properties: 408 kind: 409 type: string 410 name: 411 type: string 412 version: 413 type: string 414 specDescriptors: 415 type: array 416 items: 417 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 418 type: object 419 required: 420 - path 421 properties: 422 description: 423 type: string 424 displayName: 425 type: string 426 path: 427 type: string 428 value: 429 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 430 type: string 431 format: byte 432 x-descriptors: 433 type: array 434 items: 435 type: string 436 statusDescriptors: 437 type: array 438 items: 439 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 440 type: object 441 required: 442 - path 443 properties: 444 description: 445 type: string 446 displayName: 447 type: string 448 path: 449 type: string 450 value: 451 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 452 type: string 453 format: byte 454 x-descriptors: 455 type: array 456 items: 457 type: string 458 version: 459 type: string 460 cleanup: 461 description: Cleanup specifies the cleanup behaviour when the CSV gets deleted 462 type: object 463 required: 464 - enabled 465 properties: 466 enabled: 467 type: boolean 468 customresourcedefinitions: 469 description: "CustomResourceDefinitions declares all of the CRDs managed or required by an operator being ran by ClusterServiceVersion. \n If the CRD is present in the Owned list, it is implicitly required." 470 type: object 471 properties: 472 owned: 473 type: array 474 items: 475 description: CRDDescription provides details to OLM about the CRDs 476 type: object 477 required: 478 - kind 479 - name 480 - version 481 properties: 482 actionDescriptors: 483 type: array 484 items: 485 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 486 type: object 487 required: 488 - path 489 properties: 490 description: 491 type: string 492 displayName: 493 type: string 494 path: 495 type: string 496 value: 497 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 498 type: string 499 format: byte 500 x-descriptors: 501 type: array 502 items: 503 type: string 504 description: 505 type: string 506 displayName: 507 type: string 508 kind: 509 type: string 510 name: 511 type: string 512 resources: 513 type: array 514 items: 515 description: APIResourceReference is a Kubernetes resource type used by a custom resource 516 type: object 517 required: 518 - kind 519 - name 520 - version 521 properties: 522 kind: 523 type: string 524 name: 525 type: string 526 version: 527 type: string 528 specDescriptors: 529 type: array 530 items: 531 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 532 type: object 533 required: 534 - path 535 properties: 536 description: 537 type: string 538 displayName: 539 type: string 540 path: 541 type: string 542 value: 543 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 544 type: string 545 format: byte 546 x-descriptors: 547 type: array 548 items: 549 type: string 550 statusDescriptors: 551 type: array 552 items: 553 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 554 type: object 555 required: 556 - path 557 properties: 558 description: 559 type: string 560 displayName: 561 type: string 562 path: 563 type: string 564 value: 565 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 566 type: string 567 format: byte 568 x-descriptors: 569 type: array 570 items: 571 type: string 572 version: 573 type: string 574 required: 575 type: array 576 items: 577 description: CRDDescription provides details to OLM about the CRDs 578 type: object 579 required: 580 - kind 581 - name 582 - version 583 properties: 584 actionDescriptors: 585 type: array 586 items: 587 description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance 588 type: object 589 required: 590 - path 591 properties: 592 description: 593 type: string 594 displayName: 595 type: string 596 path: 597 type: string 598 value: 599 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 600 type: string 601 format: byte 602 x-descriptors: 603 type: array 604 items: 605 type: string 606 description: 607 type: string 608 displayName: 609 type: string 610 kind: 611 type: string 612 name: 613 type: string 614 resources: 615 type: array 616 items: 617 description: APIResourceReference is a Kubernetes resource type used by a custom resource 618 type: object 619 required: 620 - kind 621 - name 622 - version 623 properties: 624 kind: 625 type: string 626 name: 627 type: string 628 version: 629 type: string 630 specDescriptors: 631 type: array 632 items: 633 description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it 634 type: object 635 required: 636 - path 637 properties: 638 description: 639 type: string 640 displayName: 641 type: string 642 path: 643 type: string 644 value: 645 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 646 type: string 647 format: byte 648 x-descriptors: 649 type: array 650 items: 651 type: string 652 statusDescriptors: 653 type: array 654 items: 655 description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it 656 type: object 657 required: 658 - path 659 properties: 660 description: 661 type: string 662 displayName: 663 type: string 664 path: 665 type: string 666 value: 667 description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. 668 type: string 669 format: byte 670 x-descriptors: 671 type: array 672 items: 673 type: string 674 version: 675 type: string 676 description: 677 type: string 678 displayName: 679 type: string 680 icon: 681 type: array 682 items: 683 type: object 684 required: 685 - base64data 686 - mediatype 687 properties: 688 base64data: 689 type: string 690 mediatype: 691 type: string 692 install: 693 description: NamedInstallStrategy represents the block of an ClusterServiceVersion resource where the install strategy is specified. 694 type: object 695 required: 696 - strategy 697 properties: 698 spec: 699 description: StrategyDetailsDeployment represents the parsed details of a Deployment InstallStrategy. 700 type: object 701 required: 702 - deployments 703 properties: 704 clusterPermissions: 705 type: array 706 items: 707 description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy 708 type: object 709 required: 710 - rules 711 - serviceAccountName 712 properties: 713 rules: 714 type: array 715 items: 716 description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. 717 type: object 718 required: 719 - verbs 720 properties: 721 apiGroups: 722 description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. 723 type: array 724 items: 725 type: string 726 nonResourceURLs: 727 description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. 728 type: array 729 items: 730 type: string 731 resourceNames: 732 description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. 733 type: array 734 items: 735 type: string 736 resources: 737 description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. 738 type: array 739 items: 740 type: string 741 verbs: 742 description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. 743 type: array 744 items: 745 type: string 746 serviceAccountName: 747 type: string 748 deployments: 749 type: array 750 items: 751 description: StrategyDeploymentSpec contains the name, spec and labels for the deployment ALM should create 752 type: object 753 required: 754 - name 755 - spec 756 properties: 757 label: 758 description: Set is a map of label:value. It implements Labels. 759 type: object 760 additionalProperties: 761 type: string 762 name: 763 type: string 764 spec: 765 description: DeploymentSpec is the specification of the desired behavior of the Deployment. 766 type: object 767 required: 768 - selector 769 - template 770 properties: 771 minReadySeconds: 772 description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) 773 type: integer 774 format: int32 775 paused: 776 description: Indicates that the deployment is paused. 777 type: boolean 778 progressDeadlineSeconds: 779 description: The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. 780 type: integer 781 format: int32 782 replicas: 783 description: Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. 784 type: integer 785 format: int32 786 revisionHistoryLimit: 787 description: The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. 788 type: integer 789 format: int32 790 selector: 791 description: Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. 792 type: object 793 properties: 794 matchExpressions: 795 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 796 type: array 797 items: 798 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 799 type: object 800 required: 801 - key 802 - operator 803 properties: 804 key: 805 description: key is the label key that the selector applies to. 806 type: string 807 operator: 808 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 809 type: string 810 values: 811 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 812 type: array 813 items: 814 type: string 815 matchLabels: 816 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 817 type: object 818 additionalProperties: 819 type: string 820 strategy: 821 description: The deployment strategy to use to replace existing pods with new ones. 822 type: object 823 properties: 824 rollingUpdate: 825 description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.' 826 type: object 827 properties: 828 maxSurge: 829 description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.' 830 anyOf: 831 - type: integer 832 - type: string 833 x-kubernetes-int-or-string: true 834 maxUnavailable: 835 description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.' 836 anyOf: 837 - type: integer 838 - type: string 839 x-kubernetes-int-or-string: true 840 type: 841 description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. 842 type: string 843 template: 844 description: Template describes the pods that will be created. 845 type: object 846 properties: 847 metadata: 848 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 849 type: object 850 x-kubernetes-preserve-unknown-fields: true 851 spec: 852 description: 'Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 853 type: object 854 required: 855 - containers 856 properties: 857 activeDeadlineSeconds: 858 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. 859 type: integer 860 format: int64 861 affinity: 862 description: If specified, the pod's scheduling constraints 863 type: object 864 properties: 865 nodeAffinity: 866 description: Describes node affinity scheduling rules for the pod. 867 type: object 868 properties: 869 preferredDuringSchedulingIgnoredDuringExecution: 870 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 871 type: array 872 items: 873 description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). 874 type: object 875 required: 876 - preference 877 - weight 878 properties: 879 preference: 880 description: A node selector term, associated with the corresponding weight. 881 type: object 882 properties: 883 matchExpressions: 884 description: A list of node selector requirements by node's labels. 885 type: array 886 items: 887 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 888 type: object 889 required: 890 - key 891 - operator 892 properties: 893 key: 894 description: The label key that the selector applies to. 895 type: string 896 operator: 897 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 898 type: string 899 values: 900 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 901 type: array 902 items: 903 type: string 904 matchFields: 905 description: A list of node selector requirements by node's fields. 906 type: array 907 items: 908 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 909 type: object 910 required: 911 - key 912 - operator 913 properties: 914 key: 915 description: The label key that the selector applies to. 916 type: string 917 operator: 918 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 919 type: string 920 values: 921 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 922 type: array 923 items: 924 type: string 925 weight: 926 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 927 type: integer 928 format: int32 929 requiredDuringSchedulingIgnoredDuringExecution: 930 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 931 type: object 932 required: 933 - nodeSelectorTerms 934 properties: 935 nodeSelectorTerms: 936 description: Required. A list of node selector terms. The terms are ORed. 937 type: array 938 items: 939 description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. 940 type: object 941 properties: 942 matchExpressions: 943 description: A list of node selector requirements by node's labels. 944 type: array 945 items: 946 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 947 type: object 948 required: 949 - key 950 - operator 951 properties: 952 key: 953 description: The label key that the selector applies to. 954 type: string 955 operator: 956 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 957 type: string 958 values: 959 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 960 type: array 961 items: 962 type: string 963 matchFields: 964 description: A list of node selector requirements by node's fields. 965 type: array 966 items: 967 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 968 type: object 969 required: 970 - key 971 - operator 972 properties: 973 key: 974 description: The label key that the selector applies to. 975 type: string 976 operator: 977 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 978 type: string 979 values: 980 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 981 type: array 982 items: 983 type: string 984 podAffinity: 985 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 986 type: object 987 properties: 988 preferredDuringSchedulingIgnoredDuringExecution: 989 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 990 type: array 991 items: 992 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) 993 type: object 994 required: 995 - podAffinityTerm 996 - weight 997 properties: 998 podAffinityTerm: 999 description: Required. A pod affinity term, associated with the corresponding weight. 1000 type: object 1001 required: 1002 - topologyKey 1003 properties: 1004 labelSelector: 1005 description: A label query over a set of resources, in this case pods. 1006 type: object 1007 properties: 1008 matchExpressions: 1009 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1010 type: array 1011 items: 1012 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 1013 type: object 1014 required: 1015 - key 1016 - operator 1017 properties: 1018 key: 1019 description: key is the label key that the selector applies to. 1020 type: string 1021 operator: 1022 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1023 type: string 1024 values: 1025 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1026 type: array 1027 items: 1028 type: string 1029 matchLabels: 1030 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1031 type: object 1032 additionalProperties: 1033 type: string 1034 namespaces: 1035 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 1036 type: array 1037 items: 1038 type: string 1039 topologyKey: 1040 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 1041 type: string 1042 weight: 1043 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 1044 type: integer 1045 format: int32 1046 requiredDuringSchedulingIgnoredDuringExecution: 1047 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 1048 type: array 1049 items: 1050 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running 1051 type: object 1052 required: 1053 - topologyKey 1054 properties: 1055 labelSelector: 1056 description: A label query over a set of resources, in this case pods. 1057 type: object 1058 properties: 1059 matchExpressions: 1060 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1061 type: array 1062 items: 1063 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 1064 type: object 1065 required: 1066 - key 1067 - operator 1068 properties: 1069 key: 1070 description: key is the label key that the selector applies to. 1071 type: string 1072 operator: 1073 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1074 type: string 1075 values: 1076 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1077 type: array 1078 items: 1079 type: string 1080 matchLabels: 1081 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1082 type: object 1083 additionalProperties: 1084 type: string 1085 namespaces: 1086 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 1087 type: array 1088 items: 1089 type: string 1090 topologyKey: 1091 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 1092 type: string 1093 podAntiAffinity: 1094 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 1095 type: object 1096 properties: 1097 preferredDuringSchedulingIgnoredDuringExecution: 1098 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 1099 type: array 1100 items: 1101 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) 1102 type: object 1103 required: 1104 - podAffinityTerm 1105 - weight 1106 properties: 1107 podAffinityTerm: 1108 description: Required. A pod affinity term, associated with the corresponding weight. 1109 type: object 1110 required: 1111 - topologyKey 1112 properties: 1113 labelSelector: 1114 description: A label query over a set of resources, in this case pods. 1115 type: object 1116 properties: 1117 matchExpressions: 1118 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1119 type: array 1120 items: 1121 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 1122 type: object 1123 required: 1124 - key 1125 - operator 1126 properties: 1127 key: 1128 description: key is the label key that the selector applies to. 1129 type: string 1130 operator: 1131 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1132 type: string 1133 values: 1134 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1135 type: array 1136 items: 1137 type: string 1138 matchLabels: 1139 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1140 type: object 1141 additionalProperties: 1142 type: string 1143 namespaces: 1144 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 1145 type: array 1146 items: 1147 type: string 1148 topologyKey: 1149 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 1150 type: string 1151 weight: 1152 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 1153 type: integer 1154 format: int32 1155 requiredDuringSchedulingIgnoredDuringExecution: 1156 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 1157 type: array 1158 items: 1159 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running 1160 type: object 1161 required: 1162 - topologyKey 1163 properties: 1164 labelSelector: 1165 description: A label query over a set of resources, in this case pods. 1166 type: object 1167 properties: 1168 matchExpressions: 1169 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 1170 type: array 1171 items: 1172 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 1173 type: object 1174 required: 1175 - key 1176 - operator 1177 properties: 1178 key: 1179 description: key is the label key that the selector applies to. 1180 type: string 1181 operator: 1182 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 1183 type: string 1184 values: 1185 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 1186 type: array 1187 items: 1188 type: string 1189 matchLabels: 1190 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 1191 type: object 1192 additionalProperties: 1193 type: string 1194 namespaces: 1195 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 1196 type: array 1197 items: 1198 type: string 1199 topologyKey: 1200 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 1201 type: string 1202 automountServiceAccountToken: 1203 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 1204 type: boolean 1205 containers: 1206 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. 1207 type: array 1208 items: 1209 description: A single application container that you want to run within a pod. 1210 type: object 1211 required: 1212 - name 1213 properties: 1214 args: 1215 description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1216 type: array 1217 items: 1218 type: string 1219 command: 1220 description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1221 type: array 1222 items: 1223 type: string 1224 env: 1225 description: List of environment variables to set in the container. Cannot be updated. 1226 type: array 1227 items: 1228 description: EnvVar represents an environment variable present in a Container. 1229 type: object 1230 required: 1231 - name 1232 properties: 1233 name: 1234 description: Name of the environment variable. Must be a C_IDENTIFIER. 1235 type: string 1236 value: 1237 description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' 1238 type: string 1239 valueFrom: 1240 description: Source for the environment variable's value. Cannot be used if value is not empty. 1241 type: object 1242 properties: 1243 configMapKeyRef: 1244 description: Selects a key of a ConfigMap. 1245 type: object 1246 required: 1247 - key 1248 properties: 1249 key: 1250 description: The key to select. 1251 type: string 1252 name: 1253 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1254 type: string 1255 optional: 1256 description: Specify whether the ConfigMap or its key must be defined 1257 type: boolean 1258 fieldRef: 1259 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' 1260 type: object 1261 required: 1262 - fieldPath 1263 properties: 1264 apiVersion: 1265 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 1266 type: string 1267 fieldPath: 1268 description: Path of the field to select in the specified API version. 1269 type: string 1270 resourceFieldRef: 1271 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' 1272 type: object 1273 required: 1274 - resource 1275 properties: 1276 containerName: 1277 description: 'Container name: required for volumes, optional for env vars' 1278 type: string 1279 divisor: 1280 description: Specifies the output format of the exposed resources, defaults to "1" 1281 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1282 anyOf: 1283 - type: integer 1284 - type: string 1285 x-kubernetes-int-or-string: true 1286 resource: 1287 description: 'Required: resource to select' 1288 type: string 1289 secretKeyRef: 1290 description: Selects a key of a secret in the pod's namespace 1291 type: object 1292 required: 1293 - key 1294 properties: 1295 key: 1296 description: The key of the secret to select from. Must be a valid secret key. 1297 type: string 1298 name: 1299 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1300 type: string 1301 optional: 1302 description: Specify whether the Secret or its key must be defined 1303 type: boolean 1304 envFrom: 1305 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 1306 type: array 1307 items: 1308 description: EnvFromSource represents the source of a set of ConfigMaps 1309 type: object 1310 properties: 1311 configMapRef: 1312 description: The ConfigMap to select from 1313 type: object 1314 properties: 1315 name: 1316 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1317 type: string 1318 optional: 1319 description: Specify whether the ConfigMap must be defined 1320 type: boolean 1321 prefix: 1322 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 1323 type: string 1324 secretRef: 1325 description: The Secret to select from 1326 type: object 1327 properties: 1328 name: 1329 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1330 type: string 1331 optional: 1332 description: Specify whether the Secret must be defined 1333 type: boolean 1334 image: 1335 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' 1336 type: string 1337 imagePullPolicy: 1338 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1339 type: string 1340 lifecycle: 1341 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 1342 type: object 1343 properties: 1344 postStart: 1345 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1346 type: object 1347 properties: 1348 exec: 1349 description: One and only one of the following should be specified. Exec specifies the action to take. 1350 type: object 1351 properties: 1352 command: 1353 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1354 type: array 1355 items: 1356 type: string 1357 httpGet: 1358 description: HTTPGet specifies the http request to perform. 1359 type: object 1360 required: 1361 - port 1362 properties: 1363 host: 1364 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1365 type: string 1366 httpHeaders: 1367 description: Custom headers to set in the request. HTTP allows repeated headers. 1368 type: array 1369 items: 1370 description: HTTPHeader describes a custom header to be used in HTTP probes 1371 type: object 1372 required: 1373 - name 1374 - value 1375 properties: 1376 name: 1377 description: The header field name 1378 type: string 1379 value: 1380 description: The header field value 1381 type: string 1382 path: 1383 description: Path to access on the HTTP server. 1384 type: string 1385 port: 1386 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1387 anyOf: 1388 - type: integer 1389 - type: string 1390 x-kubernetes-int-or-string: true 1391 scheme: 1392 description: Scheme to use for connecting to the host. Defaults to HTTP. 1393 type: string 1394 tcpSocket: 1395 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1396 type: object 1397 required: 1398 - port 1399 properties: 1400 host: 1401 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1402 type: string 1403 port: 1404 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1405 anyOf: 1406 - type: integer 1407 - type: string 1408 x-kubernetes-int-or-string: true 1409 preStop: 1410 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1411 type: object 1412 properties: 1413 exec: 1414 description: One and only one of the following should be specified. Exec specifies the action to take. 1415 type: object 1416 properties: 1417 command: 1418 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1419 type: array 1420 items: 1421 type: string 1422 httpGet: 1423 description: HTTPGet specifies the http request to perform. 1424 type: object 1425 required: 1426 - port 1427 properties: 1428 host: 1429 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1430 type: string 1431 httpHeaders: 1432 description: Custom headers to set in the request. HTTP allows repeated headers. 1433 type: array 1434 items: 1435 description: HTTPHeader describes a custom header to be used in HTTP probes 1436 type: object 1437 required: 1438 - name 1439 - value 1440 properties: 1441 name: 1442 description: The header field name 1443 type: string 1444 value: 1445 description: The header field value 1446 type: string 1447 path: 1448 description: Path to access on the HTTP server. 1449 type: string 1450 port: 1451 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1452 anyOf: 1453 - type: integer 1454 - type: string 1455 x-kubernetes-int-or-string: true 1456 scheme: 1457 description: Scheme to use for connecting to the host. Defaults to HTTP. 1458 type: string 1459 tcpSocket: 1460 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1461 type: object 1462 required: 1463 - port 1464 properties: 1465 host: 1466 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1467 type: string 1468 port: 1469 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1470 anyOf: 1471 - type: integer 1472 - type: string 1473 x-kubernetes-int-or-string: true 1474 livenessProbe: 1475 description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1476 type: object 1477 properties: 1478 exec: 1479 description: One and only one of the following should be specified. Exec specifies the action to take. 1480 type: object 1481 properties: 1482 command: 1483 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1484 type: array 1485 items: 1486 type: string 1487 failureThreshold: 1488 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1489 type: integer 1490 format: int32 1491 httpGet: 1492 description: HTTPGet specifies the http request to perform. 1493 type: object 1494 required: 1495 - port 1496 properties: 1497 host: 1498 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1499 type: string 1500 httpHeaders: 1501 description: Custom headers to set in the request. HTTP allows repeated headers. 1502 type: array 1503 items: 1504 description: HTTPHeader describes a custom header to be used in HTTP probes 1505 type: object 1506 required: 1507 - name 1508 - value 1509 properties: 1510 name: 1511 description: The header field name 1512 type: string 1513 value: 1514 description: The header field value 1515 type: string 1516 path: 1517 description: Path to access on the HTTP server. 1518 type: string 1519 port: 1520 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1521 anyOf: 1522 - type: integer 1523 - type: string 1524 x-kubernetes-int-or-string: true 1525 scheme: 1526 description: Scheme to use for connecting to the host. Defaults to HTTP. 1527 type: string 1528 initialDelaySeconds: 1529 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1530 type: integer 1531 format: int32 1532 periodSeconds: 1533 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1534 type: integer 1535 format: int32 1536 successThreshold: 1537 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1538 type: integer 1539 format: int32 1540 tcpSocket: 1541 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1542 type: object 1543 required: 1544 - port 1545 properties: 1546 host: 1547 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1548 type: string 1549 port: 1550 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1551 anyOf: 1552 - type: integer 1553 - type: string 1554 x-kubernetes-int-or-string: true 1555 timeoutSeconds: 1556 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1557 type: integer 1558 format: int32 1559 name: 1560 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 1561 type: string 1562 ports: 1563 description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. 1564 type: array 1565 items: 1566 description: ContainerPort represents a network port in a single container. 1567 type: object 1568 required: 1569 - containerPort 1570 properties: 1571 containerPort: 1572 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 1573 type: integer 1574 format: int32 1575 hostIP: 1576 description: What host IP to bind the external port to. 1577 type: string 1578 hostPort: 1579 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 1580 type: integer 1581 format: int32 1582 name: 1583 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 1584 type: string 1585 protocol: 1586 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 1587 type: string 1588 default: TCP 1589 x-kubernetes-list-map-keys: 1590 - containerPort 1591 - protocol 1592 x-kubernetes-list-type: map 1593 readinessProbe: 1594 description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1595 type: object 1596 properties: 1597 exec: 1598 description: One and only one of the following should be specified. Exec specifies the action to take. 1599 type: object 1600 properties: 1601 command: 1602 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1603 type: array 1604 items: 1605 type: string 1606 failureThreshold: 1607 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1608 type: integer 1609 format: int32 1610 httpGet: 1611 description: HTTPGet specifies the http request to perform. 1612 type: object 1613 required: 1614 - port 1615 properties: 1616 host: 1617 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1618 type: string 1619 httpHeaders: 1620 description: Custom headers to set in the request. HTTP allows repeated headers. 1621 type: array 1622 items: 1623 description: HTTPHeader describes a custom header to be used in HTTP probes 1624 type: object 1625 required: 1626 - name 1627 - value 1628 properties: 1629 name: 1630 description: The header field name 1631 type: string 1632 value: 1633 description: The header field value 1634 type: string 1635 path: 1636 description: Path to access on the HTTP server. 1637 type: string 1638 port: 1639 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1640 anyOf: 1641 - type: integer 1642 - type: string 1643 x-kubernetes-int-or-string: true 1644 scheme: 1645 description: Scheme to use for connecting to the host. Defaults to HTTP. 1646 type: string 1647 initialDelaySeconds: 1648 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1649 type: integer 1650 format: int32 1651 periodSeconds: 1652 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1653 type: integer 1654 format: int32 1655 successThreshold: 1656 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1657 type: integer 1658 format: int32 1659 tcpSocket: 1660 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1661 type: object 1662 required: 1663 - port 1664 properties: 1665 host: 1666 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1667 type: string 1668 port: 1669 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1670 anyOf: 1671 - type: integer 1672 - type: string 1673 x-kubernetes-int-or-string: true 1674 timeoutSeconds: 1675 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1676 type: integer 1677 format: int32 1678 resources: 1679 description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1680 type: object 1681 properties: 1682 limits: 1683 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1684 type: object 1685 additionalProperties: 1686 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1687 anyOf: 1688 - type: integer 1689 - type: string 1690 x-kubernetes-int-or-string: true 1691 requests: 1692 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1693 type: object 1694 additionalProperties: 1695 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1696 anyOf: 1697 - type: integer 1698 - type: string 1699 x-kubernetes-int-or-string: true 1700 securityContext: 1701 description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 1702 type: object 1703 properties: 1704 allowPrivilegeEscalation: 1705 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' 1706 type: boolean 1707 capabilities: 1708 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. 1709 type: object 1710 properties: 1711 add: 1712 description: Added capabilities 1713 type: array 1714 items: 1715 description: Capability represent POSIX capabilities type 1716 type: string 1717 drop: 1718 description: Removed capabilities 1719 type: array 1720 items: 1721 description: Capability represent POSIX capabilities type 1722 type: string 1723 privileged: 1724 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. 1725 type: boolean 1726 procMount: 1727 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. 1728 type: string 1729 readOnlyRootFilesystem: 1730 description: Whether this container has a read-only root filesystem. Default is false. 1731 type: boolean 1732 runAsGroup: 1733 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1734 type: integer 1735 format: int64 1736 runAsNonRoot: 1737 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1738 type: boolean 1739 runAsUser: 1740 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1741 type: integer 1742 format: int64 1743 seLinuxOptions: 1744 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1745 type: object 1746 properties: 1747 level: 1748 description: Level is SELinux level label that applies to the container. 1749 type: string 1750 role: 1751 description: Role is a SELinux role label that applies to the container. 1752 type: string 1753 type: 1754 description: Type is a SELinux type label that applies to the container. 1755 type: string 1756 user: 1757 description: User is a SELinux user label that applies to the container. 1758 type: string 1759 seccompProfile: 1760 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. 1761 type: object 1762 required: 1763 - type 1764 properties: 1765 localhostProfile: 1766 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". 1767 type: string 1768 type: 1769 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." 1770 type: string 1771 windowsOptions: 1772 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1773 type: object 1774 properties: 1775 gmsaCredentialSpec: 1776 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 1777 type: string 1778 gmsaCredentialSpecName: 1779 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 1780 type: string 1781 runAsUserName: 1782 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1783 type: string 1784 startupProbe: 1785 description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1786 type: object 1787 properties: 1788 exec: 1789 description: One and only one of the following should be specified. Exec specifies the action to take. 1790 type: object 1791 properties: 1792 command: 1793 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1794 type: array 1795 items: 1796 type: string 1797 failureThreshold: 1798 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1799 type: integer 1800 format: int32 1801 httpGet: 1802 description: HTTPGet specifies the http request to perform. 1803 type: object 1804 required: 1805 - port 1806 properties: 1807 host: 1808 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1809 type: string 1810 httpHeaders: 1811 description: Custom headers to set in the request. HTTP allows repeated headers. 1812 type: array 1813 items: 1814 description: HTTPHeader describes a custom header to be used in HTTP probes 1815 type: object 1816 required: 1817 - name 1818 - value 1819 properties: 1820 name: 1821 description: The header field name 1822 type: string 1823 value: 1824 description: The header field value 1825 type: string 1826 path: 1827 description: Path to access on the HTTP server. 1828 type: string 1829 port: 1830 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1831 anyOf: 1832 - type: integer 1833 - type: string 1834 x-kubernetes-int-or-string: true 1835 scheme: 1836 description: Scheme to use for connecting to the host. Defaults to HTTP. 1837 type: string 1838 initialDelaySeconds: 1839 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1840 type: integer 1841 format: int32 1842 periodSeconds: 1843 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1844 type: integer 1845 format: int32 1846 successThreshold: 1847 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1848 type: integer 1849 format: int32 1850 tcpSocket: 1851 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1852 type: object 1853 required: 1854 - port 1855 properties: 1856 host: 1857 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1858 type: string 1859 port: 1860 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1861 anyOf: 1862 - type: integer 1863 - type: string 1864 x-kubernetes-int-or-string: true 1865 timeoutSeconds: 1866 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1867 type: integer 1868 format: int32 1869 stdin: 1870 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 1871 type: boolean 1872 stdinOnce: 1873 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 1874 type: boolean 1875 terminationMessagePath: 1876 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' 1877 type: string 1878 terminationMessagePolicy: 1879 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 1880 type: string 1881 tty: 1882 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 1883 type: boolean 1884 volumeDevices: 1885 description: volumeDevices is the list of block devices to be used by the container. 1886 type: array 1887 items: 1888 description: volumeDevice describes a mapping of a raw block device within a container. 1889 type: object 1890 required: 1891 - devicePath 1892 - name 1893 properties: 1894 devicePath: 1895 description: devicePath is the path inside of the container that the device will be mapped to. 1896 type: string 1897 name: 1898 description: name must match the name of a persistentVolumeClaim in the pod 1899 type: string 1900 volumeMounts: 1901 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 1902 type: array 1903 items: 1904 description: VolumeMount describes a mounting of a Volume within a container. 1905 type: object 1906 required: 1907 - mountPath 1908 - name 1909 properties: 1910 mountPath: 1911 description: Path within the container at which the volume should be mounted. Must not contain ':'. 1912 type: string 1913 mountPropagation: 1914 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. 1915 type: string 1916 name: 1917 description: This must match the Name of a Volume. 1918 type: string 1919 readOnly: 1920 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 1921 type: boolean 1922 subPath: 1923 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 1924 type: string 1925 subPathExpr: 1926 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 1927 type: string 1928 workingDir: 1929 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 1930 type: string 1931 dnsConfig: 1932 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. 1933 type: object 1934 properties: 1935 nameservers: 1936 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. 1937 type: array 1938 items: 1939 type: string 1940 options: 1941 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. 1942 type: array 1943 items: 1944 description: PodDNSConfigOption defines DNS resolver options of a pod. 1945 type: object 1946 properties: 1947 name: 1948 description: Required. 1949 type: string 1950 value: 1951 type: string 1952 searches: 1953 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. 1954 type: array 1955 items: 1956 type: string 1957 dnsPolicy: 1958 description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 1959 type: string 1960 enableServiceLinks: 1961 description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' 1962 type: boolean 1963 ephemeralContainers: 1964 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature. 1965 type: array 1966 items: 1967 description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. 1968 type: object 1969 required: 1970 - name 1971 properties: 1972 args: 1973 description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1974 type: array 1975 items: 1976 type: string 1977 command: 1978 description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1979 type: array 1980 items: 1981 type: string 1982 env: 1983 description: List of environment variables to set in the container. Cannot be updated. 1984 type: array 1985 items: 1986 description: EnvVar represents an environment variable present in a Container. 1987 type: object 1988 required: 1989 - name 1990 properties: 1991 name: 1992 description: Name of the environment variable. Must be a C_IDENTIFIER. 1993 type: string 1994 value: 1995 description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' 1996 type: string 1997 valueFrom: 1998 description: Source for the environment variable's value. Cannot be used if value is not empty. 1999 type: object 2000 properties: 2001 configMapKeyRef: 2002 description: Selects a key of a ConfigMap. 2003 type: object 2004 required: 2005 - key 2006 properties: 2007 key: 2008 description: The key to select. 2009 type: string 2010 name: 2011 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2012 type: string 2013 optional: 2014 description: Specify whether the ConfigMap or its key must be defined 2015 type: boolean 2016 fieldRef: 2017 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' 2018 type: object 2019 required: 2020 - fieldPath 2021 properties: 2022 apiVersion: 2023 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 2024 type: string 2025 fieldPath: 2026 description: Path of the field to select in the specified API version. 2027 type: string 2028 resourceFieldRef: 2029 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' 2030 type: object 2031 required: 2032 - resource 2033 properties: 2034 containerName: 2035 description: 'Container name: required for volumes, optional for env vars' 2036 type: string 2037 divisor: 2038 description: Specifies the output format of the exposed resources, defaults to "1" 2039 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2040 anyOf: 2041 - type: integer 2042 - type: string 2043 x-kubernetes-int-or-string: true 2044 resource: 2045 description: 'Required: resource to select' 2046 type: string 2047 secretKeyRef: 2048 description: Selects a key of a secret in the pod's namespace 2049 type: object 2050 required: 2051 - key 2052 properties: 2053 key: 2054 description: The key of the secret to select from. Must be a valid secret key. 2055 type: string 2056 name: 2057 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2058 type: string 2059 optional: 2060 description: Specify whether the Secret or its key must be defined 2061 type: boolean 2062 envFrom: 2063 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 2064 type: array 2065 items: 2066 description: EnvFromSource represents the source of a set of ConfigMaps 2067 type: object 2068 properties: 2069 configMapRef: 2070 description: The ConfigMap to select from 2071 type: object 2072 properties: 2073 name: 2074 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2075 type: string 2076 optional: 2077 description: Specify whether the ConfigMap must be defined 2078 type: boolean 2079 prefix: 2080 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 2081 type: string 2082 secretRef: 2083 description: The Secret to select from 2084 type: object 2085 properties: 2086 name: 2087 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2088 type: string 2089 optional: 2090 description: Specify whether the Secret must be defined 2091 type: boolean 2092 image: 2093 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' 2094 type: string 2095 imagePullPolicy: 2096 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2097 type: string 2098 lifecycle: 2099 description: Lifecycle is not allowed for ephemeral containers. 2100 type: object 2101 properties: 2102 postStart: 2103 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2104 type: object 2105 properties: 2106 exec: 2107 description: One and only one of the following should be specified. Exec specifies the action to take. 2108 type: object 2109 properties: 2110 command: 2111 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2112 type: array 2113 items: 2114 type: string 2115 httpGet: 2116 description: HTTPGet specifies the http request to perform. 2117 type: object 2118 required: 2119 - port 2120 properties: 2121 host: 2122 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2123 type: string 2124 httpHeaders: 2125 description: Custom headers to set in the request. HTTP allows repeated headers. 2126 type: array 2127 items: 2128 description: HTTPHeader describes a custom header to be used in HTTP probes 2129 type: object 2130 required: 2131 - name 2132 - value 2133 properties: 2134 name: 2135 description: The header field name 2136 type: string 2137 value: 2138 description: The header field value 2139 type: string 2140 path: 2141 description: Path to access on the HTTP server. 2142 type: string 2143 port: 2144 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2145 anyOf: 2146 - type: integer 2147 - type: string 2148 x-kubernetes-int-or-string: true 2149 scheme: 2150 description: Scheme to use for connecting to the host. Defaults to HTTP. 2151 type: string 2152 tcpSocket: 2153 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2154 type: object 2155 required: 2156 - port 2157 properties: 2158 host: 2159 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2160 type: string 2161 port: 2162 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2163 anyOf: 2164 - type: integer 2165 - type: string 2166 x-kubernetes-int-or-string: true 2167 preStop: 2168 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2169 type: object 2170 properties: 2171 exec: 2172 description: One and only one of the following should be specified. Exec specifies the action to take. 2173 type: object 2174 properties: 2175 command: 2176 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2177 type: array 2178 items: 2179 type: string 2180 httpGet: 2181 description: HTTPGet specifies the http request to perform. 2182 type: object 2183 required: 2184 - port 2185 properties: 2186 host: 2187 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2188 type: string 2189 httpHeaders: 2190 description: Custom headers to set in the request. HTTP allows repeated headers. 2191 type: array 2192 items: 2193 description: HTTPHeader describes a custom header to be used in HTTP probes 2194 type: object 2195 required: 2196 - name 2197 - value 2198 properties: 2199 name: 2200 description: The header field name 2201 type: string 2202 value: 2203 description: The header field value 2204 type: string 2205 path: 2206 description: Path to access on the HTTP server. 2207 type: string 2208 port: 2209 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2210 anyOf: 2211 - type: integer 2212 - type: string 2213 x-kubernetes-int-or-string: true 2214 scheme: 2215 description: Scheme to use for connecting to the host. Defaults to HTTP. 2216 type: string 2217 tcpSocket: 2218 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2219 type: object 2220 required: 2221 - port 2222 properties: 2223 host: 2224 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2225 type: string 2226 port: 2227 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2228 anyOf: 2229 - type: integer 2230 - type: string 2231 x-kubernetes-int-or-string: true 2232 livenessProbe: 2233 description: Probes are not allowed for ephemeral containers. 2234 type: object 2235 properties: 2236 exec: 2237 description: One and only one of the following should be specified. Exec specifies the action to take. 2238 type: object 2239 properties: 2240 command: 2241 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2242 type: array 2243 items: 2244 type: string 2245 failureThreshold: 2246 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2247 type: integer 2248 format: int32 2249 httpGet: 2250 description: HTTPGet specifies the http request to perform. 2251 type: object 2252 required: 2253 - port 2254 properties: 2255 host: 2256 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2257 type: string 2258 httpHeaders: 2259 description: Custom headers to set in the request. HTTP allows repeated headers. 2260 type: array 2261 items: 2262 description: HTTPHeader describes a custom header to be used in HTTP probes 2263 type: object 2264 required: 2265 - name 2266 - value 2267 properties: 2268 name: 2269 description: The header field name 2270 type: string 2271 value: 2272 description: The header field value 2273 type: string 2274 path: 2275 description: Path to access on the HTTP server. 2276 type: string 2277 port: 2278 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2279 anyOf: 2280 - type: integer 2281 - type: string 2282 x-kubernetes-int-or-string: true 2283 scheme: 2284 description: Scheme to use for connecting to the host. Defaults to HTTP. 2285 type: string 2286 initialDelaySeconds: 2287 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2288 type: integer 2289 format: int32 2290 periodSeconds: 2291 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2292 type: integer 2293 format: int32 2294 successThreshold: 2295 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2296 type: integer 2297 format: int32 2298 tcpSocket: 2299 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2300 type: object 2301 required: 2302 - port 2303 properties: 2304 host: 2305 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2306 type: string 2307 port: 2308 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2309 anyOf: 2310 - type: integer 2311 - type: string 2312 x-kubernetes-int-or-string: true 2313 timeoutSeconds: 2314 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2315 type: integer 2316 format: int32 2317 name: 2318 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. 2319 type: string 2320 ports: 2321 description: Ports are not allowed for ephemeral containers. 2322 type: array 2323 items: 2324 description: ContainerPort represents a network port in a single container. 2325 type: object 2326 required: 2327 - containerPort 2328 properties: 2329 containerPort: 2330 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 2331 type: integer 2332 format: int32 2333 hostIP: 2334 description: What host IP to bind the external port to. 2335 type: string 2336 hostPort: 2337 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 2338 type: integer 2339 format: int32 2340 name: 2341 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 2342 type: string 2343 protocol: 2344 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 2345 type: string 2346 default: TCP 2347 readinessProbe: 2348 description: Probes are not allowed for ephemeral containers. 2349 type: object 2350 properties: 2351 exec: 2352 description: One and only one of the following should be specified. Exec specifies the action to take. 2353 type: object 2354 properties: 2355 command: 2356 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2357 type: array 2358 items: 2359 type: string 2360 failureThreshold: 2361 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2362 type: integer 2363 format: int32 2364 httpGet: 2365 description: HTTPGet specifies the http request to perform. 2366 type: object 2367 required: 2368 - port 2369 properties: 2370 host: 2371 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2372 type: string 2373 httpHeaders: 2374 description: Custom headers to set in the request. HTTP allows repeated headers. 2375 type: array 2376 items: 2377 description: HTTPHeader describes a custom header to be used in HTTP probes 2378 type: object 2379 required: 2380 - name 2381 - value 2382 properties: 2383 name: 2384 description: The header field name 2385 type: string 2386 value: 2387 description: The header field value 2388 type: string 2389 path: 2390 description: Path to access on the HTTP server. 2391 type: string 2392 port: 2393 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2394 anyOf: 2395 - type: integer 2396 - type: string 2397 x-kubernetes-int-or-string: true 2398 scheme: 2399 description: Scheme to use for connecting to the host. Defaults to HTTP. 2400 type: string 2401 initialDelaySeconds: 2402 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2403 type: integer 2404 format: int32 2405 periodSeconds: 2406 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2407 type: integer 2408 format: int32 2409 successThreshold: 2410 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2411 type: integer 2412 format: int32 2413 tcpSocket: 2414 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2415 type: object 2416 required: 2417 - port 2418 properties: 2419 host: 2420 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2421 type: string 2422 port: 2423 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2424 anyOf: 2425 - type: integer 2426 - type: string 2427 x-kubernetes-int-or-string: true 2428 timeoutSeconds: 2429 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2430 type: integer 2431 format: int32 2432 resources: 2433 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. 2434 type: object 2435 properties: 2436 limits: 2437 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2438 type: object 2439 additionalProperties: 2440 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2441 anyOf: 2442 - type: integer 2443 - type: string 2444 x-kubernetes-int-or-string: true 2445 requests: 2446 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2447 type: object 2448 additionalProperties: 2449 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2450 anyOf: 2451 - type: integer 2452 - type: string 2453 x-kubernetes-int-or-string: true 2454 securityContext: 2455 description: SecurityContext is not allowed for ephemeral containers. 2456 type: object 2457 properties: 2458 allowPrivilegeEscalation: 2459 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' 2460 type: boolean 2461 capabilities: 2462 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. 2463 type: object 2464 properties: 2465 add: 2466 description: Added capabilities 2467 type: array 2468 items: 2469 description: Capability represent POSIX capabilities type 2470 type: string 2471 drop: 2472 description: Removed capabilities 2473 type: array 2474 items: 2475 description: Capability represent POSIX capabilities type 2476 type: string 2477 privileged: 2478 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. 2479 type: boolean 2480 procMount: 2481 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. 2482 type: string 2483 readOnlyRootFilesystem: 2484 description: Whether this container has a read-only root filesystem. Default is false. 2485 type: boolean 2486 runAsGroup: 2487 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2488 type: integer 2489 format: int64 2490 runAsNonRoot: 2491 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2492 type: boolean 2493 runAsUser: 2494 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2495 type: integer 2496 format: int64 2497 seLinuxOptions: 2498 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2499 type: object 2500 properties: 2501 level: 2502 description: Level is SELinux level label that applies to the container. 2503 type: string 2504 role: 2505 description: Role is a SELinux role label that applies to the container. 2506 type: string 2507 type: 2508 description: Type is a SELinux type label that applies to the container. 2509 type: string 2510 user: 2511 description: User is a SELinux user label that applies to the container. 2512 type: string 2513 seccompProfile: 2514 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. 2515 type: object 2516 required: 2517 - type 2518 properties: 2519 localhostProfile: 2520 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". 2521 type: string 2522 type: 2523 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." 2524 type: string 2525 windowsOptions: 2526 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2527 type: object 2528 properties: 2529 gmsaCredentialSpec: 2530 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 2531 type: string 2532 gmsaCredentialSpecName: 2533 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 2534 type: string 2535 runAsUserName: 2536 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2537 type: string 2538 startupProbe: 2539 description: Probes are not allowed for ephemeral containers. 2540 type: object 2541 properties: 2542 exec: 2543 description: One and only one of the following should be specified. Exec specifies the action to take. 2544 type: object 2545 properties: 2546 command: 2547 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2548 type: array 2549 items: 2550 type: string 2551 failureThreshold: 2552 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2553 type: integer 2554 format: int32 2555 httpGet: 2556 description: HTTPGet specifies the http request to perform. 2557 type: object 2558 required: 2559 - port 2560 properties: 2561 host: 2562 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2563 type: string 2564 httpHeaders: 2565 description: Custom headers to set in the request. HTTP allows repeated headers. 2566 type: array 2567 items: 2568 description: HTTPHeader describes a custom header to be used in HTTP probes 2569 type: object 2570 required: 2571 - name 2572 - value 2573 properties: 2574 name: 2575 description: The header field name 2576 type: string 2577 value: 2578 description: The header field value 2579 type: string 2580 path: 2581 description: Path to access on the HTTP server. 2582 type: string 2583 port: 2584 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2585 anyOf: 2586 - type: integer 2587 - type: string 2588 x-kubernetes-int-or-string: true 2589 scheme: 2590 description: Scheme to use for connecting to the host. Defaults to HTTP. 2591 type: string 2592 initialDelaySeconds: 2593 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2594 type: integer 2595 format: int32 2596 periodSeconds: 2597 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2598 type: integer 2599 format: int32 2600 successThreshold: 2601 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2602 type: integer 2603 format: int32 2604 tcpSocket: 2605 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2606 type: object 2607 required: 2608 - port 2609 properties: 2610 host: 2611 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2612 type: string 2613 port: 2614 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2615 anyOf: 2616 - type: integer 2617 - type: string 2618 x-kubernetes-int-or-string: true 2619 timeoutSeconds: 2620 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2621 type: integer 2622 format: int32 2623 stdin: 2624 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 2625 type: boolean 2626 stdinOnce: 2627 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 2628 type: boolean 2629 targetContainerName: 2630 description: If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature. 2631 type: string 2632 terminationMessagePath: 2633 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' 2634 type: string 2635 terminationMessagePolicy: 2636 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 2637 type: string 2638 tty: 2639 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 2640 type: boolean 2641 volumeDevices: 2642 description: volumeDevices is the list of block devices to be used by the container. 2643 type: array 2644 items: 2645 description: volumeDevice describes a mapping of a raw block device within a container. 2646 type: object 2647 required: 2648 - devicePath 2649 - name 2650 properties: 2651 devicePath: 2652 description: devicePath is the path inside of the container that the device will be mapped to. 2653 type: string 2654 name: 2655 description: name must match the name of a persistentVolumeClaim in the pod 2656 type: string 2657 volumeMounts: 2658 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 2659 type: array 2660 items: 2661 description: VolumeMount describes a mounting of a Volume within a container. 2662 type: object 2663 required: 2664 - mountPath 2665 - name 2666 properties: 2667 mountPath: 2668 description: Path within the container at which the volume should be mounted. Must not contain ':'. 2669 type: string 2670 mountPropagation: 2671 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. 2672 type: string 2673 name: 2674 description: This must match the Name of a Volume. 2675 type: string 2676 readOnly: 2677 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 2678 type: boolean 2679 subPath: 2680 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 2681 type: string 2682 subPathExpr: 2683 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 2684 type: string 2685 workingDir: 2686 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 2687 type: string 2688 hostAliases: 2689 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. 2690 type: array 2691 items: 2692 description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. 2693 type: object 2694 properties: 2695 hostnames: 2696 description: Hostnames for the above IP address. 2697 type: array 2698 items: 2699 type: string 2700 ip: 2701 description: IP address of the host file entry. 2702 type: string 2703 hostIPC: 2704 description: 'Use the host''s ipc namespace. Optional: Default to false.' 2705 type: boolean 2706 hostNetwork: 2707 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. 2708 type: boolean 2709 hostPID: 2710 description: 'Use the host''s pid namespace. Optional: Default to false.' 2711 type: boolean 2712 hostname: 2713 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. 2714 type: string 2715 imagePullSecrets: 2716 description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 2717 type: array 2718 items: 2719 description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. 2720 type: object 2721 properties: 2722 name: 2723 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2724 type: string 2725 initContainers: 2726 description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' 2727 type: array 2728 items: 2729 description: A single application container that you want to run within a pod. 2730 type: object 2731 required: 2732 - name 2733 properties: 2734 args: 2735 description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2736 type: array 2737 items: 2738 type: string 2739 command: 2740 description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2741 type: array 2742 items: 2743 type: string 2744 env: 2745 description: List of environment variables to set in the container. Cannot be updated. 2746 type: array 2747 items: 2748 description: EnvVar represents an environment variable present in a Container. 2749 type: object 2750 required: 2751 - name 2752 properties: 2753 name: 2754 description: Name of the environment variable. Must be a C_IDENTIFIER. 2755 type: string 2756 value: 2757 description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' 2758 type: string 2759 valueFrom: 2760 description: Source for the environment variable's value. Cannot be used if value is not empty. 2761 type: object 2762 properties: 2763 configMapKeyRef: 2764 description: Selects a key of a ConfigMap. 2765 type: object 2766 required: 2767 - key 2768 properties: 2769 key: 2770 description: The key to select. 2771 type: string 2772 name: 2773 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2774 type: string 2775 optional: 2776 description: Specify whether the ConfigMap or its key must be defined 2777 type: boolean 2778 fieldRef: 2779 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' 2780 type: object 2781 required: 2782 - fieldPath 2783 properties: 2784 apiVersion: 2785 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 2786 type: string 2787 fieldPath: 2788 description: Path of the field to select in the specified API version. 2789 type: string 2790 resourceFieldRef: 2791 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' 2792 type: object 2793 required: 2794 - resource 2795 properties: 2796 containerName: 2797 description: 'Container name: required for volumes, optional for env vars' 2798 type: string 2799 divisor: 2800 description: Specifies the output format of the exposed resources, defaults to "1" 2801 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2802 anyOf: 2803 - type: integer 2804 - type: string 2805 x-kubernetes-int-or-string: true 2806 resource: 2807 description: 'Required: resource to select' 2808 type: string 2809 secretKeyRef: 2810 description: Selects a key of a secret in the pod's namespace 2811 type: object 2812 required: 2813 - key 2814 properties: 2815 key: 2816 description: The key of the secret to select from. Must be a valid secret key. 2817 type: string 2818 name: 2819 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2820 type: string 2821 optional: 2822 description: Specify whether the Secret or its key must be defined 2823 type: boolean 2824 envFrom: 2825 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 2826 type: array 2827 items: 2828 description: EnvFromSource represents the source of a set of ConfigMaps 2829 type: object 2830 properties: 2831 configMapRef: 2832 description: The ConfigMap to select from 2833 type: object 2834 properties: 2835 name: 2836 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2837 type: string 2838 optional: 2839 description: Specify whether the ConfigMap must be defined 2840 type: boolean 2841 prefix: 2842 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 2843 type: string 2844 secretRef: 2845 description: The Secret to select from 2846 type: object 2847 properties: 2848 name: 2849 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2850 type: string 2851 optional: 2852 description: Specify whether the Secret must be defined 2853 type: boolean 2854 image: 2855 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' 2856 type: string 2857 imagePullPolicy: 2858 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2859 type: string 2860 lifecycle: 2861 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 2862 type: object 2863 properties: 2864 postStart: 2865 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2866 type: object 2867 properties: 2868 exec: 2869 description: One and only one of the following should be specified. Exec specifies the action to take. 2870 type: object 2871 properties: 2872 command: 2873 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2874 type: array 2875 items: 2876 type: string 2877 httpGet: 2878 description: HTTPGet specifies the http request to perform. 2879 type: object 2880 required: 2881 - port 2882 properties: 2883 host: 2884 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2885 type: string 2886 httpHeaders: 2887 description: Custom headers to set in the request. HTTP allows repeated headers. 2888 type: array 2889 items: 2890 description: HTTPHeader describes a custom header to be used in HTTP probes 2891 type: object 2892 required: 2893 - name 2894 - value 2895 properties: 2896 name: 2897 description: The header field name 2898 type: string 2899 value: 2900 description: The header field value 2901 type: string 2902 path: 2903 description: Path to access on the HTTP server. 2904 type: string 2905 port: 2906 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2907 anyOf: 2908 - type: integer 2909 - type: string 2910 x-kubernetes-int-or-string: true 2911 scheme: 2912 description: Scheme to use for connecting to the host. Defaults to HTTP. 2913 type: string 2914 tcpSocket: 2915 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2916 type: object 2917 required: 2918 - port 2919 properties: 2920 host: 2921 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2922 type: string 2923 port: 2924 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2925 anyOf: 2926 - type: integer 2927 - type: string 2928 x-kubernetes-int-or-string: true 2929 preStop: 2930 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2931 type: object 2932 properties: 2933 exec: 2934 description: One and only one of the following should be specified. Exec specifies the action to take. 2935 type: object 2936 properties: 2937 command: 2938 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2939 type: array 2940 items: 2941 type: string 2942 httpGet: 2943 description: HTTPGet specifies the http request to perform. 2944 type: object 2945 required: 2946 - port 2947 properties: 2948 host: 2949 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2950 type: string 2951 httpHeaders: 2952 description: Custom headers to set in the request. HTTP allows repeated headers. 2953 type: array 2954 items: 2955 description: HTTPHeader describes a custom header to be used in HTTP probes 2956 type: object 2957 required: 2958 - name 2959 - value 2960 properties: 2961 name: 2962 description: The header field name 2963 type: string 2964 value: 2965 description: The header field value 2966 type: string 2967 path: 2968 description: Path to access on the HTTP server. 2969 type: string 2970 port: 2971 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2972 anyOf: 2973 - type: integer 2974 - type: string 2975 x-kubernetes-int-or-string: true 2976 scheme: 2977 description: Scheme to use for connecting to the host. Defaults to HTTP. 2978 type: string 2979 tcpSocket: 2980 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 2981 type: object 2982 required: 2983 - port 2984 properties: 2985 host: 2986 description: 'Optional: Host name to connect to, defaults to the pod IP.' 2987 type: string 2988 port: 2989 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2990 anyOf: 2991 - type: integer 2992 - type: string 2993 x-kubernetes-int-or-string: true 2994 livenessProbe: 2995 description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2996 type: object 2997 properties: 2998 exec: 2999 description: One and only one of the following should be specified. Exec specifies the action to take. 3000 type: object 3001 properties: 3002 command: 3003 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3004 type: array 3005 items: 3006 type: string 3007 failureThreshold: 3008 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3009 type: integer 3010 format: int32 3011 httpGet: 3012 description: HTTPGet specifies the http request to perform. 3013 type: object 3014 required: 3015 - port 3016 properties: 3017 host: 3018 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3019 type: string 3020 httpHeaders: 3021 description: Custom headers to set in the request. HTTP allows repeated headers. 3022 type: array 3023 items: 3024 description: HTTPHeader describes a custom header to be used in HTTP probes 3025 type: object 3026 required: 3027 - name 3028 - value 3029 properties: 3030 name: 3031 description: The header field name 3032 type: string 3033 value: 3034 description: The header field value 3035 type: string 3036 path: 3037 description: Path to access on the HTTP server. 3038 type: string 3039 port: 3040 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3041 anyOf: 3042 - type: integer 3043 - type: string 3044 x-kubernetes-int-or-string: true 3045 scheme: 3046 description: Scheme to use for connecting to the host. Defaults to HTTP. 3047 type: string 3048 initialDelaySeconds: 3049 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3050 type: integer 3051 format: int32 3052 periodSeconds: 3053 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3054 type: integer 3055 format: int32 3056 successThreshold: 3057 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3058 type: integer 3059 format: int32 3060 tcpSocket: 3061 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 3062 type: object 3063 required: 3064 - port 3065 properties: 3066 host: 3067 description: 'Optional: Host name to connect to, defaults to the pod IP.' 3068 type: string 3069 port: 3070 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3071 anyOf: 3072 - type: integer 3073 - type: string 3074 x-kubernetes-int-or-string: true 3075 timeoutSeconds: 3076 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3077 type: integer 3078 format: int32 3079 name: 3080 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 3081 type: string 3082 ports: 3083 description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. 3084 type: array 3085 items: 3086 description: ContainerPort represents a network port in a single container. 3087 type: object 3088 required: 3089 - containerPort 3090 properties: 3091 containerPort: 3092 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 3093 type: integer 3094 format: int32 3095 hostIP: 3096 description: What host IP to bind the external port to. 3097 type: string 3098 hostPort: 3099 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 3100 type: integer 3101 format: int32 3102 name: 3103 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 3104 type: string 3105 protocol: 3106 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 3107 type: string 3108 default: TCP 3109 x-kubernetes-list-map-keys: 3110 - containerPort 3111 - protocol 3112 x-kubernetes-list-type: map 3113 readinessProbe: 3114 description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3115 type: object 3116 properties: 3117 exec: 3118 description: One and only one of the following should be specified. Exec specifies the action to take. 3119 type: object 3120 properties: 3121 command: 3122 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3123 type: array 3124 items: 3125 type: string 3126 failureThreshold: 3127 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3128 type: integer 3129 format: int32 3130 httpGet: 3131 description: HTTPGet specifies the http request to perform. 3132 type: object 3133 required: 3134 - port 3135 properties: 3136 host: 3137 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3138 type: string 3139 httpHeaders: 3140 description: Custom headers to set in the request. HTTP allows repeated headers. 3141 type: array 3142 items: 3143 description: HTTPHeader describes a custom header to be used in HTTP probes 3144 type: object 3145 required: 3146 - name 3147 - value 3148 properties: 3149 name: 3150 description: The header field name 3151 type: string 3152 value: 3153 description: The header field value 3154 type: string 3155 path: 3156 description: Path to access on the HTTP server. 3157 type: string 3158 port: 3159 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3160 anyOf: 3161 - type: integer 3162 - type: string 3163 x-kubernetes-int-or-string: true 3164 scheme: 3165 description: Scheme to use for connecting to the host. Defaults to HTTP. 3166 type: string 3167 initialDelaySeconds: 3168 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3169 type: integer 3170 format: int32 3171 periodSeconds: 3172 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3173 type: integer 3174 format: int32 3175 successThreshold: 3176 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3177 type: integer 3178 format: int32 3179 tcpSocket: 3180 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 3181 type: object 3182 required: 3183 - port 3184 properties: 3185 host: 3186 description: 'Optional: Host name to connect to, defaults to the pod IP.' 3187 type: string 3188 port: 3189 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3190 anyOf: 3191 - type: integer 3192 - type: string 3193 x-kubernetes-int-or-string: true 3194 timeoutSeconds: 3195 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3196 type: integer 3197 format: int32 3198 resources: 3199 description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3200 type: object 3201 properties: 3202 limits: 3203 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3204 type: object 3205 additionalProperties: 3206 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3207 anyOf: 3208 - type: integer 3209 - type: string 3210 x-kubernetes-int-or-string: true 3211 requests: 3212 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3213 type: object 3214 additionalProperties: 3215 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3216 anyOf: 3217 - type: integer 3218 - type: string 3219 x-kubernetes-int-or-string: true 3220 securityContext: 3221 description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 3222 type: object 3223 properties: 3224 allowPrivilegeEscalation: 3225 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' 3226 type: boolean 3227 capabilities: 3228 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. 3229 type: object 3230 properties: 3231 add: 3232 description: Added capabilities 3233 type: array 3234 items: 3235 description: Capability represent POSIX capabilities type 3236 type: string 3237 drop: 3238 description: Removed capabilities 3239 type: array 3240 items: 3241 description: Capability represent POSIX capabilities type 3242 type: string 3243 privileged: 3244 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. 3245 type: boolean 3246 procMount: 3247 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. 3248 type: string 3249 readOnlyRootFilesystem: 3250 description: Whether this container has a read-only root filesystem. Default is false. 3251 type: boolean 3252 runAsGroup: 3253 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3254 type: integer 3255 format: int64 3256 runAsNonRoot: 3257 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3258 type: boolean 3259 runAsUser: 3260 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3261 type: integer 3262 format: int64 3263 seLinuxOptions: 3264 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3265 type: object 3266 properties: 3267 level: 3268 description: Level is SELinux level label that applies to the container. 3269 type: string 3270 role: 3271 description: Role is a SELinux role label that applies to the container. 3272 type: string 3273 type: 3274 description: Type is a SELinux type label that applies to the container. 3275 type: string 3276 user: 3277 description: User is a SELinux user label that applies to the container. 3278 type: string 3279 seccompProfile: 3280 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. 3281 type: object 3282 required: 3283 - type 3284 properties: 3285 localhostProfile: 3286 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". 3287 type: string 3288 type: 3289 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." 3290 type: string 3291 windowsOptions: 3292 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3293 type: object 3294 properties: 3295 gmsaCredentialSpec: 3296 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 3297 type: string 3298 gmsaCredentialSpecName: 3299 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 3300 type: string 3301 runAsUserName: 3302 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3303 type: string 3304 startupProbe: 3305 description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3306 type: object 3307 properties: 3308 exec: 3309 description: One and only one of the following should be specified. Exec specifies the action to take. 3310 type: object 3311 properties: 3312 command: 3313 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3314 type: array 3315 items: 3316 type: string 3317 failureThreshold: 3318 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3319 type: integer 3320 format: int32 3321 httpGet: 3322 description: HTTPGet specifies the http request to perform. 3323 type: object 3324 required: 3325 - port 3326 properties: 3327 host: 3328 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3329 type: string 3330 httpHeaders: 3331 description: Custom headers to set in the request. HTTP allows repeated headers. 3332 type: array 3333 items: 3334 description: HTTPHeader describes a custom header to be used in HTTP probes 3335 type: object 3336 required: 3337 - name 3338 - value 3339 properties: 3340 name: 3341 description: The header field name 3342 type: string 3343 value: 3344 description: The header field value 3345 type: string 3346 path: 3347 description: Path to access on the HTTP server. 3348 type: string 3349 port: 3350 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3351 anyOf: 3352 - type: integer 3353 - type: string 3354 x-kubernetes-int-or-string: true 3355 scheme: 3356 description: Scheme to use for connecting to the host. Defaults to HTTP. 3357 type: string 3358 initialDelaySeconds: 3359 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3360 type: integer 3361 format: int32 3362 periodSeconds: 3363 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3364 type: integer 3365 format: int32 3366 successThreshold: 3367 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3368 type: integer 3369 format: int32 3370 tcpSocket: 3371 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 3372 type: object 3373 required: 3374 - port 3375 properties: 3376 host: 3377 description: 'Optional: Host name to connect to, defaults to the pod IP.' 3378 type: string 3379 port: 3380 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3381 anyOf: 3382 - type: integer 3383 - type: string 3384 x-kubernetes-int-or-string: true 3385 timeoutSeconds: 3386 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3387 type: integer 3388 format: int32 3389 stdin: 3390 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 3391 type: boolean 3392 stdinOnce: 3393 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 3394 type: boolean 3395 terminationMessagePath: 3396 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' 3397 type: string 3398 terminationMessagePolicy: 3399 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 3400 type: string 3401 tty: 3402 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 3403 type: boolean 3404 volumeDevices: 3405 description: volumeDevices is the list of block devices to be used by the container. 3406 type: array 3407 items: 3408 description: volumeDevice describes a mapping of a raw block device within a container. 3409 type: object 3410 required: 3411 - devicePath 3412 - name 3413 properties: 3414 devicePath: 3415 description: devicePath is the path inside of the container that the device will be mapped to. 3416 type: string 3417 name: 3418 description: name must match the name of a persistentVolumeClaim in the pod 3419 type: string 3420 volumeMounts: 3421 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 3422 type: array 3423 items: 3424 description: VolumeMount describes a mounting of a Volume within a container. 3425 type: object 3426 required: 3427 - mountPath 3428 - name 3429 properties: 3430 mountPath: 3431 description: Path within the container at which the volume should be mounted. Must not contain ':'. 3432 type: string 3433 mountPropagation: 3434 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. 3435 type: string 3436 name: 3437 description: This must match the Name of a Volume. 3438 type: string 3439 readOnly: 3440 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 3441 type: boolean 3442 subPath: 3443 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 3444 type: string 3445 subPathExpr: 3446 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 3447 type: string 3448 workingDir: 3449 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 3450 type: string 3451 nodeName: 3452 description: NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. 3453 type: string 3454 nodeSelector: 3455 description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 3456 type: object 3457 additionalProperties: 3458 type: string 3459 overhead: 3460 description: 'Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.' 3461 type: object 3462 additionalProperties: 3463 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3464 anyOf: 3465 - type: integer 3466 - type: string 3467 x-kubernetes-int-or-string: true 3468 preemptionPolicy: 3469 description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is beta-level, gated by the NonPreemptingPriority feature-gate. 3470 type: string 3471 priority: 3472 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. 3473 type: integer 3474 format: int32 3475 priorityClassName: 3476 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. 3477 type: string 3478 readinessGates: 3479 description: 'If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' 3480 type: array 3481 items: 3482 description: PodReadinessGate contains the reference to a pod condition 3483 type: object 3484 required: 3485 - conditionType 3486 properties: 3487 conditionType: 3488 description: ConditionType refers to a condition in the pod's condition list with matching type. 3489 type: string 3490 restartPolicy: 3491 description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 3492 type: string 3493 runtimeClassName: 3494 description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.' 3495 type: string 3496 schedulerName: 3497 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. 3498 type: string 3499 securityContext: 3500 description: 'SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.' 3501 type: object 3502 properties: 3503 fsGroup: 3504 description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." 3505 type: integer 3506 format: int64 3507 fsGroupChangePolicy: 3508 description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.' 3509 type: string 3510 runAsGroup: 3511 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. 3512 type: integer 3513 format: int64 3514 runAsNonRoot: 3515 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3516 type: boolean 3517 runAsUser: 3518 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. 3519 type: integer 3520 format: int64 3521 seLinuxOptions: 3522 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. 3523 type: object 3524 properties: 3525 level: 3526 description: Level is SELinux level label that applies to the container. 3527 type: string 3528 role: 3529 description: Role is a SELinux role label that applies to the container. 3530 type: string 3531 type: 3532 description: Type is a SELinux type label that applies to the container. 3533 type: string 3534 user: 3535 description: User is a SELinux user label that applies to the container. 3536 type: string 3537 seccompProfile: 3538 description: The seccomp options to use by the containers in this pod. 3539 type: object 3540 required: 3541 - type 3542 properties: 3543 localhostProfile: 3544 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". 3545 type: string 3546 type: 3547 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." 3548 type: string 3549 supplementalGroups: 3550 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. 3551 type: array 3552 items: 3553 type: integer 3554 format: int64 3555 sysctls: 3556 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. 3557 type: array 3558 items: 3559 description: Sysctl defines a kernel parameter to be set 3560 type: object 3561 required: 3562 - name 3563 - value 3564 properties: 3565 name: 3566 description: Name of a property to set 3567 type: string 3568 value: 3569 description: Value of a property to set 3570 type: string 3571 windowsOptions: 3572 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3573 type: object 3574 properties: 3575 gmsaCredentialSpec: 3576 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 3577 type: string 3578 gmsaCredentialSpecName: 3579 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 3580 type: string 3581 runAsUserName: 3582 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3583 type: string 3584 serviceAccount: 3585 description: 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.' 3586 type: string 3587 serviceAccountName: 3588 description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 3589 type: string 3590 setHostnameAsFQDN: 3591 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. 3592 type: boolean 3593 shareProcessNamespace: 3594 description: 'Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.' 3595 type: boolean 3596 subdomain: 3597 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all. 3598 type: string 3599 terminationGracePeriodSeconds: 3600 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. 3601 type: integer 3602 format: int64 3603 tolerations: 3604 description: If specified, the pod's tolerations. 3605 type: array 3606 items: 3607 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 3608 type: object 3609 properties: 3610 effect: 3611 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 3612 type: string 3613 key: 3614 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 3615 type: string 3616 operator: 3617 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 3618 type: string 3619 tolerationSeconds: 3620 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 3621 type: integer 3622 format: int64 3623 value: 3624 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 3625 type: string 3626 topologySpreadConstraints: 3627 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. 3628 type: array 3629 items: 3630 description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. 3631 type: object 3632 required: 3633 - maxSkew 3634 - topologyKey 3635 - whenUnsatisfiable 3636 properties: 3637 labelSelector: 3638 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 3639 type: object 3640 properties: 3641 matchExpressions: 3642 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 3643 type: array 3644 items: 3645 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 3646 type: object 3647 required: 3648 - key 3649 - operator 3650 properties: 3651 key: 3652 description: key is the label key that the selector applies to. 3653 type: string 3654 operator: 3655 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 3656 type: string 3657 values: 3658 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 3659 type: array 3660 items: 3661 type: string 3662 matchLabels: 3663 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 3664 type: object 3665 additionalProperties: 3666 type: string 3667 maxSkew: 3668 description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' 3669 type: integer 3670 format: int32 3671 topologyKey: 3672 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. 3673 type: string 3674 whenUnsatisfiable: 3675 description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assigment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' 3676 type: string 3677 x-kubernetes-list-map-keys: 3678 - topologyKey 3679 - whenUnsatisfiable 3680 x-kubernetes-list-type: map 3681 volumes: 3682 description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 3683 type: array 3684 items: 3685 description: Volume represents a named volume in a pod that may be accessed by any container in the pod. 3686 type: object 3687 required: 3688 - name 3689 properties: 3690 awsElasticBlockStore: 3691 description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3692 type: object 3693 required: 3694 - volumeID 3695 properties: 3696 fsType: 3697 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' 3698 type: string 3699 partition: 3700 description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' 3701 type: integer 3702 format: int32 3703 readOnly: 3704 description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3705 type: boolean 3706 volumeID: 3707 description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 3708 type: string 3709 azureDisk: 3710 description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 3711 type: object 3712 required: 3713 - diskName 3714 - diskURI 3715 properties: 3716 cachingMode: 3717 description: 'Host Caching mode: None, Read Only, Read Write.' 3718 type: string 3719 diskName: 3720 description: The Name of the data disk in the blob storage 3721 type: string 3722 diskURI: 3723 description: The URI the data disk in the blob storage 3724 type: string 3725 fsType: 3726 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 3727 type: string 3728 kind: 3729 description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' 3730 type: string 3731 readOnly: 3732 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 3733 type: boolean 3734 azureFile: 3735 description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 3736 type: object 3737 required: 3738 - secretName 3739 - shareName 3740 properties: 3741 readOnly: 3742 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 3743 type: boolean 3744 secretName: 3745 description: the name of secret that contains Azure Storage Account Name and Key 3746 type: string 3747 shareName: 3748 description: Share Name 3749 type: string 3750 cephfs: 3751 description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime 3752 type: object 3753 required: 3754 - monitors 3755 properties: 3756 monitors: 3757 description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3758 type: array 3759 items: 3760 type: string 3761 path: 3762 description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' 3763 type: string 3764 readOnly: 3765 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3766 type: boolean 3767 secretFile: 3768 description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3769 type: string 3770 secretRef: 3771 description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3772 type: object 3773 properties: 3774 name: 3775 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3776 type: string 3777 user: 3778 description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 3779 type: string 3780 cinder: 3781 description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3782 type: object 3783 required: 3784 - volumeID 3785 properties: 3786 fsType: 3787 description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3788 type: string 3789 readOnly: 3790 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3791 type: boolean 3792 secretRef: 3793 description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' 3794 type: object 3795 properties: 3796 name: 3797 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3798 type: string 3799 volumeID: 3800 description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 3801 type: string 3802 configMap: 3803 description: ConfigMap represents a configMap that should populate this volume 3804 type: object 3805 properties: 3806 defaultMode: 3807 description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3808 type: integer 3809 format: int32 3810 items: 3811 description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 3812 type: array 3813 items: 3814 description: Maps a string key to a path within a volume. 3815 type: object 3816 required: 3817 - key 3818 - path 3819 properties: 3820 key: 3821 description: The key to project. 3822 type: string 3823 mode: 3824 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3825 type: integer 3826 format: int32 3827 path: 3828 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 3829 type: string 3830 name: 3831 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3832 type: string 3833 optional: 3834 description: Specify whether the ConfigMap or its keys must be defined 3835 type: boolean 3836 csi: 3837 description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). 3838 type: object 3839 required: 3840 - driver 3841 properties: 3842 driver: 3843 description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 3844 type: string 3845 fsType: 3846 description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 3847 type: string 3848 nodePublishSecretRef: 3849 description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 3850 type: object 3851 properties: 3852 name: 3853 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3854 type: string 3855 readOnly: 3856 description: Specifies a read-only configuration for the volume. Defaults to false (read/write). 3857 type: boolean 3858 volumeAttributes: 3859 description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 3860 type: object 3861 additionalProperties: 3862 type: string 3863 downwardAPI: 3864 description: DownwardAPI represents downward API about the pod that should populate this volume 3865 type: object 3866 properties: 3867 defaultMode: 3868 description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3869 type: integer 3870 format: int32 3871 items: 3872 description: Items is a list of downward API volume file 3873 type: array 3874 items: 3875 description: DownwardAPIVolumeFile represents information to create the file containing the pod field 3876 type: object 3877 required: 3878 - path 3879 properties: 3880 fieldRef: 3881 description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' 3882 type: object 3883 required: 3884 - fieldPath 3885 properties: 3886 apiVersion: 3887 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 3888 type: string 3889 fieldPath: 3890 description: Path of the field to select in the specified API version. 3891 type: string 3892 mode: 3893 description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3894 type: integer 3895 format: int32 3896 path: 3897 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' 3898 type: string 3899 resourceFieldRef: 3900 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' 3901 type: object 3902 required: 3903 - resource 3904 properties: 3905 containerName: 3906 description: 'Container name: required for volumes, optional for env vars' 3907 type: string 3908 divisor: 3909 description: Specifies the output format of the exposed resources, defaults to "1" 3910 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3911 anyOf: 3912 - type: integer 3913 - type: string 3914 x-kubernetes-int-or-string: true 3915 resource: 3916 description: 'Required: resource to select' 3917 type: string 3918 emptyDir: 3919 description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 3920 type: object 3921 properties: 3922 medium: 3923 description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 3924 type: string 3925 sizeLimit: 3926 description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 3927 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3928 anyOf: 3929 - type: integer 3930 - type: string 3931 x-kubernetes-int-or-string: true 3932 ephemeral: 3933 description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." 3934 type: object 3935 properties: 3936 readOnly: 3937 description: Specifies a read-only configuration for the volume. Defaults to false (read/write). 3938 type: boolean 3939 volumeClaimTemplate: 3940 description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." 3941 type: object 3942 required: 3943 - spec 3944 properties: 3945 metadata: 3946 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 3947 type: object 3948 spec: 3949 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 3950 type: object 3951 properties: 3952 accessModes: 3953 description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 3954 type: array 3955 items: 3956 type: string 3957 dataSource: 3958 description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' 3959 type: object 3960 required: 3961 - kind 3962 - name 3963 properties: 3964 apiGroup: 3965 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 3966 type: string 3967 kind: 3968 description: Kind is the type of resource being referenced 3969 type: string 3970 name: 3971 description: Name is the name of resource being referenced 3972 type: string 3973 resources: 3974 description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 3975 type: object 3976 properties: 3977 limits: 3978 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3979 type: object 3980 additionalProperties: 3981 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3982 anyOf: 3983 - type: integer 3984 - type: string 3985 x-kubernetes-int-or-string: true 3986 requests: 3987 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3988 type: object 3989 additionalProperties: 3990 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3991 anyOf: 3992 - type: integer 3993 - type: string 3994 x-kubernetes-int-or-string: true 3995 selector: 3996 description: A label query over volumes to consider for binding. 3997 type: object 3998 properties: 3999 matchExpressions: 4000 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4001 type: array 4002 items: 4003 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 4004 type: object 4005 required: 4006 - key 4007 - operator 4008 properties: 4009 key: 4010 description: key is the label key that the selector applies to. 4011 type: string 4012 operator: 4013 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4014 type: string 4015 values: 4016 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4017 type: array 4018 items: 4019 type: string 4020 matchLabels: 4021 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4022 type: object 4023 additionalProperties: 4024 type: string 4025 storageClassName: 4026 description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 4027 type: string 4028 volumeMode: 4029 description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 4030 type: string 4031 volumeName: 4032 description: VolumeName is the binding reference to the PersistentVolume backing this claim. 4033 type: string 4034 fc: 4035 description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 4036 type: object 4037 properties: 4038 fsType: 4039 description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' 4040 type: string 4041 lun: 4042 description: 'Optional: FC target lun number' 4043 type: integer 4044 format: int32 4045 readOnly: 4046 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' 4047 type: boolean 4048 targetWWNs: 4049 description: 'Optional: FC target worldwide names (WWNs)' 4050 type: array 4051 items: 4052 type: string 4053 wwids: 4054 description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' 4055 type: array 4056 items: 4057 type: string 4058 flexVolume: 4059 description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. 4060 type: object 4061 required: 4062 - driver 4063 properties: 4064 driver: 4065 description: Driver is the name of the driver to use for this volume. 4066 type: string 4067 fsType: 4068 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 4069 type: string 4070 options: 4071 description: 'Optional: Extra command options if any.' 4072 type: object 4073 additionalProperties: 4074 type: string 4075 readOnly: 4076 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' 4077 type: boolean 4078 secretRef: 4079 description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' 4080 type: object 4081 properties: 4082 name: 4083 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4084 type: string 4085 flocker: 4086 description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running 4087 type: object 4088 properties: 4089 datasetName: 4090 description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 4091 type: string 4092 datasetUUID: 4093 description: UUID of the dataset. This is unique identifier of a Flocker dataset 4094 type: string 4095 gcePersistentDisk: 4096 description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4097 type: object 4098 required: 4099 - pdName 4100 properties: 4101 fsType: 4102 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' 4103 type: string 4104 partition: 4105 description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4106 type: integer 4107 format: int32 4108 pdName: 4109 description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4110 type: string 4111 readOnly: 4112 description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 4113 type: boolean 4114 gitRepo: 4115 description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' 4116 type: object 4117 required: 4118 - repository 4119 properties: 4120 directory: 4121 description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 4122 type: string 4123 repository: 4124 description: Repository URL 4125 type: string 4126 revision: 4127 description: Commit hash for the specified revision. 4128 type: string 4129 glusterfs: 4130 description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 4131 type: object 4132 required: 4133 - endpoints 4134 - path 4135 properties: 4136 endpoints: 4137 description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 4138 type: string 4139 path: 4140 description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 4141 type: string 4142 readOnly: 4143 description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 4144 type: boolean 4145 hostPath: 4146 description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' 4147 type: object 4148 required: 4149 - path 4150 properties: 4151 path: 4152 description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 4153 type: string 4154 type: 4155 description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 4156 type: string 4157 iscsi: 4158 description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 4159 type: object 4160 required: 4161 - iqn 4162 - lun 4163 - targetPortal 4164 properties: 4165 chapAuthDiscovery: 4166 description: whether support iSCSI Discovery CHAP authentication 4167 type: boolean 4168 chapAuthSession: 4169 description: whether support iSCSI Session CHAP authentication 4170 type: boolean 4171 fsType: 4172 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' 4173 type: string 4174 initiatorName: 4175 description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 4176 type: string 4177 iqn: 4178 description: Target iSCSI Qualified Name. 4179 type: string 4180 iscsiInterface: 4181 description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 4182 type: string 4183 lun: 4184 description: iSCSI Target Lun number. 4185 type: integer 4186 format: int32 4187 portals: 4188 description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 4189 type: array 4190 items: 4191 type: string 4192 readOnly: 4193 description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 4194 type: boolean 4195 secretRef: 4196 description: CHAP Secret for iSCSI target and initiator authentication 4197 type: object 4198 properties: 4199 name: 4200 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4201 type: string 4202 targetPortal: 4203 description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 4204 type: string 4205 name: 4206 description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 4207 type: string 4208 nfs: 4209 description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4210 type: object 4211 required: 4212 - path 4213 - server 4214 properties: 4215 path: 4216 description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4217 type: string 4218 readOnly: 4219 description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4220 type: boolean 4221 server: 4222 description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 4223 type: string 4224 persistentVolumeClaim: 4225 description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 4226 type: object 4227 required: 4228 - claimName 4229 properties: 4230 claimName: 4231 description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 4232 type: string 4233 readOnly: 4234 description: Will force the ReadOnly setting in VolumeMounts. Default false. 4235 type: boolean 4236 photonPersistentDisk: 4237 description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine 4238 type: object 4239 required: 4240 - pdID 4241 properties: 4242 fsType: 4243 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4244 type: string 4245 pdID: 4246 description: ID that identifies Photon Controller persistent disk 4247 type: string 4248 portworxVolume: 4249 description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine 4250 type: object 4251 required: 4252 - volumeID 4253 properties: 4254 fsType: 4255 description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 4256 type: string 4257 readOnly: 4258 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4259 type: boolean 4260 volumeID: 4261 description: VolumeID uniquely identifies a Portworx volume 4262 type: string 4263 projected: 4264 description: Items for all in one resources secrets, configmaps, and downward API 4265 type: object 4266 properties: 4267 defaultMode: 4268 description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 4269 type: integer 4270 format: int32 4271 sources: 4272 description: list of volume projections 4273 type: array 4274 items: 4275 description: Projection that may be projected along with other supported volume types 4276 type: object 4277 properties: 4278 configMap: 4279 description: information about the configMap data to project 4280 type: object 4281 properties: 4282 items: 4283 description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 4284 type: array 4285 items: 4286 description: Maps a string key to a path within a volume. 4287 type: object 4288 required: 4289 - key 4290 - path 4291 properties: 4292 key: 4293 description: The key to project. 4294 type: string 4295 mode: 4296 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 4297 type: integer 4298 format: int32 4299 path: 4300 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 4301 type: string 4302 name: 4303 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4304 type: string 4305 optional: 4306 description: Specify whether the ConfigMap or its keys must be defined 4307 type: boolean 4308 downwardAPI: 4309 description: information about the downwardAPI data to project 4310 type: object 4311 properties: 4312 items: 4313 description: Items is a list of DownwardAPIVolume file 4314 type: array 4315 items: 4316 description: DownwardAPIVolumeFile represents information to create the file containing the pod field 4317 type: object 4318 required: 4319 - path 4320 properties: 4321 fieldRef: 4322 description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' 4323 type: object 4324 required: 4325 - fieldPath 4326 properties: 4327 apiVersion: 4328 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 4329 type: string 4330 fieldPath: 4331 description: Path of the field to select in the specified API version. 4332 type: string 4333 mode: 4334 description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 4335 type: integer 4336 format: int32 4337 path: 4338 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' 4339 type: string 4340 resourceFieldRef: 4341 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' 4342 type: object 4343 required: 4344 - resource 4345 properties: 4346 containerName: 4347 description: 'Container name: required for volumes, optional for env vars' 4348 type: string 4349 divisor: 4350 description: Specifies the output format of the exposed resources, defaults to "1" 4351 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4352 anyOf: 4353 - type: integer 4354 - type: string 4355 x-kubernetes-int-or-string: true 4356 resource: 4357 description: 'Required: resource to select' 4358 type: string 4359 secret: 4360 description: information about the secret data to project 4361 type: object 4362 properties: 4363 items: 4364 description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 4365 type: array 4366 items: 4367 description: Maps a string key to a path within a volume. 4368 type: object 4369 required: 4370 - key 4371 - path 4372 properties: 4373 key: 4374 description: The key to project. 4375 type: string 4376 mode: 4377 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 4378 type: integer 4379 format: int32 4380 path: 4381 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 4382 type: string 4383 name: 4384 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4385 type: string 4386 optional: 4387 description: Specify whether the Secret or its key must be defined 4388 type: boolean 4389 serviceAccountToken: 4390 description: information about the serviceAccountToken data to project 4391 type: object 4392 required: 4393 - path 4394 properties: 4395 audience: 4396 description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 4397 type: string 4398 expirationSeconds: 4399 description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 4400 type: integer 4401 format: int64 4402 path: 4403 description: Path is the path relative to the mount point of the file to project the token into. 4404 type: string 4405 quobyte: 4406 description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime 4407 type: object 4408 required: 4409 - registry 4410 - volume 4411 properties: 4412 group: 4413 description: Group to map volume access to Default is no group 4414 type: string 4415 readOnly: 4416 description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 4417 type: boolean 4418 registry: 4419 description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 4420 type: string 4421 tenant: 4422 description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 4423 type: string 4424 user: 4425 description: User to map volume access to Defaults to serivceaccount user 4426 type: string 4427 volume: 4428 description: Volume is a string that references an already created Quobyte volume by name. 4429 type: string 4430 rbd: 4431 description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' 4432 type: object 4433 required: 4434 - image 4435 - monitors 4436 properties: 4437 fsType: 4438 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' 4439 type: string 4440 image: 4441 description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4442 type: string 4443 keyring: 4444 description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4445 type: string 4446 monitors: 4447 description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4448 type: array 4449 items: 4450 type: string 4451 pool: 4452 description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4453 type: string 4454 readOnly: 4455 description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4456 type: boolean 4457 secretRef: 4458 description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4459 type: object 4460 properties: 4461 name: 4462 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4463 type: string 4464 user: 4465 description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4466 type: string 4467 scaleIO: 4468 description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. 4469 type: object 4470 required: 4471 - gateway 4472 - secretRef 4473 - system 4474 properties: 4475 fsType: 4476 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 4477 type: string 4478 gateway: 4479 description: The host address of the ScaleIO API Gateway. 4480 type: string 4481 protectionDomain: 4482 description: The name of the ScaleIO Protection Domain for the configured storage. 4483 type: string 4484 readOnly: 4485 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4486 type: boolean 4487 secretRef: 4488 description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 4489 type: object 4490 properties: 4491 name: 4492 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4493 type: string 4494 sslEnabled: 4495 description: Flag to enable/disable SSL communication with Gateway, default false 4496 type: boolean 4497 storageMode: 4498 description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 4499 type: string 4500 storagePool: 4501 description: The ScaleIO Storage Pool associated with the protection domain. 4502 type: string 4503 system: 4504 description: The name of the storage system as configured in ScaleIO. 4505 type: string 4506 volumeName: 4507 description: The name of a volume already created in the ScaleIO system that is associated with this volume source. 4508 type: string 4509 secret: 4510 description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 4511 type: object 4512 properties: 4513 defaultMode: 4514 description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 4515 type: integer 4516 format: int32 4517 items: 4518 description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 4519 type: array 4520 items: 4521 description: Maps a string key to a path within a volume. 4522 type: object 4523 required: 4524 - key 4525 - path 4526 properties: 4527 key: 4528 description: The key to project. 4529 type: string 4530 mode: 4531 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 4532 type: integer 4533 format: int32 4534 path: 4535 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 4536 type: string 4537 optional: 4538 description: Specify whether the Secret or its keys must be defined 4539 type: boolean 4540 secretName: 4541 description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 4542 type: string 4543 storageos: 4544 description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. 4545 type: object 4546 properties: 4547 fsType: 4548 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4549 type: string 4550 readOnly: 4551 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4552 type: boolean 4553 secretRef: 4554 description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 4555 type: object 4556 properties: 4557 name: 4558 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 4559 type: string 4560 volumeName: 4561 description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 4562 type: string 4563 volumeNamespace: 4564 description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 4565 type: string 4566 vsphereVolume: 4567 description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine 4568 type: object 4569 required: 4570 - volumePath 4571 properties: 4572 fsType: 4573 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4574 type: string 4575 storagePolicyID: 4576 description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 4577 type: string 4578 storagePolicyName: 4579 description: Storage Policy Based Management (SPBM) profile name. 4580 type: string 4581 volumePath: 4582 description: Path that identifies vSphere volume vmdk 4583 type: string 4584 permissions: 4585 type: array 4586 items: 4587 description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy 4588 type: object 4589 required: 4590 - rules 4591 - serviceAccountName 4592 properties: 4593 rules: 4594 type: array 4595 items: 4596 description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. 4597 type: object 4598 required: 4599 - verbs 4600 properties: 4601 apiGroups: 4602 description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. 4603 type: array 4604 items: 4605 type: string 4606 nonResourceURLs: 4607 description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. 4608 type: array 4609 items: 4610 type: string 4611 resourceNames: 4612 description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. 4613 type: array 4614 items: 4615 type: string 4616 resources: 4617 description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. 4618 type: array 4619 items: 4620 type: string 4621 verbs: 4622 description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. 4623 type: array 4624 items: 4625 type: string 4626 serviceAccountName: 4627 type: string 4628 strategy: 4629 type: string 4630 installModes: 4631 description: InstallModes specify supported installation types 4632 type: array 4633 items: 4634 description: InstallMode associates an InstallModeType with a flag representing if the CSV supports it 4635 type: object 4636 required: 4637 - supported 4638 - type 4639 properties: 4640 supported: 4641 type: boolean 4642 type: 4643 description: InstallModeType is a supported type of install mode for CSV installation 4644 type: string 4645 keywords: 4646 type: array 4647 items: 4648 type: string 4649 labels: 4650 description: Map of string keys and values that can be used to organize and categorize (scope and select) objects. 4651 type: object 4652 additionalProperties: 4653 type: string 4654 links: 4655 type: array 4656 items: 4657 type: object 4658 properties: 4659 name: 4660 type: string 4661 url: 4662 type: string 4663 maintainers: 4664 type: array 4665 items: 4666 type: object 4667 properties: 4668 email: 4669 type: string 4670 name: 4671 type: string 4672 maturity: 4673 type: string 4674 minKubeVersion: 4675 type: string 4676 nativeAPIs: 4677 type: array 4678 items: 4679 description: GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion to avoid automatic coersion. It doesn't use a GroupVersion to avoid custom marshalling 4680 type: object 4681 required: 4682 - group 4683 - kind 4684 - version 4685 properties: 4686 group: 4687 type: string 4688 kind: 4689 type: string 4690 version: 4691 type: string 4692 provider: 4693 type: object 4694 properties: 4695 name: 4696 type: string 4697 url: 4698 type: string 4699 relatedImages: 4700 description: List any related images, or other container images that your Operator might require to perform their functions. This list should also include operand images as well. All image references should be specified by digest (SHA) and not by tag. This field is only used during catalog creation and plays no part in cluster runtime. 4701 type: array 4702 items: 4703 type: object 4704 required: 4705 - image 4706 - name 4707 properties: 4708 image: 4709 type: string 4710 name: 4711 type: string 4712 replaces: 4713 description: The name of a CSV this one replaces. Should match the `metadata.Name` field of the old CSV. 4714 type: string 4715 selector: 4716 description: Label selector for related resources. 4717 type: object 4718 properties: 4719 matchExpressions: 4720 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4721 type: array 4722 items: 4723 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 4724 type: object 4725 required: 4726 - key 4727 - operator 4728 properties: 4729 key: 4730 description: key is the label key that the selector applies to. 4731 type: string 4732 operator: 4733 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4734 type: string 4735 values: 4736 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4737 type: array 4738 items: 4739 type: string 4740 matchLabels: 4741 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4742 type: object 4743 additionalProperties: 4744 type: string 4745 skips: 4746 description: The name(s) of one or more CSV(s) that should be skipped in the upgrade graph. Should match the `metadata.Name` field of the CSV that should be skipped. This field is only used during catalog creation and plays no part in cluster runtime. 4747 type: array 4748 items: 4749 type: string 4750 version: 4751 description: OperatorVersion is a wrapper around semver.Version which supports correct marshaling to YAML and JSON. 4752 type: string 4753 webhookdefinitions: 4754 type: array 4755 items: 4756 description: WebhookDescription provides details to OLM about required webhooks 4757 type: object 4758 required: 4759 - admissionReviewVersions 4760 - generateName 4761 - sideEffects 4762 - type 4763 properties: 4764 admissionReviewVersions: 4765 type: array 4766 items: 4767 type: string 4768 containerPort: 4769 type: integer 4770 format: int32 4771 default: 443 4772 maximum: 65535 4773 minimum: 1 4774 conversionCRDs: 4775 type: array 4776 items: 4777 type: string 4778 deploymentName: 4779 type: string 4780 failurePolicy: 4781 type: string 4782 generateName: 4783 type: string 4784 matchPolicy: 4785 description: MatchPolicyType specifies the type of match policy 4786 type: string 4787 objectSelector: 4788 description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. 4789 type: object 4790 properties: 4791 matchExpressions: 4792 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4793 type: array 4794 items: 4795 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 4796 type: object 4797 required: 4798 - key 4799 - operator 4800 properties: 4801 key: 4802 description: key is the label key that the selector applies to. 4803 type: string 4804 operator: 4805 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4806 type: string 4807 values: 4808 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4809 type: array 4810 items: 4811 type: string 4812 matchLabels: 4813 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4814 type: object 4815 additionalProperties: 4816 type: string 4817 reinvocationPolicy: 4818 description: ReinvocationPolicyType specifies what type of policy the admission hook uses. 4819 type: string 4820 rules: 4821 type: array 4822 items: 4823 description: RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid. 4824 type: object 4825 properties: 4826 apiGroups: 4827 description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. 4828 type: array 4829 items: 4830 type: string 4831 apiVersions: 4832 description: APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. 4833 type: array 4834 items: 4835 type: string 4836 operations: 4837 description: Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. 4838 type: array 4839 items: 4840 type: string 4841 resources: 4842 description: "Resources is a list of resources this rule applies to. \n For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources. \n If wildcard is present, the validation rule will ensure resources do not overlap with each other. \n Depending on the enclosing object, subresources might not be allowed. Required." 4843 type: array 4844 items: 4845 type: string 4846 scope: 4847 description: scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". 4848 type: string 4849 sideEffects: 4850 type: string 4851 targetPort: 4852 anyOf: 4853 - type: integer 4854 - type: string 4855 x-kubernetes-int-or-string: true 4856 timeoutSeconds: 4857 type: integer 4858 format: int32 4859 type: 4860 description: WebhookAdmissionType is the type of admission webhooks supported by OLM 4861 type: string 4862 enum: 4863 - ValidatingAdmissionWebhook 4864 - MutatingAdmissionWebhook 4865 - ConversionWebhook 4866 webhookPath: 4867 type: string 4868 status: 4869 description: ClusterServiceVersionStatus represents information about the status of a CSV. Status may trail the actual state of a system. 4870 type: object 4871 properties: 4872 certsLastUpdated: 4873 description: Last time the owned APIService certs were updated 4874 type: string 4875 format: date-time 4876 certsRotateAt: 4877 description: Time the owned APIService certs will rotate next 4878 type: string 4879 format: date-time 4880 cleanup: 4881 description: CleanupStatus represents information about the status of cleanup while a CSV is pending deletion 4882 type: object 4883 properties: 4884 pendingDeletion: 4885 description: PendingDeletion is the list of custom resource objects that are pending deletion and blocked on finalizers. This indicates the progress of cleanup that is blocking CSV deletion or operator uninstall. 4886 type: array 4887 items: 4888 description: ResourceList represents a list of resources which are of the same Group/Kind 4889 type: object 4890 required: 4891 - group 4892 - instances 4893 - kind 4894 properties: 4895 group: 4896 type: string 4897 instances: 4898 type: array 4899 items: 4900 type: object 4901 required: 4902 - name 4903 properties: 4904 name: 4905 type: string 4906 namespace: 4907 description: Namespace can be empty for cluster-scoped resources 4908 type: string 4909 kind: 4910 type: string 4911 conditions: 4912 description: List of conditions, a history of state transitions 4913 type: array 4914 items: 4915 description: Conditions appear in the status as a record of state transitions on the ClusterServiceVersion 4916 type: object 4917 properties: 4918 lastTransitionTime: 4919 description: Last time the status transitioned from one status to another. 4920 type: string 4921 format: date-time 4922 lastUpdateTime: 4923 description: Last time we updated the status 4924 type: string 4925 format: date-time 4926 message: 4927 description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. 4928 type: string 4929 phase: 4930 description: Condition of the ClusterServiceVersion 4931 type: string 4932 reason: 4933 description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' 4934 type: string 4935 lastTransitionTime: 4936 description: Last time the status transitioned from one status to another. 4937 type: string 4938 format: date-time 4939 lastUpdateTime: 4940 description: Last time we updated the status 4941 type: string 4942 format: date-time 4943 message: 4944 description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. 4945 type: string 4946 phase: 4947 description: Current condition of the ClusterServiceVersion 4948 type: string 4949 reason: 4950 description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' 4951 type: string 4952 requirementStatus: 4953 description: The status of each requirement for this CSV 4954 type: array 4955 items: 4956 type: object 4957 required: 4958 - group 4959 - kind 4960 - message 4961 - name 4962 - status 4963 - version 4964 properties: 4965 dependents: 4966 type: array 4967 items: 4968 description: DependentStatus is the status for a dependent requirement (to prevent infinite nesting) 4969 type: object 4970 required: 4971 - group 4972 - kind 4973 - status 4974 - version 4975 properties: 4976 group: 4977 type: string 4978 kind: 4979 type: string 4980 message: 4981 type: string 4982 status: 4983 description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus 4984 type: string 4985 uuid: 4986 type: string 4987 version: 4988 type: string 4989 group: 4990 type: string 4991 kind: 4992 type: string 4993 message: 4994 type: string 4995 name: 4996 type: string 4997 status: 4998 description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus 4999 type: string 5000 uuid: 5001 type: string 5002 version: 5003 type: string 5004 served: true 5005 storage: true 5006 subresources: 5007 status: {} 5008 5009 --- 5010 apiVersion: apiextensions.k8s.io/v1 5011 kind: CustomResourceDefinition 5012 metadata: 5013 annotations: 5014 controller-gen.kubebuilder.io/version: v0.4.1 5015 creationTimestamp: null 5016 name: installplans.operators.coreos.com 5017 spec: 5018 group: operators.coreos.com 5019 names: 5020 categories: 5021 - olm 5022 kind: InstallPlan 5023 listKind: InstallPlanList 5024 plural: installplans 5025 shortNames: 5026 - ip 5027 singular: installplan 5028 scope: Namespaced 5029 versions: 5030 - additionalPrinterColumns: 5031 - description: The first CSV in the list of clusterServiceVersionNames 5032 jsonPath: .spec.clusterServiceVersionNames[0] 5033 name: CSV 5034 type: string 5035 - description: The approval mode 5036 jsonPath: .spec.approval 5037 name: Approval 5038 type: string 5039 - jsonPath: .spec.approved 5040 name: Approved 5041 type: boolean 5042 name: v1alpha1 5043 schema: 5044 openAPIV3Schema: 5045 description: InstallPlan defines the installation of a set of operators. 5046 type: object 5047 required: 5048 - metadata 5049 - spec 5050 properties: 5051 apiVersion: 5052 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 5053 type: string 5054 kind: 5055 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5056 type: string 5057 metadata: 5058 type: object 5059 spec: 5060 description: InstallPlanSpec defines a set of Application resources to be installed 5061 type: object 5062 required: 5063 - approval 5064 - approved 5065 - clusterServiceVersionNames 5066 properties: 5067 approval: 5068 description: Approval is the user approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". 5069 type: string 5070 approved: 5071 type: boolean 5072 clusterServiceVersionNames: 5073 type: array 5074 items: 5075 type: string 5076 generation: 5077 type: integer 5078 source: 5079 type: string 5080 sourceNamespace: 5081 type: string 5082 status: 5083 description: "InstallPlanStatus represents the information about the status of steps required to complete installation. \n Status may trail the actual state of a system." 5084 type: object 5085 required: 5086 - catalogSources 5087 - phase 5088 properties: 5089 attenuatedServiceAccountRef: 5090 description: AttenuatedServiceAccountRef references the service account that is used to do scoped operator install. 5091 type: object 5092 properties: 5093 apiVersion: 5094 description: API version of the referent. 5095 type: string 5096 fieldPath: 5097 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 5098 type: string 5099 kind: 5100 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5101 type: string 5102 name: 5103 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 5104 type: string 5105 namespace: 5106 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 5107 type: string 5108 resourceVersion: 5109 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 5110 type: string 5111 uid: 5112 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 5113 type: string 5114 bundleLookups: 5115 description: BundleLookups is the set of in-progress requests to pull and unpackage bundle content to the cluster. 5116 type: array 5117 items: 5118 description: BundleLookup is a request to pull and unpackage the content of a bundle to the cluster. 5119 type: object 5120 required: 5121 - catalogSourceRef 5122 - identifier 5123 - path 5124 - replaces 5125 properties: 5126 catalogSourceRef: 5127 description: CatalogSourceRef is a reference to the CatalogSource the bundle path was resolved from. 5128 type: object 5129 properties: 5130 apiVersion: 5131 description: API version of the referent. 5132 type: string 5133 fieldPath: 5134 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 5135 type: string 5136 kind: 5137 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5138 type: string 5139 name: 5140 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 5141 type: string 5142 namespace: 5143 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 5144 type: string 5145 resourceVersion: 5146 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 5147 type: string 5148 uid: 5149 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 5150 type: string 5151 conditions: 5152 description: Conditions represents the overall state of a BundleLookup. 5153 type: array 5154 items: 5155 type: object 5156 required: 5157 - status 5158 - type 5159 properties: 5160 lastTransitionTime: 5161 description: Last time the condition transitioned from one status to another. 5162 type: string 5163 format: date-time 5164 lastUpdateTime: 5165 description: Last time the condition was probed. 5166 type: string 5167 format: date-time 5168 message: 5169 description: A human readable message indicating details about the transition. 5170 type: string 5171 reason: 5172 description: The reason for the condition's last transition. 5173 type: string 5174 status: 5175 description: Status of the condition, one of True, False, Unknown. 5176 type: string 5177 type: 5178 description: Type of condition. 5179 type: string 5180 identifier: 5181 description: Identifier is the catalog-unique name of the operator (the name of the CSV for bundles that contain CSVs) 5182 type: string 5183 path: 5184 description: Path refers to the location of a bundle to pull. It's typically an image reference. 5185 type: string 5186 properties: 5187 description: The effective properties of the unpacked bundle. 5188 type: string 5189 replaces: 5190 description: Replaces is the name of the bundle to replace with the one found at Path. 5191 type: string 5192 catalogSources: 5193 type: array 5194 items: 5195 type: string 5196 conditions: 5197 type: array 5198 items: 5199 description: InstallPlanCondition represents the overall status of the execution of an InstallPlan. 5200 type: object 5201 properties: 5202 lastTransitionTime: 5203 type: string 5204 format: date-time 5205 lastUpdateTime: 5206 type: string 5207 format: date-time 5208 message: 5209 type: string 5210 reason: 5211 description: ConditionReason is a camelcased reason for the state transition. 5212 type: string 5213 status: 5214 type: string 5215 type: 5216 description: InstallPlanConditionType describes the state of an InstallPlan at a certain point as a whole. 5217 type: string 5218 message: 5219 description: Message is a human-readable message containing detailed information that may be important to understanding why the plan has its current status. 5220 type: string 5221 phase: 5222 description: InstallPlanPhase is the current status of a InstallPlan as a whole. 5223 type: string 5224 plan: 5225 type: array 5226 items: 5227 description: Step represents the status of an individual step in an InstallPlan. 5228 type: object 5229 required: 5230 - resolving 5231 - resource 5232 - status 5233 properties: 5234 resolving: 5235 type: string 5236 resource: 5237 description: StepResource represents the status of a resource to be tracked by an InstallPlan. 5238 type: object 5239 required: 5240 - group 5241 - kind 5242 - name 5243 - sourceName 5244 - sourceNamespace 5245 - version 5246 properties: 5247 group: 5248 type: string 5249 kind: 5250 type: string 5251 manifest: 5252 type: string 5253 name: 5254 type: string 5255 sourceName: 5256 type: string 5257 sourceNamespace: 5258 type: string 5259 version: 5260 type: string 5261 status: 5262 description: StepStatus is the current status of a particular resource an in InstallPlan 5263 type: string 5264 startTime: 5265 description: StartTime is the time when the controller began applying the resources listed in the plan to the cluster. 5266 type: string 5267 format: date-time 5268 served: true 5269 storage: true 5270 subresources: 5271 status: {} 5272 5273 --- 5274 apiVersion: apiextensions.k8s.io/v1 5275 kind: CustomResourceDefinition 5276 metadata: 5277 annotations: 5278 controller-gen.kubebuilder.io/version: v0.4.1 5279 creationTimestamp: null 5280 name: operatorconditions.operators.coreos.com 5281 spec: 5282 group: operators.coreos.com 5283 names: 5284 categories: 5285 - olm 5286 kind: OperatorCondition 5287 listKind: OperatorConditionList 5288 plural: operatorconditions 5289 shortNames: 5290 - condition 5291 singular: operatorcondition 5292 scope: Namespaced 5293 versions: 5294 - name: v1 5295 schema: 5296 openAPIV3Schema: 5297 description: OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator. 5298 type: object 5299 required: 5300 - metadata 5301 properties: 5302 apiVersion: 5303 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 5304 type: string 5305 kind: 5306 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5307 type: string 5308 metadata: 5309 type: object 5310 spec: 5311 description: OperatorConditionSpec allows a cluster admin to convey information about the state of an operator to OLM, potentially overriding state reported by the operator. 5312 type: object 5313 properties: 5314 deployments: 5315 type: array 5316 items: 5317 type: string 5318 overrides: 5319 type: array 5320 items: 5321 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" 5322 type: object 5323 required: 5324 - message 5325 - reason 5326 - status 5327 - type 5328 properties: 5329 lastTransitionTime: 5330 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 5331 type: string 5332 format: date-time 5333 message: 5334 description: message is a human readable message indicating details about the transition. This may be an empty string. 5335 type: string 5336 maxLength: 32768 5337 observedGeneration: 5338 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. 5339 type: integer 5340 format: int64 5341 minimum: 0 5342 reason: 5343 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. 5344 type: string 5345 maxLength: 1024 5346 minLength: 1 5347 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 5348 status: 5349 description: status of the condition, one of True, False, Unknown. 5350 type: string 5351 enum: 5352 - "True" 5353 - "False" 5354 - Unknown 5355 type: 5356 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) 5357 type: string 5358 maxLength: 316 5359 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 5360 serviceAccounts: 5361 type: array 5362 items: 5363 type: string 5364 status: 5365 description: OperatorConditionStatus allows an operator to convey information its state to OLM. The status may trail the actual state of a system. 5366 type: object 5367 properties: 5368 conditions: 5369 type: array 5370 items: 5371 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" 5372 type: object 5373 required: 5374 - lastTransitionTime 5375 - message 5376 - reason 5377 - status 5378 - type 5379 properties: 5380 lastTransitionTime: 5381 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 5382 type: string 5383 format: date-time 5384 message: 5385 description: message is a human readable message indicating details about the transition. This may be an empty string. 5386 type: string 5387 maxLength: 32768 5388 observedGeneration: 5389 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. 5390 type: integer 5391 format: int64 5392 minimum: 0 5393 reason: 5394 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. 5395 type: string 5396 maxLength: 1024 5397 minLength: 1 5398 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 5399 status: 5400 description: status of the condition, one of True, False, Unknown. 5401 type: string 5402 enum: 5403 - "True" 5404 - "False" 5405 - Unknown 5406 type: 5407 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) 5408 type: string 5409 maxLength: 316 5410 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 5411 served: true 5412 storage: false 5413 subresources: 5414 status: {} 5415 - name: v2 5416 schema: 5417 openAPIV3Schema: 5418 description: OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator. 5419 type: object 5420 required: 5421 - metadata 5422 properties: 5423 apiVersion: 5424 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 5425 type: string 5426 kind: 5427 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5428 type: string 5429 metadata: 5430 type: object 5431 spec: 5432 description: OperatorConditionSpec allows an operator to report state to OLM and provides cluster admin with the ability to manually override state reported by the operator. 5433 type: object 5434 properties: 5435 conditions: 5436 type: array 5437 items: 5438 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" 5439 type: object 5440 required: 5441 - lastTransitionTime 5442 - message 5443 - reason 5444 - status 5445 - type 5446 properties: 5447 lastTransitionTime: 5448 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 5449 type: string 5450 format: date-time 5451 message: 5452 description: message is a human readable message indicating details about the transition. This may be an empty string. 5453 type: string 5454 maxLength: 32768 5455 observedGeneration: 5456 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. 5457 type: integer 5458 format: int64 5459 minimum: 0 5460 reason: 5461 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. 5462 type: string 5463 maxLength: 1024 5464 minLength: 1 5465 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 5466 status: 5467 description: status of the condition, one of True, False, Unknown. 5468 type: string 5469 enum: 5470 - "True" 5471 - "False" 5472 - Unknown 5473 type: 5474 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) 5475 type: string 5476 maxLength: 316 5477 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 5478 deployments: 5479 type: array 5480 items: 5481 type: string 5482 overrides: 5483 type: array 5484 items: 5485 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" 5486 type: object 5487 required: 5488 - message 5489 - reason 5490 - status 5491 - type 5492 properties: 5493 lastTransitionTime: 5494 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 5495 type: string 5496 format: date-time 5497 message: 5498 description: message is a human readable message indicating details about the transition. This may be an empty string. 5499 type: string 5500 maxLength: 32768 5501 observedGeneration: 5502 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. 5503 type: integer 5504 format: int64 5505 minimum: 0 5506 reason: 5507 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. 5508 type: string 5509 maxLength: 1024 5510 minLength: 1 5511 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 5512 status: 5513 description: status of the condition, one of True, False, Unknown. 5514 type: string 5515 enum: 5516 - "True" 5517 - "False" 5518 - Unknown 5519 type: 5520 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) 5521 type: string 5522 maxLength: 316 5523 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 5524 serviceAccounts: 5525 type: array 5526 items: 5527 type: string 5528 status: 5529 description: OperatorConditionStatus allows OLM to convey which conditions have been observed. 5530 type: object 5531 properties: 5532 conditions: 5533 type: array 5534 items: 5535 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" 5536 type: object 5537 required: 5538 - lastTransitionTime 5539 - message 5540 - reason 5541 - status 5542 - type 5543 properties: 5544 lastTransitionTime: 5545 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 5546 type: string 5547 format: date-time 5548 message: 5549 description: message is a human readable message indicating details about the transition. This may be an empty string. 5550 type: string 5551 maxLength: 32768 5552 observedGeneration: 5553 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. 5554 type: integer 5555 format: int64 5556 minimum: 0 5557 reason: 5558 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. 5559 type: string 5560 maxLength: 1024 5561 minLength: 1 5562 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 5563 status: 5564 description: status of the condition, one of True, False, Unknown. 5565 type: string 5566 enum: 5567 - "True" 5568 - "False" 5569 - Unknown 5570 type: 5571 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) 5572 type: string 5573 maxLength: 316 5574 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 5575 served: true 5576 storage: true 5577 subresources: 5578 status: {} 5579 5580 --- 5581 apiVersion: apiextensions.k8s.io/v1 5582 kind: CustomResourceDefinition 5583 metadata: 5584 annotations: 5585 controller-gen.kubebuilder.io/version: v0.4.1 5586 creationTimestamp: null 5587 name: operatorgroups.operators.coreos.com 5588 spec: 5589 group: operators.coreos.com 5590 names: 5591 categories: 5592 - olm 5593 kind: OperatorGroup 5594 listKind: OperatorGroupList 5595 plural: operatorgroups 5596 shortNames: 5597 - og 5598 singular: operatorgroup 5599 scope: Namespaced 5600 versions: 5601 - name: v1 5602 schema: 5603 openAPIV3Schema: 5604 description: OperatorGroup is the unit of multitenancy for OLM managed operators. It constrains the installation of operators in its namespace to a specified set of target namespaces. 5605 type: object 5606 required: 5607 - metadata 5608 properties: 5609 apiVersion: 5610 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 5611 type: string 5612 kind: 5613 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5614 type: string 5615 metadata: 5616 type: object 5617 spec: 5618 description: OperatorGroupSpec is the spec for an OperatorGroup resource. 5619 type: object 5620 properties: 5621 selector: 5622 description: Selector selects the OperatorGroup's target namespaces. 5623 type: object 5624 properties: 5625 matchExpressions: 5626 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 5627 type: array 5628 items: 5629 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 5630 type: object 5631 required: 5632 - key 5633 - operator 5634 properties: 5635 key: 5636 description: key is the label key that the selector applies to. 5637 type: string 5638 operator: 5639 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 5640 type: string 5641 values: 5642 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 5643 type: array 5644 items: 5645 type: string 5646 matchLabels: 5647 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 5648 type: object 5649 additionalProperties: 5650 type: string 5651 serviceAccountName: 5652 description: ServiceAccountName is the admin specified service account which will be used to deploy operator(s) in this operator group. 5653 type: string 5654 staticProvidedAPIs: 5655 description: Static tells OLM not to update the OperatorGroup's providedAPIs annotation 5656 type: boolean 5657 targetNamespaces: 5658 description: TargetNamespaces is an explicit set of namespaces to target. If it is set, Selector is ignored. 5659 type: array 5660 items: 5661 type: string 5662 x-kubernetes-list-type: set 5663 status: 5664 description: OperatorGroupStatus is the status for an OperatorGroupResource. 5665 type: object 5666 required: 5667 - lastUpdated 5668 properties: 5669 lastUpdated: 5670 description: LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated. 5671 type: string 5672 format: date-time 5673 namespaces: 5674 description: Namespaces is the set of target namespaces for the OperatorGroup. 5675 type: array 5676 items: 5677 type: string 5678 x-kubernetes-list-type: set 5679 serviceAccountRef: 5680 description: ServiceAccountRef references the service account object specified. 5681 type: object 5682 properties: 5683 apiVersion: 5684 description: API version of the referent. 5685 type: string 5686 fieldPath: 5687 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 5688 type: string 5689 kind: 5690 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5691 type: string 5692 name: 5693 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 5694 type: string 5695 namespace: 5696 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 5697 type: string 5698 resourceVersion: 5699 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 5700 type: string 5701 uid: 5702 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 5703 type: string 5704 served: true 5705 storage: true 5706 subresources: 5707 status: {} 5708 - name: v1alpha2 5709 schema: 5710 openAPIV3Schema: 5711 description: OperatorGroup is the unit of multitenancy for OLM managed operators. It constrains the installation of operators in its namespace to a specified set of target namespaces. 5712 type: object 5713 required: 5714 - metadata 5715 properties: 5716 apiVersion: 5717 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 5718 type: string 5719 kind: 5720 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5721 type: string 5722 metadata: 5723 type: object 5724 spec: 5725 description: OperatorGroupSpec is the spec for an OperatorGroup resource. 5726 type: object 5727 properties: 5728 selector: 5729 description: Selector selects the OperatorGroup's target namespaces. 5730 type: object 5731 properties: 5732 matchExpressions: 5733 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 5734 type: array 5735 items: 5736 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 5737 type: object 5738 required: 5739 - key 5740 - operator 5741 properties: 5742 key: 5743 description: key is the label key that the selector applies to. 5744 type: string 5745 operator: 5746 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 5747 type: string 5748 values: 5749 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 5750 type: array 5751 items: 5752 type: string 5753 matchLabels: 5754 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 5755 type: object 5756 additionalProperties: 5757 type: string 5758 serviceAccountName: 5759 description: ServiceAccountName is the admin specified service account which will be used to deploy operator(s) in this operator group. 5760 type: string 5761 staticProvidedAPIs: 5762 description: Static tells OLM not to update the OperatorGroup's providedAPIs annotation 5763 type: boolean 5764 targetNamespaces: 5765 description: TargetNamespaces is an explicit set of namespaces to target. If it is set, Selector is ignored. 5766 type: array 5767 items: 5768 type: string 5769 status: 5770 description: OperatorGroupStatus is the status for an OperatorGroupResource. 5771 type: object 5772 required: 5773 - lastUpdated 5774 properties: 5775 lastUpdated: 5776 description: LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated. 5777 type: string 5778 format: date-time 5779 namespaces: 5780 description: Namespaces is the set of target namespaces for the OperatorGroup. 5781 type: array 5782 items: 5783 type: string 5784 serviceAccountRef: 5785 description: ServiceAccountRef references the service account object specified. 5786 type: object 5787 properties: 5788 apiVersion: 5789 description: API version of the referent. 5790 type: string 5791 fieldPath: 5792 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 5793 type: string 5794 kind: 5795 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5796 type: string 5797 name: 5798 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 5799 type: string 5800 namespace: 5801 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 5802 type: string 5803 resourceVersion: 5804 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 5805 type: string 5806 uid: 5807 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 5808 type: string 5809 served: true 5810 storage: false 5811 subresources: 5812 status: {} 5813 5814 --- 5815 apiVersion: apiextensions.k8s.io/v1 5816 kind: CustomResourceDefinition 5817 metadata: 5818 annotations: 5819 controller-gen.kubebuilder.io/version: v0.4.1 5820 creationTimestamp: null 5821 name: operators.operators.coreos.com 5822 spec: 5823 group: operators.coreos.com 5824 names: 5825 categories: 5826 - olm 5827 kind: Operator 5828 listKind: OperatorList 5829 plural: operators 5830 singular: operator 5831 scope: Cluster 5832 versions: 5833 - name: v1 5834 schema: 5835 openAPIV3Schema: 5836 description: Operator represents a cluster operator. 5837 type: object 5838 properties: 5839 apiVersion: 5840 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 5841 type: string 5842 kind: 5843 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5844 type: string 5845 metadata: 5846 type: object 5847 spec: 5848 description: OperatorSpec defines the desired state of Operator 5849 type: object 5850 status: 5851 description: OperatorStatus defines the observed state of an Operator and its components 5852 type: object 5853 properties: 5854 components: 5855 description: Components describes resources that compose the operator. 5856 type: object 5857 required: 5858 - labelSelector 5859 properties: 5860 labelSelector: 5861 description: LabelSelector is a label query over a set of resources used to select the operator's components 5862 type: object 5863 properties: 5864 matchExpressions: 5865 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 5866 type: array 5867 items: 5868 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 5869 type: object 5870 required: 5871 - key 5872 - operator 5873 properties: 5874 key: 5875 description: key is the label key that the selector applies to. 5876 type: string 5877 operator: 5878 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 5879 type: string 5880 values: 5881 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 5882 type: array 5883 items: 5884 type: string 5885 matchLabels: 5886 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 5887 type: object 5888 additionalProperties: 5889 type: string 5890 refs: 5891 description: Refs are a set of references to the operator's component resources, selected with LabelSelector. 5892 type: array 5893 items: 5894 description: RichReference is a reference to a resource, enriched with its status conditions. 5895 type: object 5896 properties: 5897 apiVersion: 5898 description: API version of the referent. 5899 type: string 5900 conditions: 5901 description: Conditions represents the latest state of the component. 5902 type: array 5903 items: 5904 description: Condition represent the latest available observations of an component's state. 5905 type: object 5906 required: 5907 - status 5908 - type 5909 properties: 5910 lastTransitionTime: 5911 description: Last time the condition transitioned from one status to another. 5912 type: string 5913 format: date-time 5914 lastUpdateTime: 5915 description: Last time the condition was probed 5916 type: string 5917 format: date-time 5918 message: 5919 description: A human readable message indicating details about the transition. 5920 type: string 5921 reason: 5922 description: The reason for the condition's last transition. 5923 type: string 5924 status: 5925 description: Status of the condition, one of True, False, Unknown. 5926 type: string 5927 type: 5928 description: Type of condition. 5929 type: string 5930 fieldPath: 5931 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 5932 type: string 5933 kind: 5934 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5935 type: string 5936 name: 5937 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 5938 type: string 5939 namespace: 5940 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 5941 type: string 5942 resourceVersion: 5943 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 5944 type: string 5945 uid: 5946 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 5947 type: string 5948 served: true 5949 storage: true 5950 subresources: 5951 status: {} 5952 5953 --- 5954 apiVersion: apiextensions.k8s.io/v1 5955 kind: CustomResourceDefinition 5956 metadata: 5957 annotations: 5958 controller-gen.kubebuilder.io/version: v0.4.1 5959 creationTimestamp: null 5960 name: subscriptions.operators.coreos.com 5961 spec: 5962 group: operators.coreos.com 5963 names: 5964 categories: 5965 - olm 5966 kind: Subscription 5967 listKind: SubscriptionList 5968 plural: subscriptions 5969 shortNames: 5970 - sub 5971 - subs 5972 singular: subscription 5973 scope: Namespaced 5974 versions: 5975 - additionalPrinterColumns: 5976 - description: The package subscribed to 5977 jsonPath: .spec.name 5978 name: Package 5979 type: string 5980 - description: The catalog source for the specified package 5981 jsonPath: .spec.source 5982 name: Source 5983 type: string 5984 - description: The channel of updates to subscribe to 5985 jsonPath: .spec.channel 5986 name: Channel 5987 type: string 5988 name: v1alpha1 5989 schema: 5990 openAPIV3Schema: 5991 description: Subscription keeps operators up to date by tracking changes to Catalogs. 5992 type: object 5993 required: 5994 - metadata 5995 - spec 5996 properties: 5997 apiVersion: 5998 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 5999 type: string 6000 kind: 6001 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 6002 type: string 6003 metadata: 6004 type: object 6005 spec: 6006 description: SubscriptionSpec defines an Application that can be installed 6007 type: object 6008 required: 6009 - name 6010 - source 6011 - sourceNamespace 6012 properties: 6013 channel: 6014 type: string 6015 config: 6016 description: SubscriptionConfig contains configuration specified for a subscription. 6017 type: object 6018 properties: 6019 env: 6020 description: Env is a list of environment variables to set in the container. Cannot be updated. 6021 type: array 6022 items: 6023 description: EnvVar represents an environment variable present in a Container. 6024 type: object 6025 required: 6026 - name 6027 properties: 6028 name: 6029 description: Name of the environment variable. Must be a C_IDENTIFIER. 6030 type: string 6031 value: 6032 description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' 6033 type: string 6034 valueFrom: 6035 description: Source for the environment variable's value. Cannot be used if value is not empty. 6036 type: object 6037 properties: 6038 configMapKeyRef: 6039 description: Selects a key of a ConfigMap. 6040 type: object 6041 required: 6042 - key 6043 properties: 6044 key: 6045 description: The key to select. 6046 type: string 6047 name: 6048 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6049 type: string 6050 optional: 6051 description: Specify whether the ConfigMap or its key must be defined 6052 type: boolean 6053 fieldRef: 6054 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' 6055 type: object 6056 required: 6057 - fieldPath 6058 properties: 6059 apiVersion: 6060 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 6061 type: string 6062 fieldPath: 6063 description: Path of the field to select in the specified API version. 6064 type: string 6065 resourceFieldRef: 6066 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' 6067 type: object 6068 required: 6069 - resource 6070 properties: 6071 containerName: 6072 description: 'Container name: required for volumes, optional for env vars' 6073 type: string 6074 divisor: 6075 description: Specifies the output format of the exposed resources, defaults to "1" 6076 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6077 anyOf: 6078 - type: integer 6079 - type: string 6080 x-kubernetes-int-or-string: true 6081 resource: 6082 description: 'Required: resource to select' 6083 type: string 6084 secretKeyRef: 6085 description: Selects a key of a secret in the pod's namespace 6086 type: object 6087 required: 6088 - key 6089 properties: 6090 key: 6091 description: The key of the secret to select from. Must be a valid secret key. 6092 type: string 6093 name: 6094 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6095 type: string 6096 optional: 6097 description: Specify whether the Secret or its key must be defined 6098 type: boolean 6099 envFrom: 6100 description: EnvFrom is a list of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Immutable. 6101 type: array 6102 items: 6103 description: EnvFromSource represents the source of a set of ConfigMaps 6104 type: object 6105 properties: 6106 configMapRef: 6107 description: The ConfigMap to select from 6108 type: object 6109 properties: 6110 name: 6111 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6112 type: string 6113 optional: 6114 description: Specify whether the ConfigMap must be defined 6115 type: boolean 6116 prefix: 6117 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 6118 type: string 6119 secretRef: 6120 description: The Secret to select from 6121 type: object 6122 properties: 6123 name: 6124 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6125 type: string 6126 optional: 6127 description: Specify whether the Secret must be defined 6128 type: boolean 6129 nodeSelector: 6130 description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 6131 type: object 6132 additionalProperties: 6133 type: string 6134 resources: 6135 description: 'Resources represents compute resources required by this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 6136 type: object 6137 properties: 6138 limits: 6139 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 6140 type: object 6141 additionalProperties: 6142 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6143 anyOf: 6144 - type: integer 6145 - type: string 6146 x-kubernetes-int-or-string: true 6147 requests: 6148 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 6149 type: object 6150 additionalProperties: 6151 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6152 anyOf: 6153 - type: integer 6154 - type: string 6155 x-kubernetes-int-or-string: true 6156 selector: 6157 description: Selector is the label selector for pods to be configured. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. 6158 type: object 6159 properties: 6160 matchExpressions: 6161 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 6162 type: array 6163 items: 6164 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 6165 type: object 6166 required: 6167 - key 6168 - operator 6169 properties: 6170 key: 6171 description: key is the label key that the selector applies to. 6172 type: string 6173 operator: 6174 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 6175 type: string 6176 values: 6177 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 6178 type: array 6179 items: 6180 type: string 6181 matchLabels: 6182 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 6183 type: object 6184 additionalProperties: 6185 type: string 6186 tolerations: 6187 description: Tolerations are the pod's tolerations. 6188 type: array 6189 items: 6190 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 6191 type: object 6192 properties: 6193 effect: 6194 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 6195 type: string 6196 key: 6197 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 6198 type: string 6199 operator: 6200 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 6201 type: string 6202 tolerationSeconds: 6203 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 6204 type: integer 6205 format: int64 6206 value: 6207 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 6208 type: string 6209 volumeMounts: 6210 description: List of VolumeMounts to set in the container. 6211 type: array 6212 items: 6213 description: VolumeMount describes a mounting of a Volume within a container. 6214 type: object 6215 required: 6216 - mountPath 6217 - name 6218 properties: 6219 mountPath: 6220 description: Path within the container at which the volume should be mounted. Must not contain ':'. 6221 type: string 6222 mountPropagation: 6223 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. 6224 type: string 6225 name: 6226 description: This must match the Name of a Volume. 6227 type: string 6228 readOnly: 6229 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 6230 type: boolean 6231 subPath: 6232 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 6233 type: string 6234 subPathExpr: 6235 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 6236 type: string 6237 volumes: 6238 description: List of Volumes to set in the podSpec. 6239 type: array 6240 items: 6241 description: Volume represents a named volume in a pod that may be accessed by any container in the pod. 6242 type: object 6243 required: 6244 - name 6245 properties: 6246 awsElasticBlockStore: 6247 description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6248 type: object 6249 required: 6250 - volumeID 6251 properties: 6252 fsType: 6253 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' 6254 type: string 6255 partition: 6256 description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' 6257 type: integer 6258 format: int32 6259 readOnly: 6260 description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6261 type: boolean 6262 volumeID: 6263 description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 6264 type: string 6265 azureDisk: 6266 description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 6267 type: object 6268 required: 6269 - diskName 6270 - diskURI 6271 properties: 6272 cachingMode: 6273 description: 'Host Caching mode: None, Read Only, Read Write.' 6274 type: string 6275 diskName: 6276 description: The Name of the data disk in the blob storage 6277 type: string 6278 diskURI: 6279 description: The URI the data disk in the blob storage 6280 type: string 6281 fsType: 6282 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6283 type: string 6284 kind: 6285 description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' 6286 type: string 6287 readOnly: 6288 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 6289 type: boolean 6290 azureFile: 6291 description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 6292 type: object 6293 required: 6294 - secretName 6295 - shareName 6296 properties: 6297 readOnly: 6298 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 6299 type: boolean 6300 secretName: 6301 description: the name of secret that contains Azure Storage Account Name and Key 6302 type: string 6303 shareName: 6304 description: Share Name 6305 type: string 6306 cephfs: 6307 description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime 6308 type: object 6309 required: 6310 - monitors 6311 properties: 6312 monitors: 6313 description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6314 type: array 6315 items: 6316 type: string 6317 path: 6318 description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' 6319 type: string 6320 readOnly: 6321 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6322 type: boolean 6323 secretFile: 6324 description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6325 type: string 6326 secretRef: 6327 description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6328 type: object 6329 properties: 6330 name: 6331 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6332 type: string 6333 user: 6334 description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6335 type: string 6336 cinder: 6337 description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6338 type: object 6339 required: 6340 - volumeID 6341 properties: 6342 fsType: 6343 description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6344 type: string 6345 readOnly: 6346 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6347 type: boolean 6348 secretRef: 6349 description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' 6350 type: object 6351 properties: 6352 name: 6353 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6354 type: string 6355 volumeID: 6356 description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6357 type: string 6358 configMap: 6359 description: ConfigMap represents a configMap that should populate this volume 6360 type: object 6361 properties: 6362 defaultMode: 6363 description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 6364 type: integer 6365 format: int32 6366 items: 6367 description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 6368 type: array 6369 items: 6370 description: Maps a string key to a path within a volume. 6371 type: object 6372 required: 6373 - key 6374 - path 6375 properties: 6376 key: 6377 description: The key to project. 6378 type: string 6379 mode: 6380 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 6381 type: integer 6382 format: int32 6383 path: 6384 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 6385 type: string 6386 name: 6387 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6388 type: string 6389 optional: 6390 description: Specify whether the ConfigMap or its keys must be defined 6391 type: boolean 6392 csi: 6393 description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). 6394 type: object 6395 required: 6396 - driver 6397 properties: 6398 driver: 6399 description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 6400 type: string 6401 fsType: 6402 description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 6403 type: string 6404 nodePublishSecretRef: 6405 description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 6406 type: object 6407 properties: 6408 name: 6409 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6410 type: string 6411 readOnly: 6412 description: Specifies a read-only configuration for the volume. Defaults to false (read/write). 6413 type: boolean 6414 volumeAttributes: 6415 description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 6416 type: object 6417 additionalProperties: 6418 type: string 6419 downwardAPI: 6420 description: DownwardAPI represents downward API about the pod that should populate this volume 6421 type: object 6422 properties: 6423 defaultMode: 6424 description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 6425 type: integer 6426 format: int32 6427 items: 6428 description: Items is a list of downward API volume file 6429 type: array 6430 items: 6431 description: DownwardAPIVolumeFile represents information to create the file containing the pod field 6432 type: object 6433 required: 6434 - path 6435 properties: 6436 fieldRef: 6437 description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' 6438 type: object 6439 required: 6440 - fieldPath 6441 properties: 6442 apiVersion: 6443 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 6444 type: string 6445 fieldPath: 6446 description: Path of the field to select in the specified API version. 6447 type: string 6448 mode: 6449 description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 6450 type: integer 6451 format: int32 6452 path: 6453 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' 6454 type: string 6455 resourceFieldRef: 6456 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' 6457 type: object 6458 required: 6459 - resource 6460 properties: 6461 containerName: 6462 description: 'Container name: required for volumes, optional for env vars' 6463 type: string 6464 divisor: 6465 description: Specifies the output format of the exposed resources, defaults to "1" 6466 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6467 anyOf: 6468 - type: integer 6469 - type: string 6470 x-kubernetes-int-or-string: true 6471 resource: 6472 description: 'Required: resource to select' 6473 type: string 6474 emptyDir: 6475 description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6476 type: object 6477 properties: 6478 medium: 6479 description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6480 type: string 6481 sizeLimit: 6482 description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 6483 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6484 anyOf: 6485 - type: integer 6486 - type: string 6487 x-kubernetes-int-or-string: true 6488 ephemeral: 6489 description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." 6490 type: object 6491 properties: 6492 readOnly: 6493 description: Specifies a read-only configuration for the volume. Defaults to false (read/write). 6494 type: boolean 6495 volumeClaimTemplate: 6496 description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." 6497 type: object 6498 required: 6499 - spec 6500 properties: 6501 metadata: 6502 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 6503 type: object 6504 spec: 6505 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 6506 type: object 6507 properties: 6508 accessModes: 6509 description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 6510 type: array 6511 items: 6512 type: string 6513 dataSource: 6514 description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' 6515 type: object 6516 required: 6517 - kind 6518 - name 6519 properties: 6520 apiGroup: 6521 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 6522 type: string 6523 kind: 6524 description: Kind is the type of resource being referenced 6525 type: string 6526 name: 6527 description: Name is the name of resource being referenced 6528 type: string 6529 resources: 6530 description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 6531 type: object 6532 properties: 6533 limits: 6534 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 6535 type: object 6536 additionalProperties: 6537 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6538 anyOf: 6539 - type: integer 6540 - type: string 6541 x-kubernetes-int-or-string: true 6542 requests: 6543 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 6544 type: object 6545 additionalProperties: 6546 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6547 anyOf: 6548 - type: integer 6549 - type: string 6550 x-kubernetes-int-or-string: true 6551 selector: 6552 description: A label query over volumes to consider for binding. 6553 type: object 6554 properties: 6555 matchExpressions: 6556 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 6557 type: array 6558 items: 6559 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 6560 type: object 6561 required: 6562 - key 6563 - operator 6564 properties: 6565 key: 6566 description: key is the label key that the selector applies to. 6567 type: string 6568 operator: 6569 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 6570 type: string 6571 values: 6572 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 6573 type: array 6574 items: 6575 type: string 6576 matchLabels: 6577 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 6578 type: object 6579 additionalProperties: 6580 type: string 6581 storageClassName: 6582 description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 6583 type: string 6584 volumeMode: 6585 description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 6586 type: string 6587 volumeName: 6588 description: VolumeName is the binding reference to the PersistentVolume backing this claim. 6589 type: string 6590 fc: 6591 description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 6592 type: object 6593 properties: 6594 fsType: 6595 description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' 6596 type: string 6597 lun: 6598 description: 'Optional: FC target lun number' 6599 type: integer 6600 format: int32 6601 readOnly: 6602 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' 6603 type: boolean 6604 targetWWNs: 6605 description: 'Optional: FC target worldwide names (WWNs)' 6606 type: array 6607 items: 6608 type: string 6609 wwids: 6610 description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' 6611 type: array 6612 items: 6613 type: string 6614 flexVolume: 6615 description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. 6616 type: object 6617 required: 6618 - driver 6619 properties: 6620 driver: 6621 description: Driver is the name of the driver to use for this volume. 6622 type: string 6623 fsType: 6624 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 6625 type: string 6626 options: 6627 description: 'Optional: Extra command options if any.' 6628 type: object 6629 additionalProperties: 6630 type: string 6631 readOnly: 6632 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' 6633 type: boolean 6634 secretRef: 6635 description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' 6636 type: object 6637 properties: 6638 name: 6639 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6640 type: string 6641 flocker: 6642 description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running 6643 type: object 6644 properties: 6645 datasetName: 6646 description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 6647 type: string 6648 datasetUUID: 6649 description: UUID of the dataset. This is unique identifier of a Flocker dataset 6650 type: string 6651 gcePersistentDisk: 6652 description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6653 type: object 6654 required: 6655 - pdName 6656 properties: 6657 fsType: 6658 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' 6659 type: string 6660 partition: 6661 description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6662 type: integer 6663 format: int32 6664 pdName: 6665 description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6666 type: string 6667 readOnly: 6668 description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6669 type: boolean 6670 gitRepo: 6671 description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' 6672 type: object 6673 required: 6674 - repository 6675 properties: 6676 directory: 6677 description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 6678 type: string 6679 repository: 6680 description: Repository URL 6681 type: string 6682 revision: 6683 description: Commit hash for the specified revision. 6684 type: string 6685 glusterfs: 6686 description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 6687 type: object 6688 required: 6689 - endpoints 6690 - path 6691 properties: 6692 endpoints: 6693 description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6694 type: string 6695 path: 6696 description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6697 type: string 6698 readOnly: 6699 description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6700 type: boolean 6701 hostPath: 6702 description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' 6703 type: object 6704 required: 6705 - path 6706 properties: 6707 path: 6708 description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 6709 type: string 6710 type: 6711 description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 6712 type: string 6713 iscsi: 6714 description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 6715 type: object 6716 required: 6717 - iqn 6718 - lun 6719 - targetPortal 6720 properties: 6721 chapAuthDiscovery: 6722 description: whether support iSCSI Discovery CHAP authentication 6723 type: boolean 6724 chapAuthSession: 6725 description: whether support iSCSI Session CHAP authentication 6726 type: boolean 6727 fsType: 6728 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' 6729 type: string 6730 initiatorName: 6731 description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 6732 type: string 6733 iqn: 6734 description: Target iSCSI Qualified Name. 6735 type: string 6736 iscsiInterface: 6737 description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 6738 type: string 6739 lun: 6740 description: iSCSI Target Lun number. 6741 type: integer 6742 format: int32 6743 portals: 6744 description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 6745 type: array 6746 items: 6747 type: string 6748 readOnly: 6749 description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 6750 type: boolean 6751 secretRef: 6752 description: CHAP Secret for iSCSI target and initiator authentication 6753 type: object 6754 properties: 6755 name: 6756 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6757 type: string 6758 targetPortal: 6759 description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 6760 type: string 6761 name: 6762 description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 6763 type: string 6764 nfs: 6765 description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 6766 type: object 6767 required: 6768 - path 6769 - server 6770 properties: 6771 path: 6772 description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 6773 type: string 6774 readOnly: 6775 description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 6776 type: boolean 6777 server: 6778 description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 6779 type: string 6780 persistentVolumeClaim: 6781 description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 6782 type: object 6783 required: 6784 - claimName 6785 properties: 6786 claimName: 6787 description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 6788 type: string 6789 readOnly: 6790 description: Will force the ReadOnly setting in VolumeMounts. Default false. 6791 type: boolean 6792 photonPersistentDisk: 6793 description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine 6794 type: object 6795 required: 6796 - pdID 6797 properties: 6798 fsType: 6799 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6800 type: string 6801 pdID: 6802 description: ID that identifies Photon Controller persistent disk 6803 type: string 6804 portworxVolume: 6805 description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine 6806 type: object 6807 required: 6808 - volumeID 6809 properties: 6810 fsType: 6811 description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 6812 type: string 6813 readOnly: 6814 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 6815 type: boolean 6816 volumeID: 6817 description: VolumeID uniquely identifies a Portworx volume 6818 type: string 6819 projected: 6820 description: Items for all in one resources secrets, configmaps, and downward API 6821 type: object 6822 properties: 6823 defaultMode: 6824 description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 6825 type: integer 6826 format: int32 6827 sources: 6828 description: list of volume projections 6829 type: array 6830 items: 6831 description: Projection that may be projected along with other supported volume types 6832 type: object 6833 properties: 6834 configMap: 6835 description: information about the configMap data to project 6836 type: object 6837 properties: 6838 items: 6839 description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 6840 type: array 6841 items: 6842 description: Maps a string key to a path within a volume. 6843 type: object 6844 required: 6845 - key 6846 - path 6847 properties: 6848 key: 6849 description: The key to project. 6850 type: string 6851 mode: 6852 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 6853 type: integer 6854 format: int32 6855 path: 6856 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 6857 type: string 6858 name: 6859 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6860 type: string 6861 optional: 6862 description: Specify whether the ConfigMap or its keys must be defined 6863 type: boolean 6864 downwardAPI: 6865 description: information about the downwardAPI data to project 6866 type: object 6867 properties: 6868 items: 6869 description: Items is a list of DownwardAPIVolume file 6870 type: array 6871 items: 6872 description: DownwardAPIVolumeFile represents information to create the file containing the pod field 6873 type: object 6874 required: 6875 - path 6876 properties: 6877 fieldRef: 6878 description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' 6879 type: object 6880 required: 6881 - fieldPath 6882 properties: 6883 apiVersion: 6884 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 6885 type: string 6886 fieldPath: 6887 description: Path of the field to select in the specified API version. 6888 type: string 6889 mode: 6890 description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 6891 type: integer 6892 format: int32 6893 path: 6894 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' 6895 type: string 6896 resourceFieldRef: 6897 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' 6898 type: object 6899 required: 6900 - resource 6901 properties: 6902 containerName: 6903 description: 'Container name: required for volumes, optional for env vars' 6904 type: string 6905 divisor: 6906 description: Specifies the output format of the exposed resources, defaults to "1" 6907 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6908 anyOf: 6909 - type: integer 6910 - type: string 6911 x-kubernetes-int-or-string: true 6912 resource: 6913 description: 'Required: resource to select' 6914 type: string 6915 secret: 6916 description: information about the secret data to project 6917 type: object 6918 properties: 6919 items: 6920 description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 6921 type: array 6922 items: 6923 description: Maps a string key to a path within a volume. 6924 type: object 6925 required: 6926 - key 6927 - path 6928 properties: 6929 key: 6930 description: The key to project. 6931 type: string 6932 mode: 6933 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 6934 type: integer 6935 format: int32 6936 path: 6937 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 6938 type: string 6939 name: 6940 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 6941 type: string 6942 optional: 6943 description: Specify whether the Secret or its key must be defined 6944 type: boolean 6945 serviceAccountToken: 6946 description: information about the serviceAccountToken data to project 6947 type: object 6948 required: 6949 - path 6950 properties: 6951 audience: 6952 description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 6953 type: string 6954 expirationSeconds: 6955 description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 6956 type: integer 6957 format: int64 6958 path: 6959 description: Path is the path relative to the mount point of the file to project the token into. 6960 type: string 6961 quobyte: 6962 description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime 6963 type: object 6964 required: 6965 - registry 6966 - volume 6967 properties: 6968 group: 6969 description: Group to map volume access to Default is no group 6970 type: string 6971 readOnly: 6972 description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 6973 type: boolean 6974 registry: 6975 description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 6976 type: string 6977 tenant: 6978 description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 6979 type: string 6980 user: 6981 description: User to map volume access to Defaults to serivceaccount user 6982 type: string 6983 volume: 6984 description: Volume is a string that references an already created Quobyte volume by name. 6985 type: string 6986 rbd: 6987 description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' 6988 type: object 6989 required: 6990 - image 6991 - monitors 6992 properties: 6993 fsType: 6994 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' 6995 type: string 6996 image: 6997 description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 6998 type: string 6999 keyring: 7000 description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7001 type: string 7002 monitors: 7003 description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7004 type: array 7005 items: 7006 type: string 7007 pool: 7008 description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7009 type: string 7010 readOnly: 7011 description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7012 type: boolean 7013 secretRef: 7014 description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7015 type: object 7016 properties: 7017 name: 7018 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 7019 type: string 7020 user: 7021 description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7022 type: string 7023 scaleIO: 7024 description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. 7025 type: object 7026 required: 7027 - gateway 7028 - secretRef 7029 - system 7030 properties: 7031 fsType: 7032 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 7033 type: string 7034 gateway: 7035 description: The host address of the ScaleIO API Gateway. 7036 type: string 7037 protectionDomain: 7038 description: The name of the ScaleIO Protection Domain for the configured storage. 7039 type: string 7040 readOnly: 7041 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 7042 type: boolean 7043 secretRef: 7044 description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 7045 type: object 7046 properties: 7047 name: 7048 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 7049 type: string 7050 sslEnabled: 7051 description: Flag to enable/disable SSL communication with Gateway, default false 7052 type: boolean 7053 storageMode: 7054 description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 7055 type: string 7056 storagePool: 7057 description: The ScaleIO Storage Pool associated with the protection domain. 7058 type: string 7059 system: 7060 description: The name of the storage system as configured in ScaleIO. 7061 type: string 7062 volumeName: 7063 description: The name of a volume already created in the ScaleIO system that is associated with this volume source. 7064 type: string 7065 secret: 7066 description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 7067 type: object 7068 properties: 7069 defaultMode: 7070 description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 7071 type: integer 7072 format: int32 7073 items: 7074 description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 7075 type: array 7076 items: 7077 description: Maps a string key to a path within a volume. 7078 type: object 7079 required: 7080 - key 7081 - path 7082 properties: 7083 key: 7084 description: The key to project. 7085 type: string 7086 mode: 7087 description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 7088 type: integer 7089 format: int32 7090 path: 7091 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 7092 type: string 7093 optional: 7094 description: Specify whether the Secret or its keys must be defined 7095 type: boolean 7096 secretName: 7097 description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 7098 type: string 7099 storageos: 7100 description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. 7101 type: object 7102 properties: 7103 fsType: 7104 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7105 type: string 7106 readOnly: 7107 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 7108 type: boolean 7109 secretRef: 7110 description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 7111 type: object 7112 properties: 7113 name: 7114 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 7115 type: string 7116 volumeName: 7117 description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 7118 type: string 7119 volumeNamespace: 7120 description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 7121 type: string 7122 vsphereVolume: 7123 description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine 7124 type: object 7125 required: 7126 - volumePath 7127 properties: 7128 fsType: 7129 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7130 type: string 7131 storagePolicyID: 7132 description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 7133 type: string 7134 storagePolicyName: 7135 description: Storage Policy Based Management (SPBM) profile name. 7136 type: string 7137 volumePath: 7138 description: Path that identifies vSphere volume vmdk 7139 type: string 7140 installPlanApproval: 7141 description: Approval is the user approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". 7142 type: string 7143 name: 7144 type: string 7145 source: 7146 type: string 7147 sourceNamespace: 7148 type: string 7149 startingCSV: 7150 type: string 7151 status: 7152 type: object 7153 required: 7154 - lastUpdated 7155 properties: 7156 catalogHealth: 7157 description: CatalogHealth contains the Subscription's view of its relevant CatalogSources' status. It is used to determine SubscriptionStatusConditions related to CatalogSources. 7158 type: array 7159 items: 7160 description: SubscriptionCatalogHealth describes the health of a CatalogSource the Subscription knows about. 7161 type: object 7162 required: 7163 - catalogSourceRef 7164 - healthy 7165 - lastUpdated 7166 properties: 7167 catalogSourceRef: 7168 description: CatalogSourceRef is a reference to a CatalogSource. 7169 type: object 7170 properties: 7171 apiVersion: 7172 description: API version of the referent. 7173 type: string 7174 fieldPath: 7175 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 7176 type: string 7177 kind: 7178 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 7179 type: string 7180 name: 7181 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 7182 type: string 7183 namespace: 7184 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 7185 type: string 7186 resourceVersion: 7187 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 7188 type: string 7189 uid: 7190 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 7191 type: string 7192 healthy: 7193 description: Healthy is true if the CatalogSource is healthy; false otherwise. 7194 type: boolean 7195 lastUpdated: 7196 description: LastUpdated represents the last time that the CatalogSourceHealth changed 7197 type: string 7198 format: date-time 7199 conditions: 7200 description: Conditions is a list of the latest available observations about a Subscription's current state. 7201 type: array 7202 items: 7203 description: SubscriptionCondition represents the latest available observations of a Subscription's state. 7204 type: object 7205 required: 7206 - status 7207 - type 7208 properties: 7209 lastHeartbeatTime: 7210 description: LastHeartbeatTime is the last time we got an update on a given condition 7211 type: string 7212 format: date-time 7213 lastTransitionTime: 7214 description: LastTransitionTime is the last time the condition transit from one status to another 7215 type: string 7216 format: date-time 7217 message: 7218 description: Message is a human-readable message indicating details about last transition. 7219 type: string 7220 reason: 7221 description: Reason is a one-word CamelCase reason for the condition's last transition. 7222 type: string 7223 status: 7224 description: Status is the status of the condition, one of True, False, Unknown. 7225 type: string 7226 type: 7227 description: Type is the type of Subscription condition. 7228 type: string 7229 currentCSV: 7230 description: CurrentCSV is the CSV the Subscription is progressing to. 7231 type: string 7232 installPlanGeneration: 7233 description: InstallPlanGeneration is the current generation of the installplan 7234 type: integer 7235 installPlanRef: 7236 description: InstallPlanRef is a reference to the latest InstallPlan that contains the Subscription's current CSV. 7237 type: object 7238 properties: 7239 apiVersion: 7240 description: API version of the referent. 7241 type: string 7242 fieldPath: 7243 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 7244 type: string 7245 kind: 7246 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 7247 type: string 7248 name: 7249 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 7250 type: string 7251 namespace: 7252 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 7253 type: string 7254 resourceVersion: 7255 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 7256 type: string 7257 uid: 7258 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 7259 type: string 7260 installedCSV: 7261 description: InstalledCSV is the CSV currently installed by the Subscription. 7262 type: string 7263 installplan: 7264 description: 'Install is a reference to the latest InstallPlan generated for the Subscription. DEPRECATED: InstallPlanRef' 7265 type: object 7266 required: 7267 - apiVersion 7268 - kind 7269 - name 7270 - uuid 7271 properties: 7272 apiVersion: 7273 type: string 7274 kind: 7275 type: string 7276 name: 7277 type: string 7278 uuid: 7279 description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. 7280 type: string 7281 lastUpdated: 7282 description: LastUpdated represents the last time that the Subscription status was updated. 7283 type: string 7284 format: date-time 7285 reason: 7286 description: Reason is the reason the Subscription was transitioned to its current state. 7287 type: string 7288 state: 7289 description: State represents the current state of the Subscription 7290 type: string 7291 served: true 7292 storage: true 7293 subresources: 7294 status: {} 7295